[gptalk] Re: 2 GPO Issues
- From: "Nelson, Jamie" <Jamie.Nelson@xxxxxxx>
- To: <gptalk@xxxxxxxxxxxxx>
- Date: Mon, 15 Sep 2008 16:36:26 -0500
A. Active Desktop has to be enabled to enforce a wallpaper through GPO.
B. Administrative Templates/Windows Components/Internet
Explorer/Security Features/Local Machine Zone Lockdown Security/Internet
Explorer Processes="Disabled"
Jamie Nelson | Operations Consultant | BI&T Infrastructure-Intel | Devon
Energy Corporation | Work: 405.552.8054 | Mobile: 405.200.8088 |
http://www.dvn.com
-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Matt Cross
Sent: Monday, September 15, 2008 2:39 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] 2 GPO Issues
All --
Thanks for your help on my last issue a couple of weeks ago. I am still
wrestling with the same GPO -- I have it almost complete except for two
nagging issues:
-- forcing a particular wallpaper
-- allowing ActiveX content to run from files on computer
I will break out what I have already tried for each one below.
A. Wallpaper
I have tried a number of options with this one. The GPO locks down
access to the Control Panel and any CP items with the Prohibit access to
the CP setting. Under Display, the force Windows Classic setting is
enabled. Active Desktop is disabled, as well as Disable all items and
Prohibit changes. Turning on Active Desktop, Allow only bmp wallpaper,
and specifying the file in the active desktop wallpaper did not allow
the wallpaper to be seen. Turning all of that off, and enabling the
following Registry keys in HKU\..\Control Panel\Desktop for .DEFAULT,
S-1-5-18, S-1-5-19, and S-1-5-20:
WallpaperStyle
Wallpaper
OriginalWallpaper
resulted in the wallpaper being seen at the logon splash screen, but not
once the user has logged in. I did remove the test-user profile from
the system before attempting.
B. Active Content
I turned on the Allow Active content from CDs to run on user machines,
but did not see the setting to allow it from files on the computer. I
tried putting the site in the Local Trusted Sites zone and then telling
the zone to:
Allow active content over restricted protocols
Allow scriptlets
Java permissions
Run ActiveX controls and plugins
At this point, I know I am missing something, but can't see the forest
for the trees. Any thoughts?
--
Matt Cross, MCSE: Messaging
mailto:mrforklift@xxxxxxxxxxxxxxx
***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR
by logging into the freelists.org Web interface. Archives for the list
are available at //www.freelists.org/archives/gptalk/
************************
Confidentiality Warning: This message and any attachments are intended only for
the use of the intended recipient(s), are confidential, and may be privileged.
If you are not the intended recipient, you are hereby notified that any review,
retransmission, conversion to hard copy, copying, circulation or other use of
all or any portion of this message and any attachments is strictly prohibited.
If you are not the intended recipient, please notify the sender immediately by
return e-mail, and delete this message and any attachments from your system.
***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by
logging into the freelists.org Web interface. Archives for the list are
available at //www.freelists.org/archives/gptalk/
************************
Other related posts:
