GPO questions
I'm just curious if this happens to anyone else.
If you set this add a computer to setting (1-4 is your options)
Computer Settings -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page
Site to Zone Assignment List
Does it show up under your Settings tab on the GPMC as "Extra Registry Settings"?
Thanks
If you set this add a computer to setting (1-4 is your options)
Computer Settings -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page
Site to Zone Assignment List
Does it show up under your Settings tab on the GPMC as "Extra Registry Settings"?
Thanks
Comments
-
APA
Member Posts: 959
Yep
Came across this when we acquired a group where the previous IT dept... *cough accountants trying to be IT pro's cough* decided to switch on nearly every single group policy option and have about 20 GPO's doing almost the same things.....
Odd how it comes up as extra registry settings but if you go into the registry you can actually find where without GPO's you can manual force zone settings for users..... (Novelty feature....)
CCNA | CCNA:Security | CCNP | CCIP
JNCIA:JUNOS | JNCIA:EX | JNCIS:ENT | JNCIS:SEC
JNCIS:SP | JNCIP:SP -
Claymoore
Member Posts: 1,637
I don't get that for IE zones, but I have a long list of firewall exceptions in the 'Extra Registry Settings' area of the settings tab on the GPO in GPMC. Here is the message at the top of the Extra Registry Settings area:
Display names for some settings cannot be found. You might be able to resolve this issue by updating the .ADM files used by Group Policy Management.
The ADM files for each GPO are stored in SYSVOL\(domain)\Policies\(GPO SID)\Adm on the domain controller. Usually loading a new ADM template (such as the one available for the Google Toolbar to control its settings) for a new GPO would put a new ADM file in that policy folder. Service Packs can also update ADM files - XP SP2 updated several - and then there are those pesky custom ADM files to track. Your PC may not have the necessary ADM files to display these settings in the correct part of the GPO so make sure you have the latest service pack or custom templates copied to your %windir%\inf folder.
http://support.microsoft.com/kb/816662/
Looks like I need to update mine as well. -
blargoe
Member Posts: 4,174 ■■■■■■■■■□
That message for the .ADM files is also common with the Office ADM templates. There's a hotfix for that.IT guy since 12/00
Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
Working on: RHCE/Ansible
Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands... -
Mishra
Member Posts: 2,468 ■■■■□□□□□□
A.P.A wrote:Odd how it comes up as extra registry settings but if you go into the registry you can actually find where without GPO's you can manual force zone settings for users..... (Novelty feature....)
You just mean that you can set the registry setting in in GPO itself instead of finding the actual button for it right?
The hardest part to this puzzle is finding which 'extra registry setting' correlates to whatever GPO button. I would rather select the GPO setting than just add the registry entry.