Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Internet Explorer Enhanced Security and Group Poilicy

Posted on 2010-09-08
10
Medium Priority
?
827 Views
Last Modified: 2012-05-10
I’ve been trying (unsuccessfully) to distribute a set of local Intranet web-addresses over group policy to all XP SP3 clients in my domain.  Basically the sites should be added locally to Internet Options, Security, Local Intranet, Sites, Advanced, Add.

I’ve achieved this (I believe) with the following instructions:

01. Log on as a member of the Domain Admins group.
02. Open the Active Directory Users and Computers MMC snap-in.
03. Right-click the domain or Organizational Unit where you want to create the GPO and press Properties.
04. Select the Group Policy tab.
05. Press New.
06. Type a name for the new GPO and press Enter.
07. To prevent the policy from being applied to some users or groups, press Properties. Select the Security tab. Add the user or group that you want to prevent from having this policy and clear the Read and the Apply Group Policy boxes in the Allow column. Press OK.
08. Press the Edit button.
09. Navigate through User Configuration / Windows Settings / Internet Explorer Maintenance / Security.
10. Right-click Security Zones and Content Ratings in the right-hand pane and press Properties.
11. Select Import the current security zones and privacy settings. If prompted, press Continue.
12. Press Modify Settings.
13. Select Trusted Sites and press the Sites button.
14. Type the full URL of the site you wish to add and press Add.
15. Press Close (or OK) and OK.
16. Press Close (or OK) until all dialog boxes are closed, and close any snap-in windows.
17. Allow sufficient time for the policy to propagate throughout the domain.

However I don’t see any change when I go into IE at the client end in terms of the listed address being added??
 
When I also made the group policy change I saw a message about Internet Explorer enhanced security Protection which I don’t understand in terms of the changes passing through to the XP client?  I.e. Do I need to make a security change directly on the client PC to push these changes through?

Thanks for your comments to come.
0
Comment
Question by:DHPBilcare
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
10 Comments
 
LVL 10

Expert Comment

by:itsmein
ID: 33626600
Are the policies being applied to the client PCs but still the changes not reflecting? If you are not sure, run "gpupdate" followed by "gpresult" and/or rsop.msc on the client pc to get an idea of what is happening. if the policies are indeed applied, but the changes not reflecting, then you have not configured the GPO properly.

SC
0
 

Author Comment

by:DHPBilcare
ID: 33626869
It looks like I have not configured the GPO correctly.  

On a client when I run rsop.msc and browse to User config, Windows Setting, IE Maintenance, Security and Security Zones and Content Ratings, all options under Security Zones and Privacy are greyed out.  

I don't understand what I have done wrong.
0
 
LVL 10

Expert Comment

by:itsmein
ID: 33626900
The OU that you have applied the GPO - does it contain users or computers?
Screenshots of the GPO settings will help.
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 10

Expert Comment

by:itsmein
ID: 33626923
just to clarify, RSOP.MSC will just display the GPO settings applied on the client and will be only readonly. You will need to edit the GPO using GPMC.msc on the Domain Controller.
0
 

Author Comment

by:DHPBilcare
ID: 33627037
Just to confirm I have applied the GPO setting to the default group policy as I believe this will apply it to all.  

See attachments as requested.
GPO-Management.doc
GPO-Editor.doc
0
 
LVL 10

Accepted Solution

by:
itsmein earned 2000 total points
ID: 33627176
ahh...the fine print says "these settings will only apply when they log onto computers that have the internet explorer enhanced security configuration enabled."

Your Client PCs may not have IEESC enabled . Try applying GPO as below.

User Configuration -->Preferences-->Control Panel Settings-->Internet Settings--> and you will be able to figure it out from here.


ee.gif
0
 
LVL 10

Expert Comment

by:itsmein
ID: 33627197
SORRY - that does not allow you to add sites. ignore my previous post.
0
 

Author Comment

by:DHPBilcare
ID: 33627302
It must have something to do with IEESC.  

I receive the attached before I loaded the sites on the server.
IE-Enhanced-Security-Configurati.doc
0
 

Author Comment

by:DHPBilcare
ID: 33627418
Is the question I need answering:

How do I load or configure IEESC locally onto XP clients??
0
 

Author Comment

by:DHPBilcare
ID: 33696007
"these settings will only apply when they log onto computers that have the internet explorer enhanced security configuration enabled"  was indeed the problem here.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you come here a lot? Are you lazy like me and don't want to go through the "trouble" of having to click your Dock's Safari icon and then having to click your Experts Exchange Favorites bookmark to get here? Well then this article is for you.
For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
How to create a custom search shortcut to site-search Experts Exchange using Google in the Firefox browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch your Bookmark Menu: Press 'Ctrl +…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question