Solved

Reset IE8 Homepage via Group Policy

Posted on 2011-03-04
17
1,203 Views
Last Modified: 2012-05-11
Hello,
We are on windows server 2008 Active Directory, windows XP clients running IE 8. I am trying to reset all client machine's homepage setting to company intranet site and prevent them from changing it. And trying to accomplish this via group policy.

So far I have created a custom GPO (from starter GPOs) and enabled "disable changing home page setting" and input the home page address. Created a new OU and made a test PC member of that OU. Link the new GPO to that OU and and it is enforced/enabled. I have refreshed the group policy (gpupdate /force) on the test PC. And...still nothing. No effect on IT setting. I need some advise on what am I missing/doing wrong. Your input is appreciated.

Regards,
Chaz
0
Comment
Question by:Chaz_P
  • 7
  • 6
  • 4
17 Comments
 
LVL 26

Expert Comment

by:pony10us
ID: 35040299
0
 
LVL 2

Expert Comment

by:ivarson408
ID: 35040318
The easiest way to do it is to use Group Policy Preferences. In order to get the IE8 group policy preference options you will need a Windows 7 or Windows 2008 R2 server joined to your domain. If you have a Windows 7 machine on the domain you can add the Group Policy Management .msc to that computer and make the changes on that machine.

Group Policy Preferences are really cool, you can set any setting in Internet Explorer for the users including the homepage.

For Windows XP to be able to read Group Policy Preferences you will need to have them all on SP3.
0
 

Author Comment

by:Chaz_P
ID: 35040479
pony/iversion,

I took a look at GP preferences. I do not see option for IE8 (IE 5,6 and 7 only). All our client side windows XP boxes are running IE8 and SP3. We do not have win 7 or 2008 R2. Am I out of luck?
0
 
LVL 26

Assisted Solution

by:pony10us
pony10us earned 50 total points
ID: 35040559
Are you making the changes in the following locations:

home page

User Configuration
  Windows Settings
    Internet Explorer Maintenance
      URL's

and

lock

User Configuration
  Administrative Templates
    Windows Components
      Internet Control Panel
0
 

Author Comment

by:Chaz_P
ID: 35040782
Pony,
 
Home page setting is done. (there is one more setting under URL which is called Important URL). Under which Customize Hope page URL is checked and URL address is input.

I don't see the lock option under internet control panel - I do have the setting enabled under User Config > Admin template > windows component and "disable changing home page setting". The PC on which I am testing this policy is in OU where this GPO is linked. Thus far no effect. I am wondering if I have to do anything under security filtering (within GMPC console). By default "authenticated users" is in it.

Thanks for your response

0
 
LVL 26

Expert Comment

by:pony10us
ID: 35040804
Check the inheritance and order of GPO's applied. Since this is a user setting the ou of the computer shouldn't really matter.  The policy needs to apply to the user ou.
0
 
LVL 2

Expert Comment

by:ivarson408
ID: 35044213
On the client that you are testing the settings with open a command prompt. type gpresult /h gpresult.html Whatever directory you are in will save a file called gpresult.html. This will show you if the policy is getting applied or denied because of permissions. Once the command is complete go open the html file through windows explorer and see what is going on.

You don't have to have Windows 7 or Server 2008 R2 to set the homepage. You can using the URL and disable changing homepage setting like you are doing but it is just a little easier with the group policy preferences.
0
 

Author Comment

by:Chaz_P
ID: 35072589
Here is the result of gpresult.

Under applied GPOs, I see both "defualt domain policy" and the custom GPO I created. Under revision, for default domain policy, the revesion is AD(21) Sysvol (21) and for custom GPO AD (1) Sysvol (1). This is just something I observed and don't know if it has anything to do with it.

In GPMC the custom GPO has #1 precedence and default domain policy has #2.

I see all the settings from default domain policy but not the one from custom GPO (does not show up at all). Although, under gpmc, the setting is there.
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 2

Expert Comment

by:ivarson408
ID: 35073882
Does your GPO show up under applied policy or denied policy? You might have to hit show all to expand and see this part. It should be at the top under summary though.
0
 

Author Comment

by:Chaz_P
ID: 35074331
Ok I wiped the existing GPO and started another one and now I am getting somewhat different gpresult. Clearly it says it is not applied this time. Following is the gpresult on windows XP box

COMPUTER SETTINGS
------------------
    CN=XXXXX12,OU=PCs_HomePageGP,DC=XXXX,DC=LOCAL
    Last time Group Policy was applied: 3/8/2011 at 4:52:28 PM
    Group Policy was applied from:      XXXXXX.LOCAL
    Group Policy slow link threshold:   500 kbps

    Applied Group Policy Objects
    -----------------------------
        Default Domain Policy

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        HomePage
            Filtering:  Not Applied (Empty)

        Local Group Policy
            Filtering:  Not Applied (Empty)

    The computer is a part of the following security groups:
    --------------------------------------------------------
        BUILTIN\Administrators
        Everyone
        BUILTIN\Users
        NT AUTHORITY\NETWORK
        NT AUTHORITY\Authenticated Users
        XXXXXX$
        Domain Computers


USER SETTINGS
--------------
    CN=XXXXXX,OU=Active Accounts,OU=XXXX,DC=XXXX,DC=LOCAL
    Last time Group Policy was applied: 3/8/2011 at 4:52:28 PM
    Group Policy was applied from:      XXXXX.LOCAL
    Group Policy slow link threshold:   500 kbps

    Applied Group Policy Objects
    -----------------------------
        N/A

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Default Domain Policy
            Filtering:  Not Applied (Empty)

        Local Group Policy
            Filtering:  Not Applied (Empty)

    The user is a part of the following security groups:
    ----------------------------------------------------
        Domain Users
        Everyone
        BUILTIN\Users
        BUILTIN\Administrators
        NT AUTHORITY\INTERACTIVE
        NT AUTHORITY\Authenticated Users
        LOCAL
        Domain Admins
        Exchange Organization Administrators
        Exchange View-Only Administrators
        Exchange Recipient Administrators
        Executive
        VPNUsers
        QBUsers
        Exchange Public Folder Administrators
        Denied RODC Password Replication Group

0
 
LVL 2

Expert Comment

by:ivarson408
ID: 35087194
Your right. Nothing applied to the user policy:

Something to check is that your replication is working. On the machine that says Group Policy was applied from XXXXX.LOCAL... is that the machine you set the GP on? (copied your gpresult to check below)

USER SETTINGS
--------------
    CN=XXXXXX,OU=Active Accounts,OU=XXXX,DC=XXXX,DC=LOCAL
    Last time Group Policy was applied: 3/8/2011 at 4:52:28 PM
    Group Policy was applied from:      XXXXX.LOCAL
    Group Policy slow link threshold:   500 kbps

    Applied Group Policy Objects
    -----------------------------
        N/A

I know this will work because the configuration you are trying to do is how I have mine currently setup. You will just have to dig as to why it isn't applying:

- Check to make sure link is enabled.
- Check to make sure your users are in the appropriate OU to receive this policy
- Check to make sure users have permission to receive the policy (typically security is defaulted to authenticated users which should be fine)

0
 

Author Comment

by:Chaz_P
ID: 35095043
No issues with replication and the policy is applied from the same DC where GP is applied.

Now here is the thing, the OU where this policy is linked has computer objects, not user accounts. That should be fine - becasue each computers that are member of this OU should have this policy applied. That is not happening. I ended up dragging my user account to this OU, and all of a sudden it works, just for my user account that is. So now this policy is applied to whichever machine I log into (which is not really the result I was trying to achieve).

Under security filtering, I have "this settings can be applied to.....authenticated users group" which is by default. And both user Objects and Computer objects are part of the NT AUTHORITY/Authenticated users group. So I don't think filtering should cause this issue.

The bottom line now is the policy is applied to user objects but not computer objects.

gpresult
COMPUTER SETTINGS
------------------
    CN=V-XXXX,OU=PCs_HomePageGP,DC=XXXX,DC=LOCAL
    Last time Group Policy was applied: 3/10/2011 at 9:11:12 AM
    Group Policy was applied from:      XXXXXXX.LOCAL
    Group Policy slow link threshold:   500 kbps

    Applied Group Policy Objects
    -----------------------------
        Default Domain Policy

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        HomePage
            Filtering:  Not Applied (Empty)

        Local Group Policy
            Filtering:  Not Applied (Empty)

    The computer is a part of the following security groups:
    --------------------------------------------------------
        BUILTIN\Administrators
        Everyone
        NT AUTHORITY\Authenticated Users

USER SETTINGS
--------------
    CN=XXXXXX,OU=PCs_HomePageGP,DC=XXXX,DC=LOCAL
    Last time Group Policy was applied: 3/10/2011 at 9:09:58 AM
    Group Policy was applied from:      XXXXXX.LOCAL
    Group Policy slow link threshold:   500 kbps

    Applied Group Policy Objects
    -----------------------------
        HomePage

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Default Domain Policy
            Filtering:  Not Applied (Empty)

        Local Group Policy
            Filtering:  Not Applied (Empty)

    The user is a part of the following security groups:
    ----------------------------------------------------
        Domain Users
        Everyone
        BUILTIN\Users
        BUILTIN\Administrators
        REMOTE INTERACTIVE LOGON
        NT AUTHORITY\INTERACTIVE
        NT AUTHORITY\Authenticated Users
        LOCAL
        Domain Admins
        Exchange Organization Administrators
        Exchange View-Only Administrators
        Exchange Recipient Administrators
        Enterprise Admins
        Exchange Public Folder Administrators
        Denied RODC Password Replication Group
0
 
LVL 2

Expert Comment

by:ivarson408
ID: 35095549
That makes sense because this is a user setting not a computer setting. The computers wouldn't get it applied even though they are in the OU.

You may have to make a new OU or apply this policy to existing OU's with users in them. That should solve your problem. Also to make it easier for your testing you should use the GP Modeling Wizard that comes with the new Group Policy Management Console on Server 2008. This way you can see what policies would apply without having to log in and log out and before you affect large groups of people. This tool is at the bottom of the Group Policy Management Console.
0
 
LVL 2

Accepted Solution

by:
ivarson408 earned 450 total points
ID: 35095662
Actually I may have mispoke. I think you can have that policy in the computer OU you just need to enable the loopback policy. We have ours in replace mode but you may want to use merge if you have other user settings applied from other GPOs.

This explains loopback mode: http://support.microsoft.com/kb/231287

0
 
LVL 26

Expert Comment

by:pony10us
ID: 35095967
Chaz,

Please reference my comment:   ID: 35040804.  This setting is a User setting and as such won't apply to a computer. It is stored in the user profile so that different users can have different home pages on the same computer.

 Therefore you are correct that it will "follow" the user instead of applying to a specific computer only.  To apply it to a single computer requires the setting be made in the local profile for that computer. If you are using roaming profiles then this will not work either.
0
 

Author Closing Comment

by:Chaz_P
ID: 35096754
Ok I enabled the lookback processing with merge and bingo! This has been the answer to my question all along. Will remember this one for a while. Thanks a lot!
0
 
LVL 2

Expert Comment

by:ivarson408
ID: 35096970
Great! Glad it is working.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
by Nathan Brom/Bromy2004 Introduction There are numerous websites out there for any different type of program you can imagine.  Of those, you'll need to decide which ones are legitimate and aren't trying to steal your money or infect your comput…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now