Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: IE security zone assignment on 2003 terminal server

from [jbeauford] Network Security [Permanent Link]
Subject: RE: IE security zone assignment on 2003 terminal server
Date: Thu, 25 Jan 2007 16:21:12 -0500 
You can use the Group Policy Management Console to confirm that your GP
and ITS settings are being applied.  You may have another ENFORCED GP on
the Servers OU which is overriding your default GP.  This could be the
case especially if you've tried to lockdown your servers via MS's TS
Lockdown recommendations.

It sounds like you may have already examined this possiblity.

JMB

Murda Mcloud wrote:

Hi Daniel-Liam's suggestion looks good.
Just a question though-what type of box(2003 or Xp) did you set the
original policy on? 
I know that for some of the IE settings it basically 'copies' what
you have on the machine you are setting the policy from but I'm not
sure if this is the case with the Zones. Just wondering if this could
be a factor here.   

-----Original Message-----
From: listbounce@securityfocus.com
[mailto:listbounce@securityfocus.com] On Behalf Of Daniel Schmidt 
Sent: Wednesday, January 24, 2007 8:54 AM
To: focus-ms@securityfocus.com
Subject: IE security zone assignment on 2003 terminal server

I am trying to assign a website to the Trusted Sites zone with Group
Policy 
-> User Configuration -> Administrative Templates -> Windows
Components 
-> ->
Internet Explorer -> Internet Control Panel -> Security Page -> Site
to Zone Assignment List. 

When the domain user logs into a domain member XP Professional
system, the setting is propagated as intended. 

When he logs into a Windows 2003 member server, either locally or via
Terminal Server session, the setting is ignored and the site remains
in the Internet Zone.  

This is the case whether or not Internet Explorer Enhanced Security
Configuration is installed. 

If I run a Group Policy Results query for that user/server
combination, the policy appears to be getting applied, although it
appears in the "Extra Registry Settings" section.  I updated the adm
files for that GPO to the 2003 SP1 versions in hopes of getting
policy labels, but to no avail.   
However, running a Group Policy Results query for that user/XP Pro
system, where the policy works, also places it in the "Extra Registry
Settings"  
section, so I doubt that's related.

Does anyone have any suggestions for me?  Thanks in advance.

Daniel Schmidt
dschmidt@buddyrents.com
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: IE security zone assignment on 2003 terminal server, Murda Mcloud
Next by Date:  Re: Automatic spam mover, Tucker
Previous by Thread:  RE: IE security zone assignment on 2003 terminal server, Murda Mcloud
Next by Thread:  RE: IE security zone assignment on 2003 terminal server, Daniel Schmidt
Indexes:  [Date] [Thread] [Top] [All Lists]