GPMC on new W2K8 server: cannot edit GPOs because ActiveX is being blocked

I recently started installing Win 2008 Server at client sites and have run into what I think is an IE configuration problem:  whenever I use the GPMC tool (logged in at server as Administrator) and try to edit a GPO, I get a warning titled "Web Browser" that states "One or more ActiveX controls could not be displayed because either:  1) Your current security settings prohibit running ActiveX controls on this page, or  2) You have blocked a publisher of one of the controls ..."

This happens on brand new W2K8 installs.  Why would MS default IE settings so that we cannot manage GPOs right out of the box?

In IE I have added 127.0.0.1 to Trusted Sites, but that had no effect.

I must be brain dead, as I cannot find a simple solution :)

TIA,
-Mike
LVL 1
Mike ReedOwner, janitor, bottle washer :)Asked:
Who is Participating?
 
Mike ReedConnect With a Mentor Owner, janitor, bottle washer :)Author Commented:
Problem solved: it was because of a policy setting on the old (Win 2000) server, which is still part of the domain.  Luckily, I still had remote access to the old 2000 server and was able to edit the Default Domain Policy.  The 2 GPO settings I changed were located at:

User Config->Admin Templates->Windows Components->Internet Explorer->Internet Control Panel->Security Page:
  1) Local Machine Zone Template (changed from Enabled (High) to Not Configured)
  2) Locked-Down Local Machine Zone Template (changed from Enabled (High) to Not Configured)

It took MS 2 hours to figure it out, as that generic ActiveX warning message doesn't give one much to go on...
0
 
Darius GhassemCommented:
Try uninstalling IE Enchance Security within the Server Manager under Roles.

0
 
Darius GhassemCommented:
Use the actual name of the Server in Trusted Sites as well not 127.0.0.1
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
Mike ReedOwner, janitor, bottle washer :)Author Commented:
Adding http://<server-name> to Trusted Sites did not help.  Do I need to add wildcards, like http://*<server-name> ?

Why would MS do this?  Seems so bizarre.  Then again, it's Microsoft so why am I surprised :)
0
 
Mike ReedOwner, janitor, bottle washer :)Author Commented:
Hmmm, that leads to the $64,000 question: exactly what URL does GPMC use?  Is it httpS, or just http?  Does it use the server's IP to form the URL, the server's name, the domain name?
0
 
Darius GhassemCommented:
Did you install GPMC from the features?

I don't remember this happening when I installed but it has been a couple of months since the las time I installed a fresh server.
0
 
Mike ReedOwner, janitor, bottle washer :)Author Commented:
IE Enhanced Security is not listed under Roles in the Server Manager.

Any other suggestions greatly appreciated...
0
 
Mike ReedOwner, janitor, bottle washer :)Author Commented:
As best I can remember, GPMC came preinstalled as a Feature.  And it does show under the list of installed Features.   Maybe I should remove GPMC, then add it back?
0
 
Mike ReedOwner, janitor, bottle washer :)Author Commented:
Turned off IE ESC for both Administrators and Users, yet I still cannot edit GPOs without getting this silly warning.

Arghhh - Microsoft logic (or lack thereof) just befuddles me :)
0
 
Darius GhassemCommented:
Under Features you should have Group Policy Management. I really don't remember this ever happening to me. Do you have AV installed?
0
 
Mike ReedOwner, janitor, bottle washer :)Author Commented:
Yes, GPM shows under Features.  No AV is installed on the servers that this happens on.

I have it happening on Windows 2008 as well as SBS2008 servers.  In fact, I have not been able to edit GPOs for *any* Windows 2008 server.  I have installed about 5 over the last few months and never got past this issue.

Any ideas what URL GPMC would be using - so I can add it to Trusted Sites?
0
 
Mike ReedOwner, janitor, bottle washer :)Author Commented:
I don't want to be too tough on myself as I rate my own solution :)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.