G
Guest
Hi everyone,
Just checking if anyone is aware of any instructins/docs/info on
importing ieak adm files into 2k group policy to apply "system policies
restrictions" via group policy rather that via IEAKs policy manager
which does not seem to do the job as suggested on 2k unless a user is
logged onto the machine as an administrator?
I have created a test vmware domain consisting of:
1x win2ksp3 Domain Controller
1x win2ksp3 member server running terminal services
1x win2kprosp3 workstation.
On the member server running TermServices:
- have not installed any OS security patches
- have not changed Microsofts out of the box security settings ( yet
- have ugraded 2000's default install of IE to IE6sp1 using change user
/install & had no problems
- have applied februarys IE6sp1 cumulative gizmo: q832894
- have created an ou for the terminal server and moved the terminal
server computer object there
- have created a group policy for the ou and applied loop back
processing in replace mode
- have created user configuration group policy for test users that log
onto the terminal server & all is ok
- used IEAK to create an ins & cab file to set security options and
restrict access to internet options etc, etc, .....
- placed the two files in the appropriate locations to be served up by http
- set a policy on the terminal server ou to get the ins auto config file
- logged onto terminal services as test user John Doe
- part of the settings were applied, eg. branding, but no restrictions
to internet options and security zones/settings had not changed.
- checked users temporary internet files directory & .cab file had been
downloaded.
- checked registry to make sure that ieak cab version number matched up
with the one being download - it did
- checked the user log file, and there were access denied messages
- searched the web and found references indicating that a user needs to
be logged on as an administrator in order to modify HKCU \ .. \ policies
, etc etc, and use group policy instead
- copied the adm files from the ieak policies to \winnt\inf on the
terminal server as a test, and imported them into group policy which did
add new options but also did a couple of funnies...
- was going to set policies and see results, but changed my mind and
posted this message first
Just checking if anyone is aware of any instructins/docs/info on
importing ieak adm files into 2k group policy to apply "system policies
restrictions" via group policy rather that via IEAKs policy manager
which does not seem to do the job as suggested on 2k unless a user is
logged onto the machine as an administrator?
I have created a test vmware domain consisting of:
1x win2ksp3 Domain Controller
1x win2ksp3 member server running terminal services
1x win2kprosp3 workstation.
On the member server running TermServices:
- have not installed any OS security patches
- have not changed Microsofts out of the box security settings ( yet
- have ugraded 2000's default install of IE to IE6sp1 using change user
/install & had no problems
- have applied februarys IE6sp1 cumulative gizmo: q832894
- have created an ou for the terminal server and moved the terminal
server computer object there
- have created a group policy for the ou and applied loop back
processing in replace mode
- have created user configuration group policy for test users that log
onto the terminal server & all is ok
- used IEAK to create an ins & cab file to set security options and
restrict access to internet options etc, etc, .....
- placed the two files in the appropriate locations to be served up by http
- set a policy on the terminal server ou to get the ins auto config file
- logged onto terminal services as test user John Doe
- part of the settings were applied, eg. branding, but no restrictions
to internet options and security zones/settings had not changed.
- checked users temporary internet files directory & .cab file had been
downloaded.
- checked registry to make sure that ieak cab version number matched up
with the one being download - it did
- checked the user log file, and there were access denied messages
- searched the web and found references indicating that a user needs to
be logged on as an administrator in order to modify HKCU \ .. \ policies
, etc etc, and use group policy instead
- copied the adm files from the ieak policies to \winnt\inf on the
terminal server as a test, and imported them into group policy which did
add new options but also did a couple of funnies...
- was going to set policies and see results, but changed my mind and
posted this message first