My experience is that IE maintenance policy is severely broken and does not follow normal policy rules. It tends to do whatever it wants, and seldom what you intend.
IE maintenance policy is not implemented via the normal group policy mechanisms. It is essentially the old IE administrator kit mechanism rolled into a GP wrapper. I really, REALLY wish Microsoft would eliminate this and move the settings into the "other" IE group policy. Ken Cornetet 812.482.8499 To err is human - to moo, bovine. From: Kennedy, Jim [mailto:[email protected]] Sent: Friday, March 23, 2012 2:53 PM To: NT System Admin Issues Subject: GPO puzzle solved, but why. I have had a bit of a puzzle today, I have it solved but I don't know why it was behaving this way. IE Maintenance policy set at the domain level. Not the default domain policy, a created policy. It had some popup settings that I needed to change. But prior to changing them I wanted to test them on a group of users. So I put a new IE Maintenance policy on a child OU that had the correct settings. There is no enforcement on either policy, there is no loopback on either policy and there is no inheritance blocking in the path. And there is no WMI or Security settings on either policy. The settings did not apply. GPOResult shows both being applied but the Domain policy as the winner. Which as I understand precedence is not correct. The OU should have applied last and over wrote it. As soon as I remove the domain level policy from the domain level and put it on an OU and then move my new policy to a child they apply as I expect. Now, at the domain level it would be applying to my machines, but as I said there is no loopback on it. But the behavior is just like loopback was enabled. With the way our OU's are set up it can stay where it is at, I don't need anything really at the Domain level, but I am curious why I am seeing this. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
