GPO questions

I'm just curious if this happens to anyone else.

If you set this add a computer to setting (1-4 is your options)

Computer Settings -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page

Site to Zone Assignment List

Does it show up under your Settings tab on the GPMC as "Extra Registry Settings"?

Thanks

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

APA

Yep

Came across this when we acquired a group where the previous IT dept... *cough accountants trying to be IT pro's cough* decided to switch on nearly every single group policy option and have about 20 GPO's doing almost the same things.....

Odd how it comes up as extra registry settings but if you go into the registry you can actually find where without GPO's you can manual force zone settings for users..... (Novelty feature....)

Claymoore

I don't get that for IE zones, but I have a long list of firewall exceptions in the 'Extra Registry Settings' area of the settings tab on the GPO in GPMC. Here is the message at the top of the Extra Registry Settings area:

Display names for some settings cannot be found. You might be able to resolve this issue by updating the .ADM files used by Group Policy Management.

The ADM files for each GPO are stored in SYSVOL\(domain)\Policies\(GPO SID)\Adm on the domain controller. Usually loading a new ADM template (such as the one available for the Google Toolbar to control its settings) for a new GPO would put a new ADM file in that policy folder. Service Packs can also update ADM files - XP SP2 updated several - and then there are those pesky custom ADM files to track. Your PC may not have the necessary ADM files to display these settings in the correct part of the GPO so make sure you have the latest service pack or custom templates copied to your %windir%\inf folder.

http://support.microsoft.com/kb/816662/

Looks like I need to update mine as well.

blargoe

That message for the .ADM files is also common with the Office ADM templates. There's a hotfix for that.

Mishra

A.P.A wrote:

Odd how it comes up as extra registry settings but if you go into the registry you can actually find where without GPO's you can manual force zone settings for users..... (Novelty feature....)

You just mean that you can set the registry setting in in GPO itself instead of finding the actual button for it right?

The hardest part to this puzzle is finding which 'extra registry setting' correlates to whatever GPO button. I would rather select the GPO setting than just add the registry entry.