Internet Explorer Group Policies

Hi there

I have a Windows 2003 server and xp sp2 clients.

I want a single internet policy that permits and disallows certain behaviour for any user logging into the network. My question is, should group policies for Internet Explorer, such activex downloads,meta fresh and the like be configured in the "Internet Explorer Maintence" or under the security page/internet control panel/internet explorer/windows components for the users?

Does it make any difference?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

With the latter, it's easier to read the effective settings and to change settings later. The settings made by importing from the current machine do not appear in GPMC/RSOP.

Internet Explorer Maintenance is nice if you have a system completely set up the way you like it, including security zones and restrictions, and want to import those into a policy. If you want to change settings later, you'll have to make sure the settings you're importing really reflect what you want.

Also, on a server that has enhanced security configuration enabled, the settings under IE maintenance are only applied to computers with enhanced security installed. This makes me believe it depends too much on the browser and configuration on the machine you're configuring the policy on.

I'd use Administrative Templates/Windows components/etc for policies as much as possible.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Hi markf100,

i woul tend to agree with rant on this, we have a rather nice policy that locks down users just how we like i and after months of trialling and implementing and finalising the thing across the board, we found that all our policies site under  admintemplates\windows components\etc in regards to internet  - we set proxies and security boundaries etc

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.