[gptalk] RE: [gptalk] GPO setting for INternet Explorer

  • From: "Baiel, Zach" <baielz@xxxxxxxxxxxx>
  • To: gptalk@xxxxxxxxxxxxx
  • Date: Mon, 6 Nov 2006 14:02:00 -0500

Is this something you would want?
Applying Internet Explorer Security Settings to All Machines

One of the features of Group Policy is its ability to apply security settings 
to Internet Explorer that takes affect on all machines in the OU. The most 
useful of this is to add Intranet sites to the list so that Integrated Windows 
Authentication Works. 

However the capability to do this is not that clear. However you can set it how 
you like. 

1.      Open the Group Policy editor for the domain. 
2.      Go to the following location in the Group Policy location: User 
Configuration, Windows Settings, Internet Explorer Maintenance, Security.
3.      In the right window you will see an object called "Security Zones and 
Content Ratings". Double-click it to open it.
4.      The "Security Zones and Content Ratings" window will open. In the 
section labelled "Security Zones and Privacy" there are two radio buttons. 
Choose the second one - "Import the current security zones and privacy 
settings" so that "Modify Settings" becomes enabled. 
5.      Click on "Modify Settings". 
6.      The Internet Explorer security window will be opened and you can change 
the settings to what you wish. 
For example, if you want to add an address to to the list of sites in the 
Intranet zone (allowing you to use Windows Integrated Authentication) you need 
to do the following. 

a.      Click on "Local Intranet" so that the "Sites" button becomes enabled. 
b.      Click on the "Sites" button. 
c.      You will see three options already enabled. Leave those alone and click 
on the "Advanced..." button below them. 
d.      Enter the addresses of the sites you want to include.
Note. You can use wildcards. Therefore if you have sites called home.domain.com 
and intranet.domain.com you might want to enter *.domain.com instead. 
e.      If you are using a certificate on these sites, then you could enable 
"Require server verification (https:) for all sites in the zone" but you should 
test first. 

7.      Once you have finished making your changes just click "OK" until you 
are back to the Group Policy window again.
8.      You will need to log off and log back on again for the changes to take 
affect on workstations. 

These settings override any that the users may have put in themselves, so be 
aware before you enable the features. 




-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]On Behalf 
Of Tom Strader
Sent: Monday, November 06, 2006 12:50 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] GPO setting for INternet Explorer

I am having trouble finding a setting in GPO that allows me to set (enable) 
Windows Integrated Authentication in Internet Explorer.


Can anyone guide me in the right way to accomplish this?


Thanks for your assistance in advance,

Tom Strader

Server Systems Administrator



No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.430 / Virus Database: 268.13.28/518 - Release Date: 11/4/2006 5:30 

"*** This message is from the West Lafayette Community School Corporation and 
may contain confidential or privileged information.  
If you are not the addressee of this e-mail or it was addressed to you in 
error, you are not authorized to copy or distribute this e-mail or attachments. 
 Any error in addressing or delivery of this e-mail does not waive 
confidentiality or privilege.  If you received this e-mail in error, please 
notify the sender by 
return e-mail and delete it.  This e-mail message may not be copied, 
distributed, or forwarded without this statement and the permission of the 

Other related posts:

  • » [gptalk] RE: [gptalk] GPO setting for INternet Explorer