OK; I finally figured this one out; I had to set a couple of other settings for this to work. Computer config\admin templates\Internet explorer\internet control panel\security page. Intranet sites: Include all local (intranet) sites not listed in other zones Intranet sites: Include all network paths (UNCs)
That let it work as expected. But I'm seeing another problem as well This is one of those things that bug us when we log on to a new machine for the first time. :-) I've set the IE home page to our intranet, which is the only site allowed; everything else goes to a bit-bucket proxy. So in: User config\windows settings\internet explorer maintenance\URLs\Important URLs, I've set the home page. But it doesn't work. With a new user login, IE starts by going to MS site, and since the proxy won't let it, it doesn't move forward from there. I can type in the intranet URL manually and get there. If I allow the browser to reach the internet, it goes to the MS site first, then to windows update on the second launch, then to the expected home page on the third launch. Any way to get around this? Thanks! PS: Roger; good to see you back. How's things? Pam and I are moving to AZ soon. Gimme a call sometime and we can chat... ********************** Charlie Kaiser W2K3 MCSA/MCSE/Security, CCNA Systems Engineer Essex Credit / Brickwalk 510 595 5083 ********************** > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Roger Seielstad > Sent: Friday, September 02, 2005 9:57 PM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] Group policy security setting > > The other way that works is to add the UNC for the file server > (file://server/share) to the Trusted Sites, under > User Config / Windows Settings / IE Maintenance /Security / > Security Zones > and Content ratings > > Now that I look, there's the setting you're trying to change > - which is why > it probably didn't work with a template. > > > > > > > -------- > Roger Seielstad > E-mail Geek > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Charlie Kaiser > Sent: Friday, September 02, 2005 3:51 PM > To: ActiveDir@mail.activedir.org > Subject: [ActiveDir] Group policy security setting > > This is driving me nuts.... > > I'm trying to set up a W2K3 SP1 terminal server machine, > managed by group > policy, that will allow users to run certain apps that > actually load from > another server. Here's the problem... > > When I try and launch one of those apps, I get the security > warning box > "open file - security warning" "Are you sure you want to run > this software?" > I finally figured out how to disable it; in IE properties, > security, trusted > sites, custom level, there's a setting: "Launching > applications and unsafe > files". If I set that to enable, the box goes away. (I'm > using software > restrictions to only allow certain apps, so the warning box > is irrelevant). > > I want to be able to set this value via GP rather than through the IE > interface. The IE ADM template seems to include every setting > except for > this one. > > Why? I've tried creating a custom ADM for the setting, but I'm getting > nowhere with that. I'll probably try that again next week. > But I'm curious why this particular setting is not available in the > template? Any ideas? Am I missing something? > > ********************** > Charlie Kaiser > W2K3 MCSA/MCSE/Security, CCNA > Systems Engineer > Essex Credit / Brickwalk > 510 595 5083 > ********************** > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/