subject:"RE\: Trusted Intranet Sites"

RE: Trusted Intranet Sites

2008-05-06 Thread Troy Meyer

Not to defend my lazy scripting as an alternative to official templates (which 
are much better for auditing and management, and are something we use 
EXTENSIVELY) but I believe those pre-fined settings replace existing entries, 
which was one thing the OP didn't want to do.

-troy



-Original Message-
From: Greg Mulholland [mailto:[EMAIL PROTECTED]
Sent: Monday, May 05, 2008 7:19 PM
To: NT System Admin Issues
Subject: RE: Trusted Intranet Sites

You can. As ken suggested predefine all the security zone settings for IE in 
gpo.

-Original Message-
From: Ken Schaefer [mailto:[EMAIL PROTECTED]
Sent: Tuesday, 6 May 2008 10:34 AM
To: NT System Admin Issues
Subject: RE: Trusted Intranet Sites

You can do this with the Microsoft supplied GPOs (use the Site To Zone 
assignment option)

Do not edit the Default Domain Policy - create a new Domain policy for your 
business, and put all your domain-wide policies in there. Why? Then you know 
exactly what came "in the box" from Microsoft and what you've changed 
subsequently. It will help with maintenance and troubleshooting.

I would always use a GPO over a batch file/logon script *if* they do the same 
thing. It's really easy to model the net effect of GPOs on users and computers 
using  RSOP/GPMC. It's virtually impossible to model the effect of batch 
scripts unless you have a unit test harness...

Cheers
Ken


> -Original Message-
> From: Troy Meyer [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, 6 May 2008 4:52 AM
> To: NT System Admin Issues
> Subject: RE: Trusted Intranet Sites
>
> You could use an adm if you wanted to, it all depends on how you want
> to run things.  I went the lazy route and just added a bat file into
> the user login script in a GP (under User Config - Admin Templates -
> System - Logon - Run these programs at user logon).
>
> It checks a couple settings and then applies a couple registry settings
> so stuff matches. Things like registry adds to HKCU are super fast and
> the user doesn't even notice.
>
> -tm
>
>
> -Original Message-
> From: Phil Hershey [mailto:[EMAIL PROTECTED]
> Sent: Monday, May 05, 2008 11:37 AM
> To: NT System Admin Issues
> Subject: RE: Trusted Intranet Sites
>
> Troy,
>
> How would I actually go about applying the registry hack with a policy?
> I'd need to use the Inetesc.adm file, wouldn't I?
>
> - Philip
>
> This communication, including attachments, is for the exclusive use of
> addressee and may contain proprietary, confidential and/or privileged
> information. If you are not the intended recipient, any use, copying,
> disclosure, dissemination or distribution is strictly prohibited. If
> you
> are not the intended recipient, please notify the sender immediately by
> return e-mail, delete this communication and destroy all copies.
>
>
>
> -Original Message-
> From: Troy Meyer [mailto:[EMAIL PROTECTED]
> Sent: Monday, May 05, 2008 11:28 AM
> To: NT System Admin Issues
> Subject: RE: Trusted Intranet Sites
>
> Phil,
>
> If you wanted to add rather than replace, this is merely a registry
> setting.  Adding all of monacocoach.com to your local intranet would
> look like: (excuse silly outlook wrapping)
>
> reg add
> "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
> Settings\ZoneMap\Domains\monacocoach.com" /v "*" /t REG_DWORD /d
> 0001 /f
>
> So you could take that string and easily apply that in a policy without
> replacing existing settings.
>
> -troy
>
>
> -Original Message-
> From: Phil Hershey [mailto:[EMAIL PROTECTED]
> Sent: Monday, May 05, 2008 11:08 AM
> To: NT System Admin Issues
> Subject: GPO: Trusted Intranet Sites
>
> I need to add an internal site to every user's Local Intranet sites.
> Is
> there a simple way to do that with a GPO or even the Default Domain
> GPO,
> since it applied to everyone?
>
> Phil Hershey


~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

RE: Trusted Intranet Sites

2008-05-05 Thread Greg Mulholland

You can. As ken suggested predefine all the security zone settings for IE in 
gpo.

-Original Message-
From: Ken Schaefer [mailto:[EMAIL PROTECTED]
Sent: Tuesday, 6 May 2008 10:34 AM
To: NT System Admin Issues
Subject: RE: Trusted Intranet Sites

You can do this with the Microsoft supplied GPOs (use the Site To Zone 
assignment option)

Do not edit the Default Domain Policy - create a new Domain policy for your 
business, and put all your domain-wide policies in there. Why? Then you know 
exactly what came "in the box" from Microsoft and what you've changed 
subsequently. It will help with maintenance and troubleshooting.

I would always use a GPO over a batch file/logon script *if* they do the same 
thing. It's really easy to model the net effect of GPOs on users and computers 
using  RSOP/GPMC. It's virtually impossible to model the effect of batch 
scripts unless you have a unit test harness...

Cheers
Ken


> -Original Message-
> From: Troy Meyer [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, 6 May 2008 4:52 AM
> To: NT System Admin Issues
> Subject: RE: Trusted Intranet Sites
>
> You could use an adm if you wanted to, it all depends on how you want
> to run things.  I went the lazy route and just added a bat file into
> the user login script in a GP (under User Config - Admin Templates -
> System - Logon - Run these programs at user logon).
>
> It checks a couple settings and then applies a couple registry settings
> so stuff matches. Things like registry adds to HKCU are super fast and
> the user doesn't even notice.
>
> -tm
>
>
> -Original Message-
> From: Phil Hershey [mailto:[EMAIL PROTECTED]
> Sent: Monday, May 05, 2008 11:37 AM
> To: NT System Admin Issues
> Subject: RE: Trusted Intranet Sites
>
> Troy,
>
> How would I actually go about applying the registry hack with a policy?
> I'd need to use the Inetesc.adm file, wouldn't I?
>
> - Philip
>
> This communication, including attachments, is for the exclusive use of
> addressee and may contain proprietary, confidential and/or privileged
> information. If you are not the intended recipient, any use, copying,
> disclosure, dissemination or distribution is strictly prohibited. If
> you
> are not the intended recipient, please notify the sender immediately by
> return e-mail, delete this communication and destroy all copies.
>
>
>
> -Original Message-
> From: Troy Meyer [mailto:[EMAIL PROTECTED]
> Sent: Monday, May 05, 2008 11:28 AM
> To: NT System Admin Issues
> Subject: RE: Trusted Intranet Sites
>
> Phil,
>
> If you wanted to add rather than replace, this is merely a registry
> setting.  Adding all of monacocoach.com to your local intranet would
> look like: (excuse silly outlook wrapping)
>
> reg add
> "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
> Settings\ZoneMap\Domains\monacocoach.com" /v "*" /t REG_DWORD /d
> 0001 /f
>
> So you could take that string and easily apply that in a policy without
> replacing existing settings.
>
> -troy
>
>
> -Original Message-
> From: Phil Hershey [mailto:[EMAIL PROTECTED]
> Sent: Monday, May 05, 2008 11:08 AM
> To: NT System Admin Issues
> Subject: GPO: Trusted Intranet Sites
>
> I need to add an internal site to every user's Local Intranet sites.
> Is
> there a simple way to do that with a GPO or even the Default Domain
> GPO,
> since it applied to everyone?
>
> Phil Hershey


~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

RE: Trusted Intranet Sites

2008-05-05 Thread Ken Schaefer

You can do this with the Microsoft supplied GPOs (use the Site To Zone 
assignment option)

Do not edit the Default Domain Policy - create a new Domain policy for your 
business, and put all your domain-wide policies in there. Why? Then you know 
exactly what came "in the box" from Microsoft and what you've changed 
subsequently. It will help with maintenance and troubleshooting.

I would always use a GPO over a batch file/logon script *if* they do the same 
thing. It's really easy to model the net effect of GPOs on users and computers 
using  RSOP/GPMC. It's virtually impossible to model the effect of batch 
scripts unless you have a unit test harness...

Cheers
Ken


> -Original Message-
> From: Troy Meyer [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, 6 May 2008 4:52 AM
> To: NT System Admin Issues
> Subject: RE: Trusted Intranet Sites
>
> You could use an adm if you wanted to, it all depends on how you want
> to run things.  I went the lazy route and just added a bat file into
> the user login script in a GP (under User Config - Admin Templates -
> System - Logon - Run these programs at user logon).
>
> It checks a couple settings and then applies a couple registry settings
> so stuff matches. Things like registry adds to HKCU are super fast and
> the user doesn't even notice.
>
> -tm
>
>
> -Original Message-
> From: Phil Hershey [mailto:[EMAIL PROTECTED]
> Sent: Monday, May 05, 2008 11:37 AM
> To: NT System Admin Issues
> Subject: RE: Trusted Intranet Sites
>
> Troy,
>
> How would I actually go about applying the registry hack with a policy?
> I'd need to use the Inetesc.adm file, wouldn't I?
>
> - Philip
>
> This communication, including attachments, is for the exclusive use of
> addressee and may contain proprietary, confidential and/or privileged
> information. If you are not the intended recipient, any use, copying,
> disclosure, dissemination or distribution is strictly prohibited. If
> you
> are not the intended recipient, please notify the sender immediately by
> return e-mail, delete this communication and destroy all copies.
>
>
>
> -Original Message-
> From: Troy Meyer [mailto:[EMAIL PROTECTED]
> Sent: Monday, May 05, 2008 11:28 AM
> To: NT System Admin Issues
> Subject: RE: Trusted Intranet Sites
>
> Phil,
>
> If you wanted to add rather than replace, this is merely a registry
> setting.  Adding all of monacocoach.com to your local intranet would
> look like: (excuse silly outlook wrapping)
>
> reg add
> "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
> Settings\ZoneMap\Domains\monacocoach.com" /v "*" /t REG_DWORD /d
> 0001 /f
>
> So you could take that string and easily apply that in a policy without
> replacing existing settings.
>
> -troy
>
>
> -Original Message-
> From: Phil Hershey [mailto:[EMAIL PROTECTED]
> Sent: Monday, May 05, 2008 11:08 AM
> To: NT System Admin Issues
> Subject: GPO: Trusted Intranet Sites
>
> I need to add an internal site to every user's Local Intranet sites.
> Is
> there a simple way to do that with a GPO or even the Default Domain
> GPO,
> since it applied to everyone?
>
> Phil Hershey


~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

RE: Trusted Intranet Sites

2008-05-05 Thread Phil Hershey

I could certainly add the "REG ADD" line to the appropriate logon
scripts, but would it add the site each time the script runs?

- Philip

This communication, including attachments, is for the exclusive use of
addressee and may contain proprietary, confidential and/or privileged
information. If you are not the intended recipient, any use, copying,
disclosure, dissemination or distribution is strictly prohibited. If you
are not the intended recipient, please notify the sender immediately by
return e-mail, delete this communication and destroy all copies.



-Original Message-
From: Troy Meyer [mailto:[EMAIL PROTECTED] 
Sent: Monday, May 05, 2008 11:52 AM
To: NT System Admin Issues
Subject: RE: Trusted Intranet Sites

You could use an adm if you wanted to, it all depends on how you want to
run things.  I went the lazy route and just added a bat file into the
user login script in a GP (under User Config - Admin Templates - System
- Logon - Run these programs at user logon).

It checks a couple settings and then applies a couple registry settings
so stuff matches. Things like registry adds to HKCU are super fast and
the user doesn't even notice.

-tm


-Original Message-
From: Phil Hershey [mailto:[EMAIL PROTECTED]
Sent: Monday, May 05, 2008 11:37 AM
To: NT System Admin Issues
Subject: RE: Trusted Intranet Sites

Troy,

How would I actually go about applying the registry hack with a policy?
I'd need to use the Inetesc.adm file, wouldn't I?

- Philip

This communication, including attachments, is for the exclusive use of
addressee and may contain proprietary, confidential and/or privileged
information. If you are not the intended recipient, any use, copying,
disclosure, dissemination or distribution is strictly prohibited. If you
are not the intended recipient, please notify the sender immediately by
return e-mail, delete this communication and destroy all copies.



-Original Message-
From: Troy Meyer [mailto:[EMAIL PROTECTED]
Sent: Monday, May 05, 2008 11:28 AM
To: NT System Admin Issues
Subject: RE: Trusted Intranet Sites

Phil,

If you wanted to add rather than replace, this is merely a registry
setting.  Adding all of monacocoach.com to your local intranet would
look like: (excuse silly outlook wrapping)

reg add
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Domains\monacocoach.com" /v "*" /t REG_DWORD /d
0001 /f

So you could take that string and easily apply that in a policy without
replacing existing settings.

-troy


-Original Message-
From: Phil Hershey [mailto:[EMAIL PROTECTED]
Sent: Monday, May 05, 2008 11:08 AM
To: NT System Admin Issues
Subject: GPO: Trusted Intranet Sites

I need to add an internal site to every user's Local Intranet sites.  Is
there a simple way to do that with a GPO or even the Default Domain GPO,
since it applied to everyone?

Phil Hershey


~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

RE: Trusted Intranet Sites

2008-05-05 Thread Troy Meyer

You could use an adm if you wanted to, it all depends on how you want to run 
things.  I went the lazy route and just added a bat file into the user login 
script in a GP (under User Config - Admin Templates - System - Logon - Run 
these programs at user logon).

It checks a couple settings and then applies a couple registry settings so 
stuff matches. Things like registry adds to HKCU are super fast and the user 
doesn't even notice.

-tm


-Original Message-
From: Phil Hershey [mailto:[EMAIL PROTECTED]
Sent: Monday, May 05, 2008 11:37 AM
To: NT System Admin Issues
Subject: RE: Trusted Intranet Sites

Troy,

How would I actually go about applying the registry hack with a policy?
I'd need to use the Inetesc.adm file, wouldn't I?

- Philip

This communication, including attachments, is for the exclusive use of
addressee and may contain proprietary, confidential and/or privileged
information. If you are not the intended recipient, any use, copying,
disclosure, dissemination or distribution is strictly prohibited. If you
are not the intended recipient, please notify the sender immediately by
return e-mail, delete this communication and destroy all copies.



-Original Message-
From: Troy Meyer [mailto:[EMAIL PROTECTED]
Sent: Monday, May 05, 2008 11:28 AM
To: NT System Admin Issues
Subject: RE: Trusted Intranet Sites

Phil,

If you wanted to add rather than replace, this is merely a registry
setting.  Adding all of monacocoach.com to your local intranet would
look like: (excuse silly outlook wrapping)

reg add
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Domains\monacocoach.com" /v "*" /t REG_DWORD /d
0001 /f

So you could take that string and easily apply that in a policy without
replacing existing settings.

-troy


-Original Message-
From: Phil Hershey [mailto:[EMAIL PROTECTED]
Sent: Monday, May 05, 2008 11:08 AM
To: NT System Admin Issues
Subject: GPO: Trusted Intranet Sites

I need to add an internal site to every user's Local Intranet sites.  Is
there a simple way to do that with a GPO or even the Default Domain GPO,
since it applied to everyone?

Phil Hershey


~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

RE: Trusted Intranet Sites

2008-05-05 Thread Phil Hershey

Troy,
 
How would I actually go about applying the registry hack with a policy?
I'd need to use the Inetesc.adm file, wouldn't I?

- Philip

This communication, including attachments, is for the exclusive use of
addressee and may contain proprietary, confidential and/or privileged
information. If you are not the intended recipient, any use, copying,
disclosure, dissemination or distribution is strictly prohibited. If you
are not the intended recipient, please notify the sender immediately by
return e-mail, delete this communication and destroy all copies.



-Original Message-
From: Troy Meyer [mailto:[EMAIL PROTECTED] 
Sent: Monday, May 05, 2008 11:28 AM
To: NT System Admin Issues
Subject: RE: Trusted Intranet Sites

Phil,

If you wanted to add rather than replace, this is merely a registry
setting.  Adding all of monacocoach.com to your local intranet would
look like: (excuse silly outlook wrapping)

reg add
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Domains\monacocoach.com" /v "*" /t REG_DWORD /d
0001 /f

So you could take that string and easily apply that in a policy without
replacing existing settings.

-troy


-Original Message-
From: Phil Hershey [mailto:[EMAIL PROTECTED]
Sent: Monday, May 05, 2008 11:08 AM
To: NT System Admin Issues
Subject: GPO: Trusted Intranet Sites

I need to add an internal site to every user's Local Intranet sites.  Is
there a simple way to do that with a GPO or even the Default Domain GPO,
since it applied to everyone?

Phil Hershey


~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

RE: Trusted Intranet Sites

2008-05-05 Thread Troy Meyer

Phil,

If you wanted to add rather than replace, this is merely a registry setting.  
Adding all of monacocoach.com to your local intranet would look like: (excuse 
silly outlook wrapping)

reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet 
Settings\ZoneMap\Domains\monacocoach.com" /v "*" /t REG_DWORD /d 0001 /f

So you could take that string and easily apply that in a policy without 
replacing existing settings.

-troy


-Original Message-
From: Phil Hershey [mailto:[EMAIL PROTECTED]
Sent: Monday, May 05, 2008 11:08 AM
To: NT System Admin Issues
Subject: GPO: Trusted Intranet Sites

I need to add an internal site to every user's Local Intranet sites.  Is
there a simple way to do that with a GPO or even the Default Domain GPO,
since it applied to everyone?

Phil Hershey


~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: Trusted Intranet Sites

2008-05-05 Thread Kennedy, Jim

User Config/Windows Settings/IE Maintenance/Security.

Just remember, what you put in there replaces what they have, it is not in 
addition to..




> -Original Message-
> From: Phil Hershey [mailto:[EMAIL PROTECTED]
> Sent: Monday, May 05, 2008 2:08 PM
> To: NT System Admin Issues
> Subject: GPO: Trusted Intranet Sites
>
> I need to add an internal site to every user's Local Intranet sites.
> Is
> there a simple way to do that with a GPO or even the Default Domain
> GPO,
> since it applied to everyone?
>
> Phil Hershey
>
>
> ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
> ~   ~

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~
~   ~

RE: Trusted Intranet Sites

RE: Trusted Intranet Sites

RE: Trusted Intranet Sites

RE: Trusted Intranet Sites

RE: Trusted Intranet Sites

RE: Trusted Intranet Sites

RE: Trusted Intranet Sites

RE: Trusted Intranet Sites

8 matches

Site Navigation

Mail list logo

Footer information