[gptalk] Re: Site to Zone Assignment locks all zones

  • From: "Alan & Margaret" <syspro@xxxxxxxxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Fri, 21 Nov 2008 11:06:33 +1100

Hi Darren,

 

I agree that Group Preferences are good, but ADM files have the advantage of
making it less technical. An Administrator can understand “Add ?? to the
trusted site list” easier than remembering the actual registry key. Also ADM
templates encourage a better level of documentation and structure.

 

As to speed, I can create an ADM template for a couple of keys within a
couple of minutes. Most of the work is finding out the Registry key
required.

 

Of course ADM templates are most useful when you want the same think in
multiple policies.

 

Alan Cuthbertson

 

 

 Policy Management Software (Now with ADMX and Preference support):-

http://www.sysprosoft.com/index.php?ref=activedir
<http://www.sysprosoft.com/index.php?ref=activedir&f=pol_summary.shtml>
&f=pol_summary.shtml

 

ADM Template Editor(Now with ADMX support):-

http://www.sysprosoft.com/index.php?ref=activedir
<http://www.sysprosoft.com/index.php?ref=activedir&f=adm_summary.shtml>
&f=adm_summary.shtml

 

Policy Log Reporter – including Preference logging(Free)

http://www.sysprosoft.com/index.php?ref=activedir
<http://www.sysprosoft.com/index.php?ref=activedir&f=policyreporter.shtml>
&f=policyreporter.shtml

 

 

 

 

  _____  

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Darren Mar-Elia
Sent: Friday, 21 November 2008 8:29 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Site to Zone Assignment locks all zones

 

Or by the same token, it would be very simple to use GP Preferences registry
extensions to do this. Frankly, if you have GP Prefs. in your environment, I
don’t see a lot of value in continuing to use custom ADMs when GP Prefs. is
simpler and quicker. 

 

Darren

 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Alan & Margaret
Sent: Thursday, November 20, 2008 1:27 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Site to Zone Assignment locks all zones

 

Hi,

 

The alternative is to write your own ADM file that creates the registry keys
that you want. They all sit under 

 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap

 

I have attached a sample file. You could set it up to either add specific
sites or delete sites that you don't want users to add.

 

(Note: I haven't actually tested that it works...)

 

Alan Cuthbertson

 

 

 Policy Management Software (Now with ADMX and Preference support):-

http://www.sysprosoft.com/index.php?ref=activedir
<http://www.sysprosoft.com/index.php?ref=activedir&f=pol_summary.shtml>
&f=pol_summary.shtml

 

ADM Template Editor(Now with ADMX support):-

http://www.sysprosoft.com/index.php?ref=activedir
<http://www.sysprosoft.com/index.php?ref=activedir&f=adm_summary.shtml>
&f=adm_summary.shtml

 

Policy Log Reporter – including Preference logging(Free)

http://www.sysprosoft.com/index.php?ref=activedir
<http://www.sysprosoft.com/index.php?ref=activedir&f=policyreporter.shtml>
&f=policyreporter.shtml

 

 

 

 

 

-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Øyvind Sørbye
Sent: Friday, 21 November 2008 5:56 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Site to Zone Assignment locks all zones

 

Hmm, Maintenance policy, i feared that :-) I have never properly understood

that part of Group Policies. When opening "Security Zones and Content

Ratings" it imports all IE-setting from my computer and presets _all_

settings for my users. But I don't want to configure all settings in all

zones, I only wont to configure a few settings. Most of the settings will I

leave to the users to choose. Maintenance policy is in some sense not a

"true" policy, because you can't choose to _not_ configure a value. Or is

there a way to achieve this with Maintenance policy?

 

>-----Original Message-----

>From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]

>On Behalf Of Darren Mar-Elia

>Sent: 20. november 2008 16:19

>To: gptalk@xxxxxxxxxxxxx

>Subject: [gptalk] Re: Site to Zone Assignment locks all zones

> 

>Øyvind-

>Welcome to the list! In order to do this non-exclusively, you need to

>use the Site mapping feature in IE Maintenance policy instead of the one

>in Admin Templates. The locking feature is expected behavior for this

>policy.

> 

>Darren

> 

>-----Original Message-----

>From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]

>On Behalf Of Øyvind Sørbye

>Sent: Wednesday, November 19, 2008 11:27 PM

>To: gptalk@xxxxxxxxxxxxx

>Subject: [gptalk] Site to Zone Assignment locks all zones

> 

>Hi everybody!

> 

>I am setting up policies for IE7, and I want to assign some websites to

>the Intranet Zone. I'm using the following Group Policy setting:

> 

>User Configuration:

>-Administrative Templates

>  -Windows Components/Internet Explorer/Internet Control Panel/Security

>Page/Internet Zone

>    -Site to Zone Assignment List

> 

>The websites are given the value of 1, and then they are added to the

>intranet zone on the client computers. So far, so good. But when I use

>this setting, _all_ zones in IE7 is locked down for the users. I want my

>users to be able to add sites to the Trusted Sites zone, but this "Site

>to Zone Assignment"-setting locks all zones.

>  So my question is: Is it possible to assign some sites to the intranet

>zone, where the users still has the possibility to add their own sites

>to the "Trusted Sites"-zone?

> 

> 

>--

>Øyvind Sørbye

> 

> 

>***********************

>You can unsubscribe from gptalk by sending email to

>gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR

>by

>logging into the freelists.org Web interface. Archives for the list are

>available at http://www.freelists.org/archives/gptalk/

>************************

> 

>***********************

>You can unsubscribe from gptalk by sending email to gptalk-

>request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by

>logging into the freelists.org Web interface. Archives for the list are

>available at http://www.freelists.org/archives/gptalk/

>************************

 

***********************

You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by
logging into the freelists.org Web interface. Archives for the list are
available at http://www.freelists.org/archives/gptalk/

************************

Other related posts: