Is this something you would want? Applying Internet Explorer Security Settings to All Machines One of the features of Group Policy is its ability to apply security settings to Internet Explorer that takes affect on all machines in the OU. The most useful of this is to add Intranet sites to the list so that Integrated Windows Authentication Works. However the capability to do this is not that clear. However you can set it how you like. 1. Open the Group Policy editor for the domain. 2. Go to the following location in the Group Policy location: User Configuration, Windows Settings, Internet Explorer Maintenance, Security. 3. In the right window you will see an object called "Security Zones and Content Ratings". Double-click it to open it. 4. The "Security Zones and Content Ratings" window will open. In the section labelled "Security Zones and Privacy" there are two radio buttons. Choose the second one - "Import the current security zones and privacy settings" so that "Modify Settings" becomes enabled. 5. Click on "Modify Settings". 6. The Internet Explorer security window will be opened and you can change the settings to what you wish. For example, if you want to add an address to to the list of sites in the Intranet zone (allowing you to use Windows Integrated Authentication) you need to do the following. a. Click on "Local Intranet" so that the "Sites" button becomes enabled. b. Click on the "Sites" button. c. You will see three options already enabled. Leave those alone and click on the "Advanced..." button below them. d. Enter the addresses of the sites you want to include. Note. You can use wildcards. Therefore if you have sites called home.domain.com and intranet.domain.com you might want to enter *.domain.com instead. e. If you are using a certificate on these sites, then you could enable "Require server verification (https:) for all sites in the zone" but you should test first. 7. Once you have finished making your changes just click "OK" until you are back to the Group Policy window again. 8. You will need to log off and log back on again for the changes to take affect on workstations. These settings override any that the users may have put in themselves, so be aware before you enable the features. http://www.amset.info/windows/policy.asp Zach -----Original Message----- From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]On Behalf Of Tom Strader Sent: Monday, November 06, 2006 12:50 PM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] GPO setting for INternet Explorer I am having trouble finding a setting in GPO that allows me to set (enable) Windows Integrated Authentication in Internet Explorer. Can anyone guide me in the right way to accomplish this? Thanks for your assistance in advance, Tom Strader Server Systems Administrator NCBPAC -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.430 / Virus Database: 268.13.28/518 - Release Date: 11/4/2006 5:30 PM "*** This message is from the West Lafayette Community School Corporation and may contain confidential or privileged information. If you are not the addressee of this e-mail or it was addressed to you in error, you are not authorized to copy or distribute this e-mail or attachments. Any error in addressing or delivery of this e-mail does not waive confidentiality or privilege. If you received this e-mail in error, please notify the sender by return e-mail and delete it. This e-mail message may not be copied, distributed, or forwarded without this statement and the permission of the sender.***"