[gptalk] Re: Sanity Check regarding Pop-Up Blocker GPO
- From: "David Cliffe" <dc31hz@xxxxxxxxx>
- To: gptalk@xxxxxxxxxxxxx
- Date: Thu, 24 Jul 2008 00:04:45 -0400
Hm...possibly not; I suppose I'll have to confirm that the pop-ups do indeed
work from that website on an IE6 system (you'd think I would have done that
by now but I actually don't have an account to login to it yet!).
Thanks :-)
-DaveC
On Wed, Jul 23, 2008 at 6:27 PM, Nelson, Jamie <Jamie.Nelson@xxxxxxx> wrote:
> Yeah, I bet your local settings got imported to the IE Maintenance Policy
> whenever you were dinking around with the new GPO. Is not being able to see
> the list a deal breaker for you?
>
>
>
> *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] *On
> Behalf Of *David Cliffe
> *Sent:* Wednesday, July 23, 2008 4:26 PM
> *To:* gptalk@xxxxxxxxxxxxx
> *Subject:* [gptalk] Re: Sanity Check regarding Pop-Up Blocker GPO
>
>
>
> Update....
>
>
>
> Cleaning up my own IE pop-up blocker settings prior to config [and link] of
> the new GPO seems to have fixed the issue where the domains I had personally
> configured also got sent down to the test users. Could not find ANY other
> GPOs which even came close to specifying those so I'm pretty sure they got
> sent down incorrectly from my machine when I configured this new GPO. Very
> strange.
>
>
>
> Next issue is that even though the correct domain name now gets sent down
> to the POLICIES key for ALL test users (regardless of IE version), I can
> only view it (within the IE interface) on an IE7 browser. If I open the
> pop-up blocker settings on IE6 even with the reg key set, the domain does
> not get shown in the window. The setting says this is supportd on IE6, so
> my question is does it still take effect even though not shown in the app's
> dialog box? IE7 it can be seen in the dialog box.
>
>
>
> -DaveC
>
> On Wed, Jul 23, 2008 at 3:39 PM, David Cliffe <dc31hz@xxxxxxxxx> wrote:
>
> Thanks Jamie...good thoughts...I would agree it sounds like there may be
> another policy conflicting. I had checked that but will certainly check
> again and post back. I am also testing removal of my own settings in IE
> first, and then relink the policy to see if it makes a difference.
>
>
>
> Also appreicate the remark on "Trusted Sites". Client currently does not
> have that particular site listed there (although there are others), but
> that's something I hadn't thought of.
>
>
>
> -DaveC
>
> On Wed, Jul 23, 2008 at 2:45 PM, Nelson, Jamie <Jamie.Nelson@xxxxxxx>
> wrote:
>
> Are you sure that there is no IE Maintenance Policy getting applied? Are
> the users and computer objects all in the same OUs? The Admin Template
> settings are the way to go, but the behavior you're explaining kind of
> sounds like there is something else conflicting with them.
>
>
>
> Also keep in mind that if you add a site to the "Trusted Sites" zone you
> should not have to also add it to the pop-up allow list. If you do indeed
> trust the site, I would go ahead and add it there instead of maintaining two
> different lists.
>
>
>
> *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] *On
> Behalf Of *David Cliffe
> *Sent:* Wednesday, July 23, 2008 1:35 PM
> *To:* gptalk@xxxxxxxxxxxxx
> *Subject:* [gptalk] Sanity Check regarding Pop-Up Blocker GPO
>
>
>
> Hi,
>
>
>
> A client is shortly to distribute a new app (for IE) which generates
> pop-ups, so I was asked to implement GPO which specifically adds the new
> site to the pop-up blocker settings and ALLOW the pop-up.
>
>
>
> Forest and domain is Win2003 (FFL/DFL=2). All client machines are WinXP
> with SP2. Most clients are IE6 (some are IE7). I configured the following:
>
>
>
> "User Configuration\Administrative Templates\Windows Components\Internet
> Explorer\Pop-up allow list" (no strong reason to go with USER side
> config...I just thought no need to do this on COMPUTER side).
>
>
>
> I enabled that policy, added one domain to the list (*.site.org) and
> linked the GPO to a test OU with some users in it. RSOP/GPRESULT all show
> the GPO is applied successfully and also the following REG_SZ is confirmed
> present in registry:
>
>
>
> "HKCU\Software\Policies\Microsoft\Internet Explorer\New Windows\Allow" (
> *.site.org is present both as the value and the data )
>
>
>
> So I thought I was golden. Wrong. For three test users I
> encountered strange results when logging on as each user and looking in IE
> pop-up blocker settings (from the application itself). Note that the GPO
> was configured and applied via GPMC while logged on as User1 :
>
>
>
> User1 (me) runs IE7 and had two additional domains previously configured in
> pop-up blocker settings prior to existence of this GPO. They were simply
> configured via IE7 interface (not via GPO or other method). The new domain
> was added to the list. This is the behavior I was hoping for. Recall that
> this user (me) created the GPO on this machine.
>
>
>
> User2 runs IE6 and had one additional domain previously configured in
> pop-up blocker settings prior to existence of new GPO. The new domain was
> NOT added to the list. Instead, the two domains previously configured on
> User1's machine were added to the list!
>
>
>
> User3 runs IE7 and logged on to fresh built machine with NO pop-up blocker
> settings configured. The new domain was NOT added to the list. Instead,
> the two domains previously configured on User1's machine were added to the
> list! This test user took it upon himself to REMOVE ALL domains from the
> list (manually in the IE interface) and then exit/relaunch IE. This seemed
> to cause the one correct domain to get added to the list.
>
>
>
> When the wrong domains got added to the list on User2 and User3 machine,
> they were added as REG_BINARY here:
>
>
>
> HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow (this is
> where they existed on the original User1 machine as well)
>
>
>
>
>
> I'm confused by this beharvior, or else I should not be mixing IE versions
> or else should clean my own settings out first when creating the GPO
> (although I didn't realize this could happen outside of IE Maint policies).
>
>
>
> Sorry for the long post...hope it makes sense. Just wondering if anyone
> else has experienced it.
>
> DaveC
>
>
>
>
>
> *
> ------------------------------
> *
>
> *Confidentiality Warning:* This message and any attachments are intended
> only for the use of the intended recipient(s), are confidential, and may be
> privileged. If you are not the intended recipient, you are hereby notified
> that any review, retransmission, conversion to hard copy, copying,
> circulation or other use of all or any portion of this message and any
> attachments is strictly prohibited. If you are not the intended recipient,
> please notify the sender immediately by return e-mail, and delete this
> message and any attachments from your system.
>
>
Other related posts:
