[gptalk] Re: 2 GPO Issues

  • From: Matt Cross <mrforklift@xxxxxxxxxxxxxxx>
  • To: gptalk@xxxxxxxxxxxxx
  • Date: Thu, 18 Sep 2008 10:54:07 -0400

Turns out the conflict was between activating Active Desktop/enabling only bitmapped/specifying wallpaper and the Remove Recycle Bin from the Desktop setting.

Matt Cross wrote:
A. In the description, I indicated that I had enabled Active Desktop, Allow Only Bitmap wallpaper, and specified the wallpaper. In doing that, I got the same result as having it turned off. Therefore there is another conflict that is not obvious to me that is preventing the Active Desktop policy from applying.

B. I will try

The system being used for testing is a clean build of XP with no reg-hacks or local policies turned on.

Nelson, Jamie wrote:
A. Active Desktop has to be enabled to enforce a wallpaper through GPO.
B. Administrative Templates/Windows Components/Internet
Explorer/Security Features/Local Machine Zone Lockdown Security/Internet
Explorer Processes="Disabled"

Jamie Nelson | Operations Consultant | BI&T Infrastructure-Intel | Devon
Energy Corporation | Work: 405.552.8054 | Mobile: 405.200.8088 |

-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Matt Cross
Sent: Monday, September 15, 2008 2:39 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] 2 GPO Issues

All --

Thanks for your help on my last issue a couple of weeks ago.  I am still

wrestling with the same GPO -- I have it almost complete except for two nagging issues:

-- forcing a particular wallpaper

-- allowing ActiveX content to run from files on computer

I will break out what I have already tried for each one below.

A.  Wallpaper

I have tried a number of options with this one. The GPO locks down access to the Control Panel and any CP items with the Prohibit access to

the CP setting. Under Display, the force Windows Classic setting is enabled. Active Desktop is disabled, as well as Disable all items and Prohibit changes. Turning on Active Desktop, Allow only bmp wallpaper, and specifying the file in the active desktop wallpaper did not allow the wallpaper to be seen. Turning all of that off, and enabling the following Registry keys in HKU\..\Control Panel\Desktop for .DEFAULT, S-1-5-18, S-1-5-19, and S-1-5-20:


resulted in the wallpaper being seen at the logon splash screen, but not

once the user has logged in. I did remove the test-user profile from the system before attempting.

B.  Active Content

I turned on the Allow Active content from CDs to run on user machines, but did not see the setting to allow it from files on the computer. I tried putting the site in the Local Trusted Sites zone and then telling the zone to:

Allow active content over restricted protocols
Allow scriptlets
Java permissions
Run ActiveX controls and plugins

At this point, I know I am missing something, but can't see the forest for the trees. Any thoughts?

Matt Cross, MCSE: Messaging

You can unsubscribe from gptalk by sending email to 
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by 
logging into the freelists.org Web interface. Archives for the list are 
available at http://www.freelists.org/archives/gptalk/

Other related posts: