Announcement

Collapse
No announcement yet.

Ghost GPO entry

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Ghost GPO entry

    Hi,

    I am setting up the proxy details for our users via GPO.

    I couldn't get them to take for some reason and a gpresult /z gave me this :

    Code:
            Internet Explorer Connection
            ----------------------------
     
                HTTP Proxy Server:   190.0.0.234:8080
                Secure Proxy Server: 190.0.0.234:8080
                FTP Proxy Server:    190.0.0.234:8080
                Gopher Proxy Server: 190.0.0.234:8080
                Socks Proxy Server:  190.0.0.234:8080
                Auto Config Enable:  No
                Enable Proxy:        Yes
                Use same Proxy:      Yes 
     
                HTTP Proxy Server:   190.0.0.1:3128
                Secure Proxy Server: 190.0.0.1:3228
                FTP Proxy Server:    190.0.0.1:3128
                Gopher Proxy Server: N/A
                Socks Proxy Server:  N/A
                Auto Config Enable:  No
                Enable Proxy:        No
                Use same Proxy:      No
    For some reason it doesn't tell me which GPO is responsible for each setting. I want to keep the first set of details and lose the second set.

    There are 8 GPOs being applied in total - the last two being the default domain policy (7) and the web access policy ( (where the proxy settings are kept).

    Swapping the order of default and web access swaps the order of the proxy settings in the report generated by gpresult.

    So .. I assumed that these settings would be found in the default gpo and I just needed to eliminate them there.

    Except they're nowhere to be seen! Nothing is configured for the default policy under User Configuration -> Windows Settings -> IE Maintenance -> Connection -> Proxy settings

    In fact - not a single one of my other GPOs has anything defined here.

    Is there any way to ask for a MORE verbose output than the /z modifier?

    How else could I try and track it down?

    Many thanks in advance!

  • #2
    Re: Ghost GPO entry

    Hi,

    You could try the group policy results wizard in the GPMC.
    Caesar's cipher - 3

    ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

    SFX JNRS FC U6 MNGR

    Comment


    • #3
      Re: Ghost GPO entry

      Thanks for replying L4ndy!

      Now things are really wierd

      The GPRW reports that the winning GPO is the default policy, which has nothing configured!

      The only place any proxy settings are defined are in Web Access

      It reports correctly that Web Access is the winning GPO for the settings 'Disable change proxy settings' though.


      Any further ideas?

      Cheers

      Comment


      • #4
        Re: Ghost GPO entry

        Is the 'Default Policy' enforced? Also, does the summary sheet for the GPO show any settings? Just in case something has been missed. Does the 'Default Policy' have any settings configured at all? e.g. Is the password policy not set there etc? It may take precedence over some of the settings but not others such as the Proxy address.

        What actual Proxy settings are correct?

        Comment


        • #5
          Re: Ghost GPO entry

          Originally posted by Virtual View Post
          Is the 'Default Policy' enforced?
          The 'Enforced' option is set to 'No' in GPMC.

          Also, does the summary sheet for the GPO show any settings? Just in case something has been missed.
          Under User Configuration it shows that both Default Domain Policy and WebAccess are applied, both with the link location of domain.local and revisions of "AD(8 ), Sysvol (8 )" and "AD(10), Sysvol (10)" respectively.

          Does the 'Default Policy' have any settings configured at all? e.g. Is the password policy not set there etc? It may take precedence over some of the settings but not others such as the Proxy address.
          Under User Configuration, very little - just a couple of Remote Installation Service -> Client Installation Wizard options.

          A little more under Computer Conifguration but all in the Windows Settings -> Security Settings subsection.

          What actual Proxy settings are correct?
          Code:
                  Internet Explorer Connection
                  ----------------------------
           
                      HTTP Proxy Server:   190.0.0.234:8080
                      Secure Proxy Server: 190.0.0.234:8080
                      FTP Proxy Server:    190.0.0.234:8080
                      Gopher Proxy Server: 190.0.0.234:8080
                      Socks Proxy Server:  190.0.0.234:8080
                      Auto Config Enable:  No
                      Enable Proxy:        Yes
                      Use same Proxy:      Yes
          Thanks Virtual
          Last edited by -=bb=-; 14th April 2009, 16:49. Reason: to add thanks

          Comment


          • #6
            Re: Ghost GPO entry

            Just a thought, since you feel that the bogus proxy settings are coming from the default policy, have you tried setting that to the correct Proxy settings and applying to a machine and then removing the settings again? Are these Proxy settings to be applied to all machines?

            Comment


            • #7
              Re: Ghost GPO entry

              I'll try that first thing in the morning Virtual

              In the meantime ... meetings!

              Wahay

              Comment


              • #8
                Re: Ghost GPO entry

                Well - it's moved on a little now - whether this is good or bad, I'll let you tell me

                The result from gpresult /z gives

                Code:
                USER SETTINGS
                --------------
                    CN=******,OU=SBSUsers,OU=********,OU=*******,DC=*******,DC=local
                    Last time Group Policy was applied: 20/04/2009 at 13:51:17
                    Group Policy was applied from:      *********.local
                    Group Policy slow link threshold:   500 kbps
                
                    Applied Group Policy Objects
                    -----------------------------
                        WebAccess
                        Default Domain Policy
                
                    The following GPOs were not applied because they were filtered out
                    -------------------------------------------------------------------
                        Small Business Server Windows Firewall
                            Filtering:  Not Applied (Empty)
                
                        Small Business Server Lockout Policy
                            Filtering:  Disabled (GPO)
                
                        Small Business Server Remote Assistance Policy
                            Filtering:  Disabled (GPO)
                
                        Small Business Server Client Computer
                            Filtering:  Not Applied (Empty)
                
                        Local Group Policy
                            Filtering:  Not Applied (Empty)
                
                        Small Business Server Domain Password Policy
                            Filtering:  Not Applied (Empty)
                
                        Small Business Server Internet Connection Firewall
                            Filtering:  Denied (WMI Filter)
                            WMI Filter: PreSP2
                
                    The user is a part of the following security groups:
                    ----------------------------------------------------
                        Domain Users
                        Everyone
                        SophosUser
                        Offer Remote Assistance Helpers
                        SophosAdministrator
                        BUILTIN\Administrators
                        BUILTIN\Users
                        NT AUTHORITY\INTERACTIVE
                        NT AUTHORITY\Authenticated Users
                        LOCAL
                        VPN Access
                        Domain Admins
                        SBS Report Users
                        Web Access Restricted
                        Sophos Console Administrators
                        SophosAdministrator
                        Sophos DB Admins
                        Sophos DB Users
                        CERTSVC_DCOM_ACCESS
                        Offer Remote Assistance Helpers
                        
                    Resultant Set Of Policies for User:
                    ------------------------------------
                
                        Software Installations
                        ----------------------
                            N/A
                
                        Public Key Policies
                        -------------------
                            N/A
                
                        Administrative Templates
                        ------------------------
                            GPO: WebAccess
                                Setting: Software\Policies\Microsoft\Internet Explorer\Control Panel
                                State:   Enabled
                
                        Folder Redirection
                        ------------------
                            N/A
                
                        Internet Explorer Browser User Interface
                        ----------------------------------------
                            GPO: Default Domain Policy
                                Large Animated Bitmap Name:      N/A
                                Large Custom Logo Bitmap Name:   N/A
                                Title BarText:                   N/A
                                UserAgent Text:                  N/A
                                Delete existing toolbar buttons: No
                
                            GPO: WebAccess
                                Large Animated Bitmap Name:      N/A
                                Large Custom Logo Bitmap Name:   N/A
                                Title BarText:                   N/A
                                UserAgent Text:                  N/A
                                Delete existing toolbar buttons: No
                
                        Internet Explorer Connection
                        ----------------------------
                            HTTP Proxy Server:   N/A
                            Secure Proxy Server: N/A
                            FTP Proxy Server:    N/A
                            Gopher Proxy Server: N/A
                            Socks Proxy Server:  N/A
                            Auto Config Enable:  No
                            Enable Proxy:        No
                            Use same Proxy:      Yes
                
                            HTTP Proxy Server:   190.0.0.209:8080
                            Secure Proxy Server: 190.0.0.209:8080
                            FTP Proxy Server:    190.0.0.209:8080
                            Gopher Proxy Server: 190.0.0.209:8080
                            Socks Proxy Server:  190.0.0.209:8080
                            Auto Config Enable:  No
                            Enable Proxy:        Yes
                            Use same Proxy:      Yes
                
                        Internet Explorer URLs
                        ----------------------
                            GPO: Default Domain Policy
                                Home page URL:           N/A
                                Search page URL:         N/A
                                Online support page URL: N/A
                
                            GPO: WebAccess
                                Home page URL:           N/A
                                Search page URL:         N/A
                                Online support page URL: N/A
                
                        Internet Explorer Security
                        --------------------------
                            Always Viewable Sites:     N/A
                            Password Override Enabled: False
                
                            Always Viewable Sites:     N/A
                            Password Override Enabled: False
                
                            GPO: Default Domain Policy
                                Import the current Content Ratings Settings:      No
                                Import the current Security Zones Settings:       No
                                Import current Authenticode Security Information: No
                                Enable trusted publisher lockdown:                No
                
                            GPO: WebAccess
                                Import the current Content Ratings Settings:      No
                                Import the current Security Zones Settings:       No
                                Import current Authenticode Security Information: No
                                Enable trusted publisher lockdown:                No
                
                        Internet Explorer Programs
                        --------------------------
                            GPO: Default Domain Policy
                                Import the current Program Settings: No
                
                            GPO: WebAccess
                                Import the current Program Settings: No
                I'm not sure - but I don't think the default policy should even be listed here - but that may be my ignorance!

                The results from the GPRW gives this for user :




                Which doesn't show _anything_ about the proxy settings.

                Where can I go from here?

                Thanks in advance
                Last edited by -=bb=-; 20th April 2009, 15:09.

                Comment


                • #9
                  Re: Ghost GPO entry

                  It may be because it is set to 'automatically detect configuration settings'. You could change the priority order of the 'Default Domain Policy' and 'Web Access'. Also, do you need the web access policy? You could 'security filter' it out and test.

                  Comment


                  • #10
                    Re: Ghost GPO entry

                    Hello again Virtual - sorry for my delay in replying earlier. Once something is 'fixed' it falls down the list of things to do unfortunately.

                    Yes, it would appear that it is set to Automatically Detect Settings.

                    But it isn't



                    I am at a loss why it reports that it is. I don't know why it doesn't report the proxy settings correctly. I don't know why gpresult insists on telling me every setting that default policy has that is the same as Web Access.

                    Correct me if I am wrong but the auto detect config setting is the same one that gpresult reports as :
                    Code:
                    Auto Config Enable:  No
                    The Web Access policy is basically to seperate users who have abused the IT policy in the past into a group where they are actively restricted from doing it again and their useage is monitored through the proxy. I could apply the settings through any of the other GPOs but I thought it was best practice to do stuff like this through it's own GPO?

                    Quite frankly - I'm lost. I've bodged it to work but I don't really know what else to do.

                    What priority should I put it at? It is currently 7 out of 8 with only default behind it.

                    Thanks for you help and patience Virtual

                    Comment


                    • #11
                      Re: Ghost GPO entry

                      you need to enable Internet Explorer Maintenance group policy processing setting. I will look up the exact location in a few.

                      Comment

                      Working...
                      X