Sounds like it.
We've occasionally created an "anti-GPO" we link to an OU to drop machines in temporarily expressly for the purpose of reversing specific settings. Then we move the machines back in to a GPO where some of those settings may remain "undefined" -sc From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Tuesday, July 21, 2009 5:56 AM To: NT System Admin Issues Subject: RE: GPO for IE proxy tattoing IE Existing Profile, I believe when we took out the settings, of the GPO it still was tattooed. (Id have to check) Z Edward Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP+I, ME, CCA, Security +, Network + ezi...@lifespan.org Phone:401-639-3505 ________________________________ From: Steven M. Caesare [mailto:scaes...@caesare.com] Sent: Monday, July 20, 2009 2:10 PM To: NT System Admin Issues Subject: RE: GPO for IE proxy tattoing IE Is user on original machine with an existing profile? Does the GPO you are using the affected user back in to have these settings as "Undefined? -sc From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Monday, July 20, 2009 1:08 PM To: NT System Admin Issues Cc: Bernier, David; Sousa, Antonio J. Subject: GPO for IE proxy tattoing IE Importance: High Folks, We are trying to configure a GPO that sets the Proxy Address for a set of users to certain address, and also disables them from being able to change that proxy. It works when I put a test user in the GPO and there computer and apply the GPO to that OU level and run a gpupdate /force. The problem is that we want to remove the GPO settings from the user so we moved the user to another OU at the same level as this OU ( so policy inheritance down the tree isn't the issue), also this policy is not set at a higher level so its not a no override issue either. But the user still is tattooed with the IE GPO settings for the proxy address and can't change the address. I have run a gpresult /v /scope user to look at the results, and gpupdate /force and then RSOP.msc to look at the resultant set of policy and still the same thing. I have even disabled the user and computer settings in the original GPO in which shouldn't be applying to this test user because the user isn't in the scope of administration accordingly anymore. The 2 settings are the following: Computer Settings: Windows Components\Internet Explorer\Internet Control Panel Policy: Disable The Connections Page Setting: Enabled User Settings: Windows Settings\Internet Explorer Maintenance\Connection\Automatic Browser Configuration Policy: Automatically Detect Configuration Settings Setting: Disabled Policy: Automatic Browser Configuration Setting: Enabled Interval: Not Configured Auto Config Url (.INS File): This was blank Auto Proxy URL (.JS, .JVS or PAC File): http://address_of_proxy_Server/proxy.pac. What are we doing wrong, and why is the policy tattooing my IE 6.0 systems and not reverting back to standard configuration ( Automatically Detect settings) when I take that user out of the OU in which this GPO is only applied. Help? Z Edward Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP+I, ME, CCA, Security +, Network + ezi...@lifespan.org Phone:401-639-3505 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~