Announcement

Collapse
No announcement yet.

Can't set trusted sites via GPO

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Can't set trusted sites via GPO

    We've got a Server 2003 domain with mixed XP SP2/3 clients. The OU strucutre is as follows: Domain -> HQ -> Department

    It appears that some of the settings in (at least) one of my GPOs aren't getting applied. Specifically, I'm trying to set the trusted sites.

    I logged onto the DC (which has IE7 installed) and opened up GPMC. I created a GPO (called ieSettings) that goes like this: User Configuration\Windows Settings\Internet Explorer Maintenance\Security\Security Zones and Content Ratings

    I added several trusted sites (for machines without Internet Explorer Enhanced Security Configuration enabled), saved the GPO and rebooted my PC. After logging in, I looked at the trusted sites in IE and the box was gray with just one entry (*.ourdomain.com, which isn't in the list of sites I set in the GPO). So I rebooted again but got the same thing. The IE Internet Options window says, "Some settings are managed by your system administrator." I did gpresult and checked all the GPOs listed under User Configuration but didn't see *.ourdomain.com being set in any of them. At the same time, I added a URL to the list of Favorites and see that link in IE. So I know that GPO is being partially applied

    I've tried gpupdate, gpupdate /force and gpupdate /sync. I also checked that I'm not blocking GPO inheritance

    It appears I'm pulling trusted sites from somewhere but don't know where. How do I find where I'm getting that single site from?

  • #2
    Re: Can't set trusted sites via GPO

    The Trusted Sites GPO is horribly implemented IMO. The requirement to import the list of sites rather than just type them in is extremely annoying.

    I have got it to work in the past, what I did was install RSAT on a Vista workstation, setup IE as I wanted it and then imported the settings from there. Even with ESC turned off IE on a server is not setup the way it would be on a workstation, so I found it easier to work from there.
    BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
    sigpic
    Cruachan's Blog

    Comment


    • #3
      Re: Can't set trusted sites via GPO

      I figured it out. The Site to Zone setting is enabled (User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page). I don't know who enabled it.

      I went back to see if GPMC would show me that it's set on the Settings tab, but now I can't generate the report. Anyone have any thoughts on that?

      It says:
      An error occurred while generating report:
      An unknown error occurred while the HTML report was being created

      Comment


      • #4
        Re: Can't set trusted sites via GPO

        It's a known bug with Server 2003 when you create this GPO. Using RSAT on a Vista or 7 Workstation or using GPMC on Server 2008 works OK, but you get that error in Server 2003 and XP.

        http://x220.minasi.com/forum/topic.asp?TOPIC_ID=21889
        BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
        sigpic
        Cruachan's Blog

        Comment

        Working...
        X