synertia
asked on
GPO with trusted sites grayed out
Hello All:
Details: Our company has an local sharepoint site ( https://example.company.com ). We currently use SSO/ActiveSync for logon to workstations that allow users to connect automatically to Outlook for email. Now it's time to do the same with Sharepoint. I found the GPO setting to add our website to the trusted sites but now no user can add to the trusted sites.
All users using Windows 7 - 64 Bit
Problem: Trusted sites grayed out & no users can add to the trusted sites since the GPO is currently set.
GPO settings: Computer Configuration | Administrative Templates | Windows Components | Internet Explorer | Internet Control Panel | Security Page
Site to Zone Assignment List >>> https://example.company.com > Value: 2
Is there a registry key(s) I can edit for users to still add other Trusted Sites ?
Is there any other GPO settings I can manage ?
Thanks for your help. Hope I didn't lose you
Details: Our company has an local sharepoint site ( https://example.company.com ). We currently use SSO/ActiveSync for logon to workstations that allow users to connect automatically to Outlook for email. Now it's time to do the same with Sharepoint. I found the GPO setting to add our website to the trusted sites but now no user can add to the trusted sites.
All users using Windows 7 - 64 Bit
Problem: Trusted sites grayed out & no users can add to the trusted sites since the GPO is currently set.
GPO settings: Computer Configuration | Administrative Templates | Windows Components | Internet Explorer | Internet Control Panel | Security Page
Site to Zone Assignment List >>> https://example.company.com > Value: 2
Is there a registry key(s) I can edit for users to still add other Trusted Sites ?
Is there any other GPO settings I can manage ?
Thanks for your help. Hope I didn't lose you
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Remove the computer gpo and apply it thru the "Internet Explorer Maintenance" policy under User configuration.
Same issue is reported earlier
please refer this link
https://www.experts-exchange.com/questions/24135698/Group-policy-to-add-trusted-sites.html
All Credit goes to dstewartjr :)
Same issue is reported earlier
please refer this link
https://www.experts-exchange.com/questions/24135698/Group-policy-to-add-trusted-sites.html
All Credit goes to dstewartjr :)
ASKER
Well yes that is an partial solution but NOT for IE10 users.
IE10 Internet Maintenance disappears
i think I'm stuck ... unless I do it manually...
IE10 Internet Maintenance disappears
i think I'm stuck ... unless I do it manually...
I had to do this in an environment myself not to long ago.
I documented it on my own page - check out the last entry on this page:
http://www.vaderits.com/sharepoint/SitePages/SharePoint%20and%20PowerShell.aspx
I documented it on my own page - check out the last entry on this page:
http://www.vaderits.com/sharepoint/SitePages/SharePoint%20and%20PowerShell.aspx
ASKER
vaderj:
that worked great but now the issue is SSO only works for IE 64-bit. Most users in the office don't know the difference between IE 32 & 64. Any work around ?
that worked great but now the issue is SSO only works for IE 64-bit. Most users in the office don't know the difference between IE 32 & 64. Any work around ?
There is a setting in IE option under the advanced tab about passing user credentials. Do you need that in a registry setting also?
ASKER
IE 32 bit sees the 'automatic logon with current user & password' that I pushed through the GPO. but does not do the SSO.
IE 64 bit sees the 'automatic logon with current user & password' and pushes SSO to our sharepoint site.
Missing something ... ?
IE 64 bit sees the 'automatic logon with current user & password' and pushes SSO to our sharepoint site.
Missing something ... ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
event error:
Log Name: Security
Source: Microsoft-Windows-Security
Date: 6/18/2013 10:01:41 AM
Event ID: 4957
Task Category: MPSSVC Rule-Level Policy Change
Level: Information
Keywords: Audit Failure
User: N/A
Computer: ALXWK63.gbhawk.weblynx.net
Description:
Windows Firewall did not apply the following rule:
Rule Information:
ID: CoreNet-IPHTTPS-In
Name: Core Networking - IPHTTPS (TCP-In)
Error Information:
Reason: Local Port resolved to an empty set.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Se
<EventID>4957</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>13571</Task>
<Opcode>0</Opcode>
<Keywords>0x80100000000000
<TimeCreated SystemTime="2013-06-18T14:
<EventRecordID>189608</Eve
<Correlation />
<Execution ProcessID="504" ThreadID="556" />
<Channel>Security</Channel
<Computer>ALXWK63.gbhawk.w
<Security />
</System>
<EventData>
<Data Name="RuleId">CoreNet-IPHT
<Data Name="RuleName">Core Networking - IPHTTPS (TCP-In)</Data>
<Data Name="RuleAttr">Local Port</Data>
</EventData>
</Event>
Log Name: Security
Source: Microsoft-Windows-Security
Date: 6/18/2013 10:01:41 AM
Event ID: 4957
Task Category: MPSSVC Rule-Level Policy Change
Level: Information
Keywords: Audit Failure
User: N/A
Computer: ALXWK63.gbhawk.weblynx.net
Description:
Windows Firewall did not apply the following rule:
Rule Information:
ID: CoreNet-IPHTTPS-In
Name: Core Networking - IPHTTPS (TCP-In)
Error Information:
Reason: Local Port resolved to an empty set.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Se
<EventID>4957</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>13571</Task>
<Opcode>0</Opcode>
<Keywords>0x80100000000000
<TimeCreated SystemTime="2013-06-18T14:
<EventRecordID>189608</Eve
<Correlation />
<Execution ProcessID="504" ThreadID="556" />
<Channel>Security</Channel
<Computer>ALXWK63.gbhawk.w
<Security />
</System>
<EventData>
<Data Name="RuleId">CoreNet-IPHT
<Data Name="RuleName">Core Networking - IPHTTPS (TCP-In)</Data>
<Data Name="RuleAttr">Local Port</Data>
</EventData>
</Event>
ASKER
I can not keep updating the policy for every Trusted Site with all the DoD sites that users go to. Maybe that is an decision for upper management. But for now, No reg can do this through GPO >?