After a few years of dealing with IE Maintenance Policies, I've finally gotten fed up dealing with their apparent "flakiness" in Citrix environments where IE is launched as a published app. It wasn't until recently that I found out there are known issues with certain policy settings applying correctly in this scenario.
By flakiness, I'm referring to proxy settings, security zone and privacy settings not applying correctly. The issues being faced were recently brought to light when we migrated one of our departments to a new roaming profile environment. We currently use roaming profiles in a Citrix environment with multiple application silos. This has led to many profile related issues mostly due to LWW scenarios. We've deployed new policies so that users logging into each application silo will access a specific profile for that silo. Anyway, we wanted to be certain no lingering issues were brought into the user's new profile so their old profiles were deleted. Upon their next login, the migrated users had new profiles created. This highlighted the issue where certain IE policy settings were not being applied correctly. I worked with Microsoft for a couple of days and tried different solutions (switching between preference mode and no preference mode), running a login script with "runonce.exe /alternateshellstartup", etc. Nothing appears to be working and RSOP shows no issues. As a result of all this, I decided to put together my own .adm templates with the relavant policy settings. My initial testing indicates everything works perfectly. Although trusted sites are correctly configured, they do not appear within the IE options dialogue, which is something I can live with. Other than the additional overhead incurred whenever a change needs to be made, and possibly having to redo my .adm templates if newer versions of IE change the locations of these settings, can anyone think of a reason why I would not want to move forward with my custom policies? I'm sure there's a reason the IE Maintenance Policies were created and behave the way they do. I just want to be sure I'm not missing out on some important aspect. - Sean ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
