Reset IE8 Homepage via Group Policy
Hello,
We are on windows server 2008 Active Directory, windows XP clients running IE 8. I am trying to reset all client machine's homepage setting to company intranet site and prevent them from changing it. And trying to accomplish this via group policy.
So far I have created a custom GPO (from starter GPOs) and enabled "disable changing home page setting" and input the home page address. Created a new OU and made a test PC member of that OU. Link the new GPO to that OU and and it is enforced/enabled. I have refreshed the group policy (gpupdate /force) on the test PC. And...still nothing. No effect on IT setting. I need some advise on what am I missing/doing wrong. Your input is appreciated.
Regards,
Chaz
We are on windows server 2008 Active Directory, windows XP clients running IE 8. I am trying to reset all client machine's homepage setting to company intranet site and prevent them from changing it. And trying to accomplish this via group policy.
So far I have created a custom GPO (from starter GPOs) and enabled "disable changing home page setting" and input the home page address. Created a new OU and made a test PC member of that OU. Link the new GPO to that OU and and it is enforced/enabled. I have refreshed the group policy (gpupdate /force) on the test PC. And...still nothing. No effect on IT setting. I need some advise on what am I missing/doing wrong. Your input is appreciated.
Regards,
Chaz
Steven Carnahan
Take a look at this thread: https://www.experts-exchange.com/questions/26331361/IE-Home-page-and-Group-Policies-Windows-server-2008R2.html
The easiest way to do it is to use Group Policy Preferences. In order to get the IE8 group policy preference options you will need a Windows 7 or Windows 2008 R2 server joined to your domain. If you have a Windows 7 machine on the domain you can add the Group Policy Management .msc to that computer and make the changes on that machine.
Group Policy Preferences are really cool, you can set any setting in Internet Explorer for the users including the homepage.
For Windows XP to be able to read Group Policy Preferences you will need to have them all on SP3.
Group Policy Preferences are really cool, you can set any setting in Internet Explorer for the users including the homepage.
For Windows XP to be able to read Group Policy Preferences you will need to have them all on SP3.
ASKER
pony/iversion,
I took a look at GP preferences. I do not see option for IE8 (IE 5,6 and 7 only). All our client side windows XP boxes are running IE8 and SP3. We do not have win 7 or 2008 R2. Am I out of luck?
I took a look at GP preferences. I do not see option for IE8 (IE 5,6 and 7 only). All our client side windows XP boxes are running IE8 and SP3. We do not have win 7 or 2008 R2. Am I out of luck?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Pony,
Home page setting is done. (there is one more setting under URL which is called Important URL). Under which Customize Hope page URL is checked and URL address is input.
I don't see the lock option under internet control panel - I do have the setting enabled under User Config > Admin template > windows component and "disable changing home page setting". The PC on which I am testing this policy is in OU where this GPO is linked. Thus far no effect. I am wondering if I have to do anything under security filtering (within GMPC console). By default "authenticated users" is in it.
Thanks for your response
Home page setting is done. (there is one more setting under URL which is called Important URL). Under which Customize Hope page URL is checked and URL address is input.
I don't see the lock option under internet control panel - I do have the setting enabled under User Config > Admin template > windows component and "disable changing home page setting". The PC on which I am testing this policy is in OU where this GPO is linked. Thus far no effect. I am wondering if I have to do anything under security filtering (within GMPC console). By default "authenticated users" is in it.
Thanks for your response
Check the inheritance and order of GPO's applied. Since this is a user setting the ou of the computer shouldn't really matter. The policy needs to apply to the user ou.
On the client that you are testing the settings with open a command prompt. type gpresult /h gpresult.html Whatever directory you are in will save a file called gpresult.html. This will show you if the policy is getting applied or denied because of permissions. Once the command is complete go open the html file through windows explorer and see what is going on.
You don't have to have Windows 7 or Server 2008 R2 to set the homepage. You can using the URL and disable changing homepage setting like you are doing but it is just a little easier with the group policy preferences.
You don't have to have Windows 7 or Server 2008 R2 to set the homepage. You can using the URL and disable changing homepage setting like you are doing but it is just a little easier with the group policy preferences.
ASKER
Here is the result of gpresult.
Under applied GPOs, I see both "defualt domain policy" and the custom GPO I created. Under revision, for default domain policy, the revesion is AD(21) Sysvol (21) and for custom GPO AD (1) Sysvol (1). This is just something I observed and don't know if it has anything to do with it.
In GPMC the custom GPO has #1 precedence and default domain policy has #2.
I see all the settings from default domain policy but not the one from custom GPO (does not show up at all). Although, under gpmc, the setting is there.
Under applied GPOs, I see both "defualt domain policy" and the custom GPO I created. Under revision, for default domain policy, the revesion is AD(21) Sysvol (21) and for custom GPO AD (1) Sysvol (1). This is just something I observed and don't know if it has anything to do with it.
In GPMC the custom GPO has #1 precedence and default domain policy has #2.
I see all the settings from default domain policy but not the one from custom GPO (does not show up at all). Although, under gpmc, the setting is there.
Does your GPO show up under applied policy or denied policy? You might have to hit show all to expand and see this part. It should be at the top under summary though.
ASKER
Ok I wiped the existing GPO and started another one and now I am getting somewhat different gpresult. Clearly it says it is not applied this time. Following is the gpresult on windows XP box
COMPUTER SETTINGS
------------------
CN=XXXXX12,OU=PCs_HomePage
Last time Group Policy was applied: 3/8/2011 at 4:52:28 PM
Group Policy was applied from: XXXXXX.LOCAL
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
--------------------------
Default Domain Policy
The following GPOs were not applied because they were filtered out
--------------------------
HomePage
Filtering: Not Applied (Empty)
Local Group Policy
Filtering: Not Applied (Empty)
The computer is a part of the following security groups:
--------------------------
BUILTIN\Administrators
Everyone
BUILTIN\Users
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
XXXXXX$
Domain Computers
USER SETTINGS
--------------
CN=XXXXXX,OU=Active Accounts,OU=XXXX,DC=XXXX,D
Last time Group Policy was applied: 3/8/2011 at 4:52:28 PM
Group Policy was applied from: XXXXX.LOCAL
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
--------------------------
N/A
The following GPOs were not applied because they were filtered out
--------------------------
Default Domain Policy
Filtering: Not Applied (Empty)
Local Group Policy
Filtering: Not Applied (Empty)
The user is a part of the following security groups:
--------------------------
Domain Users
Everyone
BUILTIN\Users
BUILTIN\Administrators
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
LOCAL
Domain Admins
Exchange Organization Administrators
Exchange View-Only Administrators
Exchange Recipient Administrators
Executive
VPNUsers
QBUsers
Exchange Public Folder Administrators
Denied RODC Password Replication Group
COMPUTER SETTINGS
------------------
CN=XXXXX12,OU=PCs_HomePage
Last time Group Policy was applied: 3/8/2011 at 4:52:28 PM
Group Policy was applied from: XXXXXX.LOCAL
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
--------------------------
Default Domain Policy
The following GPOs were not applied because they were filtered out
--------------------------
HomePage
Filtering: Not Applied (Empty)
Local Group Policy
Filtering: Not Applied (Empty)
The computer is a part of the following security groups:
--------------------------
BUILTIN\Administrators
Everyone
BUILTIN\Users
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
XXXXXX$
Domain Computers
USER SETTINGS
--------------
CN=XXXXXX,OU=Active Accounts,OU=XXXX,DC=XXXX,D
Last time Group Policy was applied: 3/8/2011 at 4:52:28 PM
Group Policy was applied from: XXXXX.LOCAL
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
--------------------------
N/A
The following GPOs were not applied because they were filtered out
--------------------------
Default Domain Policy
Filtering: Not Applied (Empty)
Local Group Policy
Filtering: Not Applied (Empty)
The user is a part of the following security groups:
--------------------------
Domain Users
Everyone
BUILTIN\Users
BUILTIN\Administrators
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
LOCAL
Domain Admins
Exchange Organization Administrators
Exchange View-Only Administrators
Exchange Recipient Administrators
Executive
VPNUsers
QBUsers
Exchange Public Folder Administrators
Denied RODC Password Replication Group
Your right. Nothing applied to the user policy:
Something to check is that your replication is working. On the machine that says Group Policy was applied from XXXXX.LOCAL... is that the machine you set the GP on? (copied your gpresult to check below)
USER SETTINGS
--------------
CN=XXXXXX,OU=Active Accounts,OU=XXXX,DC=XXXX,D
Last time Group Policy was applied: 3/8/2011 at 4:52:28 PM
Group Policy was applied from: XXXXX.LOCAL
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
--------------------------
N/A
I know this will work because the configuration you are trying to do is how I have mine currently setup. You will just have to dig as to why it isn't applying:
- Check to make sure link is enabled.
- Check to make sure your users are in the appropriate OU to receive this policy
- Check to make sure users have permission to receive the policy (typically security is defaulted to authenticated users which should be fine)
Something to check is that your replication is working. On the machine that says Group Policy was applied from XXXXX.LOCAL... is that the machine you set the GP on? (copied your gpresult to check below)
USER SETTINGS
--------------
CN=XXXXXX,OU=Active Accounts,OU=XXXX,DC=XXXX,D
Last time Group Policy was applied: 3/8/2011 at 4:52:28 PM
Group Policy was applied from: XXXXX.LOCAL
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
--------------------------
N/A
I know this will work because the configuration you are trying to do is how I have mine currently setup. You will just have to dig as to why it isn't applying:
- Check to make sure link is enabled.
- Check to make sure your users are in the appropriate OU to receive this policy
- Check to make sure users have permission to receive the policy (typically security is defaulted to authenticated users which should be fine)
ASKER
No issues with replication and the policy is applied from the same DC where GP is applied.
Now here is the thing, the OU where this policy is linked has computer objects, not user accounts. That should be fine - becasue each computers that are member of this OU should have this policy applied. That is not happening. I ended up dragging my user account to this OU, and all of a sudden it works, just for my user account that is. So now this policy is applied to whichever machine I log into (which is not really the result I was trying to achieve).
Under security filtering, I have "this settings can be applied to.....authenticated users group" which is by default. And both user Objects and Computer objects are part of the NT AUTHORITY/Authenticated users group. So I don't think filtering should cause this issue.
The bottom line now is the policy is applied to user objects but not computer objects.
gpresult
COMPUTER SETTINGS
------------------
CN=V-XXXX,OU=PCs_HomePageG
Last time Group Policy was applied: 3/10/2011 at 9:11:12 AM
Group Policy was applied from: XXXXXXX.LOCAL
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
--------------------------
Default Domain Policy
The following GPOs were not applied because they were filtered out
--------------------------
HomePage
Filtering: Not Applied (Empty)
Local Group Policy
Filtering: Not Applied (Empty)
The computer is a part of the following security groups:
--------------------------
BUILTIN\Administrators
Everyone
NT AUTHORITY\Authenticated Users
USER SETTINGS
--------------
CN=XXXXXX,OU=PCs_HomePageG
Last time Group Policy was applied: 3/10/2011 at 9:09:58 AM
Group Policy was applied from: XXXXXX.LOCAL
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
--------------------------
HomePage
The following GPOs were not applied because they were filtered out
--------------------------
Default Domain Policy
Filtering: Not Applied (Empty)
Local Group Policy
Filtering: Not Applied (Empty)
The user is a part of the following security groups:
--------------------------
Domain Users
Everyone
BUILTIN\Users
BUILTIN\Administrators
REMOTE INTERACTIVE LOGON
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
LOCAL
Domain Admins
Exchange Organization Administrators
Exchange View-Only Administrators
Exchange Recipient Administrators
Enterprise Admins
Exchange Public Folder Administrators
Denied RODC Password Replication Group
Now here is the thing, the OU where this policy is linked has computer objects, not user accounts. That should be fine - becasue each computers that are member of this OU should have this policy applied. That is not happening. I ended up dragging my user account to this OU, and all of a sudden it works, just for my user account that is. So now this policy is applied to whichever machine I log into (which is not really the result I was trying to achieve).
Under security filtering, I have "this settings can be applied to.....authenticated users group" which is by default. And both user Objects and Computer objects are part of the NT AUTHORITY/Authenticated users group. So I don't think filtering should cause this issue.
The bottom line now is the policy is applied to user objects but not computer objects.
gpresult
COMPUTER SETTINGS
------------------
CN=V-XXXX,OU=PCs_HomePageG
Last time Group Policy was applied: 3/10/2011 at 9:11:12 AM
Group Policy was applied from: XXXXXXX.LOCAL
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
--------------------------
Default Domain Policy
The following GPOs were not applied because they were filtered out
--------------------------
HomePage
Filtering: Not Applied (Empty)
Local Group Policy
Filtering: Not Applied (Empty)
The computer is a part of the following security groups:
--------------------------
BUILTIN\Administrators
Everyone
NT AUTHORITY\Authenticated Users
USER SETTINGS
--------------
CN=XXXXXX,OU=PCs_HomePageG
Last time Group Policy was applied: 3/10/2011 at 9:09:58 AM
Group Policy was applied from: XXXXXX.LOCAL
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
--------------------------
HomePage
The following GPOs were not applied because they were filtered out
--------------------------
Default Domain Policy
Filtering: Not Applied (Empty)
Local Group Policy
Filtering: Not Applied (Empty)
The user is a part of the following security groups:
--------------------------
Domain Users
Everyone
BUILTIN\Users
BUILTIN\Administrators
REMOTE INTERACTIVE LOGON
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
LOCAL
Domain Admins
Exchange Organization Administrators
Exchange View-Only Administrators
Exchange Recipient Administrators
Enterprise Admins
Exchange Public Folder Administrators
Denied RODC Password Replication Group
That makes sense because this is a user setting not a computer setting. The computers wouldn't get it applied even though they are in the OU.
You may have to make a new OU or apply this policy to existing OU's with users in them. That should solve your problem. Also to make it easier for your testing you should use the GP Modeling Wizard that comes with the new Group Policy Management Console on Server 2008. This way you can see what policies would apply without having to log in and log out and before you affect large groups of people. This tool is at the bottom of the Group Policy Management Console.
You may have to make a new OU or apply this policy to existing OU's with users in them. That should solve your problem. Also to make it easier for your testing you should use the GP Modeling Wizard that comes with the new Group Policy Management Console on Server 2008. This way you can see what policies would apply without having to log in and log out and before you affect large groups of people. This tool is at the bottom of the Group Policy Management Console.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Chaz,
Please reference my comment: ID: 35040804. This setting is a User setting and as such won't apply to a computer. It is stored in the user profile so that different users can have different home pages on the same computer.
Therefore you are correct that it will "follow" the user instead of applying to a specific computer only. To apply it to a single computer requires the setting be made in the local profile for that computer. If you are using roaming profiles then this will not work either.
Please reference my comment: ID: 35040804. This setting is a User setting and as such won't apply to a computer. It is stored in the user profile so that different users can have different home pages on the same computer.
Therefore you are correct that it will "follow" the user instead of applying to a specific computer only. To apply it to a single computer requires the setting be made in the local profile for that computer. If you are using roaming profiles then this will not work either.
ASKER
Ok I enabled the lookback processing with merge and bingo! This has been the answer to my question all along. Will remember this one for a while. Thanks a lot!
Great! Glad it is working.