Guest The Cavalry Posted August 21, 2008 Posted August 21, 2008 When a user logs into a PC on our domain a GP is applied with the relevant Intranet security zone sites. When the same user logs into the Terminal server these settings are ignored even though the relevant GP is applied. I have therefore setup seperate OU and GP for Terminal Server and set the security settings on the machine. I have set GP to force local security settings and not use the user ones but still this does not work. This is very annoying as users are prompted for their username and password everytime they access our Intranet. Any help muach appreciated
Guest Jeff Pitsch Posted August 21, 2008 Posted August 21, 2008 Re: GPO settings for Intranet security zone ignored Are you setting zones through IE maintenance or under admin templates? If IE maintenance, I believe you need to setup a new gpo for that particular OS version but it sounds like you did that but maybe not since I'm not sure what you mean by how you said you did it........ -- Jeff Pitsch Microsoft MVP - Terminal Services "The Cavalry" <The Cavalry@discussions.microsoft.com> wrote in message news:03ACB7C6-4E26-48FA-BE52-7CAC8DBCF989@microsoft.com... > When a user logs into a PC on our domain a GP is applied with the relevant > Intranet security zone sites. When the same user logs into the Terminal > server these settings are ignored even though the relevant GP is applied. > I > have therefore setup seperate OU and GP for Terminal Server and set the > security settings on the machine. I have set GP to force local security > settings and not use the user ones but still this does not work. This is > very > annoying as users are prompted for their username and password everytime > they > access our Intranet. > Any help muach appreciated
Guest Peter Dickason, MCSE, CCA, CNE Posted August 21, 2008 Posted August 21, 2008 Re: GPO settings for Intranet security zone ignored Hi, That is correct. It won't work. I've ran into that before when trying to add trusted sites through GP. http://support.microsoft.com/kb/899270 I belive it has something to do with the IE enhanced security breaking it but that's besides the point. You can use the VB script from this article to set it or what I did was configure USER\Administrative Templates\Windows components\Internet Explorer\Internet Control Panel\Security Page\Site to Zone Assignment List. Keep in mind tho that my approach is a hard setting that cannot be adjusted or added to by the user. Hope this helps. Pete
Guest Jeff Pitsch Posted August 21, 2008 Posted August 21, 2008 Re: GPO settings for Intranet security zone ignored It will work you just need a gpo for IEESC and one without. Now that article points a very specific piece that has been a known issue in that IE maintenance requires explorer.exe as the shell to run correctly. -- Jeff Pitsch Microsoft MVP - Terminal Services "Peter Dickason, MCSE, CCA, CNE" <nospam@here.com> wrote in message news:uVZVe$4AJHA.4948@TK2MSFTNGP05.phx.gbl... > Hi, > > That is correct. It won't work. I've ran into that before when trying to > add trusted sites through GP. > > http://support.microsoft.com/kb/899270 > > I belive it has something to do with the IE enhanced security breaking it > but that's besides the point. > > You can use the VB script from this article to set it or what I did was > configure USER\Administrative Templates\Windows components\Internet > Explorer\Internet Control Panel\Security Page\Site to Zone Assignment > List. Keep in mind tho that my approach is a hard setting that cannot be > adjusted or added to by the user. Hope this helps. > > Pete >
Guest The Cavalry Posted August 21, 2008 Posted August 21, 2008 Re: GPO settings for Intranet security zone ignored Neither of these suggestions have worked. I tried the script and have already entered the registry settings suggested. I have set the zone information in the registry of the Terminal Server via ...... HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\domain.com with a DWORD name of * value 1 (Intranet). I have set the Terminal Server GP to Security Zone: Use Only Machnie Setting Am I in the right place in the Terminal Server registry for setting "domain.com" as an Intranet zone ? "Jeff Pitsch" wrote: > It will work you just need a gpo for IEESC and one without. Now that > article points a very specific piece that has been a known issue in that IE > maintenance requires explorer.exe as the shell to run correctly. > > -- > Jeff Pitsch > Microsoft MVP - Terminal Services > > "Peter Dickason, MCSE, CCA, CNE" <nospam@here.com> wrote in message > news:uVZVe$4AJHA.4948@TK2MSFTNGP05.phx.gbl... > > Hi, > > > > That is correct. It won't work. I've ran into that before when trying to > > add trusted sites through GP. > > > > http://support.microsoft.com/kb/899270 > > > > I belive it has something to do with the IE enhanced security breaking it > > but that's besides the point. > > > > You can use the VB script from this article to set it or what I did was > > configure USER\Administrative Templates\Windows components\Internet > > Explorer\Internet Control Panel\Security Page\Site to Zone Assignment > > List. Keep in mind tho that my approach is a hard setting that cannot be > > adjusted or added to by the user. Hope this helps. > > > > Pete > > > > >
Guest Peter Dickason, MCSE, CCA, CNE Posted August 21, 2008 Posted August 21, 2008 Re: GPO settings for Intranet security zone ignored Sorry, thought this was what I saw and thought I could help. In my experience after importing the IE settings from a workstation didn't work, I did try importing them from IE on the server with IEESC disabled and it didn't help. I found I hard to hard code the settings in the reg key noted. "Jeff Pitsch" <jeff@jeffpitschconsulting.com> wrote in message news:%23QPgae5AJHA.2712@TK2MSFTNGP06.phx.gbl... > It will work you just need a gpo for IEESC and one without. Now that > article points a very specific piece that has been a known issue in that > IE maintenance requires explorer.exe as the shell to run correctly. >
Recommended Posts