?
Solved

Group Policy Settings for Internet Explorer Security applying, but not taking affect

Posted on 2006-04-25
5
Medium Priority
?
761 Views
Last Modified: 2010-05-18
I have a GP setup to import my servers IE security settings and apply them to users. When I use gpresult, I see that it indicates that the policy is applying and should be taking affect, but the Explorer settings are not actually taking affect - What I am trying to do is prevent users from downloading.
0
Comment
Question by:ainselyb
5 Comments
 
LVL 6

Expert Comment

by:JimsZ
ID: 16535711
How long ago did you add that?  Did you log users off, then log back in to update the gp on their machines?
0
 
LVL 10

Expert Comment

by:victornegri
ID: 16535805
Are there any other GPOs that could be conflicting with this one and overwriting the settings? Windows 2k or 2k3 DCs?
0
 
LVL 70

Expert Comment

by:Merete
ID: 16535830
Hi ainselyb there is probably a good logical reason or some small error why these GP are not taking effect, this may not even be related but I thought you might like to know.. and  after reading this you may wonder.
extract:.There is more below on the link.
Circumventing Group Policy as a Limited User
That means that users can alter the code or data of their own processes, including Explorer and Internet Explorer, and by manipulating the code or data related to Group Policy enforcement they can bypass Group Policy settings.

Software Restriction Policies (SRP) are another example of Group Policy settings that can be subverted by limited users if you allow them to run an arbitrary executable – in other words, if you don’t apply SRP correctly by using it to define the executables users can run (whitelisting) instead of simply singling out executables that you don’t want them to run (blacklisting). When a user launches a process it’s the parent process that checks SRP to see if the execution of the child should be allowed or blocked, allowing the owner of the parent process to manipulate the process into bypassing or negating SRP processing.
http://www.sysinternals.com/blog/2005/12/circumventing-group-policy-as-limited.html

0
 
LVL 44

Expert Comment

by:scrathcyboy
ID: 16540866
how are you going to prevent users from downloading???  Please explain, I would like to know this one.
0
 
LVL 70

Accepted Solution

by:
Merete earned 1500 total points
ID: 16567397
Hi ainselyb any success yet,Just a note to have all the group polocies active every has to reboot, including the server.
In group policy edit or gpedit.msc  expand computer Configuration/User configuration/administrative templates/expand network/then click on the network conections. Look on the right side you shoudl a large list of options.

I came across this recently and thought of your situation,
This reg edit is for changing how many downloads allowed for internet explorer6, so I thought maybe you could use it to modify it to zero. It maybe worth looking at.
Please back up the regestry keys before changing them that way you can restore them easy.

Use Registry Editor at your own risk.
To comply with current Internet standards Internet Explorer limits the number of simultaneous downloads to two downloads, plus one queued download. This configuration is a function of the browser. However, as connection speeds increase, and the number of total connections that are allowed to Internet servers increase, the two-connection limit may be restrictive.
To increase the number of simultaneous connections that are allowed to 10, <<< you may wish to change this to (o) see if it works.

follow these steps:1. Start Registry Editor (Regedt32.exe).  from run type in regedit press enter.
2. Locate the following key in the registry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings  
3. On the Edit menu, point to New click DWORD Value, and then add the following registry values:
Value name: MaxConnectionsPer1_0Server
Value data: 10<<<<<------------------------------------Put it to zero.
Base: Decimal

Value Name: MaxConnectionsPerServer
Value data: 10<<<<<<<<<<<<<------------------------Zero
Base: Decimal
 
4. Quit Registry Editor.
This procedure is for informational purposes only. Changing the maximum number of connections beyond two is a violation of Internet standards; Microsoft does not recommend this procedure for use outside closed networks.
Merete
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Occasionally Windows/Microsoft Updates will fail to update. We have found a code that will delete all temporary files and re-register all dll's related to Windows/Microsoft Updates! This works 99% of the time to get the updates working again! The…
Just about everyone has an old PC laying around.  Ask anyone in the IT industry, whether they are a professional or play in it as a hobby.  From outdated Desktops to cheap "throwaway" laptops, they are all around and not as hard to "fix up" as you m…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.
Suggested Courses

755 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question