[gptalk] Re: 2 GPO Issues
- From: Matt Cross <mrforklift@xxxxxxxxxxxxxxx>
- To: gptalk@xxxxxxxxxxxxx
- Date: Thu, 18 Sep 2008 10:54:07 -0400
Turns out the conflict was between activating Active Desktop/enabling
only bitmapped/specifying wallpaper and the Remove Recycle Bin from the
Desktop setting.
Matt Cross wrote:
A. In the description, I indicated that I had enabled Active Desktop,
Allow Only Bitmap wallpaper, and specified the wallpaper. In doing
that, I got the same result as having it turned off. Therefore there
is another conflict that is not obvious to me that is preventing the
Active Desktop policy from applying.
B. I will try
The system being used for testing is a clean build of XP with no
reg-hacks or local policies turned on.
Nelson, Jamie wrote:
A. Active Desktop has to be enabled to enforce a wallpaper through GPO.
B. Administrative Templates/Windows Components/Internet
Explorer/Security Features/Local Machine Zone Lockdown Security/Internet
Explorer Processes="Disabled"
Jamie Nelson | Operations Consultant | BI&T Infrastructure-Intel | Devon
Energy Corporation | Work: 405.552.8054 | Mobile: 405.200.8088 |
http://www.dvn.com
-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Matt Cross
Sent: Monday, September 15, 2008 2:39 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] 2 GPO Issues
All --
Thanks for your help on my last issue a couple of weeks ago. I am still
wrestling with the same GPO -- I have it almost complete except for
two nagging issues:
-- forcing a particular wallpaper
-- allowing ActiveX content to run from files on computer
I will break out what I have already tried for each one below.
A. Wallpaper
I have tried a number of options with this one. The GPO locks down
access to the Control Panel and any CP items with the Prohibit access to
the CP setting. Under Display, the force Windows Classic setting is
enabled. Active Desktop is disabled, as well as Disable all items
and Prohibit changes. Turning on Active Desktop, Allow only bmp
wallpaper, and specifying the file in the active desktop wallpaper
did not allow the wallpaper to be seen. Turning all of that off, and
enabling the following Registry keys in HKU\..\Control Panel\Desktop
for .DEFAULT, S-1-5-18, S-1-5-19, and S-1-5-20:
WallpaperStyle
Wallpaper
OriginalWallpaper
resulted in the wallpaper being seen at the logon splash screen, but not
once the user has logged in. I did remove the test-user profile from
the system before attempting.
B. Active Content
I turned on the Allow Active content from CDs to run on user
machines, but did not see the setting to allow it from files on the
computer. I tried putting the site in the Local Trusted Sites zone
and then telling the zone to:
Allow active content over restricted protocols
Allow scriptlets
Java permissions
Run ActiveX controls and plugins
At this point, I know I am missing something, but can't see the
forest for the trees. Any thoughts?
--
Matt Cross, MCSE: Messaging
mailto:mrforklift@xxxxxxxxxxxxxxx
***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by
logging into the freelists.org Web interface. Archives for the list are
available at http://www.freelists.org/archives/gptalk/
************************
- References:
- [gptalk] 2 GPO Issues
- From: Matt Cross
- [gptalk] Re: 2 GPO Issues
- From: Nelson, Jamie
- [gptalk] Re: 2 GPO Issues
- From: Matt Cross
Other related posts:
- » [gptalk] 2 GPO Issues
- » [gptalk] Re: 2 GPO Issues
- » [gptalk] Re: 2 GPO Issues
- » [gptalk] Re: 2 GPO Issues
B. I will tryThe system being used for testing is a clean build of XP with no reg-hacks or local policies turned on.
Nelson, Jamie wrote:
A. Active Desktop has to be enabled to enforce a wallpaper through GPO. B. Administrative Templates/Windows Components/Internet Explorer/Security Features/Local Machine Zone Lockdown Security/Internet Explorer Processes="Disabled" Jamie Nelson | Operations Consultant | BI&T Infrastructure-Intel | Devon Energy Corporation | Work: 405.552.8054 | Mobile: 405.200.8088 | http://www.dvn.com -----Original Message----- From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Matt Cross Sent: Monday, September 15, 2008 2:39 PM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] 2 GPO Issues All -- Thanks for your help on my last issue a couple of weeks ago. I am stillwrestling with the same GPO -- I have it almost complete except for two nagging issues:-- forcing a particular wallpaper -- allowing ActiveX content to run from files on computer I will break out what I have already tried for each one below. A. WallpaperI have tried a number of options with this one. The GPO locks down access to the Control Panel and any CP items with the Prohibit access tothe CP setting. Under Display, the force Windows Classic setting is enabled. Active Desktop is disabled, as well as Disable all items and Prohibit changes. Turning on Active Desktop, Allow only bmp wallpaper, and specifying the file in the active desktop wallpaper did not allow the wallpaper to be seen. Turning all of that off, and enabling the following Registry keys in HKU\..\Control Panel\Desktop for .DEFAULT, S-1-5-18, S-1-5-19, and S-1-5-20:WallpaperStyle Wallpaper OriginalWallpaper resulted in the wallpaper being seen at the logon splash screen, but notonce the user has logged in. I did remove the test-user profile from the system before attempting.B. Active ContentI turned on the Allow Active content from CDs to run on user machines, but did not see the setting to allow it from files on the computer. I tried putting the site in the Local Trusted Sites zone and then telling the zone to:Allow active content over restricted protocols Allow scriptlets Java permissions Run ActiveX controls and pluginsAt this point, I know I am missing something, but can't see the forest for the trees. Any thoughts?
- [gptalk] 2 GPO Issues
- From: Matt Cross
- [gptalk] Re: 2 GPO Issues
- From: Nelson, Jamie
- [gptalk] Re: 2 GPO Issues
- From: Matt Cross