Group Policy Settings for Internet Explorer Security applying, but not taking affect

Posted on 2006-04-25
Last Modified: 2010-05-18
I have a GP setup to import my servers IE security settings and apply them to users. When I use gpresult, I see that it indicates that the policy is applying and should be taking affect, but the Explorer settings are not actually taking affect - What I am trying to do is prevent users from downloading.
Question by:ainselyb
    LVL 6

    Expert Comment

    How long ago did you add that?  Did you log users off, then log back in to update the gp on their machines?
    LVL 10

    Expert Comment

    Are there any other GPOs that could be conflicting with this one and overwriting the settings? Windows 2k or 2k3 DCs?
    LVL 69

    Expert Comment

    Hi ainselyb there is probably a good logical reason or some small error why these GP are not taking effect, this may not even be related but I thought you might like to know.. and  after reading this you may wonder.
    extract:.There is more below on the link.
    Circumventing Group Policy as a Limited User
    That means that users can alter the code or data of their own processes, including Explorer and Internet Explorer, and by manipulating the code or data related to Group Policy enforcement they can bypass Group Policy settings.

    Software Restriction Policies (SRP) are another example of Group Policy settings that can be subverted by limited users if you allow them to run an arbitrary executable – in other words, if you don’t apply SRP correctly by using it to define the executables users can run (whitelisting) instead of simply singling out executables that you don’t want them to run (blacklisting). When a user launches a process it’s the parent process that checks SRP to see if the execution of the child should be allowed or blocked, allowing the owner of the parent process to manipulate the process into bypassing or negating SRP processing.

    LVL 44

    Expert Comment

    how are you going to prevent users from downloading???  Please explain, I would like to know this one.
    LVL 69

    Accepted Solution

    Hi ainselyb any success yet,Just a note to have all the group polocies active every has to reboot, including the server.
    In group policy edit or gpedit.msc  expand computer Configuration/User configuration/administrative templates/expand network/then click on the network conections. Look on the right side you shoudl a large list of options.

    I came across this recently and thought of your situation,
    This reg edit is for changing how many downloads allowed for internet explorer6, so I thought maybe you could use it to modify it to zero. It maybe worth looking at.
    Please back up the regestry keys before changing them that way you can restore them easy.

    Use Registry Editor at your own risk.
    To comply with current Internet standards Internet Explorer limits the number of simultaneous downloads to two downloads, plus one queued download. This configuration is a function of the browser. However, as connection speeds increase, and the number of total connections that are allowed to Internet servers increase, the two-connection limit may be restrictive.
    To increase the number of simultaneous connections that are allowed to 10, <<< you may wish to change this to (o) see if it works.

    follow these steps:1. Start Registry Editor (Regedt32.exe).  from run type in regedit press enter.
    2. Locate the following key in the registry:
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings  
    3. On the Edit menu, point to New click DWORD Value, and then add the following registry values:
    Value name: MaxConnectionsPer1_0Server
    Value data: 10<<<<<------------------------------------Put it to zero.
    Base: Decimal

    Value Name: MaxConnectionsPerServer
    Value data: 10<<<<<<<<<<<<<------------------------Zero
    Base: Decimal
    4. Quit Registry Editor.
    This procedure is for informational purposes only. Changing the maximum number of connections beyond two is a violation of Internet standards; Microsoft does not recommend this procedure for use outside closed networks.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to improve team productivity

    Quip adds documents, spreadsheets, and tasklists to your Slack experience
    - Elevate ideas to Quip docs
    - Share Quip docs in Slack
    - Get notified of changes to your docs
    - Available on iOS/Android/Desktop/Web
    - Online/Offline

    Hello I read in a discussion about a person who configured a very simple mirror RAID with two hard drives; the system and data were on the same partition. He asked how to repair the system as it was not booting up anymore. In his case running …
    I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension ( This reminded me of questions tha…
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now