[gptalk] Re: Vista - Enable Protected Mode
- From: "Tim Bolton" <jsclmedave@xxxxxxxxx>
- To: gptalk@xxxxxxxxxxxxx
- Date: Wed, 20 Aug 2008 07:52:05 -0500
I just noticed that this references Server 2008 only.
They currently do not have a 2008 Server. 2003 R2 SP2 is the newest DC.
Will RSAT work with Server 2003 or do I need to keep the 2003 Admin Pack
Loaded..?
On Wed, Aug 20, 2008 at 7:38 AM, Tim Bolton <jsclmedave@xxxxxxxxx> wrote:
> I was setting the sit-to-zone assignments (all default settings). The
> GPO was Linked but NOT enabled. There was an issue while documenting that
> were the payroll person could not access an important site. Of course all
> eyes looked my way... This turned out to be a Server Side 500 error.
> Nothing I was doing - or the new ISA server - had anything to do with it.
> However the GPO was deleted to make sure and several gpupdate /force
> commands were run.
>
> So now I recreated the GPO with the same settings. This time it is neither
> Linked or Enabled. I am now getting a call from one of the directors that
> his Vista PC is prompting him to load ActiveX controls for almost everyone
> of their frequented sites. If they place the site into their Trusted Sites
> the are no longer prompted. This is an option that is not acceptable and
> once again all eyes are looking my way.
>
> 1) Would setting the sit-to-zone assignments (all default settings) cause
> the Vista PCs to start prompting? I thought that Protected Mode was on by
> Default..?
>
> 2) To verify that I made any changes or to turn off Protected Mode I would
> have to make changes to the UAC settings in GP. Is this not the case..?
>
> 3) Would anything that I have done caused this issue? I don't see how, but
> I have minimal testing with Vista only. I do not even own a copy. Most of
> my time has been spent trouble shooting and documenting what I have found
> for an upcoming migration to new equipment, so changes have been absolutely
> minimal.
>
> Feel free to shoot me an email off line if you want further info
> jsclmedave at Gmail DOT com
>
> On Tue, Aug 19, 2008 at 7:21 PM, Darren Mar-Elia <darren@xxxxxxxxxx>wrote:
>
>> I'm a bit confused, Tim, by what your issue is. Is it that you set some
>> site-to-zone assignments on IE, then removed the underlying GPO, and they
>> are still being delivered? I guess I'm missing the connection between UAC
>> and what you're seeing…
>>
>>
>> Darren
>>
>>
>>
>> *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
>> *On Behalf Of *Salandra, Justin
>> *Sent:* Tuesday, August 19, 2008 5:12 PM
>>
>> *To:* gptalk@xxxxxxxxxxxxx
>> *Subject:* [gptalk] Re: Vista - Enable Protected Mode
>>
>>
>>
>> Try installing the RSAT tools on Vista SP1
>>
>>
>>
>> Justin A. Salandra
>>
>> Network Engineer
>>
>> jsalandra@xxxxxxxxxxx
>>
>> ------------------------------------------
>>
>>
>>
>>
>>
>> [image: MCSE(rgb)] [image: MCTS(rgb)_528_534]
>>
>>
>>
>> *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
>> *On Behalf Of *Tim Bolton
>> *Sent:* Tuesday, August 19, 2008 5:32 PM
>> *To:* gptalk@xxxxxxxxxxxxx
>> *Subject:* [gptalk] Re: Vista - Enable Protected Mode
>>
>>
>>
>> I am going to try to RDP into a vista box in the morning then load the
>> client side GP there. I was also going to run
>>
>> GPRESULT /H %TEMP%\UserRSOP.htm /scope user
>> and
>> GPRESULT /H C:\ComputerRSOP.htm /scope computer
>>
>> Especially sine RSOP does not work correctly on Vista SP1.
>>
>>
>>
>> Not sure what else to do...
>>
>>
>>
>>
>>
>>
>>
>> On Tue, Aug 19, 2008 at 4:18 PM, Salandra, Justin <jsalandra@xxxxxxxxxxx>
>> wrote:
>>
>> You will not see the UAC settings from a 2003 Server running GPMC, can
>> you run it for a Vista machine?
>>
>>
>>
>> Justin A. Salandra
>>
>> Network Engineer
>>
>> jsalandra@xxxxxxxxxxx
>>
>> ------------------------------------------
>>
>>
>>
>>
>>
>> *Error! Filename not specified.* *Error! Filename not specified.
>> *
>>
>>
>>
>> *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
>> *On Behalf Of *Tim Bolton
>> *Sent:* Tuesday, August 19, 2008 4:47 PM
>> *To:* gptalk@xxxxxxxxxxxxx
>> *Subject:* [gptalk] Vista - Enable Protected Mode
>>
>>
>>
>> I am working with a new site and was setting the Internet Security Zones
>> for IE6 and IE7.
>>
>>
>>
>> The GP was Linked but not enforced. I was setting them to the Default
>> Zone Settings when an issue arose with access to a site for a user
>> completing payroll.
>>
>>
>>
>> This turned out to be a Server Side error. However, for a just in case
>> measure, the new GP was un-linked and then deleted. I ran gpupdate /force
>> to clean up any issues.
>>
>>
>>
>> We installed an ISA server about a month ago. Since then no changes have
>> been made to it.
>>
>>
>>
>>
>>
>> Now I am told that the Vista PCs are getting prompted to add ActiveX
>> controls. When the user RT clicks they only get info not the ability to
>> add. The users are able to add the site to the Trusted List and that takes
>> care of the prompt.
>>
>>
>>
>> However, the users do not want to have to perform this task for every site
>> they go to and they are indicating that this started a couple of weeks ago,
>> even though they have had these Vista PCs for over a year.
>>
>>
>>
>> I am checking ISA one more time.
>>
>>
>>
>> I have run the modeling test with that user and all indications are that
>> the Default Domain policy is winning out.
>>
>>
>>
>> However, since I am RDPing into a 2003 Server, I cannot even see the Vista
>> UAC settings or anything else that would affect Vista.
>>
>>
>>
>> Would the settings to IE6 and IE7 apply to the Vista instance even though
>> it was not enforced?
>>
>>
>>
>> The ONLY thing I done this last week and this week is document AND
>> gpupdate /force. I am wondering if I woke up the Vista PCs..?
>>
>>
>>
>>
>>
>> Any advice will be greatly appreciated...
>>
>>
>>
>>
>>
>> --
>> Tim Bolton
>>
>> "IMPORTANT NOTICE: The information in this email
>>
>> (and any attachments hereto) is confidential and may be
>>
>> protected by legal privileges and work product immunities.
>>
>> If you are not the intended recipient, you must not use or
>>
>> disseminate the information. Receipt by anyone other than the
>>
>> intended recipient is not a waiver of any attorney-client or work
>>
>> product privilege. If you have received this email in error, please
>>
>> immediately notify me by "Reply" command and permanently
>>
>> delete the original and any copies or printouts thereof. Although
>>
>> this email and any attachments are believed to be free of any virus
>>
>> or other defect that might affect any computer system into which it
>>
>> is received and opened, it is the responsibility of the recipient to
>>
>> insure that it is virus free and no responsibility is accepted by
>>
>> Transatlantic Reinsurance Company or its subsidiaries or affiliates
>>
>> either jointly or severally, for any loss or damage arising in any way
>>
>> from its use."
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> --
>> Tim Bolton
>>
>> "IMPORTANT NOTICE: The information in this email
>>
>> (and any attachments hereto) is confidential and may be
>>
>> protected by legal privileges and work product immunities.
>>
>> If you are not the intended recipient, you must not use or
>>
>> disseminate the information. Receipt by anyone other than the
>>
>> intended recipient is not a waiver of any attorney-client or work
>>
>> product privilege. If you have received this email in error, please
>>
>> immediately notify me by "Reply" command and permanently
>>
>> delete the original and any copies or printouts thereof. Although
>>
>> this email and any attachments are believed to be free of any virus
>>
>> or other defect that might affect any computer system into which it
>>
>> is received and opened, it is the responsibility of the recipient to
>>
>> insure that it is virus free and no responsibility is accepted by
>>
>> Transatlantic Reinsurance Company or its subsidiaries or affiliates
>>
>> either jointly or severally, for any loss or damage arising in any way
>>
>> from its use."
>>
>>
>>
>>
>>
>>
>>
>>
>
>
> --
> Tim Bolton
>
--
Tim Bolton
Other related posts:
