Solved

Group Policy Issue

Posted on 2011-02-23
5
448 Views
Last Modified: 2012-05-11
Hi

We have 3 group policies configured.  1 is root on the domain, 2nd is for a proxy server (which is configured for loopback processing) for computers not users, and a third is for users only.

problem is the users only policy isnt being picked up.  i suspect this is becase of the loopback setting on the proxy policy.

an ideas?
0
Comment
Question by:CHI-LTD
  • 2
  • 2
5 Comments
 
LVL 37

Expert Comment

by:Neil Russell
ID: 34959762
How do you mean the users only policy is being picked up?
On what OU's are the policies defined? Are the policies against the right OU's for your users and your computers?
What output does an gpresult.exe /z give on a workstation?
0
 
LVL 11

Expert Comment

by:Tasmant
ID: 34959978
you should only apply loopback processing mode if necessary.
i don't think you need it here.
proxy settings have to be applied in the user part of the GPO applied to your users.
so you can delete the loopback GPO.

when applying loopback policy mode on computers, then when an user connect on, the user takes all the gpos where the computer belong, and not the user.
0
 
LVL 1

Accepted Solution

by:
CHI-LTD earned 0 total points
ID: 34996433
Had to get rid of the loopback processing as issues elsewhere.

Now using:

UserConfg-WindowsSettings-InternetExplorerMaintenance-Connection-ProxySettings (preference Mode)
Interent Explorer Maintenance set to Preference Mode.

Policy now applies to users however if the interent connection settings are changed - i.e. user disables proxy the GPO doesnt reapply on logon.
Is there any way of forcing the GPO for this IE maintenance setting?

I will then also disable the conenctions topion in GPO - but need to ensure the policy is forced/applied.

thx
0
 
LVL 11

Expert Comment

by:Tasmant
ID: 35012400
yes you can force IE part of the GPO to apply at each refresh:
Computer Configuration\Administrative Templates\System\Group Policy\Internet Explorer Maintenance policy processing
Check the "Process even if the Group Policy Objects have not changed".
This will apply the CSE "Internet Explorer Maintenance" (Client Side Extension) at each GPO background refresh, by default every 90 minutes on client computers.
0
 
LVL 1

Author Closing Comment

by:CHI-LTD
ID: 35115245
used the preference mode (per OU policy)
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

As network administrators; we know how hard it is to track user’s login/logout using security event log (BTW it is harder now in windows 2008 because user name is always “N/A” in the grid), and most of us either get 3rd party tools, or just make our…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now