Just a suggestion from a "lurker" on the list - why not mail Rick direct?? Save all of us the pain of deleting a bunch of "me too" posts..... ;-)
Jack -----Original Message----- From: Craig Cerino [mailto:[EMAIL PROTECTED]] Sent: 16 October 2002 21:56 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Disable IE via GPO THIS MESSAGE ORIGINATED ON THE INTERNET - Please read the detailed disclaimer below. ---------------------------------------------------------------------------- ------- And me too buddy - thanks. :o) -----Original Message----- From: Dave Kinnamon [mailto:[EMAIL PROTECTED]] Sent: Wednesday, October 16, 2002 3:22 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Disable IE via GPO One for me too?!? -----Original Message----- From: Rick Kingslan [mailto:[EMAIL PROTECTED]] Sent: Wednesday, October 16, 2002 12:17 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Disable IE via GPO John, Interesting that you even mention this. I have a reg file that sets the zones on IE via directly modding the registry in just this manner. We've got about 25k seats of Inbound/Outbound 'Out-sourced marketers' (yeah, I can even put lipstick on a pig like Telemarketing!) and we have to lock them down to ONLY what we want them to do. If anyone wants a copy o it, let me know. I'll shoot it off to you... Rick Kingslan - Microsoft MVP [Windows NT/2000] Microsoft Certified Trainer MCSA, MCSE+I - Windows NT / 2000 "Any sufficiently advanced technology is indistinguishable from magic." --- Arthur C. Clarke > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of > Bjelke John A Contr AFRL/VSIO > Sent: Wednesday, October 16, 2002 12:12 PM > To: '[EMAIL PROTECTED]' > Subject: RE: [ActiveDir] Disable IE via GPO > > > Well, you *could* write code into his login script that sets > the IE security preferences for the Restricted Zones, and > then undoes it in the "standard" login script so that others > are not affected... > That would probably be a good script to hang onto for future > offenders as well. > Add his web-mail site to the restricted zones on a test pc, > then export HKEY_CURRENT_USER\Software\ > Microsoft\Windows\Current Version\Internet > Settings\ZoneMap\Domains to a REG file. In his logon script, > copy this reg file to a temp on the system and run it. For > the "clean up" in the normal script, find the specific entry > and delete it, maybe? > > I would also suggest drafting an "acceptable use" policy to > run by the powers that be, maybe through your IT boss... the > worst they can do is say "We're not concerned". At best, you > might gain some leverage on stopping things like this. > Good luck! -JB > > -----Original Message----- > From: James Liddil [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, October 16, 2002 9:28 AM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Disable IE via GPO > > > "We" don't have a policy in place the prevents folks from > reading yahoo, hotmail etc. So if I have our firewall > configured to block this I'm sure I'd immediately be > blacklisted by end users. I could just as easily use McAffee > EPO and add these various webmail URLs and block them. Until > management decides this is a business critical issue I won't > go there. But I certainly have considered the idea along > with blocking IM traffic. > > Jim Liddil > > > -----Original Message----- > > From: Bjelke John A Contr AFRL/VSIO > > [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, October 15, 2002 4:22 PM > > To: '[EMAIL PROTECTED]' > > Subject: RE: [ActiveDir] Disable IE via GPO > > > > > > Why not block his web-mail site @ the firewall? He might have > > legitimate project related need for web access, but if you > > can point to virus infections from his web-based email you > > should be able to justify blocking the site for everyone. > > John A. Bjelke > > Unisys > > 505.853.6774 > > [EMAIL PROTECTED] > > Man will occasionally stumble over the truth, but most times > > he will pick > > himself up and carry on... - Winston Churchill > > > > > > -----Original Message----- > > From: James Liddil [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, October 15, 2002 1:54 PM > > To: [EMAIL PROTECTED] > > Subject: [ActiveDir] Disable IE via GPO > > > > > > W2K/Exchange2K Environment. We have a visiting scientist who > > I was asked to give an account to. Turns out he has been > > reading his web mail and it is highly infected based on the > > number of alerts I got. The one machine he uses I have > > pulled of the internet. But I now find he went to another > > machine and did some web mail (virus alert again). So at > > this point my hands are tied by the managements lack of > > policies. So I need a way to prevent him from using IE > > regardless of the machine. It seems in GPO I can lock it > > down but not totally disable it. Or is there a way? > > > > Jim Liddil > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > > List info : > > http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > List info : > http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ----------------------------------------------------------------------- The following message has been automatically added by the mail gateway to comply with a Royal & SunAlliance IT Security requirement. As this email arrived via the Internet you should be cautious about its origin and content. Replies which contain sensitive information or legal/contractual obligations are particularly vulnerable. In these cases you should not reply unless you are authorised to do so, and adequate encryption is employed. If you have any questions, please speak to your local desktop support team or IT security contact. ----------------------------------------------------------------------- List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
