Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Phising Filter GPO

Posted on 2009-04-30
21
Medium Priority
?
977 Views
Last Modified: 2013-12-08
Is there a GPO that would force the phising filter to be turned on under Internet Options-->Security-->Internet like their is for the popup blocker?  I can control the behavior of the phising filter through a GPO but not if it's enabled or not.  I can just lock the internet options and since the defualt setting on the defualt profile for everyone when their account is crreated has this set to enabled it would reslve the problem.  I would however feel better if I could do this through a gPO so I knew for certin its on and hasn't been changed for those users that don't have internet options locked down.
0
Comment
Question by:georgedschneider
16 Comments
 
LVL 23

Expert Comment

by:debuggerau
ID: 24275779
unfortunately it is a Vista feature..
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24276262
I think it is an IE7 feature (see screenshot)  not just a vista feature
The setting is
user  configuration (or computer) | Administrative Templates | Windows Components | Internet Explorer.

>> Turn off Managing Phishing filter
You can set it to
Automatic: Automatic Phishing Filter is always enabled.

Manual: Phishing Filter is always enabled, but it will always prompt before checking with the online URL Reputation Service.

Off:

My screenshot is from a 2008 box that has the IE7 templates.  If you don't have that setting you may need to download the IE7 templates
http://www.microsoft.com/downloads/details.aspx?FamilyID=11ab3e81-6462-4fda-8ee5-fcb8264c44b1&displaylang=en
I'll try and test that out this weekend on a 2003 box.
 
Thanks
Mike

 

IE7-Phishing-GPO.jpg
0
 

Author Comment

by:georgedschneider
ID: 24278782
This just allows you to set the behavior of the phising filter if set to disable which i have done.  However it would still allow a user to go into Internet Options-->Security-->Internet iand set the phising filter to disabled.
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
LVL 6

Expert Comment

by:Mark Pavlak
ID: 24279874
yes you can do it via GPO what mode is your domain running in 2008 or 2003?  You will need to use the IE7.adm file to get the options.  It will be under administrative template/Windows Components/Internet Explorer/Turn off Managing Phishing filter
0
 

Author Comment

by:georgedschneider
ID: 24279959
I have the GPO and have set htis the.  The issue is you are still able to go under Internt Options-->Security-->Internet and se it to disable and tuen it off despit this setting.
0
 
LVL 6

Expert Comment

by:Mark Pavlak
ID: 24280436
No it disables it from being changed; however the settings are not on the sec tab it is under tools Phising Filter submenu.  When I looked at mine it is greyed out menaing I cannot change it
0
 

Author Comment

by:georgedschneider
ID: 24331137
There is a setting in Ie7 on XP under the security tab where you can still disable the phising filter dispite this setting.  Is there any way to prevent this like there is for the pop up blocker.  With the pop up blocker a gpo disables this and grays it out.
0
 
LVL 6

Expert Comment

by:Mark Pavlak
ID: 24335228
Where?

SedcTab.bmp
0
 

Author Comment

by:georgedschneider
ID: 24358968
despit having the GPO object to turn off managing the phising filter to enabled and seting it ot automatic under the internet settings I can disbale the phising philter.  Unlike the pop up blocker which has a setting called use pop up blocker whick would gray this out I do not see such a setting for the phising filter.  Attached is a screen shot of the issue.
1.BMP
0
 
LVL 6

Expert Comment

by:Mark Pavlak
ID: 24441780
I use a GPo to to lock down that Security Setting tab as it avoids users from changing Zone settings I set Forth
0
 

Author Comment

by:georgedschneider
ID: 24495752
What GPO would prevent changing zone settings such as this?
0
 
LVL 6

Expert Comment

by:Mark Pavlak
ID: 24496293
One that configures the zones.  It is under admin template/IE/security control section.  You can set the paramter for each zone once that is done it removes the ability you are speaking of  If you need a screen shot let me know
0
 

Author Comment

by:georgedschneider
ID: 24496674
A screen shot would be most helpful.
0
 
LVL 6

Accepted Solution

by:
Mark Pavlak earned 2000 total points
ID: 24497276
Her you go  should lead you in the right direction
untitled.bmp
0
 

Author Comment

by:georgedschneider
ID: 24591602
I'll give it a try.
0
 
LVL 6

Expert Comment

by:Mark Pavlak
ID: 24595862
Ok let me know how it turns out
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlleā€¦
This Micro Tutorial will demonstrate how to add subdomains to your content reports. This can be very importing in having a site with multiple subdomains.

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question