[gptalk] Re: Internet Explorer security flaw box pops up on redirected folder shortcut (My Documents)

  • From: "Lawson, Christian" <clawson@xxxxxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Wed, 30 May 2007 17:20:46 -0400

Into the group policy under the OU the computer exists. Setting is: User
configuration-internet explorer maintenance-security/security zones and
content ratings-security zones and privacy-trusted sites-sites


-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Washington, Booker
Sent: Wednesday, May 30, 2007 5:06 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Internet Explorer security flaw box pops up on
redirected folder shortcut (My Documents)

Into which policy (notwithstanding, reading Darren's email)

Thanks

 

-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Salandra, Justin A.
Sent: Wednesday, May 30, 2007 3:07 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Internet Explorer security flaw box pops up on
redirected folder shortcut (My Documents)

You make the changes on a computer and then import the Security settings
into the Policy and it will affect all computers.

Justin A. Salandra
MCSE Windows 2000 & 2003
Network and Technology Services Manager
Catholic Healthcare System
646.505.3681 - office
917.455.0110 - cell
jasalandra@xxxxxxxxxxx


-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Washington, Booker
Sent: Wednesday, May 30, 2007 10:04 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Internet Explorer security flaw box pops up on
redirected folder shortcut (My Documents)

Yes, I know where the setting is, local to the box, but I don't want to
have to make the change individually on each and every computer in my
environment.  I posted to this list to find out, how in Grop Policy, I
can change the settings that I need to change.

I did not make any special changes.  Just joined a new domain, and now
when I click on the My Documents shortcut, I get the pop up.  So I was
trying to determine, what about joining the new domain, did I pick up
all of a sudden that when I click on the My Docs shortcut, I get the pop
up box

Thanks.

And again, if I add the UNC path to the trusted list, everything is
fine.  So even with that work around, how could I add that through
Policy?

Thanks



 

-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of tools@xxxxxxxxxx
Sent: Tuesday, May 29, 2007 6:30 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Internet Explorer security flaw box pops up on
redirected folder shortcut (My Documents)

Booker-
I had a hard time following your report below, but my guess is that
somehow IE security zone restrictions think that something about My
Documents is unsafe. Do you have a zone restriction for the MY Computer
or Intranet zones?


-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Washington, Booker
Sent: Tuesday, May 29, 2007 2:49 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Internet Explorer security flaw box pops up on
redirected folder shortcut (My Documents)

This has to be a GPO setting, but not sure which one.
 
I have the My documents folder redirected to a network location.
 
When a user clicks on the My documents folder on the desktop, which is a
system generated shortcut, the user gets a pop up box that has in the
title of the box: Internet Explorer The contents of the box state:
This page has an unspecified potential security flaw.  Do you want to
continue.  Yes or No

Any idea why this would happen?
 
 
The only policy settings outside of the folder redirect GPO show the
following:
 
  
Print
Close
No explanation is available for this setting.
Supported On:
Not available
Default Domain Policy
Data collected on: 5/29/2007 5:33:38 PM hide all 

Generalhide
Detailshide
Domain test.domain.edu
Owner test\Domain testmins
Created 10/1/2001 2:15:58 PM
Modified 7/30/2006 8:08:30 PM
User Revisions 1 (test), 1 (sysvol)
Computer Revisions 21 (test), 21 (sysvol) Unique ID
{31B2F340-016D-11D2-945F-00C04FB984F9}
GPO Status Enabled 

Linkshide
Location Enforced Link Status Path
test No Enabled test.domain.edu 

This list only includes links in the domain of the GPO.
Security Filteringhide
The settings in this GPO can only apply to the following groups, users,
and computers:Name NT AUTHORITY\Authenticated Users 

WMI Filteringhide
WMI Filter Name None
Description Not applicable 

Delegationhide
These groups and users have the specified permission for this GPOName
Allowed Permissions Inherited test\Domain testmins Edit settings,
delete, modify security No test\Enterprise testmins Edit settings,
delete, modify security No NT AUTHORITY\Authenticated Users Retest (from
Security Filtering) No NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS Retest
No NT AUTHORITY\SYSTEM Edit settings, delete, modify security No 

Computer Configuration (Enabled)hide
Windows Settingshide
Security Settingshide
Account Policies/Password Policyhide
Policy Setting
Enforce password history 3 passwords remembered Maximum password age 90
days Minimum password age 0 days Minimum password length 7 characters
Password must meet complexity requirements Enabled Store passwords using
reversible encryption Disabled 

Account Policies/Account Lockout Policyhide Policy Setting Account
lockout threshold 0 invalid logon attempts 

Account Policies/Kerberos Policyhide
Policy Setting
Enforce user logon restrictions Enabled Maximum lifetime for service
ticket 600 minutes Maximum lifetime for user ticket 72 hours Maximum
lifetime for user ticket renewal 7 days Maximum tolerance for computer
clock synchronization 5 minutes 

Public Key Policies/Autoenrollment Settingshide Policy Setting Enroll
certificates automatically Enabled Renew expired certificates, update
pending certificates, and remove revoked certificates Disabled Update
certificates that use certificate templates Disabled 
 

Public Key Policies/Encrypting File Systemhide Propertieshide Policy
Setting Allow users to encrypt files using Encrypting File System (EFS)
Enabled 

Certificateshide
Issued To Issued By Expiration Date Intended Purposes testministrator
testministrator 9/30/2004 2:25:46 PM File Recovery 

For testditional information about individual settings, launch Group
Policy Object Editor.
Public Key Policies/Trusted Root Certification Authoritieshide
Propertieshide Policy Setting Allow users to select new root
certification authorities (CAs) to trust Enabled Client computers can
trust the following certificate stores Third-Party Root Certification
Authorities and Enterprise Root Certification Authorities To perform
certificate-based authentication of users and computers, CAs must meet
the following criteria Registered in Active Directory only 

testministrative Templateshide
System/Group Policyhide
Policy Setting
Allow Cross-Forest User Policy and Roaming User Profiles Enabled 

User Configuration (Enabled)hide
Windows Settingshide
Remote Installation Serviceshide
Client Installation Wizard optionshide
Policy Setting
Custom Setup Disabled
Restart Setup Disabled
Tools Disabled
***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR
by logging into the freelists.org Web interface. Archives for the list
are available at http://www.freelists.org/archives/gptalk/
************************

***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR
by logging into the freelists.org Web interface. Archives for the list
are available at http://www.freelists.org/archives/gptalk/
************************
***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR
by logging into the freelists.org Web interface. Archives for the list
are available at http://www.freelists.org/archives/gptalk/
************************
***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR
by logging into the freelists.org Web interface. Archives for the list
are available at http://www.freelists.org/archives/gptalk/
************************
***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR
by logging into the freelists.org Web interface. Archives for the list
are available at http://www.freelists.org/archives/gptalk/
************************
***********************
You can unsubscribe from gptalk by sending email to 
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by 
logging into the freelists.org Web interface. Archives for the list are 
available at http://www.freelists.org/archives/gptalk/
************************

Other related posts: