Thank you Darren! That's what I thought, but there is that little bit of doubt wtih not having a lot of experience with Vista. I am going to have one of their staff run from their Vista machines. GPRESULT /H %TEMP%\UserRSOP.htm /scope user and GPRESULT /H C:\ComputerRSOP.htm /scope computer and go from there. Thanks Again ! On Wed, Aug 20, 2008 at 9:17 AM, Darren Mar-Elia <darren@xxxxxxxxxx> wrote: > If the GPO was never enabled or even linked in your 2nd case, there is no > way in heck that it will be applied to any systems. You can confirm that by > running GP Results against one of those systems. In any case, I don't see > anything that you did effecting those ActiveX prompts. Also note that > setting site-to-zone assignments has no impact at all on whether IE runs in > Protected mode. > > > > Darren > > > > *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] *On > Behalf Of *Tim Bolton > *Sent:* Wednesday, August 20, 2008 5:39 AM > > *To:* gptalk@xxxxxxxxxxxxx > *Subject:* [gptalk] Re: Vista - Enable Protected Mode > > > > I was setting the sit-to-zone assignments (all default settings). The GPO > was Linked but NOT enabled. There was an issue while documenting that were > the payroll person could not access an important site. Of course all eyes > looked my way... This turned out to be a Server Side 500 error. Nothing I > was doing - or the new ISA server - had anything to do with it. However the > GPO was deleted to make sure and several gpupdate /force commands were run. > > > > So now I recreated the GPO with the same settings. This time it is neither > Linked or Enabled. I am now getting a call from one of the directors that > his Vista PC is prompting him to load ActiveX controls for almost everyone > of their frequented sites. If they place the site into their Trusted Sites > the are no longer prompted. This is an option that is not acceptable and > once again all eyes are looking my way. > > > > 1) Would setting the sit-to-zone assignments (all default settings) cause > the Vista PCs to start prompting? I thought that Protected Mode was on by > Default..? > > > > 2) To verify that I made any changes or to turn off Protected Mode I would > have to make changes to the UAC settings in GP. Is this not the case..? > > > > 3) Would anything that I have done caused this issue? I don't see how, but > I have minimal testing with Vista only. I do not even own a copy. Most of > my time has been spent trouble shooting and documenting what I have found > for an upcoming migration to new equipment, so changes have been absolutely > minimal. > > > > Feel free to shoot me an email off line if you want further info > jsclmedave at Gmail DOT com > > On Tue, Aug 19, 2008 at 7:21 PM, Darren Mar-Elia <darren@xxxxxxxxxx> > wrote: > > I'm a bit confused, Tim, by what your issue is. Is it that you set some > site-to-zone assignments on IE, then removed the underlying GPO, and they > are still being delivered? I guess I'm missing the connection between UAC > and what you're seeing… > > > Darren > > > > *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] *On > Behalf Of *Salandra, Justin > *Sent:* Tuesday, August 19, 2008 5:12 PM > > > *To:* gptalk@xxxxxxxxxxxxx > *Subject:* [gptalk] Re: Vista - Enable Protected Mode > > > > Try installing the RSAT tools on Vista SP1 > > > > Justin A. Salandra > > Network Engineer > > jsalandra@xxxxxxxxxxx > > ------------------------------------------ > > > > > > [image: MCSE(rgb)] [image: MCTS(rgb)_528_534] > > > > *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] *On > Behalf Of *Tim Bolton > *Sent:* Tuesday, August 19, 2008 5:32 PM > *To:* gptalk@xxxxxxxxxxxxx > *Subject:* [gptalk] Re: Vista - Enable Protected Mode > > > > I am going to try to RDP into a vista box in the morning then load the > client side GP there. I was also going to run > > GPRESULT /H %TEMP%\UserRSOP.htm /scope user > and > GPRESULT /H C:\ComputerRSOP.htm /scope computer > > Especially sine RSOP does not work correctly on Vista SP1. > > > > Not sure what else to do... > > > > > > > > On Tue, Aug 19, 2008 at 4:18 PM, Salandra, Justin <jsalandra@xxxxxxxxxxx> > wrote: > > You will not see the UAC settings from a 2003 Server running GPMC, can you > run it for a Vista machine? > > > > Justin A. Salandra > > Network Engineer > > jsalandra@xxxxxxxxxxx > > ------------------------------------------ > > > > > > *Error! Filename not specified.* *Error! Filename not specified.* > > > > *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] *On > Behalf Of *Tim Bolton > *Sent:* Tuesday, August 19, 2008 4:47 PM > *To:* gptalk@xxxxxxxxxxxxx > *Subject:* [gptalk] Vista - Enable Protected Mode > > > > I am working with a new site and was setting the Internet Security Zones > for IE6 and IE7. > > > > The GP was Linked but not enforced. I was setting them to the Default Zone > Settings when an issue arose with access to a site for a user completing > payroll. > > > > This turned out to be a Server Side error. However, for a just in case > measure, the new GP was un-linked and then deleted. I ran gpupdate /force > to clean up any issues. > > > > We installed an ISA server about a month ago. Since then no changes have > been made to it. > > > > > > Now I am told that the Vista PCs are getting prompted to add ActiveX > controls. When the user RT clicks they only get info not the ability to > add. The users are able to add the site to the Trusted List and that takes > care of the prompt. > > > > However, the users do not want to have to perform this task for every site > they go to and they are indicating that this started a couple of weeks ago, > even though they have had these Vista PCs for over a year. > > > > I am checking ISA one more time. > > > > I have run the modeling test with that user and all indications are that > the Default Domain policy is winning out. > > > > However, since I am RDPing into a 2003 Server, I cannot even see the Vista > UAC settings or anything else that would affect Vista. > > > > Would the settings to IE6 and IE7 apply to the Vista instance even though > it was not enforced? > > > > The ONLY thing I done this last week and this week is document AND gpupdate > /force. I am wondering if I woke up the Vista PCs..? > > > > > > Any advice will be greatly appreciated... > > > > > > -- > Tim Bolton > > "IMPORTANT NOTICE: The information in this email > > (and any attachments hereto) is confidential and may be > > protected by legal privileges and work product immunities. > > If you are not the intended recipient, you must not use or > > disseminate the information. Receipt by anyone other than the > > intended recipient is not a waiver of any attorney-client or work > > > > product privilege. If you have received this email in error, please > > immediately notify me by "Reply" command and permanently > > delete the original and any copies or printouts thereof. Although > > this email and any attachments are believed to be free of any virus > > or other defect that might affect any computer system into which it > > is received and opened, it is the responsibility of the recipient to > > insure that it is virus free and no responsibility is accepted by > > Transatlantic Reinsurance Company or its subsidiaries or affiliates > > either jointly or severally, for any loss or damage arising in any way > > from its use." > > > > > > > > > > > -- > Tim Bolton > > "IMPORTANT NOTICE: The information in this email > > (and any attachments hereto) is confidential and may be > > protected by legal privileges and work product immunities. > > If you are not the intended recipient, you must not use or > > disseminate the information. Receipt by anyone other than the > > intended recipient is not a waiver of any attorney-client or work > > > > product privilege. If you have received this email in error, please > > immediately notify me by "Reply" command and permanently > > delete the original and any copies or printouts thereof. Although > > this email and any attachments are believed to be free of any virus > > or other defect that might affect any computer system into which it > > is received and opened, it is the responsibility of the recipient to > > insure that it is virus free and no responsibility is accepted by > > Transatlantic Reinsurance Company or its subsidiaries or affiliates > > either jointly or severally, for any loss or damage arising in any way > > from its use." > > > > > > > > > > > -- > Tim Bolton > -- Tim Bolton