OK; I finally figured this one out; I had to set a couple of other
settings for this to work.
Computer config\admin templates\Internet explorer\internet control
panel\security page.
Intranet sites: Include all local (intranet) sites not listed in
other zones
Intranet sites: Include all network paths (UNCs)
That let it work as expected.
But I'm seeing another problem as well This is one of those things that
bug us when we log on to a new machine for the first time. :-)
I've set the IE home page to our intranet, which is the only site
allowed; everything else goes to a bit-bucket proxy. So in:
User config\windows settings\internet explorer
maintenance\URLs\Important URLs, I've set the home page. But it doesn't
work. With a new user login, IE starts by going to MS site, and since
the proxy won't let it, it doesn't move forward from there. I can type
in the intranet URL manually and get there. If I allow the browser to
reach the internet, it goes to the MS site first, then to windows update
on the second launch, then to the expected home page on the third
launch.
Any way to get around this?
Thanks!
PS: Roger; good to see you back. How's things? Pam and I are moving to
AZ soon. Gimme a call sometime and we can chat...
**********************
Charlie Kaiser
W2K3 MCSA/MCSE/Security, CCNA
Systems Engineer
Essex Credit / Brickwalk
510 595 5083
**********************
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> Roger Seielstad
> Sent: Friday, September 02, 2005 9:57 PM
> To: ActiveDir@mail.activedir.org
> Subject: RE: [ActiveDir] Group policy security setting
>
> The other way that works is to add the UNC for the file server
> (file://server/share) to the Trusted Sites, under
> User Config / Windows Settings / IE Maintenance /Security /
> Security Zones
> and Content ratings
>
> Now that I look, there's the setting you're trying to change
> - which is why
> it probably didn't work with a template.
>
>
>
>
>
>
> --------
> Roger Seielstad
> E-mail Geek
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> Charlie Kaiser
> Sent: Friday, September 02, 2005 3:51 PM
> To: ActiveDir@mail.activedir.org
> Subject: [ActiveDir] Group policy security setting
>
> This is driving me nuts....
>
> I'm trying to set up a W2K3 SP1 terminal server machine,
> managed by group
> policy, that will allow users to run certain apps that
> actually load from
> another server. Here's the problem...
>
> When I try and launch one of those apps, I get the security
> warning box
> "open file - security warning" "Are you sure you want to run
> this software?"
> I finally figured out how to disable it; in IE properties,
> security, trusted
> sites, custom level, there's a setting: "Launching
> applications and unsafe
> files". If I set that to enable, the box goes away. (I'm
> using software
> restrictions to only allow certain apps, so the warning box
> is irrelevant).
>
> I want to be able to set this value via GP rather than through the IE
> interface. The IE ADM template seems to include every setting
> except for
> this one.
>
> Why? I've tried creating a custom ADM for the setting, but I'm getting
> nowhere with that. I'll probably try that again next week.
> But I'm curious why this particular setting is not available in the
> template? Any ideas? Am I missing something?
>
> **********************
> Charlie Kaiser
> W2K3 MCSA/MCSE/Security, CCNA
> Systems Engineer
> Essex Credit / Brickwalk
> 510 595 5083
> **********************
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive:
> http://www.mail-archive.com/activedir%40mail.activedir.org/
>
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive:
> http://www.mail-archive.com/activedir%40mail.activedir.org/
>
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
