[gptalk] Re: Questions about IE Maintenance in Preference Mode

  • From: "Nelson, Jamie R" <Jamie.Nelson@xxxxxxxxxxxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Thu, 6 Mar 2008 14:29:34 -0600

Modifying the existing IE Maintenance GPO will not update your currently
deployed browser settings since preference mode was used to configure
them. They only get applied once for each user. Users who have yet to
process the GPO would get the complete set of "new" settings, but you
would still have to have a solution for users who had already processed
the initial GPO.


You could reset the browser settings and start over (or create a new GPO
altogether). However, if you do that you are potentially overwriting any
specific settings those users configured for themselves after initially
applying the preference settings.


If all you are trying to do is ensure that some sites are added to the
Local Intranet zone, I would look into just adding them with a GP based
logon script. This way they get appended to the list of sites and
nothing actually gets overwritten.


For future reference, I wouldn't use Preference Mode unless it is an
absolute necessity for your users to be able to configure settings for
themselves. In fact, I don't recommend using IE Maintenance Policy at
all. The ADM based settings for Internet Explorer are much more reliable
and easy to use.


Jamie Nelson | Systems Engineer | Systems Support, Information
Technology | I N T E G R I S Health | Phone 405.552.0903 | Fax
405.553.5687 | http://www.integrisok.com <http://www.integrisok.com/> 


From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of David Cliffe
Sent: Thursday, March 06, 2008 12:11 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Questions about IE Maintenance in Preference Mode




Sorry to bring up this age old topic.  I've managed to successfully
avoid IE Maintenance GPOs for a long while now so haven't been forced to
truly grasp their nature or read any of the comments about them  :-)


A client has an existing user GPO [linked to the root of a domain and
set to Enforced**] which configures multiple URLs to be placed in the
Trusted Sites zone.  This was done via IE Maintenance in Preference


[ ** not sure this accomplishes much in this scenario, although maybe
there are other settings in there as well (not sure yet) ]


Their objective is to modify that same GPO.  They would like to add new
URLs to the Local Intranet zone.  There are currently no plans to add or
remove any URLs from the existing list in Trusted Sites.


My questions:


1) Will the new URLs show up in Local Intanet zone when the policy is
next processed ?

2) Assuming the end user has not modified the Trusted Sites zone, will
the existing URLs there remain as is?

3) Would making this single modification change any other aspect of an
end user's IE config?  For example, if a proxy is being configured via
Pref Mode from a completely different GPO linked to a different OU in
the hierarchy, will that get removed/modified as a result of this?

4) If [by chance] something were to go wrong and multiple end users lose
some IE config settings, what's the easiest way to push [or pull] them
back from those same PrefMode GPOs?  I'm trying to get my head around
whether or not the client will ignore them since have already been
applied once?  I imagine these possibile remedies:


    a) Reset browser settings on GPO, import from a backup copy, but now
leave GPO as 'Policy Mode' in order to get settings back down to

    b) Just make some other innocuous change in the GPO simply to cause
version number to increase and client side to process it again?

    c) Other?


5) Hypothetical - if the list of URLs inside Trusted Sites  *did*  need
to be modified ... what would be the expected behavior during next proc
cycle for this policy in Pref mode?  Does it just pull the whole new
list in, or ??  I suppose this might correlate with 4b above...


Thanks again for your indulgence,


This email was sent to you by Reuters, the global news and information
To find out more about Reuters visit www.about.reuters.com 

Any views expressed in this message are those of the individual sender,
except where the sender specifically states them to be the views of
Reuters Limited. 

Reuters Limited is part of the Reuters Group of companies, of which
Reuters Group PLC is the ultimate parent company. Reuters Group PLC -
Registered office address: The Reuters Building, South Colonnade, Canary
Wharf, London E14 5EP, United Kingdom
Registered No: 3296375
Registered in England and Wales 

Other related posts: