SP2 global propagation of Pop-up allowances

M

Mike Brown

Hello,

Is there any way to globally (i.e. every machine seen in active
directory...) propagate desired Pop-up allowances? Their appears to be
nothing in AD Policy for this but I'm wondering (obviously I could try /
test this) if there is a way to capture allowance in the registry and
propagate such via SMS or login script etc.?

I see that the following Keys have Pop-up values...

HKEY_Current_User\Software\Microsoft\Internet Explorer\New Windows\Allow
HKEY_Users\(User account here)\Software\Microsoft\Internet Explorer\New
Windows\Allow

Thanks,

Mike
 
T

Torgeir Bakken \(MVP\)

Mike said:
Is there any way to globally (i.e. every machine seen in
active directory...) propagate desired Pop-up allowances?
Their appears to be nothing in AD Policy for this
Click to expand...

There is a Group Policy available for this:

Under "User Configuration" and
Administrative Templates\Windows Components\Internet Explorer

see setting
"Pop-up allow list"

"This policy setting allows you to manage a list of web sites that
will be allowed to open pop-up windows regardless of the Internet
Explorer process's Pop-Up Blocker settings. If you enable this
policy setting, you can enter a list of sites which will be allowed
to open pop-up windows regardless of user settings. Users will not
be able to view or edit this list of sites. Only the domain name is
allowed, so www.contoso.com is valid, but not http://www.contoso.com.
Wildcards are allowed, so *.contoso.com is also valid. If you
disable this policy setting, the list is deleted and users may not
create their own lists of sites. If this policy is not configured,
users will be able to view and edit their own lists of sites."

This from PolicySettings.xls available here:

Group Policy Settings Reference for Windows XP Professional Service Pack 2
http://www.microsoft.com/downloads/...c0-19b9-4acc-b5be-9b7dab13108e&displaylang=en

but I'm wondering (obviously I could try / test this) if there
is a way to capture allowance in the registry and propagate
such via SMS or login script etc.?

I see that the following Keys have Pop-up values...

HKEY_Current_User\Software\Microsoft\Internet Explorer\New Windows\Allow
HKEY_Users\(User account here)\Software\Microsoft\Internet Explorer\New
Windows\Allow
Click to expand...

Yes, if you don't go the GPO route, distributing the registry values
found under
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow
is absolutely an viable alternative.
 
M

Mike Brown

Torgier,
Thanks for the reply and the affirmation re: the registry settings. I looked
for this setting on 2 differnet very updated Win2k Domains and did not see
the setting Pop-up allow list although per the xls link that you provided it
should be at Administrative Templates\Windows Components\Internet Explorer
under User Configuration. Any ideas why we cannot see this on 2 different
domains?
-Mike
 
T

Torgeir Bakken \(MVP\)

Mike said:
Torgier,
Thanks for the reply and the affirmation re: the registry
settings. I looked for this setting on 2 differnet very updated
Win2k Domains and did not see the setting Pop-up allow list
although per the xls link that you provided it should be at
Administrative Templates\Windows Components\Internet Explorer
under User Configuration. Any ideas why we cannot see this on 2
different domains?
Click to expand...
Hi

I don't know really, I see it fine on the domain I use.

If you have used a Windows XP SP2 computer to administer the Group
Policy settings in the domain, the adm files should automatically
have been updated.

Group Policy Template Behavior in Windows Server 2003
http://support.microsoft.com/kb/316977

I would think most things in the link above applies to Win2k as well.

Recommendations for managing Group Policy administrative
template (.adm) files
http://support.microsoft.com/kb/816662

A discussion about it here:
http://groups-beta.google.com/group..._doneTitle=Back+to+Search&&d#130e4d93db7c9984

See here on how Jeff updated the Default Domain Policy templates when
they would not do it automatically:
http://groups-beta.google.com/group..._doneTitle=Back+to+Search&&d#fa468982fef80549


You can also download the latest .adm files from here:

http://go.microsoft.com/fwlink/?linkid=31057

If you install the WinXP SP2 .adm files on the domain controller, but
you don't use WinXP SP2 to edit the GPO settings, you may you get the
message below, install the hotfix that is available in the KB article
in the link below to solve this.

"The following entry in the [strings] section is too long and has
been truncated" error message when you try to modify or to view GPOs
in Windows Server 2003, Windows XP Professional, or Windows 2000
http://support.microsoft.com/?id=842933


and just in case you haven't seen it already:

Managing Windows XP Service Pack 2 Features Using Group Policy
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/mangxpsp2/mngintro.mspx
 
M

Mike Brown

I see the allow list now in one of the domains - tried messing with the adm
files first but then forced an update from an SP2 machine (again) and all
seems OK. Thanks.


Torgeir Bakken (MVP) said:
Mike said:
Torgier,
Thanks for the reply and the affirmation re: the registry
settings. I looked for this setting on 2 differnet very updated
Win2k Domains and did not see the setting Pop-up allow list
although per the xls link that you provided it should be at
Administrative Templates\Windows Components\Internet Explorer
under User Configuration. Any ideas why we cannot see this on 2
different domains?
Click to expand...
Hi

I don't know really, I see it fine on the domain I use.

If you have used a Windows XP SP2 computer to administer the Group
Policy settings in the domain, the adm files should automatically
have been updated.

Group Policy Template Behavior in Windows Server 2003
http://support.microsoft.com/kb/316977

I would think most things in the link above applies to Win2k as well.

Recommendations for managing Group Policy administrative
template (.adm) files
http://support.microsoft.com/kb/816662

A discussion about it here:
http://groups-beta.google.com/group..._doneTitle=Back+to+Search&&d#130e4d93db7c9984

See here on how Jeff updated the Default Domain Policy templates when
they would not do it automatically:
http://groups-beta.google.com/group..._doneTitle=Back+to+Search&&d#fa468982fef80549


You can also download the latest .adm files from here:

http://go.microsoft.com/fwlink/?linkid=31057

If you install the WinXP SP2 .adm files on the domain controller, but
you don't use WinXP SP2 to edit the GPO settings, you may you get the
message below, install the hotfix that is available in the KB article
in the link below to solve this.

"The following entry in the [strings] section is too long and has
been truncated" error message when you try to modify or to view GPOs
in Windows Server 2003, Windows XP Professional, or Windows 2000
http://support.microsoft.com/?id=842933


and just in case you haven't seen it already:

Managing Windows XP Service Pack 2 Features Using Group Policy
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/mangxpsp2/mngintro.mspx


--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/scriptcenter/default.mspx
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

adding REG_BINARY value to all computers 5
Tried all to disable balloon tips, pop-up descriptions, etc... 7
Icon & link pop up - Again 1
Selective supression of disk space low pop-up warning? 2
Limit on pop up sites? 3
pop-up blockers 1
Group Policy and/or Registry change to Turn off Pop Up Blocker Man 0
Internet Explorer 6 Deployment 1

Top