Solved

GPMC on new W2K8 server: cannot edit GPOs because ActiveX is being blocked

Posted on 2010-11-23
13
1,430 Views
Last Modified: 2012-06-27
I recently started installing Win 2008 Server at client sites and have run into what I think is an IE configuration problem:  whenever I use the GPMC tool (logged in at server as Administrator) and try to edit a GPO, I get a warning titled "Web Browser" that states "One or more ActiveX controls could not be displayed because either:  1) Your current security settings prohibit running ActiveX controls on this page, or  2) You have blocked a publisher of one of the controls ..."

This happens on brand new W2K8 installs.  Why would MS default IE settings so that we cannot manage GPOs right out of the box?

In IE I have added 127.0.0.1 to Trusted Sites, but that had no effect.

I must be brain dead, as I cannot find a simple solution :)

TIA,
-Mike
0
Comment
Question by:Reed_Mike
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 5
13 Comments
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34196548
Try uninstalling IE Enchance Security within the Server Manager under Roles.

0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34196552
Use the actual name of the Server in Trusted Sites as well not 127.0.0.1
0
 

Author Comment

by:Reed_Mike
ID: 34196581
Adding http://<server-name> to Trusted Sites did not help.  Do I need to add wildcards, like http://*<server-name> ?

Why would MS do this?  Seems so bizarre.  Then again, it's Microsoft so why am I surprised :)
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Author Comment

by:Reed_Mike
ID: 34196627
Hmmm, that leads to the $64,000 question: exactly what URL does GPMC use?  Is it httpS, or just http?  Does it use the server's IP to form the URL, the server's name, the domain name?
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34196644
Did you install GPMC from the features?

I don't remember this happening when I installed but it has been a couple of months since the las time I installed a fresh server.
0
 

Author Comment

by:Reed_Mike
ID: 34196646
IE Enhanced Security is not listed under Roles in the Server Manager.

Any other suggestions greatly appreciated...
0
 

Author Comment

by:Reed_Mike
ID: 34196671
As best I can remember, GPMC came preinstalled as a Feature.  And it does show under the list of installed Features.   Maybe I should remove GPMC, then add it back?
0
 

Author Comment

by:Reed_Mike
ID: 34196784
Turned off IE ESC for both Administrators and Users, yet I still cannot edit GPOs without getting this silly warning.

Arghhh - Microsoft logic (or lack thereof) just befuddles me :)
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34196797
Under Features you should have Group Policy Management. I really don't remember this ever happening to me. Do you have AV installed?
0
 

Author Comment

by:Reed_Mike
ID: 34196824
Yes, GPM shows under Features.  No AV is installed on the servers that this happens on.

I have it happening on Windows 2008 as well as SBS2008 servers.  In fact, I have not been able to edit GPOs for *any* Windows 2008 server.  I have installed about 5 over the last few months and never got past this issue.

Any ideas what URL GPMC would be using - so I can add it to Trusted Sites?
0
 

Accepted Solution

by:
Reed_Mike earned 0 total points
ID: 34199961
Problem solved: it was because of a policy setting on the old (Win 2000) server, which is still part of the domain.  Luckily, I still had remote access to the old 2000 server and was able to edit the Default Domain Policy.  The 2 GPO settings I changed were located at:

User Config->Admin Templates->Windows Components->Internet Explorer->Internet Control Panel->Security Page:
  1) Local Machine Zone Template (changed from Enabled (High) to Not Configured)
  2) Locked-Down Local Machine Zone Template (changed from Enabled (High) to Not Configured)

It took MS 2 hours to figure it out, as that generic ActiveX warning message doesn't give one much to go on...
0
 

Author Closing Comment

by:Reed_Mike
ID: 34224655
I don't want to be too tough on myself as I rate my own solution :)
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
Suggested Courses

626 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question