Solved

Removing Internet Security Settings from group policy which has the 'Reset All zones to default level' disabled.

Posted on 2013-11-28
2
820 Views
Last Modified: 2014-01-15
Got myself in a pickle here...
We applied a policy change to take security settings away from users, unfortunately this was applied to the default domain policy.
The policy has been modified to remove these settings but the settings have 'tatooed' on to the machines on the network.
I have read the way forward is to set the security settings on the server the way you want and then import them into the group policy you want or to use the 'Reset all zones to default level' button but I cannot change the security settings on the server since it too is affected by the lock on security controls.

I am thinking I need to join a new Dc to the domain which won't be tatooed and use it to modify this setting?  I wondered if there is another way before I explored this path.
wonk013.jpg
0
Comment
Question by:dgloveruk
2 Comments
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 500 total points
ID: 39684570
Do this from a Windows 7 Client. Install the RSAT on a Win7 client and manage your policies this way. Change the settings on there and then apply the policy.

Make sure that your win7 machine does not have this policy applied to it, you can block inheritance or keep the PC in the computers container.

RSAT download - http://www.microsoft.com/en-ca/download/details.aspx?id=7887

Will.
0
 

Author Comment

by:dgloveruk
ID: 39705762
Thanks, managed to to fix this doing what you've said.
Regards,
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question