Re: Windows 2003 security issue
- From: "Francis" <francis@xxxxxxxxxx>
- Date: Mon, 30 Jan 2006 09:18:05 +0800
The server is not a DC and OS is windows2k3 SP1
"Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:uPwXc8PJGHA.1180@xxxxxxxxxxxxxxxxxxxxxxx
> He never specified it the computer was a domain member or not I believe.
> If it is a domain computer then yes there should be at least two GPOs that
> could be implementing settings but there could be more - a lot more which
> is why rsop.msc or the command line version gpresult would be best to run.
> In this case however if IE maintenance settings [which are not in
> administrative templates] are being used as long as he can actually
> configure the Web Content Zone security settings the settings should apply
> and they would not change back until there is a Group Policy refresh for
> the user and IE maintenance settings are reapplied at every refresh which
> is not the default or the Group Policy that applies those settings is
> edited and saved which leads me to wonder if the settings are being
> enforced somewhere else such as in HKLM. He also did not specify if he was
> using SP1 or not which has a whole lot more settings for IE but rsop.msc
> should be a good start to see if any GP settings are enabled that could be
> causing his problem. --- Steve
>
>
> "M Irusalimsky" <best.it.consultant@xxxxxxxxx> wrote in message
> news:u$LIrvHJGHA.668@xxxxxxxxxxxxxxxxxxxxxxx
>> well all i can say is, there is 3 GPO's to check:
>> DC gpo (if the server is a DC), domain GPO, and then local GPO, when you
>> run gpedit.msc on your computer/server, you only check local GPO
>>
>> --
>> M Irusalimsky
>> MCP, MCSA, MCSE
>> "Knowledge is power"
>>
>> "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:%23mlKs19IGHA.596@xxxxxxxxxxxxxxxxxxxxxxx
>>> Weird. I don't know if the computer is a member of a domain or not but
>>> if it is there might be more than one Group Policy managing those
>>> settings and it might help running rsop.msc on your TS server to see
>>> what Group Policies are being applied to the user. If you are logging on
>>> with a domain account then try logging on as a local administrator that
>>> is not a domain account.
>>>
>>> If none of that applies or helps and you have another Windows 2003
>>> Server or maybe even an XP Pro computer around that does not have the
>>> problem you could try exporting the registry keys for HKEY_CURRENT
>>> _USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
>>> and
>>> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet
>>> Settings\Zones\ from a computer that does not have the problem and
>>> import into the registry of the probelm server via .reg file starting
>>> with
>>> HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
>>> Settings\Zones\ being sure to backup those keys on the server rst. ---
>>> Steve
>>>
>>> "Francis" <francis@xxxxxxxxxx> wrote in message
>>> news:%23O5QhjuIGHA.532@xxxxxxxxxxxxxxxxxxxxxxx
>>>> Yes, I have uninstalled the IE ES for admin & users and it is still
>>>> popping up saying that it is enabled. About being linked to some other
>>>> website that may be in
>>>> a different web content, I can't tell as it is not showing at the
>>>> bottom right of the browser.
>>>> If it is linked, is it because of that particular file or website that
>>>> I am trying to download from. As it is, I can't download from any site,
>>>> even from our intranet.
>>>> Francis
>>>>
>>>> "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>>>> news:e0wojSoIGHA.964@xxxxxxxxxxxxxxxxxxxxxxx
>>>>> Hmm. When you try to download does it show that the site is in a
>>>>> trusted zone at the bottom right hand corner of the browser window and
>>>>> is the download from the same website and not linked to some other
>>>>> website that might be in a different web content zone? You might also
>>>>> want to post in the Microsoft.public.internetexplorer.security
>>>>> newsgroup. When you went to Control Panel/add and remove
>>>>> programs/Windows components to remove IE enhanced security try
>>>>> uninstalling it for users and administrators if you did not do so
>>>>> before to see if that makes a difference. --- Steve
>>>>>
>>>>>
>>>>> "Loh" <francisloh@xxxxxxxxxxxx> wrote in message
>>>>> news:%2367%23L3kIGHA.3492@xxxxxxxxxxxxxxxxxxxxxxx
>>>>>> Thanks Steven for the suggestions. I have tried everything you said
>>>>>> but no
>>>>>> go. However, there is some difference in the error when I created a
>>>>>> new user
>>>>>> (with admin rights). It looked as though it was going to work when it
>>>>>> asked
>>>>>> for the web site to be added into the trusted zone & lower its
>>>>>> security.
>>>>>> When done, it asked for the same action but acknowledges that the
>>>>>> site is
>>>>>> already added when I tried to add again.So I cannot get past this
>>>>>> block -
>>>>>> same issue. IE must be stuffed.
>>>>>>
>>>>>> Francis
>>>>>>
>>>>>> "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>>>>>> news:uWldqfjIGHA.516@xxxxxxxxxxxxxxxxxxxxxxx
>>>>>>> Try adding the website you are trying to download from to your
>>>>>>> trusted Web
>>>>>>> Content Zone and then set security for that zone to low to see what
>>>>>> happens.
>>>>>>> Make sure that the website in question is not in the restricted web
>>>>>> content
>>>>>>> zone. Is this a new or ongoing problem or did it happen suddenly or
>>>>>>> after
>>>>>>> installing any software? I would also try creating a different user
>>>>>> account
>>>>>>> to try from that will generate a new user profile based on the
>>>>>>> default
>>>>>> user
>>>>>>> profile to see if that account has the same problem or not. ---
>>>>>>> Steve
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> "Francis" <francis@xxxxxxxxxx> wrote in message
>>>>>>> news:ODRdsxYIGHA.2012@xxxxxxxxxxxxxxxxxxxxxxx
>>>>>>> > Hi,
>>>>>>> > I really need some help after spending hours trying to resolve the
>>>>>> windows
>>>>>>> > 2003 issue.
>>>>>>> > Have a win2k3 server used as a terminal server and I cannot
>>>>>>> > download any
>>>>>>> > file from the internet or intranet.
>>>>>>> > I have tried logging in as administrator both remotely as well as
>>>>>> locally.
>>>>>>> > It shows a security alert "Your current settings do not allow this
>>>>>>> > file
>>>>>> to
>>>>>>> > be downloaded." I have tried setting the browser
>>>>>>> > internet/intranet/trusted
>>>>>>> > zones to medium-low with "allow file download","run activex
>>>>>>> > controls and
>>>>>>> > plugins"..... enabled. No success.
>>>>>>> > I have even disabled Internet Explorer Enhanced Security
>>>>>>> > Configuration
>>>>>>> > just to try if it works. No success.
>>>>>>> > I have edited the group policy by running gpedit.msc and enabled
>>>>>>> > everything in the Internet security settings. No success.
>>>>>>> > There is no firewall, antispam on the server & have disabled
>>>>>>> > antivirus.
>>>>>> I
>>>>>>> > think I have tried everything I know or have read about.
>>>>>>> > Is there something I am missing? Thank you.
>>>>>>> >
>>>>>>> > Francis
>>>>>>> >
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>
.
- Follow-Ups:
- Re: Windows 2003 security issue
- From: M Irusalimsky
- Re: Windows 2003 security issue
- References:
- Windows 2003 security issue
- From: Francis
- Re: Windows 2003 security issue
- From: Steven L Umbach
- Re: Windows 2003 security issue
- From: Loh
- Re: Windows 2003 security issue
- From: Steven L Umbach
- Re: Windows 2003 security issue
- From: Francis
- Re: Windows 2003 security issue
- From: Steven L Umbach
- Re: Windows 2003 security issue
- From: M Irusalimsky
- Re: Windows 2003 security issue
- From: Steven L Umbach
- Windows 2003 security issue
- Prev by Date: Re: Netlogon /Sysvol
- Next by Date: Re: Windows 2003 security issue
- Previous by thread: Re: Windows 2003 security issue
- Next by thread: Re: Windows 2003 security issue
- Index(es):
Relevant Pages
|
