Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Group Policy Issue

Posted on 2011-02-23
5
Medium Priority
?
466 Views
Last Modified: 2012-05-11
Hi

We have 3 group policies configured.  1 is root on the domain, 2nd is for a proxy server (which is configured for loopback processing) for computers not users, and a third is for users only.

problem is the users only policy isnt being picked up.  i suspect this is becase of the loopback setting on the proxy policy.

an ideas?
0
Comment
Question by:CHI-LTD
  • 2
  • 2
5 Comments
 
LVL 37

Expert Comment

by:Neil Russell
ID: 34959762
How do you mean the users only policy is being picked up?
On what OU's are the policies defined? Are the policies against the right OU's for your users and your computers?
What output does an gpresult.exe /z give on a workstation?
0
 
LVL 11

Expert Comment

by:Tasmant
ID: 34959978
you should only apply loopback processing mode if necessary.
i don't think you need it here.
proxy settings have to be applied in the user part of the GPO applied to your users.
so you can delete the loopback GPO.

when applying loopback policy mode on computers, then when an user connect on, the user takes all the gpos where the computer belong, and not the user.
0
 
LVL 1

Accepted Solution

by:
CHI-LTD earned 0 total points
ID: 34996433
Had to get rid of the loopback processing as issues elsewhere.

Now using:

UserConfg-WindowsSettings-InternetExplorerMaintenance-Connection-ProxySettings (preference Mode)
Interent Explorer Maintenance set to Preference Mode.

Policy now applies to users however if the interent connection settings are changed - i.e. user disables proxy the GPO doesnt reapply on logon.
Is there any way of forcing the GPO for this IE maintenance setting?

I will then also disable the conenctions topion in GPO - but need to ensure the policy is forced/applied.

thx
0
 
LVL 11

Expert Comment

by:Tasmant
ID: 35012400
yes you can force IE part of the GPO to apply at each refresh:
Computer Configuration\Administrative Templates\System\Group Policy\Internet Explorer Maintenance policy processing
Check the "Process even if the Group Policy Objects have not changed".
This will apply the CSE "Internet Explorer Maintenance" (Client Side Extension) at each GPO background refresh, by default every 90 minutes on client computers.
0
 
LVL 1

Author Closing Comment

by:CHI-LTD
ID: 35115245
used the preference mode (per OU policy)
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question