Solved

How do I use Group Policy to Control Trusted Sites and https verification in internet explorer

Posted on 2009-07-14
8
2,244 Views
Last Modified: 2013-12-08
In my organization, we have a domain level group policy that disallows adding trusted websites in internet explorer. Additionally," the requires server verification (https;) for all sites in this zone", is checked. We have a group in our organization that needs this setting to go away. How do I create a sub group policy  that take precedence over the domain level group policy. I will include some screen shots about what I am talking about as to give you guys a better idea of what I am trying to achieve.

I would appreciate a step by step if possible.
screen1.bmp
screen2.bmp
screen3.bmp
screen4.bmp
0
Comment
Question by:BLACK THANOS
  • 5
  • 3
8 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 24854287
how is this group setup, are they in a separate OU or are they spread out all over the place.
Several ways to handle this.
1.  put them in an OU and link the new trusted policy to that OU.  Group policies are applied using the LSDOU methodology.
Local applied then site then domain then OU so the OU policy will win
http://technet.microsoft.com/en-us/library/cc785665(WS.10).aspx
2.  You could also create a group and put those users in the group and use security filtering on that GPO.  more on security filtering here
http://adisfun.blogspot.com/2009/04/security-filtering-and-group-policy.html
If you use security filtering it must be above the domain level policy, but it will only apply to that group.
Thanks
Mike
0
 

Author Comment

by:BLACK THANOS
ID: 24854949
If I use security filtering, then you are saying that the group policy that I create, must be above the default domain policy>??
0
 

Author Comment

by:BLACK THANOS
ID: 24855122
also, based upon the screen shots I attached, where are the gpo locations for them.
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 

Author Comment

by:BLACK THANOS
ID: 24856585
okay mkline71,

I am tentatively leaning towards giving all the points to you since you have come he closest to answering my questions (actually, you are the only one), but could you view my last two posts and help just a little bit more
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24857237
can't tell about the location from the screenshots.  I'll take some screenshots from my lab later today and post them for you.
Thanks
Mike
0
 

Author Comment

by:BLACK THANOS
ID: 24860265
I am most interested in how to uncheck the "Require server verification (https) for all sites in this zone"check box
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24862847
When you set the new policy the precedence has to be higher.  In the screenshot I have an "original" trusted sites GPO.  Notice how the new one has been moved link order 2 so it will take precedence, in your case it will only apply to that group because you are going to filter.
I'm not sure if you import a new trusted sites GPO if that will uncheck that box.  I haven't tested that part out.
 

GPO-Processing.jpg
0
 

Author Closing Comment

by:BLACK THANOS
ID: 31603490
kudos mkline71
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Shows how to create a shortcut to site-search Experts Exchange using Google in the Chrome browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch the Search Engine Menu: In chrome, via you…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question