[gptalk] Re: Vista - Enable Protected Mode
- From: "Tim Bolton" <jsclmedave@xxxxxxxxx>
- To: gptalk@xxxxxxxxxxxxx
- Date: Wed, 20 Aug 2008 09:39:38 -0500
Thank you Darren!
That's what I thought, but there is that little bit of doubt wtih not having
a lot of experience with Vista.
I am going to have one of their staff run from their Vista machines.
GPRESULT /H %TEMP%\UserRSOP.htm /scope user
and
GPRESULT /H C:\ComputerRSOP.htm /scope computer
and go from there.
Thanks Again !
On Wed, Aug 20, 2008 at 9:17 AM, Darren Mar-Elia <darren@xxxxxxxxxx> wrote:
> If the GPO was never enabled or even linked in your 2nd case, there is no
> way in heck that it will be applied to any systems. You can confirm that by
> running GP Results against one of those systems. In any case, I don't see
> anything that you did effecting those ActiveX prompts. Also note that
> setting site-to-zone assignments has no impact at all on whether IE runs in
> Protected mode.
>
>
>
> Darren
>
>
>
> *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] *On
> Behalf Of *Tim Bolton
> *Sent:* Wednesday, August 20, 2008 5:39 AM
>
> *To:* gptalk@xxxxxxxxxxxxx
> *Subject:* [gptalk] Re: Vista - Enable Protected Mode
>
>
>
> I was setting the sit-to-zone assignments (all default settings). The GPO
> was Linked but NOT enabled. There was an issue while documenting that were
> the payroll person could not access an important site. Of course all eyes
> looked my way... This turned out to be a Server Side 500 error. Nothing I
> was doing - or the new ISA server - had anything to do with it. However the
> GPO was deleted to make sure and several gpupdate /force commands were run.
>
>
>
> So now I recreated the GPO with the same settings. This time it is neither
> Linked or Enabled. I am now getting a call from one of the directors that
> his Vista PC is prompting him to load ActiveX controls for almost everyone
> of their frequented sites. If they place the site into their Trusted Sites
> the are no longer prompted. This is an option that is not acceptable and
> once again all eyes are looking my way.
>
>
>
> 1) Would setting the sit-to-zone assignments (all default settings) cause
> the Vista PCs to start prompting? I thought that Protected Mode was on by
> Default..?
>
>
>
> 2) To verify that I made any changes or to turn off Protected Mode I would
> have to make changes to the UAC settings in GP. Is this not the case..?
>
>
>
> 3) Would anything that I have done caused this issue? I don't see how, but
> I have minimal testing with Vista only. I do not even own a copy. Most of
> my time has been spent trouble shooting and documenting what I have found
> for an upcoming migration to new equipment, so changes have been absolutely
> minimal.
>
>
>
> Feel free to shoot me an email off line if you want further info
> jsclmedave at Gmail DOT com
>
> On Tue, Aug 19, 2008 at 7:21 PM, Darren Mar-Elia <darren@xxxxxxxxxx>
> wrote:
>
> I'm a bit confused, Tim, by what your issue is. Is it that you set some
> site-to-zone assignments on IE, then removed the underlying GPO, and they
> are still being delivered? I guess I'm missing the connection between UAC
> and what you're seeing…
>
>
> Darren
>
>
>
> *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] *On
> Behalf Of *Salandra, Justin
> *Sent:* Tuesday, August 19, 2008 5:12 PM
>
>
> *To:* gptalk@xxxxxxxxxxxxx
> *Subject:* [gptalk] Re: Vista - Enable Protected Mode
>
>
>
> Try installing the RSAT tools on Vista SP1
>
>
>
> Justin A. Salandra
>
> Network Engineer
>
> jsalandra@xxxxxxxxxxx
>
> ------------------------------------------
>
>
>
>
>
> [image: MCSE(rgb)] [image: MCTS(rgb)_528_534]
>
>
>
> *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] *On
> Behalf Of *Tim Bolton
> *Sent:* Tuesday, August 19, 2008 5:32 PM
> *To:* gptalk@xxxxxxxxxxxxx
> *Subject:* [gptalk] Re: Vista - Enable Protected Mode
>
>
>
> I am going to try to RDP into a vista box in the morning then load the
> client side GP there. I was also going to run
>
> GPRESULT /H %TEMP%\UserRSOP.htm /scope user
> and
> GPRESULT /H C:\ComputerRSOP.htm /scope computer
>
> Especially sine RSOP does not work correctly on Vista SP1.
>
>
>
> Not sure what else to do...
>
>
>
>
>
>
>
> On Tue, Aug 19, 2008 at 4:18 PM, Salandra, Justin <jsalandra@xxxxxxxxxxx>
> wrote:
>
> You will not see the UAC settings from a 2003 Server running GPMC, can you
> run it for a Vista machine?
>
>
>
> Justin A. Salandra
>
> Network Engineer
>
> jsalandra@xxxxxxxxxxx
>
> ------------------------------------------
>
>
>
>
>
> *Error! Filename not specified.* *Error! Filename not specified.*
>
>
>
> *From:* gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] *On
> Behalf Of *Tim Bolton
> *Sent:* Tuesday, August 19, 2008 4:47 PM
> *To:* gptalk@xxxxxxxxxxxxx
> *Subject:* [gptalk] Vista - Enable Protected Mode
>
>
>
> I am working with a new site and was setting the Internet Security Zones
> for IE6 and IE7.
>
>
>
> The GP was Linked but not enforced. I was setting them to the Default Zone
> Settings when an issue arose with access to a site for a user completing
> payroll.
>
>
>
> This turned out to be a Server Side error. However, for a just in case
> measure, the new GP was un-linked and then deleted. I ran gpupdate /force
> to clean up any issues.
>
>
>
> We installed an ISA server about a month ago. Since then no changes have
> been made to it.
>
>
>
>
>
> Now I am told that the Vista PCs are getting prompted to add ActiveX
> controls. When the user RT clicks they only get info not the ability to
> add. The users are able to add the site to the Trusted List and that takes
> care of the prompt.
>
>
>
> However, the users do not want to have to perform this task for every site
> they go to and they are indicating that this started a couple of weeks ago,
> even though they have had these Vista PCs for over a year.
>
>
>
> I am checking ISA one more time.
>
>
>
> I have run the modeling test with that user and all indications are that
> the Default Domain policy is winning out.
>
>
>
> However, since I am RDPing into a 2003 Server, I cannot even see the Vista
> UAC settings or anything else that would affect Vista.
>
>
>
> Would the settings to IE6 and IE7 apply to the Vista instance even though
> it was not enforced?
>
>
>
> The ONLY thing I done this last week and this week is document AND gpupdate
> /force. I am wondering if I woke up the Vista PCs..?
>
>
>
>
>
> Any advice will be greatly appreciated...
>
>
>
>
>
> --
> Tim Bolton
>
> "IMPORTANT NOTICE: The information in this email
>
> (and any attachments hereto) is confidential and may be
>
> protected by legal privileges and work product immunities.
>
> If you are not the intended recipient, you must not use or
>
> disseminate the information. Receipt by anyone other than the
>
> intended recipient is not a waiver of any attorney-client or work
>
>
>
> product privilege. If you have received this email in error, please
>
> immediately notify me by "Reply" command and permanently
>
> delete the original and any copies or printouts thereof. Although
>
> this email and any attachments are believed to be free of any virus
>
> or other defect that might affect any computer system into which it
>
> is received and opened, it is the responsibility of the recipient to
>
> insure that it is virus free and no responsibility is accepted by
>
> Transatlantic Reinsurance Company or its subsidiaries or affiliates
>
> either jointly or severally, for any loss or damage arising in any way
>
> from its use."
>
>
>
>
>
>
>
>
>
>
> --
> Tim Bolton
>
> "IMPORTANT NOTICE: The information in this email
>
> (and any attachments hereto) is confidential and may be
>
> protected by legal privileges and work product immunities.
>
> If you are not the intended recipient, you must not use or
>
> disseminate the information. Receipt by anyone other than the
>
> intended recipient is not a waiver of any attorney-client or work
>
>
>
> product privilege. If you have received this email in error, please
>
> immediately notify me by "Reply" command and permanently
>
> delete the original and any copies or printouts thereof. Although
>
> this email and any attachments are believed to be free of any virus
>
> or other defect that might affect any computer system into which it
>
> is received and opened, it is the responsibility of the recipient to
>
> insure that it is virus free and no responsibility is accepted by
>
> Transatlantic Reinsurance Company or its subsidiaries or affiliates
>
> either jointly or severally, for any loss or damage arising in any way
>
> from its use."
>
>
>
>
>
>
>
>
>
>
> --
> Tim Bolton
>
--
Tim Bolton
Other related posts:
