Just to pile on: Two of the people that I respect most on Group Policy (off this list) have both had the exact same advice for me: Manage IE directly through raw registry settings. Apparently they’ve seen some real nightmares; it’s good that your intuition picked up on this.
I don’t fully follow their advice yet, but it’s where we’re headed. Daniel Wolf From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of David McSpadden Sent: Tuesday, June 24, 2014 9:11 AM To: [email protected]<mailto:[email protected]> Subject: RE: [NTSysADM] Group Policy, ugh OK. New direction (Not the tweenie rock group.) Base machine. Export Reg Make appropriate IE changes. Export Reg+1 Windiff Reg, reg+1 Make changes a GPO for that app. Reset to Reg Rinse and repeat until all apps have their GPO. Push GPO’s one at a time to Test OU. Until all apps work or until one app breaks. Review GpResults or RSOP after each GPO to review for conflicts. Seems reasonable? From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of James Rankin Sent: Tuesday, June 24, 2014 8:59 AM To: [email protected]<mailto:[email protected]> Subject: Re: [NTSysADM] Group Policy, ugh Setting up IE in Group Policy is a nightmare. Not all of them are Administrative Templates. Some of the settings you need appear in Windows Components | Admin Templates | Internet Explorer. Others are covered in Internet Explorer Maintenance settings under Windows Settings. More still are exposed in Group Policy Preferences. And yes, they all work at cross-purposes and sometimes affect each other or conflict/overwrite each other. Personally, I find it easiest to configure the application directly, then do a Registry export from the endpoint. Then use Group Policy Preferences / AppSense EM / Citrix UPM / a script / whatever tool you choose for deploying Registry settings to import those settings back onto the target endpoint(s). It's messy and a lot of hassle initially, but it's preferable to trying to use and maintain and adapt Group Policy directly, in my opinion. YMMV, etc. On 24 June 2014 13:48, David McSpadden <[email protected]<mailto:[email protected]>> wrote: I am really trying hard to not punch my monitor. Ok I have several third parties now that want this and that on IE set so ‘their’ app will work. Ok no biggie. But it is becoming a biggie. Doing it for this app or that app and forgetting before the workstation goes out the door and having to Remember what is what. So I want to just policy it at the OU level and anyone in that OU will get the correct policy for IE that their app needs. A different Policy for each app so we can trouble shoot, etc. My problem is trying to find some of these settings in IE 9 spreadsheet is frustrating. Is there a better Internet Explorer Options to Group Policy tool that a spread sheet that doesn’t use the same verbiage as the IE options I am looking at?? This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this email is strictly prohibited. Please consider the environment before printing this email. -- James Rankin --------------------- RCL - Senior Technical Consultant (ACA, CCA, MCTS) | The Virtualization Practice Analyst - Desktop Virtualization http://appsensebigot.blogspot.co.uk This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this email is strictly prohibited. Please consider the environment before printing this email. This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this email is strictly prohibited. Please consider the environment before printing this email.
