[gptalk] Re: GPO setting returning after being removed

• From: "Mark Ramirez" <Mark.Ramirez@xxxxxxxxxx>
• To: <gptalk@xxxxxxxxxxxxx>
• Date: Tue, 15 Jul 2008 12:07:50 -0500

Yes, its in files that are in different guid named folders.

 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On 
Behalf Of Darren Mar-Elia
Sent: Tuesday, July 15, 2008 12:08 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: GPO setting returning after being removed

 

You mean its in several INF files spread across different GUID-named folders? 
Its not likely that it would come from a different area of policy and still be 
in those INF files. Those are strictly the domain of IE Maintenance policy? Not 
sure if you know this, but when you edit security zone settings using IE 
Maintenance policy, it builds those INF files based on the settings you have 
within IE on the machine that you’re editing the policy on. Its very confusing 
but what happens is that its sucks all of those settings out of your local 
browser’s config and stuffs them into the INF files. So, my guess is that your 
machine where you’re editing that policy has that restriction in it and that is 
why these other policies are picking it up.


Darren

 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On 
Behalf Of Mark Ramirez
Sent: Tuesday, July 15, 2008 10:01 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: GPO setting returning after being removed

 

What’s weird is that it is in several of the *.inf files so that would tell me 
that it is coming from several policies.   I’ve looked at them all and it isn’t 
in there.  I wonder if another setting would trigger putting *mydomain.com in 
there.

 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On 
Behalf Of Darren Mar-Elia
Sent: Tuesday, July 15, 2008 11:57 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: GPO setting returning after being removed

 

You should be able to remove that one domain from the .inf file and be good to 
go.

 

 

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On 
Behalf Of Mark Ramirez
Sent: Tuesday, July 15, 2008 9:52 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: GPO setting returning after being removed

 

It is still in there.
Sent from Blackberry

----- Original Message -----
From: gptalk-bounce@xxxxxxxxxxxxx <gptalk-bounce@xxxxxxxxxxxxx>
To: gptalk@xxxxxxxxxxxxx <gptalk@xxxxxxxxxxxxx>
Sent: Tue Jul 15 11:51:49 2008
Subject: [gptalk] Re: GPO setting returning after being removed

Have you opened up that file that’s in SYSVOL and looked to see if your site 
restriction is somehow still in there?



Darren



From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On 
Behalf Of Mark Ramirez
Sent: Tuesday, July 15, 2008 9:33 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: GPO setting returning after being removed



The GPO is still linked since we have some other trusted sites in there.  I 
just removed an entry from the GPO.



From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On 
Behalf Of Darren Mar-Elia
Sent: Tuesday, July 15, 2008 11:33 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: GPO setting returning after being removed



What GPO does it belong to? The folder that you find that file in should be 
named by a GUID. You’ll need to search for that GUID using something like GPMC 
or my GPMC PowerShell Cmdlets, and then figure out if that GPO is still linked 
to your users.



Darren



From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On 
Behalf Of Mark Ramirez
Sent: Tuesday, July 15, 2008 8:33 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: GPO setting returning after being removed



Ok, it came back again.  L  I just did a search in the policies folder of 
sysvol and I do see this setting there in the seczrsop.inf files.  How can I 
tell which policy is putting them there or if they are just stale entries?  Is 
it safe for me to manually remove the settings from the .inf files?



From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On 
Behalf Of Darren Mar-Elia
Sent: Monday, July 14, 2008 5:17 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: GPO setting returning after being removed



I would delete the whole subfolder.







From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On 
Behalf Of Mark Ramirez
Sent: Monday, July 14, 2008 3:04 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: GPO setting returning after being removed



This may have fixed it.  I need to try it out on some of the problem machines.  
Do I need to delete the subfolders under custom settings or just the 
seczones.inf files?



From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On 
Behalf Of Darren Mar-Elia
Sent: Monday, July 14, 2008 4:21 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: GPO setting returning after being removed



Could be that the settings are getting stuck. I’ve seen this happen before. 
Look within the user’s profile under %userprofile%\application 
data\microsoft\internet explorer\custom settings. See if you see some 
sub-folders in there with files in them like seczones.inf. If so, delete those 
folders and then see if that helps get rid of the lockdowns. Sometimes IE 
Maintenance doesn’t clean up after itself.



Darren



From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On 
Behalf Of Mark Ramirez
Sent: Monday, July 14, 2008 11:43 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: GPO setting returning after being removed



I did check the registry and after I manually remove it there is no trace of 
it.  I deployed via IE maintenance.


Sent from Blackberry

----- Original Message -----
From: gptalk-bounce@xxxxxxxxxxxxx <gptalk-bounce@xxxxxxxxxxxxx>
To: gptalk@xxxxxxxxxxxxx <gptalk@xxxxxxxxxxxxx>
Sent: Mon Jul 14 13:37:13 2008
Subject: [gptalk] Re: GPO setting returning after being removed

Mark-

Have you tried verified whether the settings are still “stuck” in the registry 
location where policy is putting them? How did you deploy the restrictions? Via 
Admin. Templates or IE Maintenance policy?


Darren



From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On 
Behalf Of Mark Ramirez
Sent: Monday, July 14, 2008 11:26 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] GPO setting returning after being removed



I have a strange issue.  A while back I created a GPO which added some sites to 
the local intranet zone.  I added *.mydomain.com.  We are now having an issue 
where this is breaking something.  I removed *.mydomain.com from the GPO and 
manually removed it from the pc’s and the issue goes away.  My problem is that 
when the computer is rebooted, *.mydomain.com comes back.  I have searched all 
my GPO’s and I am not seeing it.  To make things more strange, it happens on 
some machines and not others that are in the same OU.  Any help would be 
appreciated.  Thanks.



Mark Ramirez

System Administrator

Silicon Laboratories Inc.

www.silabs.com

Tel: (512)-428-1562



This email and any attachments thereto may contain private, confidential, and 
privileged material for the sole use of the intended recipient. Any review, 
copying, or distribution of this email (or any attachments thereto) by others 
is strictly prohibited. If you are not the intended recipient, please contact 
the sender immediately and permanently delete the original and any copies of 
this email and any attachments thereto.

This email and any attachments thereto may contain private, confidential, and 
privileged material for the sole use of the intended recipient. Any review, 
copying, or distribution of this email (or any attachments thereto) by others 
is strictly prohibited. If you are not the intended recipient, please contact 
the sender immediately and permanently delete the original and any copies of 
this email and any attachments thereto.

This email and any attachments thereto may contain private, confidential, and 
privileged material for the sole use of the intended recipient. Any review, 
copying, or distribution of this email (or any attachments thereto) by others 
is strictly prohibited. If you are not the intended recipient, please contact 
the sender immediately and permanently delete the original and any copies of 
this email and any attachments thereto.

This email and any attachments thereto may contain private, confidential, and 
privileged material for the sole use of the intended recipient. Any review, 
copying, or distribution of this email (or any attachments thereto) by others 
is strictly prohibited. If you are not the intended recipient, please contact 
the sender immediately and permanently delete the original and any copies of 
this email and any attachments thereto.

This email and any attachments thereto may contain private, confidential, and 
privileged material for the sole use of the intended recipient. Any review, 
copying, or distribution of this email (or any attachments thereto) by others 
is strictly prohibited. If you are not the intended recipient, please contact 
the sender immediately and permanently delete the original and any copies of 
this email and any attachments thereto.

This email and any attachments thereto may contain private, confidential, and 
privileged material for the sole use of the intended recipient. Any review, 
copying, or distribution of this email (or any attachments thereto) by others 
is strictly prohibited. If you are not the intended recipient, please contact 
the sender immediately and permanently delete the original and any copies of 
this email and any attachments thereto. 

This email and any attachments thereto may contain private, confidential, and 
privileged material for the sole use of the intended recipient. Any review, 
copying, or distribution of this email (or any attachments thereto) by others 
is strictly prohibited. If you are not the intended recipient, please contact 
the sender immediately and permanently delete the original and any copies of 
this email and any attachments thereto. 


This email and any attachments thereto may contain private, confidential, 
and privileged material for the sole use of the intended recipient. Any 
review, copying, or distribution of this email (or any attachments thereto) 
by others is strictly prohibited. If you are not the intended recipient, 
please contact the sender immediately and permanently delete the original 
and any copies of this email and any attachments thereto.

• References:
  • [gptalk] Re: GPO setting returning after being removed
    • From: Mark Ramirez
  • [gptalk] Re: GPO setting returning after being removed
    • From: Darren Mar-Elia
  • [gptalk] Re: GPO setting returning after being removed
    • From: Mark Ramirez
  • [gptalk] Re: GPO setting returning after being removed
    • From: Darren Mar-Elia

Other related posts:

• » [gptalk] GPO setting returning after being removed
• » [gptalk] Re: GPO setting returning after being removed
• » [gptalk] Re: GPO setting returning after being removed
• » [gptalk] Re: GPO setting returning after being removed
• » [gptalk] Re: GPO setting returning after being removed
• » [gptalk] Re: GPO setting returning after being removed
• » [gptalk] Re: GPO setting returning after being removed
• » [gptalk] Re: GPO setting returning after being removed
• » [gptalk] Re: GPO setting returning after being removed
• » [gptalk] Re: GPO setting returning after being removed
• » [gptalk] Re: GPO setting returning after being removed
• » [gptalk] Re: GPO setting returning after being removed
• » [gptalk] Re: GPO setting returning after being removed
• » [gptalk] Re: GPO setting returning after being removed
• » [gptalk] Re: GPO setting returning after being removed

1. Home
2. gptalk
3. Archive
4. 07-2008

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---