Mike, Valtori,
I don’t think I’m aware of any 3rd party GPO admin templates that have settings
that can be merged/appended across multiple links like parent/child OUs. It’s
possible it may natively exist though, I’m just not aware of something that
works that way with admin templates. I assume it exists for non-admin template
GPO settings… like the IE site-to-zone assignment lists that Valtori mentioned.
Getting multi-value GPO settings and nested OUs to “merge” settings seems to
always be a pain point for our team. We typically have organizational GPOs
with settings that are ‘site-wide’. If any department or specific location
(OU) then wants “extra” multi-value settings appended, we typically clone the
parent GPO and just add to the child GPO. This works fine most of the time
until we need to add more values to a multi-value setting. In this case we
need to revisit all those cloned child GPOs and adjust those accordingly too.
As a workaround, I guess it’s possible to create “extra” GPO settings that
Firefox can choose to internally merge/append (or replace) itself. Such as:
Mozilla-->Firefox-->Popups-->Allowed Sites (popup URL string list)
Mozilla-->Firefox-->Popups-->Allowed Sites_2 (popup URL string list)
Mozilla-->Firefox-->Popups-->Allowed Sites_2_ReplaceMode:
Not Configured/Disabled: Defaults to MERGE with “Allowed
Sites” above
Enabled: REPLACE “Allowed Sites”
Mozilla-->Firefox-->Popups-->Allowed Sites_3 (popup URL string list)
Mozilla-->Firefox-->Popups-->Allowed Sites_3_ReplaceMode
Not Configured/Disabled: Defaults to MERGE with “Allowed
Sites”, “Allowed Sites_2”
Enabled: REPLACE “Allowed Sites” and/or “Allowed Sites_2”
It’s messy but should work. If this road gets traveled, I’m just not sure how
many “levels” any multi-value settings should have. In the example above, it’s
just the main setting plus two additional. A 2-deep setting would probably
suffice for us, but maybe an extra 3rd (or more) could be useful to others?
--
Scott Copus, Desktop Support Systems Engineer
Information Technology Services | Western Kentucky University
https://www.wku.edu/its
From: Enterprise [mailto:[email protected]] On Behalf Of Mike Kaply
Sent: Thursday, August 08, 2019 11:41 AM
To: Valtori OTTK Elinkaaripalvelut <[email protected]>
Cc: [email protected]
Subject: Re: [Mozilla Enterprise] GPO setting lists are not appending
** This message originated from outside WKU. Always use caution following
links. **
I'm not sure what we would be doing to affect this.
I just did a quick check with machine and user policies on Chrome, and policies
aren't combined/appended, machine replaces user.
I'm not sure how this should work with OUs.
If anyone has any ideas about this, I would appreciate it.
Mike
On Thu, Aug 8, 2019 at 7:48 AM Valtori OTTK Elinkaaripalvelut
<[email protected]<mailto:[email protected]>>
wrote:
Hello
Have anyone noticed that if two GPOs have for example NTLM list , only list of
last processed GPO applies?
Makes managing in OU level bit hard. Top level GPO settings have to be copied
to sub level GPO settings, if customer wants own trust and every sub level GPO
have to be updated if top level GPO is updated. Not familiar with ADMX-files
but at least Internet Explorer Site-to-zone settings are appending.
Thanks
- Miika Sorvisto
_______________________________________________
Enterprise mailing list
[email protected]
https://mail.mozilla.org/listinfo/enterprise
To unsubscribe from this list, please visit
https://mail.mozilla.org/listinfo/enterprise or send an email to
[email protected] with a subject of "unsubscribe"
