Group Policy:  Internet Explorer Maintenance Setting Imported From Source Workstation

Posted on 2007-10-16
Medium Priority
Last Modified: 2013-12-08
I have a question concerning the application of policy settings when imported from a source browser.  
I currently have a gpo configured containing security and privacy settings imported into the gpo from a source workstation. One of the requirements that we have is to allow users to have some limited ability to control pop-up blocker settings which are controlled under the privacy options in IE.  Even though there are not any sites listed under "allowed sites" in the gpo, I need to allow users the ability to enter sites they wish to allow pop-ups while at the same pushing down security configuration and privacy tab settings.

The policy is set to a manadatory refresh which causes any values set by user to essentially be 'blanked out' since the allowed sites sites list is/was empty when imported from the original source workstation. Is there any way to allow users to enter allowed pop up sites while at the same time enforcing the imported settings from the Security and Privacy tabs?  Should we be taking a different approach instead of importing the settings from the browser which appears to not let us have granular control over those particular settings since they were part of the import?

As an alterantive, I was investigating using the Interet Explorer Control Panel to configure settings for the security zone and privacy settings instead but have begun to find that some of the security zone settings for IE are misnamed or completely missing for IE 7. In addition I could not find any place to specify per site privacy handling for cookies. Sorry for the long-winded post, but finding a way around this has been stumping me. Thanks in advance for you help.
Question by:Nap2
LVL 12

Accepted Solution

Phil_Agcaoili earned 2000 total points
ID: 20128969
I think you need to do this using 2 approaches:

1. Using Internet Explorer 7 Administration Kit (IEAK7) to allow users to make the changes while locking down IE in the other ways that you are already enforcing
2. Disable the GPO mandatory refresh setting

Expert Comment

ID: 20310278
You need to import the IE 7 Admin template into your GPO.  This will allow you to configure IE 7, the IE settings you are looking at are for IE 6.


I would use the security zones settings under computer configuration vice imported settings, they are much easier to manage.  You will be able to control all security settings while at the same time allow users to manage the pop-up blocker.

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
This Micro Tutorial will demonstrate how to add subdomains to your content reports. This can be very importing in having a site with multiple subdomains.
How to create a custom search shortcut to site-search Experts Exchange using Google in the Firefox browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch your Bookmark Menu: Press 'Ctrl +…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question