IE Maintenance Group Policy Settings Issue

G

Guest

Guest
Archived from groups: microsoft.public.win2000.group_policy (More info?)

I'll try to keep this short and to the point. =D

I created a test OU called "Test" at the root of my domain (no parent or child OUs). I then created a GPO called "Proxy Server Settings" on this OU called “Test�. The ONLY settings configured in this GPO were Connection - Proxy Settings. I clicked on "Enable proxy settings" and filled in the information for my proxy server.

I then proceeded to move a test account (domain user) to this OU. I logged off then back on. I then checked my Internet Explorer LAN settings and sure enough the GPO applied because the information was populated according to what the GPO was.

Now here is where I scratch my head....

I moved my test user account out of the test OU to the Users OU. The Users OU has no proxy GPO at all. I then rebooted my test PC and logged back in with the test account. Guess what? I checked the IE LAN settings and the GPO setting that were originally applied were still there and they never go away!

The ONLY way I have found to fix this is to delete the user profile on the local PC. This is NOT an option.

Does ANYONE out there know of a fix? This seems to be a Microsoft bug.

Thanks,
JJ Tubbs
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.group_policy (More info?)

Hi JJ

IE Policy Settings don't work in the same fashion as those found in the
Administrative Templates (adm files). IE settings are written to the
registry as a permanent change (this is different to the Admin Template
settings) and are only overwritten if the policy changes or a new policy
specifically targeting those same settings is identified. You can force IE
Policy to be re-applied at every login by referring to:

316702 Internet Explorer Security Setting That You Set with a Group Policy
http://support.microsoft.com/?id=316702

In your situation, you would need a new policy linked to the new OU that
specifically changed the proxy settings to the desired configuration.

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: markreno@online.microsoft.com

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no rights.




"JJ Tubs" <anonymous@discussions.microsoft.com> wrote in message
news:BBF67E7B-4EB2-46B7-A918-79837C23FC7F@microsoft.com...
> I'll try to keep this short and to the point. =D
>
> I created a test OU called "Test" at the root of my domain (no parent or
> child OUs). I then created a GPO called "Proxy Server Settings" on this
> OU called "Test". The ONLY settings configured in this GPO were
> Connection - Proxy Settings. I clicked on "Enable proxy settings" and
> filled in the information for my proxy server.
>
> I then proceeded to move a test account (domain user) to this OU. I
> logged off then back on. I then checked my Internet Explorer LAN settings
> and sure enough the GPO applied because the information was populated
> according to what the GPO was.
>
> Now here is where I scratch my head....
>
> I moved my test user account out of the test OU to the Users OU. The
> Users OU has no proxy GPO at all. I then rebooted my test PC and logged
> back in with the test account. Guess what? I checked the IE LAN settings
> and the GPO setting that were originally applied were still there and they
> never go away!
>
> The ONLY way I have found to fix this is to delete the user profile on the
> local PC. This is NOT an option.
>
> Does ANYONE out there know of a fix? This seems to be a Microsoft bug.
>
> Thanks,
> JJ Tubbs
 

JJ

Distinguished
Apr 5, 2004
254
0
18,780
Archived from groups: microsoft.public.win2000.group_policy (More info?)

Mark,

I appreciate the prompt reply and also the reference to
the KB article. I will test tomorrow when I get to work
and reply back with the results.

One more question.

In theory I could modify the original IE GPO to have a
blank proxy. This would be a GPO change and the settings
in the browser should be updated. Does that sound right?

I only ask because we have roughly 200 PCs that have a
specific profile where this is happening. Eventhough the
GPO link has been removed from the OU that this account
resides in the settings are still there on the PC that
they log into.

Thanks,
JJ

>-----Original Message-----
>Hi JJ
>
>IE Policy Settings don't work in the same fashion as
those found in the
>Administrative Templates (adm files). IE settings are
written to the
>registry as a permanent change (this is different to the
Admin Template
>settings) and are only overwritten if the policy changes
or a new policy
>specifically targeting those same settings is
identified. You can force IE
>Policy to be re-applied at every login by referring to:
>
>316702 Internet Explorer Security Setting That You Set
with a Group Policy
>http://support.microsoft.com/?id=316702
>
>In your situation, you would need a new policy linked to
the new OU that
>specifically changed the proxy settings to the desired
configuration.
>
>Kind regards
>--
>Mark Renoden [MSFT]
>Windows Platform Support Team
>Email: markreno@online.microsoft.com
>
>Please note you'll need to strip ".online" from my email
address to email
>me; I'll post a response back to the group.
>
>This posting is provided "AS IS" with no warranties, and
confers no rights.
>
>
>
>
>"JJ Tubs" <anonymous@discussions.microsoft.com> wrote in
message
>news:BBF67E7B-4EB2-46B7-A918-
79837C23FC7F@microsoft.com...
>> I'll try to keep this short and to the point. =D
>>
>> I created a test OU called "Test" at the root of my
domain (no parent or
>> child OUs). I then created a GPO called "Proxy Server
Settings" on this
>> OU called "Test". The ONLY settings configured in
this GPO were
>> Connection - Proxy Settings. I clicked on "Enable
proxy settings" and
>> filled in the information for my proxy server.
>>
>> I then proceeded to move a test account (domain user)
to this OU. I
>> logged off then back on. I then checked my Internet
Explorer LAN settings
>> and sure enough the GPO applied because the
information was populated
>> according to what the GPO was.
>>
>> Now here is where I scratch my head....
>>
>> I moved my test user account out of the test OU to the
Users OU. The
>> Users OU has no proxy GPO at all. I then rebooted my
test PC and logged
>> back in with the test account. Guess what? I checked
the IE LAN settings
>> and the GPO setting that were originally applied were
still there and they
>> never go away!
>>
>> The ONLY way I have found to fix this is to delete the
user profile on the
>> local PC. This is NOT an option.
>>
>> Does ANYONE out there know of a fix? This seems to be
a Microsoft bug.
>>
>> Thanks,
>> JJ Tubbs
>
>
>.
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.group_policy (More info?)

Hi JJ

That's correct. If you configure a GPO to set the proxy to blank, this will
be identified as a change to the policy and it will be re-applied to the
users the next time they log in (or it should).

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: markreno@online.microsoft.com

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no rights.

"JJ" <anonymous@discussions.microsoft.com> wrote in message
news:176e701c44917$8fc58ae0$a401280a@phx.gbl...
> Mark,
>
> I appreciate the prompt reply and also the reference to
> the KB article. I will test tomorrow when I get to work
> and reply back with the results.
>
> One more question.
>
> In theory I could modify the original IE GPO to have a
> blank proxy. This would be a GPO change and the settings
> in the browser should be updated. Does that sound right?
>
> I only ask because we have roughly 200 PCs that have a
> specific profile where this is happening. Eventhough the
> GPO link has been removed from the OU that this account
> resides in the settings are still there on the PC that
> they log into.
>
> Thanks,
> JJ
>
>>-----Original Message-----
>>Hi JJ
>>
>>IE Policy Settings don't work in the same fashion as
> those found in the
>>Administrative Templates (adm files). IE settings are
> written to the
>>registry as a permanent change (this is different to the
> Admin Template
>>settings) and are only overwritten if the policy changes
> or a new policy
>>specifically targeting those same settings is
> identified. You can force IE
>>Policy to be re-applied at every login by referring to:
>>
>>316702 Internet Explorer Security Setting That You Set
> with a Group Policy
>>http://support.microsoft.com/?id=316702
>>
>>In your situation, you would need a new policy linked to
> the new OU that
>>specifically changed the proxy settings to the desired
> configuration.
>>
>>Kind regards
>>--
>>Mark Renoden [MSFT]
>>Windows Platform Support Team
>>Email: markreno@online.microsoft.com
>>
>>Please note you'll need to strip ".online" from my email
> address to email
>>me; I'll post a response back to the group.
>>
>>This posting is provided "AS IS" with no warranties, and
> confers no rights.
>>
>>
>>
>>
>>"JJ Tubs" <anonymous@discussions.microsoft.com> wrote in
> message
>>news:BBF67E7B-4EB2-46B7-A918-
> 79837C23FC7F@microsoft.com...
>>> I'll try to keep this short and to the point. =D
>>>
>>> I created a test OU called "Test" at the root of my
> domain (no parent or
>>> child OUs). I then created a GPO called "Proxy Server
> Settings" on this
>>> OU called "Test". The ONLY settings configured in
> this GPO were
>>> Connection - Proxy Settings. I clicked on "Enable
> proxy settings" and
>>> filled in the information for my proxy server.
>>>
>>> I then proceeded to move a test account (domain user)
> to this OU. I
>>> logged off then back on. I then checked my Internet
> Explorer LAN settings
>>> and sure enough the GPO applied because the
> information was populated
>>> according to what the GPO was.
>>>
>>> Now here is where I scratch my head....
>>>
>>> I moved my test user account out of the test OU to the
> Users OU. The
>>> Users OU has no proxy GPO at all. I then rebooted my
> test PC and logged
>>> back in with the test account. Guess what? I checked
> the IE LAN settings
>>> and the GPO setting that were originally applied were
> still there and they
>>> never go away!
>>>
>>> The ONLY way I have found to fix this is to delete the
> user profile on the
>>> local PC. This is NOT an option.
>>>
>>> Does ANYONE out there know of a fix? This seems to be
> a Microsoft bug.
>>>
>>> Thanks,
>>> JJ Tubbs
>>
>>
>>.
>>
 

JJ

Distinguished
Apr 5, 2004
254
0
18,780
Archived from groups: microsoft.public.win2000.group_policy (More info?)

Mark,

In testing it works. I thought it would but wanted to check. Is there anyway to "lockdown" the capability of people changing IE connection options manually via GPOs?

Thanks,
JJ
 

JJ

Distinguished
Apr 5, 2004
254
0
18,780
Archived from groups: microsoft.public.win2000.group_policy (More info?)

I found the GPO to disable this.

Thanks for your help in answering my questions.

-JJ