Re: Windows 2003 security issue
- From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sun, 29 Jan 2006 12:09:16 -0600
He never specified it the computer was a domain member or not I believe. If
it is a domain computer then yes there should be at least two GPOs that
could be implementing settings but there could be more - a lot more which is
why rsop.msc or the command line version gpresult would be best to run. In
this case however if IE maintenance settings [which are not in
administrative templates] are being used as long as he can actually
configure the Web Content Zone security settings the settings should apply
and they would not change back until there is a Group Policy refresh for the
user and IE maintenance settings are reapplied at every refresh which is not
the default or the Group Policy that applies those settings is edited and
saved which leads me to wonder if the settings are being enforced somewhere
else such as in HKLM. He also did not specify if he was using SP1 or not
which has a whole lot more settings for IE but rsop.msc should be a good
start to see if any GP settings are enabled that could be causing his
problem. --- Steve
"M Irusalimsky" <best.it.consultant@xxxxxxxxx> wrote in message
news:u$LIrvHJGHA.668@xxxxxxxxxxxxxxxxxxxxxxx
> well all i can say is, there is 3 GPO's to check:
> DC gpo (if the server is a DC), domain GPO, and then local GPO, when you
> run gpedit.msc on your computer/server, you only check local GPO
>
> --
> M Irusalimsky
> MCP, MCSA, MCSE
> "Knowledge is power"
>
> "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:%23mlKs19IGHA.596@xxxxxxxxxxxxxxxxxxxxxxx
>> Weird. I don't know if the computer is a member of a domain or not but if
>> it is there might be more than one Group Policy managing those settings
>> and it might help running rsop.msc on your TS server to see what Group
>> Policies are being applied to the user. If you are logging on with a
>> domain account then try logging on as a local administrator that is not a
>> domain account.
>>
>> If none of that applies or helps and you have another Windows 2003 Server
>> or maybe even an XP Pro computer around that does not have the problem
>> you could try exporting the registry keys for HKEY_CURRENT
>> _USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
>> and HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet
>> Settings\Zones\ from a computer that does not have the problem and import
>> into the registry of the probelm server via .reg file starting with
>> HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
>> Settings\Zones\ being sure to backup those keys on the server
>> rst. --- Steve
>>
>> "Francis" <francis@xxxxxxxxxx> wrote in message
>> news:%23O5QhjuIGHA.532@xxxxxxxxxxxxxxxxxxxxxxx
>>> Yes, I have uninstalled the IE ES for admin & users and it is still
>>> popping up saying that it is enabled. About being linked to some other
>>> website that may be in
>>> a different web content, I can't tell as it is not showing at the bottom
>>> right of the browser.
>>> If it is linked, is it because of that particular file or website that I
>>> am trying to download from. As it is, I can't download from any site,
>>> even from our intranet.
>>> Francis
>>>
>>> "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>>> news:e0wojSoIGHA.964@xxxxxxxxxxxxxxxxxxxxxxx
>>>> Hmm. When you try to download does it show that the site is in a
>>>> trusted zone at the bottom right hand corner of the browser window and
>>>> is the download from the same website and not linked to some other
>>>> website that might be in a different web content zone? You might also
>>>> want to post in the Microsoft.public.internetexplorer.security
>>>> newsgroup. When you went to Control Panel/add and remove
>>>> programs/Windows components to remove IE enhanced security try
>>>> uninstalling it for users and administrators if you did not do so
>>>> before to see if that makes a difference. --- Steve
>>>>
>>>>
>>>> "Loh" <francisloh@xxxxxxxxxxxx> wrote in message
>>>> news:%2367%23L3kIGHA.3492@xxxxxxxxxxxxxxxxxxxxxxx
>>>>> Thanks Steven for the suggestions. I have tried everything you said
>>>>> but no
>>>>> go. However, there is some difference in the error when I created a
>>>>> new user
>>>>> (with admin rights). It looked as though it was going to work when it
>>>>> asked
>>>>> for the web site to be added into the trusted zone & lower its
>>>>> security.
>>>>> When done, it asked for the same action but acknowledges that the site
>>>>> is
>>>>> already added when I tried to add again.So I cannot get past this
>>>>> block -
>>>>> same issue. IE must be stuffed.
>>>>>
>>>>> Francis
>>>>>
>>>>> "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>>>>> news:uWldqfjIGHA.516@xxxxxxxxxxxxxxxxxxxxxxx
>>>>>> Try adding the website you are trying to download from to your
>>>>>> trusted Web
>>>>>> Content Zone and then set security for that zone to low to see what
>>>>> happens.
>>>>>> Make sure that the website in question is not in the restricted web
>>>>> content
>>>>>> zone. Is this a new or ongoing problem or did it happen suddenly or
>>>>>> after
>>>>>> installing any software? I would also try creating a different user
>>>>> account
>>>>>> to try from that will generate a new user profile based on the
>>>>>> default
>>>>> user
>>>>>> profile to see if that account has the same problem or not. ---
>>>>>> Steve
>>>>>>
>>>>>>
>>>>>>
>>>>>> "Francis" <francis@xxxxxxxxxx> wrote in message
>>>>>> news:ODRdsxYIGHA.2012@xxxxxxxxxxxxxxxxxxxxxxx
>>>>>> > Hi,
>>>>>> > I really need some help after spending hours trying to resolve the
>>>>> windows
>>>>>> > 2003 issue.
>>>>>> > Have a win2k3 server used as a terminal server and I cannot
>>>>>> > download any
>>>>>> > file from the internet or intranet.
>>>>>> > I have tried logging in as administrator both remotely as well as
>>>>> locally.
>>>>>> > It shows a security alert "Your current settings do not allow this
>>>>>> > file
>>>>> to
>>>>>> > be downloaded." I have tried setting the browser
>>>>>> > internet/intranet/trusted
>>>>>> > zones to medium-low with "allow file download","run activex
>>>>>> > controls and
>>>>>> > plugins"..... enabled. No success.
>>>>>> > I have even disabled Internet Explorer Enhanced Security
>>>>>> > Configuration
>>>>>> > just to try if it works. No success.
>>>>>> > I have edited the group policy by running gpedit.msc and enabled
>>>>>> > everything in the Internet security settings. No success.
>>>>>> > There is no firewall, antispam on the server & have disabled
>>>>>> > antivirus.
>>>>> I
>>>>>> > think I have tried everything I know or have read about.
>>>>>> > Is there something I am missing? Thank you.
>>>>>> >
>>>>>> > Francis
>>>>>> >
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>
.
- Follow-Ups:
- Re: Windows 2003 security issue
- From: Francis
- Re: Windows 2003 security issue
- References:
- Windows 2003 security issue
- From: Francis
- Re: Windows 2003 security issue
- From: Steven L Umbach
- Re: Windows 2003 security issue
- From: Loh
- Re: Windows 2003 security issue
- From: Steven L Umbach
- Re: Windows 2003 security issue
- From: Francis
- Re: Windows 2003 security issue
- From: Steven L Umbach
- Re: Windows 2003 security issue
- From: M Irusalimsky
- Windows 2003 security issue
- Prev by Date: Re: Netlogon /Sysvol
- Next by Date: Re: 2003 server built in dos prevention??
- Previous by thread: Re: Windows 2003 security issue
- Next by thread: Re: Windows 2003 security issue
- Index(es):
Relevant Pages
|
|
