Re: Reducing IE security settings
From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 02/24/05
- Next message: Know1: "Group Policy Problem"
- Previous message: andy smart: "Re: Reducing IE security settings"
- In reply to: andy smart: "Re: Reducing IE security settings"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 24 Feb 2005 14:45:06 -0600
What would be worth a try is to run gpresult on one of those affected domain
computers. By default gpresult will display the result for the logged on
user and computer but you can specify a different user and also user the /v
switch for verbose results. You may want to pipe it to a text file as the
output could more than fill the screen - as in [ gpresult /user Andy /v
>results.txt ]. Look for something like below. If you do not find a Group
Policy that is enforcing the setting, then maybe it was removed or it was
implemented some other way as in IEAK possibly in which case you could
configure a Group Policy to make the change to be what you need for the
domain computers. --- Steve
Internet Explorer Security
--------------------------
Always Viewable Sites: N/A
Password Override Enabled: N/A
GPO: Default Domain Policy
Import the current Content Ratings Settings: No
Import the current Security Zones Settings: Yes
Import current Authenticode Security Information: No
Enable trusted publisher lockdown: No
"andy smart" <anonymus@discussions.microsoft.com> wrote in message
news:cvkuuq$o6r$1@newsfeed.th.ifl.net...
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Steven Umbach wrote:
> | Hi Andy.
> |
> | The default setting is medium for the internet Web Content Zone. You
> can change
> | this in Group Policy/user configuration/Windows settings/Internet
> Explorer
> | maintenance/security - security zones and content. You can configure the
> | settings you want on the computer you are configuring the policy on or
> modify
> | the existing settings.
> |
> | Also check the settings in advanced settings for "allow active content
> from cd
> | to run on my computer" which may also be part of the problem. However
> I don't
> | think that can be changed via Group Policy. --- Steve
> |
> |
> | "andy smart" <anonymus@discussions.microsoft.com> wrote in message
> | news:cvhs46$k69$1@newsfeed.th.ifl.net...
> |
> |>Hi
> |>
> |>We run XP with SP2 applied on our network - deployed via a GPO from 2003
> |>server. This puts the security settings for the Internet Zone in IE to
> |>high - which creates lots of problems with our students not being able
> |>to access interactive content/mulitmedia/etc etc. We've thought about
> |>this and would like to reduce this setting to Medium; we know the risks
> |>but feel that the gains will outweigh them in our context, as we'd be
> |>forevever adding stuff to 'trusted sites' if we do it that way!
> |>
> |>However we've been unable to achive this, either by modifying exisiting
> |>GPOs or creating our own! Any advice would be gratefully recivied!
> |>
> |>tia
> |>andy
> |
> |
> |
> Thanks Steve
>
> This makes us think that somewhere we have another GPO which is
> increasign the settings for us. Is there an easy way to find out which
> GPO might be doing this, or is it a case of starting from 'default
> domain' and systematically adding GPOs till we find it?
>
> andy
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.5 (MingW32)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
> iD8DBQFCHf8Yqmlxlf41jHgRAn9HAJ0W1xy5sTxK0mTDWpQqfu6t8G2TUwCfUVKK
> YvZo9WbYojvGY8ilyJfbMn0=
> =4c2D
> -----END PGP SIGNATURE-----
- Next message: Know1: "Group Policy Problem"
- Previous message: andy smart: "Re: Reducing IE security settings"
- In reply to: andy smart: "Re: Reducing IE security settings"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
