Solved

inetres.adm Policy not being applied properly

Posted on 2009-05-19
7
600 Views
Last Modified: 2012-05-07
Hi guys,

I have a strange problem with group policy not being applied properly,
Our network setup: -200 users 3 DCs all on windows 2003 SP1, a mixture of 2000 & Xp client PCs

We have a policy setup (for over a year) to change the proxy settings to point to an appliance based Proxy server, but for some reason this policy has recently become unreliable and does not seem to be applying itself properly to the users, a couple of other setting defined in the same policy do apply ever time though!
I have run rsop on the client PCc showings that its picking the proxy setting up okay, but for some reason this is not being reflected in internet explorers LAN setting

I have run GP results wizard & GP Modeling from all 3 domain controllers and all result look fine, I have also check that there are no other policies being inherited which could override or conflict with it.
I have also run diagnostics on all 3 DCs dcdiag & netdiag .. they come back okay

Have recreated a new policy and a new OU moved a test user into it and still & its not picking up the proxy settings, im running out of ideas what is causing it,

I have tested with 2000 Pro & XP & on 2000 pro after logging in a few times it picks it up, but if you then in as admin .. delete the profile and log back in as the test user & it loses the setting &.XP it just does not work at all

Finally if I make a change to the AD policy or the local policy (any Change) this gives a it a kick and applies the proxy details

If you have any ideas as Im starting to go round in circles

Jim
0
Comment
Question by:macleandata
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 7

Expert Comment

by:vikasjus
ID: 24420211
Are you using bypass proxy for local address, if it is and if you have given something other than *, ipaddress or host name then it will not apply proxy address through GP. Make sure you have not given some thing like this for e.g http://10.10.1.1/login.aspx if some thing like this is specified then GP will not work.
0
 

Author Comment

by:macleandata
ID: 24420683
Hi vikasjus, thanks for getting back to me, I think I understand your question but to be sure here is what I have in proxy settings: -

Exceptions -
10.*.*.*;*.themovefactory.com;*.myhomemove.com;*.premierpropertylawyers.com;www.callcreditsecure.co.uk;www.callcreditsecure.co.uk/services/callml/callml.asmx;http://proplog.yorkplace.com;http://proplog.yorkplace.com/Public/Services.aspx;

Do not use proxy server for local.... Ticked

looking at this list of exceptions we have we only need the callcredit.co.uk, so what your saying is I should have this as *.callcreditsecure.co.uk ?
0
 
LVL 7

Expert Comment

by:vikasjus
ID: 24428846
This string is creating problem
themovefactory.com;*.myhomemove.com;*.premierpropertylawyers.com;www.callcreditsecure.co.uk;www.callcreditsecure.co.uk/services/callml/callml.asmx;http://proplog.yorkplace.com;http://proplog.yorkplace.com/Public/Services.aspx;
remove this and keep IP of these sites and then check. by will accept only *, ., IP, or name and no other char.
0
Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

 
LVL 7

Expert Comment

by:vikasjus
ID: 24428864
sorry there is mistake in my selection. some how i am not able to do proper selection. put following things only in your bypass settings. all these are from your above input only.
10.*.*.*;
*.themovefactory.com;
*.myhomemove.com;
*.premierpropertylawyers.com
*.callcreditsecure.co.uk;
*.proplog.yorkplace.com;
0
 

Author Comment

by:macleandata
ID: 24429957
after making the chnage the XP IE7 machines are now working, have tested and is picking up the policy everytime, (deleting the local profile each time) but the win2000 IE6 SP1 are still not working, because I applied (months ago) inetres.adm for IE7 would this have any impact on IE6 for any reason?
0
 

Author Comment

by:macleandata
ID: 24430151
Fixed it ... I looked at the local GPO and something I forgot to mention earlier was I got  "The following entry in the [strings] section is too long and has been truncated" popup about 20 times and from what I can gather in the KB article the later inetres.adm file contains more than 255 characters and was truncating, so installed the patch KB842933, this did not work for a start but deleted the local copy of the profile again and its now fine, I need to test more just to make sure this is the fix.

Thanks for your Help, I would not have thought to look at the exceptions as these have been in place for a while
0
 
LVL 7

Accepted Solution

by:
vikasjus earned 500 total points
ID: 24430179
Good to hear this. Dont forget to allot points.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question