The IE Proxy Settings are not "policy aware" in that they get tattooed under [HKCU\Sofware\Microsoft\Windows\CurrentVersion\Internet Settings]. When the GPO that set them no longer applies, the settings still remain. Because these keys fall outside of the "policy" areas of the USER registry, they can be changed by the specific user. The policy areas, however, are only writable by local administrators of the system (even for user settings) because otherwise it would be easy for any old user to circumvent Group Policy. The policy areas are defined as: HKCU\Software\Policies HKCU\Software\Microsoft\Windows\CurrentVersion\Policies Hope this helps. Jamie Nelson | Systems Engineer | Systems Support, Information Technology | I N T E G R I S Health | Phone 405.552.0903 | Fax 405.553.5687 | http://www.integrisok.com -----Original Message----- From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Shane Williford Sent: Monday, April 21, 2008 11:17 AM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: Internet Explorer Problem with GP And, just FYI...all my laptop users are local admins (except maybe a couple, I think), so I don't have admin issues with my scripts. I never tested my script with non-admin users. Jamie, do IE Proxy reg keys have different ACL/ACE attributes than IE Security Zone reg keys? I thought registry key security was the same globally, but I certainly could be wrong in my assumption. :) Shane M. Williford Systems Administrator MCSE, MCSA Sec, Sec+, Net+, A+ Mazuma Credit Union 9300 Troost Kansas City, MO 64131 shane.williford@xxxxxxxxxx 816-361-4194 x6012 -----Original Message----- From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Nelson, Jamie R Sent: Monday, April 21, 2008 10:58 AM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: Internet Explorer Problem with GP Batch file would work on proxy settings, but not for IE Zone Security. When configured through GP policy, IE Security is written to policy keys that only local administrators can change. So unless your laptop users are local administrators, having a batch file wouldn't help. On second thought, you might be able to get something working if you use the Group Policy Preference registry extension to only apply the setting based on an IP Address range filter. You would have to play around with it though. Jamie Nelson | Systems Engineer | Systems Support, Information Technology | I N T E G R I S Health | Phone 405.552.0903 | Fax 405.553.5687 | http://www.integrisok.com -----Original Message----- From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Middleton, Eric Sent: Monday, April 21, 2008 10:54 AM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: Internet Explorer Problem with GP Well that’s the thing I already have a second GPO for the laptop users, but still want this setting enforced while they are on the network. The idea of the batch file I received is a good idea I think as they can run this when not in the office and as soon as they log back into the network here it would change them back to the GP rule. Shane would you mind sharing your batch and reg file details? And Jamie if I misunderstood what you were trying to tell me please let me know. Thanks, Eric Middleton Oncology Supply Automation Cell: 334-790-7587 Office: 334-984-2673 -----Original Message----- From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Nelson, Jamie R Sent: Monday, April 21, 2008 10:44 AM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: Internet Explorer Problem with GP When you are configuring zone security with Admin Templates you are enforcing the settings. You could have a second GPO that applies different settings for your laptop users (WMI filter), but you wouldn't really be able to control its application based on whether or not they are in or out of the office. Jamie Nelson | Systems Engineer | Systems Support, Information Technology | I N T E G R I S Health | Phone 405.552.0903 | Fax 405.553.5687 | http://www.integrisok.com -----Original Message----- From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Middleton, Eric Sent: Monday, April 21, 2008 10:33 AM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: Internet Explorer Problem with GP I believe I have my replication fixed. Thanks for all the help guys. I do have one more question. Computer Configuration/Admin Templates/Internet Control Panel/Security Page/Internet Zone I have the logon options set to enable Logon with current user and password. I also have the same setting set under the User Configuration respectively. With this set users are unable to change this setting locally, it is grayed out. Some of my users have laptops and travel to different networks that need a different login than what we use here. Is there a way to allow this setting to be changed by the user when they are out of the office? Thanks, Eric Middleton Oncology Supply Automation Cell: 334-790-7587 Office: 334-984-2673 -----Original Message----- From: jfvanmeter@xxxxxxxxxxx [mailto:jfvanmeter@xxxxxxxxxxx] Sent: Friday, April 18, 2008 12:45 PM To: gptalk@xxxxxxxxxxxxx; gptalk@xxxxxxxxxxxxx Cc: Middleton, Eric Subject: Re: [gptalk] Re: Internet Explorer Problem with GP Are the replication links in AD sites and services say automaticly generated or does it just show the server name? From you repadmin /showreps that only show inbound connections we can make manual outbound connections open Active Directory Sites and Services, drill down until you find the DC that only has the inbound connections, right click NTDS Settings and select New then Connection and create a manual outbound connection to each of the server that appears in the repadmin /showrep inbound. Below is come info on KCC If the Knowledge Consistency Checker (KCC) is running correctly it should create all of you inbound and outbound connection automaticly. here is a link about KCC in win2k i'm not sure what OS your running. http://www.microsoft.com/technet/security/prodtech/windows2000/w2kccadm/adsites/w2kadm38.mspx The below link covers troubleshoot AD repl problem http://technet.microsoft.com/en-us/library/bb727057.aspx Take Care and Have Fun --John van Meter -------------- Original message ---------------------- From: "Middleton, Eric" <eric.middleton@xxxxxxxxxxxxxxxxxx> > Ok I did most of that that I understood I didn’t understand the KCC part > about > link. Everything else looked ok except the repadmin /showreps only had > inbound > sections for both servers. Where is my outbound? How do I fix this? > > Thanks, > Eric Middleton > Oncology Supply Automation > Cell: 334-790-7587 > Office: 334-984-2673 > > > -----Original Message----- > From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On > Behalf > Of jfvanmeter@xxxxxxxxxxx > Sent: Friday, April 18, 2008 11:25 AM > To: gptalk@xxxxxxxxxxxxx; gptalk@xxxxxxxxxxxxx > Cc: Middleton, Eric > Subject: [gptalk] Re: Internet Explorer Problem with GP > > Is the KCC running in your domain? are the links created automaticly or > manual? > > You could open sites and servers, go to the site that contains the server, > right > click on NTDS Settings | All Tasks | check replication topologoy and see what > it > tells you. > > I also think that dcdiag or addiags has a option to check replication parters. > > what do you see when you run repadmin /showreps? there should be a section > with > inbound and a section with outbound? > > Hope this helps --John > > -------------- Original message ---------------------- > From: "Middleton, Eric" <eric.middleton@xxxxxxxxxxxxxxxxxx> > > When I run frsdiag utility on the BDC and go to tools and force replication > now. > > I get could not detect any upstream partners this servers seems to be > orphaned. > > You should check on this. How do I check this? What would the issue be? > > Because from the PDC it works fine. > > > > Thanks, > > Eric Middleton > > Oncology Supply Automation > > Cell: 334-790-7587 > > Office: 334-984-2673 > > > > > > -----Original Message----- > > From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On > Behalf > > Of jfvanmeter@xxxxxxxxxxx > > Sent: Friday, April 18, 2008 5:50 AM > > To: gptalk@xxxxxxxxxxxxx; gptalk@xxxxxxxxxxxxx > > Cc: Nelson, Jamie R > > Subject: [gptalk] Re: Internet Explorer Problem with GP > > > > The frsdiag utility is a good place to start, if you have the support pack > > installed repadmin and help trouble shoot replication problems. > > > > I think I would also run GPOTool to make sure my policies were all the same > and > > correct. > > > > Take Care and Have Fun --John > > > > -------------- Original message ---------------------- > > From: "Nelson, Jamie R" <Jamie.Nelson@xxxxxxxxxxxxxxxxxxx> > > > The RPC Server being referred to is the service running on the machine > > > you were trying to run RSoP against. You can find some steps to > > > troubleshooting via the following link: > > > > > > > > > > > > Group Policy does not replicate > > > <http://technet2.microsoft.com/windowsserver/en/library/3b80c94d-5469- > > > 4414-9bba- > > > 5408caedc7641033.mspx?mfr=truehttp://technet2.microsoft.com/windowsser > > > ver/en/lib > > > rary/3b80c94d-5469-4414-9bba-5408caedc7641033.mspx?mfr=true> > > > > > > > > > > > > Jamie Nelson | Systems Engineer | Systems Support, Information > > > Technology | I N T E G R I S Health | Phone 405.552.0903 | Fax > > > 405.553.5687 | http://www.integrisok.com > > > > > > > > > > > > > > > > > > -----Original Message----- > > > From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] > > > On Behalf Of Middleton, Eric > > > Sent: Thursday, April 17, 2008 4:33 PM > > > To: gptalk@xxxxxxxxxxxxx > > > Subject: [gptalk] Re: Internet Explorer Problem with GP > > > > > > > > > > > > I think replication is my problem. How do I check the replication? I > > > say it may be replication because in the report the 3 tab sais the 2 > > > RPC server is not there. > > > > > > > > > > > > -----Original Message----- > > > > > > From: "Nelson, Jamie R" <Jamie.Nelson@xxxxxxxxxxxxxxxxxxx> > > > > > > To: "gptalk@xxxxxxxxxxxxx" <gptalk@xxxxxxxxxxxxx> > > > > > > Sent: 4/17/08 4:16 PM > > > > > > Subject: [gptalk] Re: Internet Explorer Problem with GP > > > > > > > > > > > > If the machines are hitting different DCs when they process Group > > > Policy > > > > > > then you might be having some replication issues. > > > > > > > > > > > > > > > > > > > > > > > > Jamie Nelson | Systems Engineer | Systems Support, Information > > > > > > Technology | I N T E G R I S Health | Phone 405.552.0903 | Fax > > > > > > 405.553.5687 | http://www.integrisok.com <http://www.integrisok.com/> > > > > > > > > > > > > > > > > > > > > > > > > From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] > > > > > > On Behalf Of Middleton, Eric > > > > > > Sent: Thursday, April 17, 2008 3:43 PM > > > > > > To: gptalk@xxxxxxxxxxxxx > > > > > > Subject: [gptalk] Re: Internet Explorer Problem with GP > > > > > > > > > > > > > > > > > > > > > > > > In the group policy result summary under the applied GPO the Revision > > > of > > > > > > the policy is different on the machines that are having a problem. > > > All > > > > > > computers that are working correctly have the same revision and the 2 > > > > > > that are not taking the setting have a different revision. Any ideas? > > > > > > > > > > > > > > > > > > > > > > > > Thanks, > > > > > > > > > > > > Eric Middleton > > > > > > > > > > > > Oncology Supply Automation > > > > > > > > > > > > Cell: 334-790-7587 > > > > > > > > > > > > Office: 334-984-2673 > > > > > > > > > > > > > > > > > > > > > > > > From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] > > > > > > On Behalf Of Middleton, Eric > > > > > > Sent: Thursday, April 17, 2008 3:30 PM > > > > > > To: gptalk@xxxxxxxxxxxxx > > > > > > Subject: [gptalk] Re: Internet Explorer Problem with GP > > > > > > > > > > > > > > > > > > > > > > > > Also on the RSOP all 4 machines show they are getting there settings > > > > > > from the default GP however in the settings of the report they do not > > > > > > all have the same settings from the GP?????? > > > > > > > > > > > > > > > > > > > > > > > > Thanks, > > > > > > > > > > > > Eric Middleton > > > > > > > > > > > > Oncology Supply Automation > > > > > > > > > > > > Cell: 334-790-7587 > > > > > > > > > > > > Office: 334-984-2673 > > > > > > > > > > > > > > > > > > > > > > > > From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] > > > > > > On Behalf Of Middleton, Eric > > > > > > Sent: Thursday, April 17, 2008 3:25 PM > > > > > > To: gptalk@xxxxxxxxxxxxx > > > > > > Subject: [gptalk] Re: Internet Explorer Problem with GP > > > > > > > > > > > > > > > > > > > > > > > > Ok the ok I have a group of 4 machines that are receiving there IE > > > > > > security setting from the default GP per the RSOP. 2 of these > > > machines > > > > > > have no problem and are taking the setting and keeping it. The other > > > 2 > > > > > > will receive the setting but then change their self back to the > > > default > > > > > > windows settings. I cannot figure out y these 2 machines are not > > > > > > keeping the GP setting. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Thanks, > > > > > > > > > > > > Eric Middleton > > > > > > > > > > > > Oncology Supply Automation > > > > > > > > > > > > Cell: 334-790-7587 > > > > > > > > > > > > Office: 334-984-2673 > > > > > > > > > > > > > > > > > > > > > > > > From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] > > > > > > On Behalf Of Nelson, Jamie R > > > > > > Sent: Thursday, April 17, 2008 1:00 PM > > > > > > To: gptalk@xxxxxxxxxxxxx > > > > > > Subject: [gptalk] Re: Internet Explorer Problem with GP > > > > > > > > > > > > > > > > > > > > > > > > Have you run an RSOP to determine which GPO (if any) your problem > > > > > > machines are getting that setting from? > > > > > > > > > > > > > > > > > > > > > > > > Jamie Nelson | Systems Engineer | Systems Support, Information > > > > > > Technology | I N T E G R I S Health | Phone 405.552.0903 | Fax > > > > > > 405.553.5687 | http://www.integrisok.com <http://www.integrisok.com/> > > > > > > > > > > > > > > > > > > > > > > > > From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] > > > > > > On Behalf Of Middleton, Eric > > > > > > Sent: Thursday, April 17, 2008 12:25 PM > > > > > > To: gptalk@xxxxxxxxxxxxx > > > > > > Subject: [gptalk] Internet Explorer Problem with GP > > > > > > > > > > > > > > > > > > > > > > > > I have set internet explorer to "Logon with currently logged on user" > > > > > > under the internet security settings. This was changed on the > > > machines > > > > > > in the domain and the setting was grayed out and could not be changed. > > > > > > However now some machines are not keeping this setting and are > > > changing > > > > > > back to the default setting, and are not grayed out anymore. Can > > > > > > someone help me understand y this setting is not staying set on the > > > > > > machines in the GP? > > > > > > > > > > > > Thanks, > > > > > > > > > > > > Eric Middleton > > > > > > > > > > > > Oncology Supply Automation > > > > > > > > > > > > Cell: 334-790-7587 > > > > > > > > > > > > Office: 334-984-2673 > > > > > > > > > > > > > > > > > > CONFIDENTIALITY NOTICE. This electronic mail transmission may contain > > > > > > privileged and/or confidential > > > > > > information and is intended only for the review of the party to whom > > > it > > > > > > is addressed. If you have > > > > > > received this transmission in error, please immediately return it to > > > the > > > > > > sender, delete it and destroy > > > > > > it without reading it. Unintended transmission shall not constitute > > > the > > > > > > waiver of the attorney-client > > > > > > or any other privilege. > > > > > > > > > > > > > > > > > > > > > > > > ________________________________ > > > > > > > > > > > > This e-mail may contain identifiable health information that is > > > subject > > > > > > to protection under state and federal law. This information is > > > intended > > > > > > to be for the use of the individual named above. If you are not the > > > > > > intended recipient, be aware that any disclosure, copying, > > > distribution > > > > > > or use of the contents of this information is prohibited and may be > > > > > > punishable by law. If you have received this electronic transmission > > > in > > > > > > error, please notify us immediately by electronic mail (reply). > > > > > > > > > > > > > > > > > > CONFIDENTIALITY NOTICE. This electronic mail transmission may contain > > > > > > privileged and/or confidential > > > > > > information and is intended only for the review of the party to whom > > > it > > > > > > is addressed. If you have > > > > > > received this transmission in error, please immediately return it to > > > the > > > > > > sender, delete it and destroy > > > > > > it without reading it. Unintended transmission shall not constitute > > > the > > > > > > waiver of the attorney-client > > > > > > or any other privilege. > > > > > > > > > > > > CONFIDENTIALITY NOTICE. This electronic mail transmission may contain > > > > > > privileged and/or confidential > > > > > > information and is intended only for the review of the party to whom > > > it > > > > > > is addressed. If you have > > > > > > received this transmission in error, please immediately return it to > > > the > > > > > > sender, delete it and destroy > > > > > > it without reading it. Unintended transmission shall not constitute > > > the > > > > > > waiver of the attorney-client > > > > > > or any other privilege. > > > > > > > > > > > > CONFIDENTIALITY NOTICE. This electronic mail transmission may contain > > > > > > privileged and/or confidential > > > > > > information and is intended only for the review of the party to whom > > > it > > > > > > is addressed. If you have > > > > > > received this transmission in error, please immediately return it to > > > the > > > > > > sender, delete it and destroy > > > > > > it without reading it. Unintended transmission shall not constitute > > > the > > > > > > waiver of the attorney-client > > > > > > or any other privilege. > > > > > > > > > > > > > > > > > > This e-mail may contain identifiable health information that is > > > subject to protection under state and federal law. This information is > > > intended to be for the use of the individual named above. If you are > > > not the intended recipient, be aware that any disclosure, copying, > > > distribution or use of the contents of this information is prohibited > > > and may be punishable by law. If you have received this electronic > > > transmission in error, please notify us immediately by electronic mail > > (reply). > > > > > > > > > > > > CONFIDENTIALITY NOTICE. This electronic mail transmission may contain > > > privileged and/or confidential > > > > > > information and is intended only for the review of the party to whom it > > > is > > > addressed. If you have > > > > > > received this transmission in error, please immediately return it to > > > the sender, delete it and destroy > > > > > > it without reading it. Unintended transmission shall not constitute > > > the waiver of the attorney-client > > > > > > or any other privilege. > > > > > > bj{ry > > > > > > jYv)zfÚ¦Ö’~++{nljJyˉ9xÚ…yÛ®n)zqrzǮؖ+jijض > > > Ë¢j > > > > > > jY > > > > > > > > > > > > This e-mail may contain identifiable health information that is > > > subject to protection under state and federal law. This information is > > > intended to be for the use of the individual named above. If you are > > > not the intended recipient, be aware that any disclosure, copying, > > > distribution or use of the contents of this information is prohibited > > > and may be punishable by law. If you have received this electronic > > > transmission in error, please notify us immediately by > > electronic mail (reply). > > > > > > CONFIDENTIALITY NOTICE. This electronic mail transmission may contain > > privileged and/or confidential > > information and is intended only for the review of the party to whom it is > > addressed. If you have > > received this transmission in error, please immediately return it to the > sender, > > delete it and destroy > > it without reading it. Unintended transmission shall not constitute the > waiver > > of the attorney-client > > or any other privilege. > > > *********************** > You can unsubscribe from gptalk by sending email to > gptalk-request@xxxxxxxxxxxxx > with 'unsubscribe' in the Subject field OR by logging into the freelists.org > Web > interface. Archives for the list are available at > //www.freelists.org/archives/gptalk/ > ************************ > > CONFIDENTIALITY NOTICE. This electronic mail transmission may contain > privileged and/or confidential > information and is intended only for the review of the party to whom it is > addressed. If you have > received this transmission in error, please immediately return it to the > sender, > delete it and destroy > it without reading it. Unintended transmission shall not constitute the > waiver > of the attorney-client > or any other privilege. > CONFIDENTIALITY NOTICE. This electronic mail transmission may contain privileged and/or confidential information and is intended only for the review of the party to whom it is addressed. If you have received this transmission in error, please immediately return it to the sender, delete it and destroy it without reading it. Unintended transmission shall not constitute the waiver of the attorney-client or any other privilege. b‹j{²ær¸yúš jYÊÇv)zf–Ú¦Ö’·¹ë~·–+²ŠÂ+º{nlj·žØJæyˉé9–ˆŠxžÚ…çyé²Û®n)z·qàrzǮؖ+j·½¨i¹jضŸĂ çŠË¢¸j·Š÷₫ jY This e-mail may contain identifiable health information that is subject to protection under state and federal law. This information is intended to be for the use of the individual named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited and may be punishable by law. If you have received this electronic transmission in error, please notify us immediately by electronic mail (reply).bj{ry jYv)zfڦ֒~++{nljJyˉ9xڅyۮn)zqrzǮؖ+jijض ˢj jY CONFIDENTIALITY NOTICE. This electronic mail transmission may contain privileged and/or confidential information and is intended only for the review of the party to whom it is addressed. If you have received this transmission in error, please immediately return it to the sender, delete it and destroy it without reading it. Unintended transmission shall not constitute the waiver of the attorney-client or any other privilege. bj{ry mjYǧv)zf ֥-~+-+a{.n+^Jy_]9 x"-yb(n)zq+rz^+-ji^jm 祊l?j! mjY? This e-mail may contain identifiable health information that is subject to protection under state and federal law. This information is intended to be for the use of the individual named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited and may be punishable by law. If you have received this electronic transmission in error, please notify us immediately by electronic mail (reply).bj{ry mjYǧv)zf ֥-~+-+a{.n+^Jy_]9 x"-yb(n)zq+rz^+-ji^jm 祊l?j! mjY? NOTICE: The information transmitted in this e-mail may contain confidential and/or legally privileged information intended only for the use of the individual(s) named above. Review, use, disclosure, distribution, or forwarding of this information by persons or entities other than the intended recipient(s) is prohibited by law and may subject them to criminal or civil liabilities. Statements and opinion expressed in this e-mail may not represent those of Mazuma Credit Union. All e-mail communications through Mazuma's corporate email system are subject to archiving and review by someone other than the recipient. If you have received this communication in error, please notify the sender immediately and delete/destroy any and all copies of the original message from any computer or network system. *********************** You can unsubscribe from gptalk by sending email to gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by logging into the freelists.org Web interface. Archives for the list are available at //www.freelists.org/archives/gptalk/ ************************ This e-mail may contain identifiable health information that is subject to protection under state and federal law. This information is intended to be for the use of the individual named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited and may be punishable by law. If you have received this electronic transmission in error, please notify us immediately by electronic mail (reply).