Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

IE Security Zones in Group Policy dont copy to other DC's

Status
Not open for further replies.

andymac3000

IS-IT--Management
Nov 2, 2004
44
GB
Ive added a trusted site in a w2k3 group policy in user config\Security Zones and content ratings.

The setting has been a little flaky to apply across terminal servers, so as part of throubleshooting, I noticed that when I go into the GPO via another DC, the setting isnt there, although all the other settings in the GPO are

Is this normal behaviour for IE Settings in GPO's ? If so, does it help to apply the setting individually to the DC's ?

Thanks

Andy
 
You need to make sure that the .adm files are on both servers and preferrably on all DC's otherwise when you go to view those settings, as you've noticed, the group policy editor doesn't know what they are and can't display them properly.

Hope this helps.



Thanks

John Fuhrman
Titan Global Services
 
Cheers Sparkbyte

Sorry, when I said the setting wasnt there, the setting to amend is actually there, what I should have said is the amendment to the setting hasnt propogated to other DC's.

Ive added the trusted site on one DC, but when I go to other DC's, the option to add the site is still there, but what ive added isnt !

The ADM is a standard system one anyway

Thanks

Andy
 
Hmmm. Are we sure the DC's are replicating any information? Are there any errors in the event logs. I had a simular problem with our Terminal Server DMZ domain servers and it turned out to a problem stemming from DFS. Did not know at the time that the SYSLOG and NETLOGON domain shares are replicated using the DFS services on the DC's at the time so I didn't investigate the problems with DFS as well as I should have at the time. (-:

Anyway, pay attention to all errors on the DC's.


Cheers to you also!
Happy Thanks Giving Day too.

Hope this helps

Thanks

John Fuhrman
Titan Global Services
 
Try running DCDIAG and the Replmon tool to identify where the replication error is.
 
Cheers guys

Yes, the DC's are replicating all information they should be, apart from this area. Ive used DCdiag and replmon, and everything is reporting fine

Im beginning to think its normal behaviour that just applies to that machine. If you have another gpo with this setting applied on the same DC and choose to import, then you import the setting from the previous GPO. But if you then take the setting out of any GPO, it takes it out of them all.

The setting still continues to be flaky, i.e. it applies for certain users on certain terminal servers, and then not for others

Anyone have any other ideas. Surely it isnt something you have to apply to each individual Termial Server, as the setting wouldnt apply at all ?

Andy
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top