IE Maintenance Group Policy Settings Issue

[Guest]

I'll try to keep this short and to the point. =

I created a test OU called "Test" at the root of my domain (no parent or child OUs). I then created a GPO called "Proxy Server Settings" on this OU called “Testâ€. The ONLY settings configured in this GPO were Connection - Proxy Settings. I clicked on "Enable proxy settings" and filled in the information for my proxy server

I then proceeded to move a test account (domain user) to this OU. I logged off then back on. I then checked my Internet Explorer LAN settings and sure enough the GPO applied because the information was populated according to what the GPO was

Now here is where I scratch my head...

I moved my test user account out of the test OU to the Users OU. The Users OU has no proxy GPO at all. I then rebooted my test PC and logged back in with the test account. Guess what? I checked the IE LAN settings and the GPO setting that were originally applied were still there and they never go away

The ONLY way I have found to fix this is to delete the user profile on the local PC. This is NOT an option

Does ANYONE out there know of a fix? This seems to be a Microsoft bug

Thanks
JJ Tubbs

 

[Mark Renoden [MSFT]]

Hi JJ

IE Policy Settings don't work in the same fashion as those found in the
Administrative Templates (adm files). IE settings are written to the
registry as a permanent change (this is different to the Admin Template
settings) and are only overwritten if the policy changes or a new policy
specifically targeting those same settings is identified. You can force IE
Policy to be re-applied at every login by referring to:

316702 Internet Explorer Security Setting That You Set with a Group Policy
http://support.microsoft.com/?id=316702

In your situation, you would need a new policy linked to the new OU that
specifically changed the proxy settings to the desired configuration.

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no rights.

 

[JJ]

Mark,

I appreciate the prompt reply and also the reference to
the KB article. I will test tomorrow when I get to work
and reply back with the results.

One more question.

In theory I could modify the original IE GPO to have a
blank proxy. This would be a GPO change and the settings
in the browser should be updated. Does that sound right?

I only ask because we have roughly 200 PCs that have a
specific profile where this is happening. Eventhough the
GPO link has been removed from the OU that this account
resides in the settings are still there on the PC that
they log into.

Thanks,
JJ

-----Original Message-----
Hi JJ

IE Policy Settings don't work in the same fashion as those found in the
Administrative Templates (adm files). IE settings are written to the
registry as a permanent change (this is different to the Admin Template
settings) and are only overwritten if the policy changes or a new policy
specifically targeting those same settings is identified. You can force IE
Policy to be re-applied at every login by referring to:

316702 Internet Explorer Security Setting That You Set with a Group Policy
http://support.microsoft.com/?id=316702

In your situation, you would need a new policy linked to the new OU that
specifically changed the proxy settings to the desired configuration.

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no rights.

news:BBF67E7B-4EB2-46B7-A918-

(e-mail address removed)...

I'll try to keep this short and to the point. =D

I created a test OU called "Test" at the root of my domain (no parent or
child OUs). I then created a GPO called "Proxy Server Settings" on this
OU called "Test". The ONLY settings configured in this GPO were
Connection - Proxy Settings. I clicked on "Enable proxy settings" and
filled in the information for my proxy server.

I then proceeded to move a test account (domain user) to this OU. I
logged off then back on. I then checked my Internet Explorer LAN settings
and sure enough the GPO applied because the information was populated
according to what the GPO was.

Now here is where I scratch my head....

I moved my test user account out of the test OU to the Users OU. The
Users OU has no proxy GPO at all. I then rebooted my test PC and logged
back in with the test account. Guess what? I checked the IE LAN settings
and the GPO setting that were originally applied were still there and they
never go away!

The ONLY way I have found to fix this is to delete the user profile on the
local PC. This is NOT an option.

Does ANYONE out there know of a fix? This seems to be a Microsoft bug.

Thanks,
JJ Tubbs

.

 

[Mark Renoden [MSFT]]

Hi JJ

That's correct. If you configure a GPO to set the proxy to blank, this will
be identified as a change to the policy and it will be re-applied to the
users the next time they log in (or it should).

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no rights.

Mark,

I appreciate the prompt reply and also the reference to
the KB article. I will test tomorrow when I get to work
and reply back with the results.

One more question.

In theory I could modify the original IE GPO to have a
blank proxy. This would be a GPO change and the settings
in the browser should be updated. Does that sound right?

I only ask because we have roughly 200 PCs that have a
specific profile where this is happening. Eventhough the
GPO link has been removed from the OU that this account
resides in the settings are still there on the PC that
they log into.

Thanks,
JJ

-----Original Message-----
Hi JJ

IE Policy Settings don't work in the same fashion as those found in the
Administrative Templates (adm files). IE settings are written to the
registry as a permanent change (this is different to the Admin Template
settings) and are only overwritten if the policy changes or a new policy
specifically targeting those same settings is identified. You can force IE
Policy to be re-applied at every login by referring to:

316702 Internet Explorer Security Setting That You Set with a Group Policy
http://support.microsoft.com/?id=316702

In your situation, you would need a new policy linked to the new OU that
specifically changed the proxy settings to the desired configuration.

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no rights.

news:BBF67E7B-4EB2-46B7-A918-

(e-mail address removed)...

I'll try to keep this short and to the point. =D

I created a test OU called "Test" at the root of my domain (no parent or
child OUs). I then created a GPO called "Proxy Server Settings" on this
OU called "Test". The ONLY settings configured in this GPO were
Connection - Proxy Settings. I clicked on "Enable proxy settings" and
filled in the information for my proxy server.

I then proceeded to move a test account (domain user) to this OU. I
logged off then back on. I then checked my Internet Explorer LAN settings
and sure enough the GPO applied because the information was populated
according to what the GPO was.

Now here is where I scratch my head....

I moved my test user account out of the test OU to the Users OU. The
Users OU has no proxy GPO at all. I then rebooted my test PC and logged
back in with the test account. Guess what? I checked the IE LAN settings
and the GPO setting that were originally applied were still there and they
never go away!

The ONLY way I have found to fix this is to delete the user profile on the
local PC. This is NOT an option.

Does ANYONE out there know of a fix? This seems to be a Microsoft bug.

Thanks,
JJ Tubbs

.

 

[Guest]

Mark

In testing it works. I thought it would but wanted to check. Is there anyway to "lockdown" the capability of people changing IE connection options manually via GPOs

Thanks
JJ