Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Zone problems

Status
Not open for further replies.
insureme

insureme

IS-IT--Management
Dec 9, 2008
103
US
i'm working on setting up a new server and what i'm finding is that whenever i try to copy something from the main fileserver i get prompted with "do you wish to copy or move files form this zone" the box seems to be coming from internet explorer. I've never had this issue before, and i've setup servers before as well. i'm thinking it's related to something in a domain policy but i'm just not sure where to look as the problem seems to start after adding the machine to the domain, but i'm not positive on that last note though. along with this when I try to run anything directly from the file server i get a permissions error. I do not however get this permissions error logged itno my laptop with the same user account.

Please help!
 
Sort by date Sort by votes
No dice. I removed the enhanced security configuration to no avail. then i went into the internet security settings, and changed the intranet zone settings and this worked for the administrator account but I also notice that there are lists for trusted sites in the admin account but not the regular user account. so at this point the administrator account works fine, but the regular user still can't copy fiels from network shares or launch server based applications. This is agian leading me to beleive there is a domain policy setting causing this.
 
Upvote 0 Downvote
Check your IE internetproperties/security/internet/custom level and see if file download or drag-drop-copy-paste are disabled. Also, from command prompt run a gpresult to see what GPO's are applying to these users and then go research those setting; which is pretty easy in the GPMC.


_______________________________________
I hope any help I give leads to great successes.
MCSE, MCSA, MCTS, CCA, VCP, CCNA
 
Upvote 0 Downvote
I did check my internet custom level, but as a general user I can't get in there as it's controlled by domain policy. I found that if I added our domain name to the trusted sites, and intranet sites list in the domain policy it seems to work alright, but i'm still getting a security confirmation when trying to run server apps which is really annoying. we have multiple domain policys attending to these users and machines. I think they are conflicting or something though because settings don't tend to be consistent. if i can remember all the way back to college the domain policy has priority, then the OU policy computers, and the ou policy for users. but i have three domain policies applied so i'm wondering if the settings in these two (some are duplicate settings) might be causing a lot fo my headache. I'm sorry to sound so stranded, but i've inherited quite a mess i'm trying to clean up.
 
Upvote 0 Downvote
if they have the same location but different settings, then you will have issues. Make sure the Default Domain Policy has Enforced checked. This will prevent lower level gpo's from changing settings specified in the DDP. If settings in lower OU's need to override the DDP, then set it up for Loopback processing. Run the GPRESULT as stated above and find your offending gpo.


_______________________________________
I hope any help I give leads to great successes.
MCSE, MCSA, MCTS, CCA, VCP, CCNA
 
Upvote 0 Downvote
OK so I enforeced the default domain policy. there are three policy's in the root f the domain, once I enforced the default policy the other one that handles the IE sites and zeons is no longer being applied. not sure why this would be. should there only be one policy in the domain root, or do I have bigger issues? what should I be looking for in the gpresult output that would tell me there is a problem?
 
Upvote 0 Downvote
If the default domain policy and the IE gpo have similar settings...the enforced DDP will win.

The practice I have seen is to set your Zone Mappings in the DDP under Userconfig/admin template/Windows Components/IE/Internet Control Panel/Security Page and set your Site to Zone Assignment List there.

GPResult will tell you which GPO's applied and whichs one did not and give you a brief explanation of why it did not apply...filtered out...


_______________________________________
I hope any help I give leads to great successes.
MCSE, MCSA, MCTS, CCA, VCP, CCNA
 
Upvote 0 Downvote
Yes, however the current setup is using the DDP, and then an additional root level domain policy for the site to zone list, that has the entries in both the user and computer configs. I'll work on changing this as it seems fishy to me to begin with. i'll just transfer the site to zone settings into the default domain policy as you suggested. I checked the gpreulst though and the only filtered entry is the local policy (not configured). the other three policys are said to be applied for both user and computer. I'll check back in once i've made changes on my end.

Thanks,
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

amanua
  • Locked
  • Question
Event ID 13508 Sysvol replication problems
Replies
0
Views
131
amanua
amanua
merang
  • Locked
  • Question
tcl array problems
Replies
0
Views
110
merang
merang
stergiosnik
  • Locked
  • Question
Windows Server 2003 microsoft update problems
Replies
1
Views
102
ShackDaddy
ShackDaddy
mbtransport
  • Locked
  • Question
Frustrating SP2 Install Problems
Replies
0
Views
92
mbtransport
mbtransport
Encino141
  • Locked
  • Question
dns zone
Replies
2
Views
67
Encino141
Encino141

Part and Inventory Search

Sponsor

Back
Top