NBquery
asked on
GPP Item Level Targeting for OS not working - All Situations
I am trying to restrict a proxy enable key, which we use on all clients, from servers. I have just updated our library and can use "OS is not 2012r2" and of course 2008r2.
I am very familiar with ILT on GPP and have used it successfully many times. I have tried numerous combinations of the options, putting the 2 targets OS's in a collection for IS or the opposite OS's for IS NOT, have changed AND or OR and the settings come into the servers not matter what I have tried.
I have put in quite a few hours of research and cannot seem to find anything to go deeper into an issue than what I already seem to have in place and understand.
Is there any insight this forum may have to something related to this,
I am very familiar with ILT on GPP and have used it successfully many times. I have tried numerous combinations of the options, putting the 2 targets OS's in a collection for IS or the opposite OS's for IS NOT, have changed AND or OR and the settings come into the servers not matter what I have tried.
I have put in quite a few hours of research and cannot seem to find anything to go deeper into an issue than what I already seem to have in place and understand.
Is there any insight this forum may have to something related to this,
Why not? Because ILT is usually quicker and offers the same functions. Read about it here: http://evilgpo.blogspot.de/2014/11/showdown-wmi-filter-vs-item-level.html
NBquery, it could be a different problem. Is it a computer setting really, or a setting from the user configuration part of that policy? The latter would not even apply to computer objects at all.
NBquery, it could be a different problem. Is it a computer setting really, or a setting from the user configuration part of that policy? The latter would not even apply to computer objects at all.
Two stupid questions...
1)I you sure the workstations are applying the updated policy?
2) Can the policy be process without a ILT filter?
1)I you sure the workstations are applying the updated policy?
2) Can the policy be process without a ILT filter?
ASKER
Thank you all for the comments.
David, I have used WMI in the past, but I would just prefer to use an available preference item for other people's usage and transparency - let alone it is built in.
McKinfe - I never thought to consider the computer configuration implication or have had the opportunity to read about it only applying to computer configurations. This is actually a user proxy setting for our web filtering, and since the client is not on the servers, I thought to use this for the clean usage for users on servers.
Compdigit44 - Yes I am certain, when the proxy gets enabled via GPP reg key entry, it disables internet explorer's ability to connect to the internet on the server (I watch the key get updated).
David, I guess WMI has to be a consideration at this point.
I appreciate the articles provided and will do some reading on them now.
David, I have used WMI in the past, but I would just prefer to use an available preference item for other people's usage and transparency - let alone it is built in.
McKinfe - I never thought to consider the computer configuration implication or have had the opportunity to read about it only applying to computer configurations. This is actually a user proxy setting for our web filtering, and since the client is not on the servers, I thought to use this for the clean usage for users on servers.
Compdigit44 - Yes I am certain, when the proxy gets enabled via GPP reg key entry, it disables internet explorer's ability to connect to the internet on the server (I watch the key get updated).
David, I guess WMI has to be a consideration at this point.
I appreciate the articles provided and will do some reading on them now.
To be sure: please name the registry key that you are changing.
This one: HKEY_CURRENT_USER\Software \Microsoft \Windows\C urrentVers ion\Intern et Settings
Key: "ProxyEnable" ? Then it's a user policy.
This one: HKEY_CURRENT_USER\Software
Key: "ProxyEnable" ? Then it's a user policy.
ASKER
I have been reading more, it does not seem to say anywhere that OS ILT does not apply to User items.. I have even read some articles that point to using OS ILT on User items as examples.
To that, I would like to know where I might read that it is not possible since everything I am seeing is to the contrary.
To that, I would like to know where I might read that it is not possible since everything I am seeing is to the contrary.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Do me a favor, I'd like to know
1 if it was originally configured in the user config or in the computer config part
2 what registry key it was
knowing this, I'll be able to explain why you had to use loopback mode.
1 if it was originally configured in the user config or in the computer config part
2 what registry key it was
knowing this, I'll be able to explain why you had to use loopback mode.
I know an curious to know how the policy was originally configured..
ASKER
Originally, there was simply a User GPP for a registry addition that was created from the wizard without specifying any ILT. It contained three entries for proxy; ProxyServer, ProxyOverride, and ProxyEnable.
I wanted to only ILT OS on the Proxy Enable key, just to have this not apply to our Server 2008r2 Family and Server 2012r2 Family as to not turn on Proxy.
I wanted to only ILT OS on the Proxy Enable key, just to have this not apply to our Server 2008r2 Family and Server 2012r2 Family as to not turn on Proxy.
ASKER
The comments provided by the other members were incomplete and though factually true, there was a way around it. I persisted with finding a solution since by all accounts, I could not verify what they were saying was true or not. In the end, I found a way to resolve it, as I always do.
See my article on WMI filtering