G
G
Goblinoid2013-04-03 13:43:08
Active Directory
Goblinoid, 2013-04-03 13:43:08

Group Policies - IE Safe Zone Overlay Design?

There is a domain - in which zones for IE are configured by group policies - so that users can immediately visit the necessary sites both on the local intranet and on reliable nodes, and the users themselves do not touch them!
The main settings are made in the default domain policy - at the computer level (computer policy).
But, some users need a different layout - and at the ou level - where these users sit - a policy has been created, which, firstly, is filtered through the rights to the policy - in this ou, not everyone needs to change zones, and secondly, changes in zones are registered on user policy level).
but for some reason it doesn't work! Through gpresult, you can see that the necessary policies are applied to the right user, but when you look at the IE zones, there is only what comes with the default domain policy. Question - what's wrong? unless these politicians are not summed up? or they are interchangeable - and the politics of the machine therefore prevail! What's the solution here?

Answer the question

In order to leave comments, you need to log in

4 answer(s)
0
0000168, 2013-04-03
@0000168

It's simple, the default domain policy has a higher priority. If the domain is 2008, put it on the site, but with a specific targeting of users / group / OU

If not, set policy enforcement

G
Goblinoid, 2013-04-03
@Goblinoid

hmm, maybe I'm wrong - but below:
1) we are not talking about group policy preferences - but about administrative templates - zones can be configured both there and there - I need it in administrative templates!
2) Domain 2003
3) All my life I have been guided by the rule: The main formula for using GPOs in Active Directory domains is LSDOU, which means the following order of application (the latter have the highest priority):
n local computer policies (Local Policies);
n group policies at the site level (Site);
n group policies at the domain level (Domain);
n group policies at the organizational unit level.
It turns out - that my OUs - have an advantage over default or am I confusing something ?? and while digging - I found a text that is amazing in its simplicity on the flow - intelligibly: technet.microsoft.com/ru-ru/library/hh147307 (v=ws.10).aspx
and as far as I remember, in 2003 - default policies in any case have priority only at the level of security settings - that is - the password policy in the first place - which cannot be overridden at the OU level!

A
Andrey Shpak, 2013-04-04
@Insspb

As far as I remember, when setting different parameters in group policies, user\computer always wins computer. And where did you get the idea that merge should happen?

G
Goblinoid, 2013-04-04
@Goblinoid

Not in all settings, local computer policies have advantages over user ones! setting up IE zones just merges - checked.
In general, I found the problem! It turned out that it was not a matter of politics - but in the IE settings on terminal servers - only there user zones are not applied. On thick clients, everything is ok, zones come from both OU and default.
On terminal servers, this is because IE was set up a little wrong at the time.
So thank you all.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question