Solved

How do I use Group Policy to Control Trusted Sites and https verification in internet explorer

Posted on 2009-07-14
8
2,247 Views
Last Modified: 2013-12-08
In my organization, we have a domain level group policy that disallows adding trusted websites in internet explorer. Additionally," the requires server verification (https;) for all sites in this zone", is checked. We have a group in our organization that needs this setting to go away. How do I create a sub group policy  that take precedence over the domain level group policy. I will include some screen shots about what I am talking about as to give you guys a better idea of what I am trying to achieve.

I would appreciate a step by step if possible.
screen1.bmp
screen2.bmp
screen3.bmp
screen4.bmp
0
Comment
Question by:BLACK THANOS
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 24854287
how is this group setup, are they in a separate OU or are they spread out all over the place.
Several ways to handle this.
1.  put them in an OU and link the new trusted policy to that OU.  Group policies are applied using the LSDOU methodology.
Local applied then site then domain then OU so the OU policy will win
http://technet.microsoft.com/en-us/library/cc785665(WS.10).aspx
2.  You could also create a group and put those users in the group and use security filtering on that GPO.  more on security filtering here
http://adisfun.blogspot.com/2009/04/security-filtering-and-group-policy.html
If you use security filtering it must be above the domain level policy, but it will only apply to that group.
Thanks
Mike
0
 

Author Comment

by:BLACK THANOS
ID: 24854949
If I use security filtering, then you are saying that the group policy that I create, must be above the default domain policy>??
0
 

Author Comment

by:BLACK THANOS
ID: 24855122
also, based upon the screen shots I attached, where are the gpo locations for them.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:BLACK THANOS
ID: 24856585
okay mkline71,

I am tentatively leaning towards giving all the points to you since you have come he closest to answering my questions (actually, you are the only one), but could you view my last two posts and help just a little bit more
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24857237
can't tell about the location from the screenshots.  I'll take some screenshots from my lab later today and post them for you.
Thanks
Mike
0
 

Author Comment

by:BLACK THANOS
ID: 24860265
I am most interested in how to uncheck the "Require server verification (https) for all sites in this zone"check box
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24862847
When you set the new policy the precedence has to be higher.  In the screenshot I have an "original" trusted sites GPO.  Notice how the new one has been moved link order 2 so it will take precedence, in your case it will only apply to that group because you are going to filter.
I'm not sure if you import a new trusted sites GPO if that will uncheck that box.  I haven't tested that part out.
 

GPO-Processing.jpg
0
 

Author Closing Comment

by:BLACK THANOS
ID: 31603490
kudos mkline71
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
How to create a custom search shortcut to site-search Experts Exchange using Google in the Firefox browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch your Bookmark Menu: Press 'Ctrl +…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question