Group Policy:  Internet Explorer Maintenance Setting Imported From Source Workstation

Posted on 2007-10-16
Last Modified: 2013-12-08
I have a question concerning the application of policy settings when imported from a source browser.  
I currently have a gpo configured containing security and privacy settings imported into the gpo from a source workstation. One of the requirements that we have is to allow users to have some limited ability to control pop-up blocker settings which are controlled under the privacy options in IE.  Even though there are not any sites listed under "allowed sites" in the gpo, I need to allow users the ability to enter sites they wish to allow pop-ups while at the same pushing down security configuration and privacy tab settings.

The policy is set to a manadatory refresh which causes any values set by user to essentially be 'blanked out' since the allowed sites sites list is/was empty when imported from the original source workstation. Is there any way to allow users to enter allowed pop up sites while at the same time enforcing the imported settings from the Security and Privacy tabs?  Should we be taking a different approach instead of importing the settings from the browser which appears to not let us have granular control over those particular settings since they were part of the import?

As an alterantive, I was investigating using the Interet Explorer Control Panel to configure settings for the security zone and privacy settings instead but have begun to find that some of the security zone settings for IE are misnamed or completely missing for IE 7. In addition I could not find any place to specify per site privacy handling for cookies. Sorry for the long-winded post, but finding a way around this has been stumping me. Thanks in advance for you help.
Question by:Nap2
    LVL 12

    Accepted Solution

    I think you need to do this using 2 approaches:

    1. Using Internet Explorer 7 Administration Kit (IEAK7) to allow users to make the changes while locking down IE in the other ways that you are already enforcing
    2. Disable the GPO mandatory refresh setting
    LVL 3

    Expert Comment

    You need to import the IE 7 Admin template into your GPO.  This will allow you to configure IE 7, the IE settings you are looking at are for IE 6.

    I would use the security zones settings under computer configuration vice imported settings, they are much easier to manage.  You will be able to control all security settings while at the same time allow users to manage the pop-up blocker.

    Featured Post

    What Is Threat Intelligence?

    Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

    Join & Write a Comment

    Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
    This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
    This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.

    733 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now