[gptalk] Re: Trusted sites addition not showing in IE

  • From: "Nelson, Jamie R" <Jamie.Nelson@xxxxxxxxxxxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Mon, 28 Jan 2008 10:23:26 -0600

You can apply Zone Security one of two ways.

1) the old way --> Using IE Maintenance Policy under User Configuration
> Windows Settings > Internet Explorer Maintenance. Works but is very
problematic. Still required for things like setting the home page,
favorites, etc.

2) the new way (since XP SP2) --> Using the ADM template settings for IE
under Computer/User Configuration > Administrative Templates > Windows
Components > Internet Explorer > Internet Control Panel > Security Page.
This method is preferred as it is much easier to maintain and more
reliable. Gives you much more flexibility also because the settings are
more granular and can be applied at the machine level instead of just to
a user account. Doing zone security this way is nice also, because your
zone URL lists are merged together instead of one list replacing the
other. You can find a nice overview of the settings here:
http://technet.microsoft.com/en-us/library/bb457144.aspx.

If you have some policies using method #1 and some using method #2 you
are going to see a lot of issues. I would personally scrap any GPOs
using method #1 and convert everything over to the newer ADM template
settings. Additionally I recommend enforcing the "Security Zones: Use
only machine settings" policy and only configure zone security on the
computer side for uniformity throughout your organization, unless of
course you need the flexibility of users having different zone settings.

Jamie Nelson | Systems Engineer | Systems Support, Information
Technology | I N T E G R I S Health | Phone 405.552.0903 |
http://www.integrisok.com

-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Clemson, Chris (IHG)
Sent: Monday, January 28, 2008 9:51 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Trusted sites addition not showing in IE

> [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Nelson, Jamie R
> Sent: 25 January 2008 18:53
> To: gptalk@xxxxxxxxxxxxx
> Subject: [gptalk] Re: Trusted sites addition not showing in IE

Thanks for the quick reply,

> Is it possibly already defined for the computer in the corresponding
> HKEY_LOCAL_MACHINE area of the registry?

Yes, it is defined there, yet it seems to be defined in both places on
my machine, and everything is working fine.


> If you're configuring Zone settings in Computer Configuration 
> there may

Not as far as I can tell via GPO, but maybe I am missing something.

> be some conflict there. Since you're using the ADM template 
> settings to
> configure your zones, I would also make sure that IE 
> Maintenance Policy
> is not applying.

What exactly do you mean by maintenance policy?
When browsing the settings of my policy, my changes are listed under

Windows Settings
 Internet Explorer Maintenance
  Security/Security Zones and Content Ratings
   Security Zones and Privacy
    Trusted Sites
     ....

Is this what you mean?
Thanks,
Chris
***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR
by logging into the freelists.org Web interface. Archives for the list
are available at http://www.freelists.org/archives/gptalk/
************************

**********************************************************************
This e-mail may contain identifiable health information that is subject to 
protection under state and federal law. This information is intended to be for 
the use of the individual named above. If you are not the intended recipient, 
be aware that any disclosure, copying, distribution or use of the contents of 
this information is prohibited and may be punishable by law. If you have 
received this electronic transmission in error, please notify us immediately by 
electronic mail (reply).


This e-mail may contain identifiable health information that is subject to 
protection under state and federal law. This information is intended to be for 
the use of the individual named above. If you are not the intended recipient, 
be aware that any disclosure, copying, distribution or use of the contents of 
this information is prohibited and may be punishable by law. If you have 
received this electronic transmission in error, please notify us immediately by 
electronic mail (reply).
***********************
You can unsubscribe from gptalk by sending email to 
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by 
logging into the freelists.org Web interface. Archives for the list are 
available at http://www.freelists.org/archives/gptalk/
************************

Other related posts: