Since this blog's original intention was to keep track of changes, I will be using it as such, even though sometimes some of the information maybe too technical, or too much out of left field for anyone to care. In any case, you will notice that I have added a serial number to the title, as I will be using this title to keep track of different GPO changes. If it's nothing relevant to you, then you can disregard the emails.
These are, however, very important for everyone to be aware of, because they affect the whole infrastructure, and unfortunately, sometimes, the effect of a GPO change does not show itself until a couple of days later, or when a particular task is being performed. These posts will allows us to back-track from any problematic changes.
As part of some adjustments I am making to comply with Aeries.NET implementation, I've had to make some GPO changes, and in the process, decided to start dissecting our existing GPOs into more granular ones, so that they are more concise, and assignable to sub-OUs as opposed to the root of the forest.
GPO Changes:
- Created new GPO: Aeries.NET Policies: This will contain all GPOs which relate to the Aeries.NET implementation.
Details:
Details:
The first change may have affected some of you in regards to KACE remote control, used with IE. If that is the case, please let me know, and I will readjust those, and will fix it for all, once and for all via GPO.
These are, however, very important for everyone to be aware of, because they affect the whole infrastructure, and unfortunately, sometimes, the effect of a GPO change does not show itself until a couple of days later, or when a particular task is being performed. These posts will allows us to back-track from any problematic changes.
As part of some adjustments I am making to comply with Aeries.NET implementation, I've had to make some GPO changes, and in the process, decided to start dissecting our existing GPOs into more granular ones, so that they are more concise, and assignable to sub-OUs as opposed to the root of the forest.
GPO Changes:
- Created new GPO: Aeries.NET Policies: This will contain all GPOs which relate to the Aeries.NET implementation.
Details:
- Added a custom security zone for the User under Internet Explorer Security (Imported Content Security and customized it)
- Computer Config / Windows Components / Internet Control Panel /Security Page / Trusted Sites Zone
- Allow file downloads: Enabled
- Display mixed content: Enabled
- Download signed ActiveX controls: Enabled
- Download unsigned ActiveX controls: Enabled
- User Configuration / Windows Settings: Internet Explorer Maintenance (Preference Mode) / Security/Security Zones and Content Ratings / Security Zones and Privacy / Trusted sites
- Sites in this zone:
- http://wiki.chino.k12.ca.us
- https://abi.chino.k12.ca.us
Details:
- Created WMI Filter to exclude anything by Windows 7 workstations for the UAC policy. WMI Filter applied:
- Disabled the "Pref-Delete_WS_Admin From Servers" in the "Domain Servers/Computers OU.
select * from Win32_OperatingSystem WHERE ( NOT Version like "6.0%" AND NOT Version like "5.%") AND (ProductType="1" OR ProductType="3" OR ProductType="2")
References:
http://community.spiceworks.com/how_to/show/1432http://technet.microsoft.com/en-us/library/cc904288%28v=ws.10%29.aspx
http://technet.microsoft.com/en-us/library/cc947846%28v=ws.10%29.aspx
The first change may have affected some of you in regards to KACE remote control, used with IE. If that is the case, please let me know, and I will readjust those, and will fix it for all, once and for all via GPO.
- This change was made on 05/01/2012 at 11:00am
No comments:
Post a Comment
Please make your comment. (GMK)
Note: Only a member of this blog may post a comment.