Solved

How do I use Group Policy to Control Trusted Sites and https verification in internet explorer

Posted on 2009-07-14
8
2,245 Views
Last Modified: 2013-12-08
In my organization, we have a domain level group policy that disallows adding trusted websites in internet explorer. Additionally," the requires server verification (https;) for all sites in this zone", is checked. We have a group in our organization that needs this setting to go away. How do I create a sub group policy  that take precedence over the domain level group policy. I will include some screen shots about what I am talking about as to give you guys a better idea of what I am trying to achieve.

I would appreciate a step by step if possible.
screen1.bmp
screen2.bmp
screen3.bmp
screen4.bmp
0
Comment
Question by:BLACK THANOS
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 24854287
how is this group setup, are they in a separate OU or are they spread out all over the place.
Several ways to handle this.
1.  put them in an OU and link the new trusted policy to that OU.  Group policies are applied using the LSDOU methodology.
Local applied then site then domain then OU so the OU policy will win
http://technet.microsoft.com/en-us/library/cc785665(WS.10).aspx
2.  You could also create a group and put those users in the group and use security filtering on that GPO.  more on security filtering here
http://adisfun.blogspot.com/2009/04/security-filtering-and-group-policy.html
If you use security filtering it must be above the domain level policy, but it will only apply to that group.
Thanks
Mike
0
 

Author Comment

by:BLACK THANOS
ID: 24854949
If I use security filtering, then you are saying that the group policy that I create, must be above the default domain policy>??
0
 

Author Comment

by:BLACK THANOS
ID: 24855122
also, based upon the screen shots I attached, where are the gpo locations for them.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:BLACK THANOS
ID: 24856585
okay mkline71,

I am tentatively leaning towards giving all the points to you since you have come he closest to answering my questions (actually, you are the only one), but could you view my last two posts and help just a little bit more
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24857237
can't tell about the location from the screenshots.  I'll take some screenshots from my lab later today and post them for you.
Thanks
Mike
0
 

Author Comment

by:BLACK THANOS
ID: 24860265
I am most interested in how to uncheck the "Require server verification (https) for all sites in this zone"check box
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24862847
When you set the new policy the precedence has to be higher.  In the screenshot I have an "original" trusted sites GPO.  Notice how the new one has been moved link order 2 so it will take precedence, in your case it will only apply to that group because you are going to filter.
I'm not sure if you import a new trusted sites GPO if that will uncheck that box.  I haven't tested that part out.
 

GPO-Processing.jpg
0
 

Author Closing Comment

by:BLACK THANOS
ID: 31603490
kudos mkline71
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
Shows how to create a shortcut to site-search Experts Exchange using Google in the Chrome browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch the Search Engine Menu: In chrome, via you…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

761 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question