RE: GPO for IE proxy tattoing IE
Basically a GPO with all the settings reversed or blanked out and set to no=override I take? Z Edward Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP+I, ME, CCA, Security +, Network + ezi...@lifespan.org Phone:401-639-3505 From: Steven M. Caesare [mailto:scaes...@caesare.com] Sent: Tuesday, July 21, 2009 9:22 AM To: NT System Admin Issues Subject: RE: GPO for IE proxy tattoing IE Sounds like it. We've occasionally created an anti-GPO we link to an OU to drop machines in temporarily expressly for the purpose of reversing specific settings. Then we move the machines back in to a GPO where some of those settings may remain undefined -sc From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Tuesday, July 21, 2009 5:56 AM To: NT System Admin Issues Subject: RE: GPO for IE proxy tattoing IE Existing Profile, I believe when we took out the settings, of the GPO it still was tattooed. (Id have to check) Z Edward Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP+I, ME, CCA, Security +, Network + ezi...@lifespan.org Phone:401-639-3505 From: Steven M. Caesare [mailto:scaes...@caesare.com] Sent: Monday, July 20, 2009 2:10 PM To: NT System Admin Issues Subject: RE: GPO for IE proxy tattoing IE Is user on original machine with an existing profile? Does the GPO you are using the affected user back in to have these settings as Undefined? -sc From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Monday, July 20, 2009 1:08 PM To: NT System Admin Issues Cc: Bernier, David; Sousa, Antonio J. Subject: GPO for IE proxy tattoing IE Importance: High Folks, We are trying to configure a GPO that sets the Proxy Address for a set of users to certain address, and also disables them from being able to change that proxy. It works when I put a test user in the GPO and there computer and apply the GPO to that OU level and run a gpupdate /force. The problem is that we want to remove the GPO settings from the user so we moved the user to another OU at the same level as this OU ( so policy inheritance down the tree isn't the issue), also this policy is not set at a higher level so its not a no override issue either. But the user still is tattooed with the IE GPO settings for the proxy address and can't change the address. I have run a gpresult /v /scope user to look at the results, and gpupdate /force and then RSOP.msc to look at the resultant set of policy and still the same thing. I have even disabled the user and computer settings in the original GPO in which shouldn't be applying to this test user because the user isn't in the scope of administration accordingly anymore. The 2 settings are the following: Computer Settings: Windows Components\Internet Explorer\Internet Control Panel Policy: Disable The Connections Page Setting: Enabled User Settings: Windows Settings\Internet Explorer Maintenance\Connection\Automatic Browser Configuration Policy: Automatically Detect Configuration Settings Setting: Disabled Policy: Automatic Browser Configuration Setting: Enabled Interval: Not Configured Auto Config Url (.INS File): This was blank Auto Proxy URL (.JS, .JVS or PAC File): http://address_of_proxy_Server/proxy.pac. What are we doing wrong, and why is the policy tattooing my IE 6.0 systems and not reverting back to standard configuration ( Automatically Detect settings) when I take that user out of the OU in which this GPO is only applied. Help? Z Edward Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP+I, ME, CCA, Security +, Network + ezi...@lifespan.org Phone:401-639-3505 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: GPO for IE proxy tattoing IE
Yup... although it typically is ONLY the settings that we specifically want to reverse. We don't necessarily care about all of them in some circumstances, and in many cases the end-users may have had a setting that we don't want to force a change the other direction on. -sc From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Wednesday, July 22, 2009 6:41 AM To: NT System Admin Issues Subject: RE: GPO for IE proxy tattoing IE Basically a GPO with all the settings reversed or blanked out and set to no=override I take? Z Edward Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP+I, ME, CCA, Security +, Network + ezi...@lifespan.org Phone:401-639-3505 From: Steven M. Caesare [mailto:scaes...@caesare.com] Sent: Tuesday, July 21, 2009 9:22 AM To: NT System Admin Issues Subject: RE: GPO for IE proxy tattoing IE Sounds like it. We've occasionally created an anti-GPO we link to an OU to drop machines in temporarily expressly for the purpose of reversing specific settings. Then we move the machines back in to a GPO where some of those settings may remain undefined -sc From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Tuesday, July 21, 2009 5:56 AM To: NT System Admin Issues Subject: RE: GPO for IE proxy tattoing IE Existing Profile, I believe when we took out the settings, of the GPO it still was tattooed. (Id have to check) Z Edward Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP+I, ME, CCA, Security +, Network + ezi...@lifespan.org Phone:401-639-3505 From: Steven M. Caesare [mailto:scaes...@caesare.com] Sent: Monday, July 20, 2009 2:10 PM To: NT System Admin Issues Subject: RE: GPO for IE proxy tattoing IE Is user on original machine with an existing profile? Does the GPO you are using the affected user back in to have these settings as Undefined? -sc From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Monday, July 20, 2009 1:08 PM To: NT System Admin Issues Cc: Bernier, David; Sousa, Antonio J. Subject: GPO for IE proxy tattoing IE Importance: High Folks, We are trying to configure a GPO that sets the Proxy Address for a set of users to certain address, and also disables them from being able to change that proxy. It works when I put a test user in the GPO and there computer and apply the GPO to that OU level and run a gpupdate /force. The problem is that we want to remove the GPO settings from the user so we moved the user to another OU at the same level as this OU ( so policy inheritance down the tree isn't the issue), also this policy is not set at a higher level so its not a no override issue either. But the user still is tattooed with the IE GPO settings for the proxy address and can't change the address. I have run a gpresult /v /scope user to look at the results, and gpupdate /force and then RSOP.msc to look at the resultant set of policy and still the same thing. I have even disabled the user and computer settings in the original GPO in which shouldn't be applying to this test user because the user isn't in the scope of administration accordingly anymore. The 2 settings are the following: Computer Settings: Windows Components\Internet Explorer\Internet Control Panel Policy: Disable The Connections Page Setting: Enabled User Settings: Windows Settings\Internet Explorer Maintenance\Connection\Automatic Browser Configuration Policy: Automatically Detect Configuration Settings Setting: Disabled Policy: Automatic Browser Configuration Setting: Enabled Interval: Not Configured Auto Config Url (.INS File): This was blank Auto Proxy URL (.JS, .JVS or PAC File): http://address_of_proxy_Server/proxy.pac. What are we doing wrong, and why is the policy tattooing my IE 6.0 systems and not reverting back to standard configuration ( Automatically Detect settings) when I take that user out of the OU in which this GPO is only applied. Help? Z Edward Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP+I, ME, CCA, Security +, Network + ezi...@lifespan.org Phone:401-639-3505 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: GPO for IE proxy tattoing IE
Thanks, I will give that a try today. Z Edward Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP+I, ME, CCA, Security +, Network + ezi...@lifespan.org Phone:401-639-3505 -Original Message- From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Monday, July 20, 2009 2:09 PM To: NT System Admin Issues Subject: Re: GPO for IE proxy tattoing IE +1 -- ME2 On Mon, Jul 20, 2009 at 1:57 PM, Don Guyerdon.gu...@prufoxroach.com wrote: Wouldn't you have to apply a GPO with an empty Proxy address? Isn't this one of those GPO settings that do not revert back after the GPO has been removed? Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.com From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Monday, July 20, 2009 1:08 PM To: NT System Admin Issues Cc: Bernier, David; Sousa, Antonio J. Subject: GPO for IE proxy tattoing IE Importance: High Folks, We are trying to configure a GPO that sets the Proxy Address for a set of users to certain address, and also disables them from being able to change that proxy. It works when I put a test user in the GPO and there computer and apply the GPO to that OU level and run a gpupdate /force. The problem is that we want to remove the GPO settings from the user so we moved the user to another OU at the same level as this OU ( so policy inheritance down the tree isn't the issue), also this policy is not set at a higher level so its not a no override issue either. But the user still is tattooed with the IE GPO settings for the proxy address and can't change the address. I have run a gpresult /v /scope user to look at the results, and gpupdate /force and then RSOP.msc to look at the resultant set of policy and still the same thing. I have even disabled the user and computer settings in the original GPO in which shouldn't be applying to this test user because the user isn't in the scope of administration accordingly anymore. The 2 settings are the following: Computer Settings: Windows Components\Internet Explorer\Internet Control Panel Policy: Disable The Connections Page Setting: Enabled User Settings: Windows Settings\Internet Explorer Maintenance\Connection\Automatic Browser Configuration Policy: Automatically Detect Configuration Settings Setting: Disabled Policy: Automatic Browser Configuration Setting: Enabled Interval: Not Configured Auto Config Url (.INS File): This was blank Auto Proxy URL (.JS, .JVS or PAC File): http://address_of_proxy_Server/proxy.pac. What are we doing wrong, and why is the policy tattooing my IE 6.0 systems and not reverting back to standard configuration ( Automatically Detect settings) when I take that user out of the OU in which this GPO is only applied. Help? Z Edward Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP+I, ME, CCA, Security +, Network + ezi...@lifespan.org Phone:401-639-3505 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: GPO for IE proxy tattoing IE
Existing Profile, I believe when we took out the settings, of the GPO it still was tattooed. (Id have to check) Z Edward Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP+I, ME, CCA, Security +, Network + ezi...@lifespan.org Phone:401-639-3505 From: Steven M. Caesare [mailto:scaes...@caesare.com] Sent: Monday, July 20, 2009 2:10 PM To: NT System Admin Issues Subject: RE: GPO for IE proxy tattoing IE Is user on original machine with an existing profile? Does the GPO you are using the affected user back in to have these settings as Undefined? -sc From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Monday, July 20, 2009 1:08 PM To: NT System Admin Issues Cc: Bernier, David; Sousa, Antonio J. Subject: GPO for IE proxy tattoing IE Importance: High Folks, We are trying to configure a GPO that sets the Proxy Address for a set of users to certain address, and also disables them from being able to change that proxy. It works when I put a test user in the GPO and there computer and apply the GPO to that OU level and run a gpupdate /force. The problem is that we want to remove the GPO settings from the user so we moved the user to another OU at the same level as this OU ( so policy inheritance down the tree isn't the issue), also this policy is not set at a higher level so its not a no override issue either. But the user still is tattooed with the IE GPO settings for the proxy address and can't change the address. I have run a gpresult /v /scope user to look at the results, and gpupdate /force and then RSOP.msc to look at the resultant set of policy and still the same thing. I have even disabled the user and computer settings in the original GPO in which shouldn't be applying to this test user because the user isn't in the scope of administration accordingly anymore. The 2 settings are the following: Computer Settings: Windows Components\Internet Explorer\Internet Control Panel Policy: Disable The Connections Page Setting: Enabled User Settings: Windows Settings\Internet Explorer Maintenance\Connection\Automatic Browser Configuration Policy: Automatically Detect Configuration Settings Setting: Disabled Policy: Automatic Browser Configuration Setting: Enabled Interval: Not Configured Auto Config Url (.INS File): This was blank Auto Proxy URL (.JS, .JVS or PAC File): http://address_of_proxy_Server/proxy.pac. What are we doing wrong, and why is the policy tattooing my IE 6.0 systems and not reverting back to standard configuration ( Automatically Detect settings) when I take that user out of the OU in which this GPO is only applied. Help? Z Edward Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP+I, ME, CCA, Security +, Network + ezi...@lifespan.org Phone:401-639-3505 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: GPO for IE proxy tattoing IE
Sounds like it. We've occasionally created an anti-GPO we link to an OU to drop machines in temporarily expressly for the purpose of reversing specific settings. Then we move the machines back in to a GPO where some of those settings may remain undefined -sc From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Tuesday, July 21, 2009 5:56 AM To: NT System Admin Issues Subject: RE: GPO for IE proxy tattoing IE Existing Profile, I believe when we took out the settings, of the GPO it still was tattooed. (Id have to check) Z Edward Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP+I, ME, CCA, Security +, Network + ezi...@lifespan.org Phone:401-639-3505 From: Steven M. Caesare [mailto:scaes...@caesare.com] Sent: Monday, July 20, 2009 2:10 PM To: NT System Admin Issues Subject: RE: GPO for IE proxy tattoing IE Is user on original machine with an existing profile? Does the GPO you are using the affected user back in to have these settings as Undefined? -sc From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Monday, July 20, 2009 1:08 PM To: NT System Admin Issues Cc: Bernier, David; Sousa, Antonio J. Subject: GPO for IE proxy tattoing IE Importance: High Folks, We are trying to configure a GPO that sets the Proxy Address for a set of users to certain address, and also disables them from being able to change that proxy. It works when I put a test user in the GPO and there computer and apply the GPO to that OU level and run a gpupdate /force. The problem is that we want to remove the GPO settings from the user so we moved the user to another OU at the same level as this OU ( so policy inheritance down the tree isn't the issue), also this policy is not set at a higher level so its not a no override issue either. But the user still is tattooed with the IE GPO settings for the proxy address and can't change the address. I have run a gpresult /v /scope user to look at the results, and gpupdate /force and then RSOP.msc to look at the resultant set of policy and still the same thing. I have even disabled the user and computer settings in the original GPO in which shouldn't be applying to this test user because the user isn't in the scope of administration accordingly anymore. The 2 settings are the following: Computer Settings: Windows Components\Internet Explorer\Internet Control Panel Policy: Disable The Connections Page Setting: Enabled User Settings: Windows Settings\Internet Explorer Maintenance\Connection\Automatic Browser Configuration Policy: Automatically Detect Configuration Settings Setting: Disabled Policy: Automatic Browser Configuration Setting: Enabled Interval: Not Configured Auto Config Url (.INS File): This was blank Auto Proxy URL (.JS, .JVS or PAC File): http://address_of_proxy_Server/proxy.pac. What are we doing wrong, and why is the policy tattooing my IE 6.0 systems and not reverting back to standard configuration ( Automatically Detect settings) when I take that user out of the OU in which this GPO is only applied. Help? Z Edward Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP+I, ME, CCA, Security +, Network + ezi...@lifespan.org Phone:401-639-3505 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: GPO for IE proxy tattoing IE
Wouldn't you have to apply a GPO with an empty Proxy address? Isn't this one of those GPO settings that do not revert back after the GPO has been removed? Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.com mailto:don.gu...@prufoxroach.com From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Monday, July 20, 2009 1:08 PM To: NT System Admin Issues Cc: Bernier, David; Sousa, Antonio J. Subject: GPO for IE proxy tattoing IE Importance: High Folks, We are trying to configure a GPO that sets the Proxy Address for a set of users to certain address, and also disables them from being able to change that proxy. It works when I put a test user in the GPO and there computer and apply the GPO to that OU level and run a gpupdate /force. The problem is that we want to remove the GPO settings from the user so we moved the user to another OU at the same level as this OU ( so policy inheritance down the tree isn't the issue), also this policy is not set at a higher level so its not a no override issue either. But the user still is tattooed with the IE GPO settings for the proxy address and can't change the address. I have run a gpresult /v /scope user to look at the results, and gpupdate /force and then RSOP.msc to look at the resultant set of policy and still the same thing. I have even disabled the user and computer settings in the original GPO in which shouldn't be applying to this test user because the user isn't in the scope of administration accordingly anymore. The 2 settings are the following: Computer Settings: Windows Components\Internet Explorer\Internet Control Panel Policy: Disable The Connections Page Setting: Enabled User Settings: Windows Settings\Internet Explorer Maintenance\Connection\Automatic Browser Configuration Policy: Automatically Detect Configuration Settings Setting: Disabled Policy: Automatic Browser Configuration Setting: Enabled Interval: Not Configured Auto Config Url (.INS File): This was blank Auto Proxy URL (.JS, .JVS or PAC File): http://address_of_proxy_Server/proxy.pac. What are we doing wrong, and why is the policy tattooing my IE 6.0 systems and not reverting back to standard configuration ( Automatically Detect settings) when I take that user out of the OU in which this GPO is only applied. Help? Z Edward Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP+I, ME, CCA, Security +, Network + ezi...@lifespan.org Phone:401-639-3505 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: GPO for IE proxy tattoing IE
+1 -- ME2 On Mon, Jul 20, 2009 at 1:57 PM, Don Guyerdon.gu...@prufoxroach.com wrote: Wouldn’t you have to apply a GPO with an empty Proxy address? Isn’t this one of those GPO settings that do not revert back after the GPO has been removed? Don Guyer Systems Engineer - Information Services Prudential, Fox Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 don.gu...@prufoxroach.com From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Monday, July 20, 2009 1:08 PM To: NT System Admin Issues Cc: Bernier, David; Sousa, Antonio J. Subject: GPO for IE proxy tattoing IE Importance: High Folks, We are trying to configure a GPO that sets the Proxy Address for a set of users to certain address, and also disables them from being able to change that proxy. It works when I put a test user in the GPO and there computer and apply the GPO to that OU level and run a gpupdate /force. The problem is that we want to remove the GPO settings from the user so we moved the user to another OU at the same level as this OU ( so policy inheritance down the tree isn’t the issue), also this policy is not set at a higher level so its not a no override issue either. But the user still is tattooed with the IE GPO settings for the proxy address and can’t change the address. I have run a gpresult /v /scope user to look at the results, and gpupdate /force and then RSOP.msc to look at the resultant set of policy and still the same thing. I have even disabled the user and computer settings in the original GPO in which shouldn’t be applying to this test user because the user isn’t in the scope of administration accordingly anymore. The 2 settings are the following: Computer Settings: Windows Components\Internet Explorer\Internet Control Panel Policy: Disable The Connections Page Setting: Enabled User Settings: Windows Settings\Internet Explorer Maintenance\Connection\Automatic Browser Configuration Policy: Automatically Detect Configuration Settings Setting: Disabled Policy: Automatic Browser Configuration Setting: Enabled Interval: Not Configured Auto Config Url (.INS File): This was blank Auto Proxy URL (.JS, .JVS or PAC File): http://address_of_proxy_Server/proxy.pac. What are we doing wrong, and why is the policy tattooing my IE 6.0 systems and not reverting back to standard configuration ( Automatically Detect settings) when I take that user out of the OU in which this GPO is only applied. Help? Z Edward Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP+I, ME, CCA, Security +, Network + ezi...@lifespan.org Phone:401-639-3505 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: GPO for IE proxy tattoing IE
Is user on original machine with an existing profile? Does the GPO you are using the affected user back in to have these settings as Undefined? -sc From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Monday, July 20, 2009 1:08 PM To: NT System Admin Issues Cc: Bernier, David; Sousa, Antonio J. Subject: GPO for IE proxy tattoing IE Importance: High Folks, We are trying to configure a GPO that sets the Proxy Address for a set of users to certain address, and also disables them from being able to change that proxy. It works when I put a test user in the GPO and there computer and apply the GPO to that OU level and run a gpupdate /force. The problem is that we want to remove the GPO settings from the user so we moved the user to another OU at the same level as this OU ( so policy inheritance down the tree isn't the issue), also this policy is not set at a higher level so its not a no override issue either. But the user still is tattooed with the IE GPO settings for the proxy address and can't change the address. I have run a gpresult /v /scope user to look at the results, and gpupdate /force and then RSOP.msc to look at the resultant set of policy and still the same thing. I have even disabled the user and computer settings in the original GPO in which shouldn't be applying to this test user because the user isn't in the scope of administration accordingly anymore. The 2 settings are the following: Computer Settings: Windows Components\Internet Explorer\Internet Control Panel Policy: Disable The Connections Page Setting: Enabled User Settings: Windows Settings\Internet Explorer Maintenance\Connection\Automatic Browser Configuration Policy: Automatically Detect Configuration Settings Setting: Disabled Policy: Automatic Browser Configuration Setting: Enabled Interval: Not Configured Auto Config Url (.INS File): This was blank Auto Proxy URL (.JS, .JVS or PAC File): http://address_of_proxy_Server/proxy.pac. What are we doing wrong, and why is the policy tattooing my IE 6.0 systems and not reverting back to standard configuration ( Automatically Detect settings) when I take that user out of the OU in which this GPO is only applied. Help? Z Edward Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP+I, ME, CCA, Security +, Network + ezi...@lifespan.org Phone:401-639-3505 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~