Hm...possibly not; I suppose I'll have to confirm that the pop-ups do indeed work from that website on an IE6 system (you'd think I would have done that by now but I actually don't have an account to login to it yet!). Thanks :-) -DaveC On Wed, Jul 23, 2008 at 6:27 PM, Nelson, Jamie <Jamie.Nelson@xxxxxxx> wrote: > Yeah, I bet your local settings got imported to the IE Maintenance Policy > whenever you were dinking around with the new GPO. Is not being able to see > the list a deal breaker for you? > > > > *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] *On > Behalf Of *David Cliffe > *Sent:* Wednesday, July 23, 2008 4:26 PM > *To:* gptalk@xxxxxxxxxxxxx > *Subject:* [gptalk] Re: Sanity Check regarding Pop-Up Blocker GPO > > > > Update.... > > > > Cleaning up my own IE pop-up blocker settings prior to config [and link] of > the new GPO seems to have fixed the issue where the domains I had personally > configured also got sent down to the test users. Could not find ANY other > GPOs which even came close to specifying those so I'm pretty sure they got > sent down incorrectly from my machine when I configured this new GPO. Very > strange. > > > > Next issue is that even though the correct domain name now gets sent down > to the POLICIES key for ALL test users (regardless of IE version), I can > only view it (within the IE interface) on an IE7 browser. If I open the > pop-up blocker settings on IE6 even with the reg key set, the domain does > not get shown in the window. The setting says this is supportd on IE6, so > my question is does it still take effect even though not shown in the app's > dialog box? IE7 it can be seen in the dialog box. > > > > -DaveC > > On Wed, Jul 23, 2008 at 3:39 PM, David Cliffe <dc31hz@xxxxxxxxx> wrote: > > Thanks Jamie...good thoughts...I would agree it sounds like there may be > another policy conflicting. I had checked that but will certainly check > again and post back. I am also testing removal of my own settings in IE > first, and then relink the policy to see if it makes a difference. > > > > Also appreicate the remark on "Trusted Sites". Client currently does not > have that particular site listed there (although there are others), but > that's something I hadn't thought of. > > > > -DaveC > > On Wed, Jul 23, 2008 at 2:45 PM, Nelson, Jamie <Jamie.Nelson@xxxxxxx> > wrote: > > Are you sure that there is no IE Maintenance Policy getting applied? Are > the users and computer objects all in the same OUs? The Admin Template > settings are the way to go, but the behavior you're explaining kind of > sounds like there is something else conflicting with them. > > > > Also keep in mind that if you add a site to the "Trusted Sites" zone you > should not have to also add it to the pop-up allow list. If you do indeed > trust the site, I would go ahead and add it there instead of maintaining two > different lists. > > > > *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] *On > Behalf Of *David Cliffe > *Sent:* Wednesday, July 23, 2008 1:35 PM > *To:* gptalk@xxxxxxxxxxxxx > *Subject:* [gptalk] Sanity Check regarding Pop-Up Blocker GPO > > > > Hi, > > > > A client is shortly to distribute a new app (for IE) which generates > pop-ups, so I was asked to implement GPO which specifically adds the new > site to the pop-up blocker settings and ALLOW the pop-up. > > > > Forest and domain is Win2003 (FFL/DFL=2). All client machines are WinXP > with SP2. Most clients are IE6 (some are IE7). I configured the following: > > > > "User Configuration\Administrative Templates\Windows Components\Internet > Explorer\Pop-up allow list" (no strong reason to go with USER side > config...I just thought no need to do this on COMPUTER side). > > > > I enabled that policy, added one domain to the list (*.site.org) and > linked the GPO to a test OU with some users in it. RSOP/GPRESULT all show > the GPO is applied successfully and also the following REG_SZ is confirmed > present in registry: > > > > "HKCU\Software\Policies\Microsoft\Internet Explorer\New Windows\Allow" ( > *.site.org is present both as the value and the data ) > > > > So I thought I was golden. Wrong. For three test users I > encountered strange results when logging on as each user and looking in IE > pop-up blocker settings (from the application itself). Note that the GPO > was configured and applied via GPMC while logged on as User1 : > > > > User1 (me) runs IE7 and had two additional domains previously configured in > pop-up blocker settings prior to existence of this GPO. They were simply > configured via IE7 interface (not via GPO or other method). The new domain > was added to the list. This is the behavior I was hoping for. Recall that > this user (me) created the GPO on this machine. > > > > User2 runs IE6 and had one additional domain previously configured in > pop-up blocker settings prior to existence of new GPO. The new domain was > NOT added to the list. Instead, the two domains previously configured on > User1's machine were added to the list! > > > > User3 runs IE7 and logged on to fresh built machine with NO pop-up blocker > settings configured. The new domain was NOT added to the list. Instead, > the two domains previously configured on User1's machine were added to the > list! This test user took it upon himself to REMOVE ALL domains from the > list (manually in the IE interface) and then exit/relaunch IE. This seemed > to cause the one correct domain to get added to the list. > > > > When the wrong domains got added to the list on User2 and User3 machine, > they were added as REG_BINARY here: > > > > HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow (this is > where they existed on the original User1 machine as well) > > > > > > I'm confused by this beharvior, or else I should not be mixing IE versions > or else should clean my own settings out first when creating the GPO > (although I didn't realize this could happen outside of IE Maint policies). > > > > Sorry for the long post...hope it makes sense. Just wondering if anyone > else has experienced it. > > DaveC > > > > > > * > ------------------------------ > * > > *Confidentiality Warning:* This message and any attachments are intended > only for the use of the intended recipient(s), are confidential, and may be > privileged. If you are not the intended recipient, you are hereby notified > that any review, retransmission, conversion to hard copy, copying, > circulation or other use of all or any portion of this message and any > attachments is strictly prohibited. If you are not the intended recipient, > please notify the sender immediately by return e-mail, and delete this > message and any attachments from your system. > >