I'm a bit confused, Tim, by what your issue is. Is it that you set some site-to-zone assignments on IE, then removed the underlying GPO, and they are still being delivered? I guess I'm missing the connection between UAC and what you're seeing. Darren From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Salandra, Justin Sent: Tuesday, August 19, 2008 5:12 PM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: Vista - Enable Protected Mode Try installing the RSAT tools on Vista SP1 Justin A. Salandra Network Engineer jsalandra@xxxxxxxxxxx ------------------------------------------ MCSE(rgb) MCTS(rgb)_528_534 From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Tim Bolton Sent: Tuesday, August 19, 2008 5:32 PM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: Vista - Enable Protected Mode I am going to try to RDP into a vista box in the morning then load the client side GP there. I was also going to run GPRESULT /H %TEMP%\UserRSOP.htm /scope user and GPRESULT /H C:\ComputerRSOP.htm /scope computer Especially sine RSOP does not work correctly on Vista SP1. Not sure what else to do... On Tue, Aug 19, 2008 at 4:18 PM, Salandra, Justin <jsalandra@xxxxxxxxxxx> wrote: You will not see the UAC settings from a 2003 Server running GPMC, can you run it for a Vista machine? Justin A. Salandra Network Engineer jsalandra@xxxxxxxxxxx ------------------------------------------ Error! Filename not specified. Error! Filename not specified. From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Tim Bolton Sent: Tuesday, August 19, 2008 4:47 PM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Vista - Enable Protected Mode I am working with a new site and was setting the Internet Security Zones for IE6 and IE7. The GP was Linked but not enforced. I was setting them to the Default Zone Settings when an issue arose with access to a site for a user completing payroll. This turned out to be a Server Side error. However, for a just in case measure, the new GP was un-linked and then deleted. I ran gpupdate /force to clean up any issues. We installed an ISA server about a month ago. Since then no changes have been made to it. Now I am told that the Vista PCs are getting prompted to add ActiveX controls. When the user RT clicks they only get info not the ability to add. The users are able to add the site to the Trusted List and that takes care of the prompt. However, the users do not want to have to perform this task for every site they go to and they are indicating that this started a couple of weeks ago, even though they have had these Vista PCs for over a year. I am checking ISA one more time. I have run the modeling test with that user and all indications are that the Default Domain policy is winning out. However, since I am RDPing into a 2003 Server, I cannot even see the Vista UAC settings or anything else that would affect Vista. Would the settings to IE6 and IE7 apply to the Vista instance even though it was not enforced? The ONLY thing I done this last week and this week is document AND gpupdate /force. I am wondering if I woke up the Vista PCs..? Any advice will be greatly appreciated... -- Tim Bolton "IMPORTANT NOTICE: The information in this email (and any attachments hereto) is confidential and may be protected by legal privileges and work product immunities. If you are not the intended recipient, you must not use or disseminate the information. Receipt by anyone other than the intended recipient is not a waiver of any attorney-client or work product privilege. If you have received this email in error, please immediately notify me by "Reply" command and permanently delete the original and any copies or printouts thereof. Although this email and any attachments are believed to be free of any virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to insure that it is virus free and no responsibility is accepted by Transatlantic Reinsurance Company or its subsidiaries or affiliates either jointly or severally, for any loss or damage arising in any way from its use." -- Tim Bolton "IMPORTANT NOTICE: The information in this email (and any attachments hereto) is confidential and may be protected by legal privileges and work product immunities. If you are not the intended recipient, you must not use or disseminate the information. Receipt by anyone other than the intended recipient is not a waiver of any attorney-client or work product privilege. If you have received this email in error, please immediately notify me by "Reply" command and permanently delete the original and any copies or printouts thereof. Although this email and any attachments are believed to be free of any virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to insure that it is virus free and no responsibility is accepted by Transatlantic Reinsurance Company or its subsidiaries or affiliates either jointly or severally, for any loss or damage arising in any way from its use."