Solved

How do I use Group Policy to Control Trusted Sites and https verification in internet explorer

Posted on 2009-07-14
8
2,237 Views
Last Modified: 2013-12-08
In my organization, we have a domain level group policy that disallows adding trusted websites in internet explorer. Additionally," the requires server verification (https;) for all sites in this zone", is checked. We have a group in our organization that needs this setting to go away. How do I create a sub group policy  that take precedence over the domain level group policy. I will include some screen shots about what I am talking about as to give you guys a better idea of what I am trying to achieve.

I would appreciate a step by step if possible.
screen1.bmp
screen2.bmp
screen3.bmp
screen4.bmp
0
Comment
Question by:BLACK THANOS
  • 5
  • 3
8 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
Comment Utility
how is this group setup, are they in a separate OU or are they spread out all over the place.
Several ways to handle this.
1.  put them in an OU and link the new trusted policy to that OU.  Group policies are applied using the LSDOU methodology.
Local applied then site then domain then OU so the OU policy will win
http://technet.microsoft.com/en-us/library/cc785665(WS.10).aspx
2.  You could also create a group and put those users in the group and use security filtering on that GPO.  more on security filtering here
http://adisfun.blogspot.com/2009/04/security-filtering-and-group-policy.html
If you use security filtering it must be above the domain level policy, but it will only apply to that group.
Thanks
Mike
0
 

Author Comment

by:BLACK THANOS
Comment Utility
If I use security filtering, then you are saying that the group policy that I create, must be above the default domain policy>??
0
 

Author Comment

by:BLACK THANOS
Comment Utility
also, based upon the screen shots I attached, where are the gpo locations for them.
0
 

Author Comment

by:BLACK THANOS
Comment Utility
okay mkline71,

I am tentatively leaning towards giving all the points to you since you have come he closest to answering my questions (actually, you are the only one), but could you view my last two posts and help just a little bit more
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 57

Expert Comment

by:Mike Kline
Comment Utility
can't tell about the location from the screenshots.  I'll take some screenshots from my lab later today and post them for you.
Thanks
Mike
0
 

Author Comment

by:BLACK THANOS
Comment Utility
I am most interested in how to uncheck the "Require server verification (https) for all sites in this zone"check box
0
 
LVL 57

Expert Comment

by:Mike Kline
Comment Utility
When you set the new policy the precedence has to be higher.  In the screenshot I have an "original" trusted sites GPO.  Notice how the new one has been moved link order 2 so it will take precedence, in your case it will only apply to that group because you are going to filter.
I'm not sure if you import a new trusted sites GPO if that will uncheck that box.  I haven't tested that part out.
 

GPO-Processing.jpg
0
 

Author Closing Comment

by:BLACK THANOS
Comment Utility
kudos mkline71
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

I recently found myself in a Corporate Situation where the client had requested blocking access to any and all websites except his own Domain? Easy? I am sure this would be your answer but their requirement was, this has to be done without using…
SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Shows how to create a shortcut to site-search Experts Exchange using Google in the Chrome browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch the Search Engine Menu: In chrome, via you…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now