Guest NS Posted August 1, 2008 Posted August 1, 2008 Something is changing the reg key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1803 from the desried value of 0 to 3 which prevents IE Downloads. I have a GPO that should be setting this key value to 0 but the only way i can achieve this is by using the command gpupdate /force /target:user. A logoff/logon or reboot does not overwrite the registry setting. Is this a bug ? Ideally i'd like to identify what is changing the key in the first place, any pointers on how to achieve this would also be much appreciated.
Guest PA Bear [MS MVP] Posted August 1, 2008 Posted August 1, 2008 Re: GPO not refreshing Internet Security Zone settings One or more options/settings in an ever-growing number of third-party applications may be disallowing the change(s) from "sticking". These include but are not limited to Ad-aware's Ad-Watch, Spybot Tea Timer, SpywareBlaster, SpySweeper, Spyware Doctor, CounterSpy, AVG Anti-Spyware, Norton AntiVirus, McAfee VirusScan and/or Antispyware, NOD32, and Zone Alarm (Free, Pro, & Security Suite). -- ~Robear Dyer (PA Bear) MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002 AumHa VSOP & Admin http://aumha.net DTS-L http://dts-l.net/ NS wrote: > Something is changing the reg key > HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet > Settings\Zones\3\1803 from the desried value of 0 to 3 which prevents IE > Downloads. > I have a GPO that should be setting this key value to 0 but the only way i > can achieve this is by using the command gpupdate /force /target:user. A > logoff/logon or reboot does not overwrite the registry setting. Is this a > bug ? > > Ideally i'd like to identify what is changing the key in the first place, > any pointers on how to achieve this would also be much appreciated.
Guest NS Posted August 4, 2008 Posted August 4, 2008 Re: GPO not refreshing Internet Security Zone settings McAfee VS I do have on the PC but since the PC receives the same AV policies as 100 + machines in the same department I think i can rule it out. I'm only seeing my issue on a select few machines & at random times. I will of course stop McAfee serivices for a period of time & monitor. A quick audit of the machine doesn't show up any unusual programs like those you mention. What tools could i use to capture the application changing the key ? Still need to find out why a logoff/logon or reboot does re-inforce the GPO settings but using the command line does? "PA Bear [MS MVP]" wrote: > One or more options/settings in an ever-growing number of third-party > applications may be disallowing the change(s) from "sticking". These include > but are not limited to Ad-aware's Ad-Watch, Spybot Tea Timer, > SpywareBlaster, SpySweeper, Spyware Doctor, CounterSpy, AVG Anti-Spyware, > Norton AntiVirus, McAfee VirusScan and/or Antispyware, NOD32, and Zone Alarm > (Free, Pro, & Security Suite). > -- > ~Robear Dyer (PA Bear) > MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002 > AumHa VSOP & Admin http://aumha.net > DTS-L http://dts-l.net/ > > NS wrote: > > Something is changing the reg key > > HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet > > Settings\Zones\3\1803 from the desried value of 0 to 3 which prevents IE > > Downloads. > > I have a GPO that should be setting this key value to 0 but the only way i > > can achieve this is by using the command gpupdate /force /target:user. A > > logoff/logon or reboot does not overwrite the registry setting. Is this a > > bug ? > > > > Ideally i'd like to identify what is changing the key in the first place, > > any pointers on how to achieve this would also be much appreciated. > >
Guest NS Posted August 11, 2008 Posted August 11, 2008 Re: GPO not refreshing Internet Security Zone settings Can any one else help me determine why GPO is not refreshing settings unless I manually refresh using the force option via command line ? "NS" wrote: > McAfee VS I do have on the PC but since the PC receives the same AV policies > as 100 + machines in the same department I think i can rule it out. I'm only > seeing my issue on a select few machines & at random times. I will of course > stop McAfee serivices for a period of time & monitor. A quick audit of the > machine doesn't show up any unusual programs like those you mention. > > What tools could i use to capture the application changing the key ? > > Still need to find out why a logoff/logon or reboot does re-inforce the GPO > settings but using the command line does? > > "PA Bear [MS MVP]" wrote: > > > One or more options/settings in an ever-growing number of third-party > > applications may be disallowing the change(s) from "sticking". These include > > but are not limited to Ad-aware's Ad-Watch, Spybot Tea Timer, > > SpywareBlaster, SpySweeper, Spyware Doctor, CounterSpy, AVG Anti-Spyware, > > Norton AntiVirus, McAfee VirusScan and/or Antispyware, NOD32, and Zone Alarm > > (Free, Pro, & Security Suite). > > -- > > ~Robear Dyer (PA Bear) > > MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002 > > AumHa VSOP & Admin http://aumha.net > > DTS-L http://dts-l.net/ > > > > NS wrote: > > > Something is changing the reg key > > > HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet > > > Settings\Zones\3\1803 from the desried value of 0 to 3 which prevents IE > > > Downloads. > > > I have a GPO that should be setting this key value to 0 but the only way i > > > can achieve this is by using the command gpupdate /force /target:user. A > > > logoff/logon or reboot does not overwrite the registry setting. Is this a > > > bug ? > > > > > > Ideally i'd like to identify what is changing the key in the first place, > > > any pointers on how to achieve this would also be much appreciated. > > > >
Recommended Posts