Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Group Policy - loopback question

Status
Not open for further replies.
Atomic

Atomic

MIS
Nov 20, 2000
56
GB
Hi all,

I have a stable Active Directory and Group policies that work well. I need to be able to set up a site policy, so that when users log into that site, they pick up different proxy server settings and a different IE home page.

I have created a new site policy and assigned it to the site. In Computer settings I have turned on loopback processing - I have tried merge and replace options. In the User settings, IE maintenance, I have set the new proxy settings and the home page.

When I log onto a computer on the site, and do a GPRESULT, the results tell me that the site policy has been applied to both the user and computer settings. However, the IE home page has not changed, but the proxy settings have been set to null (ie no proxy).

Can anyone explain what I am doing wrong please?

Thanks

Martyn

 
Sort by date Sort by votes
There are really 2 statements here:

1. This is unfortunately the default behavior for IE maintenance policies.

What the policy actually is, in the background, is an ins file. Unfortunately, the IE Maintenance node is a "first writer wins" scenario, so the first IE Maintenance policy applied/ins file, sticks, even if you try to alter it in a lower level policy that would normally take priority.

2. The other problem is any policy settings applied are subject to the LSDOU application method (Local, Site, Domain, OU, with each one overwriting identical settings from the policy above it...except a few settings...)

So my curiosity here becomes, are you setting any computer settings at the computer object's OU level (or above) that applies a loopback policy? If not, the loopback is applying properly most likely (rsop.msc should tell you the policy effecting the setting), and you are running into the designed behavior of IE Maintenance policies as described above.




-Brandon Wilson
MCSE00/03, MCSA:Messaging00, MCSA03, A+
Manager - Global AD Operations
ACS, Inc.
 
Upvote 0 Downvote
You could try using the "ENFORCED" setting on your site GPO to see if you can force it to apply. Check what you get with GPRESULT on your machines in the site and see whats being applied.

ML
 
Upvote 0 Downvote
that wont work if the settibngs are applied via an IE Maintenance policy, which in the background is a .ins file.

IE Maintenance/.ins is awlays a first writer wins methodology.

I juuust went through a very thorough debug of the IE Maintenance policy in order to bypass that behavior, but to no avail...

-Brandon Wilson
MCSE00/03, MCSA:Messaging00, MCSA03, A+
Manager - Global AD Operations
ACS, Inc.
 
Upvote 0 Downvote
ADgod - gotcha- I've not played with IE Maint Policies much; I need to but no time recently.

Mark
 
Upvote 0 Downvote
Sorry for the delay responding, I have been away on my hols.

Thanks both for the dialogue, I will need to have a rethink.

Regards

Martyn
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

edgar28
  • Locked
  • Question
Question on Network cards - Windows Server 2019
Replies
1
Views
102
DrB0b
DrB0b
rrmcguire
  • Locked
  • Question
group policy to set dns
Replies
2
Views
149
rrmcguire
rrmcguire
DrB0b
  • Locked
  • Question
HyperV Virtual Switch and Physical NIC question
Replies
3
Views
90
DrB0b
DrB0b
DrB0b
  • Locked
  • Question
General Windows Server Datacenter/Standard Licensing Question
Replies
1
Views
67
DrB0b
DrB0b
Krus1972
  • Locked
  • Question
Web.Config URL Rewrite Question
Replies
0
Views
60
Krus1972
Krus1972

Part and Inventory Search

Sponsor

Back
Top