I just noticed that this references Server 2008 only. They currently do not have a 2008 Server. 2003 R2 SP2 is the newest DC. Will RSAT work with Server 2003 or do I need to keep the 2003 Admin Pack Loaded..? On Wed, Aug 20, 2008 at 7:38 AM, Tim Bolton <jsclmedave@xxxxxxxxx> wrote: > I was setting the sit-to-zone assignments (all default settings). The > GPO was Linked but NOT enabled. There was an issue while documenting that > were the payroll person could not access an important site. Of course all > eyes looked my way... This turned out to be a Server Side 500 error. > Nothing I was doing - or the new ISA server - had anything to do with it. > However the GPO was deleted to make sure and several gpupdate /force > commands were run. > > So now I recreated the GPO with the same settings. This time it is neither > Linked or Enabled. I am now getting a call from one of the directors that > his Vista PC is prompting him to load ActiveX controls for almost everyone > of their frequented sites. If they place the site into their Trusted Sites > the are no longer prompted. This is an option that is not acceptable and > once again all eyes are looking my way. > > 1) Would setting the sit-to-zone assignments (all default settings) cause > the Vista PCs to start prompting? I thought that Protected Mode was on by > Default..? > > 2) To verify that I made any changes or to turn off Protected Mode I would > have to make changes to the UAC settings in GP. Is this not the case..? > > 3) Would anything that I have done caused this issue? I don't see how, but > I have minimal testing with Vista only. I do not even own a copy. Most of > my time has been spent trouble shooting and documenting what I have found > for an upcoming migration to new equipment, so changes have been absolutely > minimal. > > Feel free to shoot me an email off line if you want further info > jsclmedave at Gmail DOT com > > On Tue, Aug 19, 2008 at 7:21 PM, Darren Mar-Elia <darren@xxxxxxxxxx>wrote: > >> I'm a bit confused, Tim, by what your issue is. Is it that you set some >> site-to-zone assignments on IE, then removed the underlying GPO, and they >> are still being delivered? I guess I'm missing the connection between UAC >> and what you're seeing… >> >> >> Darren >> >> >> >> *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] >> *On Behalf Of *Salandra, Justin >> *Sent:* Tuesday, August 19, 2008 5:12 PM >> >> *To:* gptalk@xxxxxxxxxxxxx >> *Subject:* [gptalk] Re: Vista - Enable Protected Mode >> >> >> >> Try installing the RSAT tools on Vista SP1 >> >> >> >> Justin A. Salandra >> >> Network Engineer >> >> jsalandra@xxxxxxxxxxx >> >> ------------------------------------------ >> >> >> >> >> >> [image: MCSE(rgb)] [image: MCTS(rgb)_528_534] >> >> >> >> *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] >> *On Behalf Of *Tim Bolton >> *Sent:* Tuesday, August 19, 2008 5:32 PM >> *To:* gptalk@xxxxxxxxxxxxx >> *Subject:* [gptalk] Re: Vista - Enable Protected Mode >> >> >> >> I am going to try to RDP into a vista box in the morning then load the >> client side GP there. I was also going to run >> >> GPRESULT /H %TEMP%\UserRSOP.htm /scope user >> and >> GPRESULT /H C:\ComputerRSOP.htm /scope computer >> >> Especially sine RSOP does not work correctly on Vista SP1. >> >> >> >> Not sure what else to do... >> >> >> >> >> >> >> >> On Tue, Aug 19, 2008 at 4:18 PM, Salandra, Justin <jsalandra@xxxxxxxxxxx> >> wrote: >> >> You will not see the UAC settings from a 2003 Server running GPMC, can >> you run it for a Vista machine? >> >> >> >> Justin A. Salandra >> >> Network Engineer >> >> jsalandra@xxxxxxxxxxx >> >> ------------------------------------------ >> >> >> >> >> >> *Error! Filename not specified.* *Error! Filename not specified. >> * >> >> >> >> *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] >> *On Behalf Of *Tim Bolton >> *Sent:* Tuesday, August 19, 2008 4:47 PM >> *To:* gptalk@xxxxxxxxxxxxx >> *Subject:* [gptalk] Vista - Enable Protected Mode >> >> >> >> I am working with a new site and was setting the Internet Security Zones >> for IE6 and IE7. >> >> >> >> The GP was Linked but not enforced. I was setting them to the Default >> Zone Settings when an issue arose with access to a site for a user >> completing payroll. >> >> >> >> This turned out to be a Server Side error. However, for a just in case >> measure, the new GP was un-linked and then deleted. I ran gpupdate /force >> to clean up any issues. >> >> >> >> We installed an ISA server about a month ago. Since then no changes have >> been made to it. >> >> >> >> >> >> Now I am told that the Vista PCs are getting prompted to add ActiveX >> controls. When the user RT clicks they only get info not the ability to >> add. The users are able to add the site to the Trusted List and that takes >> care of the prompt. >> >> >> >> However, the users do not want to have to perform this task for every site >> they go to and they are indicating that this started a couple of weeks ago, >> even though they have had these Vista PCs for over a year. >> >> >> >> I am checking ISA one more time. >> >> >> >> I have run the modeling test with that user and all indications are that >> the Default Domain policy is winning out. >> >> >> >> However, since I am RDPing into a 2003 Server, I cannot even see the Vista >> UAC settings or anything else that would affect Vista. >> >> >> >> Would the settings to IE6 and IE7 apply to the Vista instance even though >> it was not enforced? >> >> >> >> The ONLY thing I done this last week and this week is document AND >> gpupdate /force. I am wondering if I woke up the Vista PCs..? >> >> >> >> >> >> Any advice will be greatly appreciated... >> >> >> >> >> >> -- >> Tim Bolton >> >> "IMPORTANT NOTICE: The information in this email >> >> (and any attachments hereto) is confidential and may be >> >> protected by legal privileges and work product immunities. >> >> If you are not the intended recipient, you must not use or >> >> disseminate the information. Receipt by anyone other than the >> >> intended recipient is not a waiver of any attorney-client or work >> >> product privilege. If you have received this email in error, please >> >> immediately notify me by "Reply" command and permanently >> >> delete the original and any copies or printouts thereof. Although >> >> this email and any attachments are believed to be free of any virus >> >> or other defect that might affect any computer system into which it >> >> is received and opened, it is the responsibility of the recipient to >> >> insure that it is virus free and no responsibility is accepted by >> >> Transatlantic Reinsurance Company or its subsidiaries or affiliates >> >> either jointly or severally, for any loss or damage arising in any way >> >> from its use." >> >> >> >> >> >> >> >> >> >> >> -- >> Tim Bolton >> >> "IMPORTANT NOTICE: The information in this email >> >> (and any attachments hereto) is confidential and may be >> >> protected by legal privileges and work product immunities. >> >> If you are not the intended recipient, you must not use or >> >> disseminate the information. Receipt by anyone other than the >> >> intended recipient is not a waiver of any attorney-client or work >> >> product privilege. If you have received this email in error, please >> >> immediately notify me by "Reply" command and permanently >> >> delete the original and any copies or printouts thereof. Although >> >> this email and any attachments are believed to be free of any virus >> >> or other defect that might affect any computer system into which it >> >> is received and opened, it is the responsibility of the recipient to >> >> insure that it is virus free and no responsibility is accepted by >> >> Transatlantic Reinsurance Company or its subsidiaries or affiliates >> >> either jointly or severally, for any loss or damage arising in any way >> >> from its use." >> >> >> >> >> >> >> >> > > > -- > Tim Bolton > -- Tim Bolton