Location: Mail List

Ads

Skyscraper

The GPTalk Mailing List

The GPTALK mailing list is where you can send and receive email related to Windows Group Policy. You must subscribe to the list to send and receive mail from the list. The purpose of the list is to provide a forum for asking and answering technical questions related to Group Policy. Any question is fair game as long as it is related to Windows Group Policy.  The Archives for this list can be found on this page.

 

List Posts

Forums >GPTalk >GPTalk Mailing List
Subject: [gptalk] ie security zones exceptions
Prev Next
You are not authorized to post a reply.

AuthorMessages
rpo8373User is Offline

Posts:58

02/08/2010 3:55 AM  
hi all,

we have about 10 users who need to access an online training course that
utilises clipboard access.

the users are currently being prompted if they want to allow clipboard
access when they use the site. this is fine because in a gpo linked to the
users ou we have setup cutom ie zones and this is one of the settings in the
internet zone.

what we need to do is to allow clipboard access for this site so no prompt
is displayed. at this time i'm thinking i will just add the url of this site
to the trusted sites zone (which has clipboard access allowed). only issue
with this is that now all users in the users ou have this url as a trusted
site, not just 10 users.

not a big deal i guess, but i was just hoping to keep it as tight as
possible. does anyone have any better suggestions?

daniel.

omarUser is Offline

Posts:97

02/08/2010 8:01 PM  
*
Create a new security group add the ten users to it.
*
Take the original GPO and create a copy of it and rename the copy.
*
Take the original GPO and add that new security group to the security filtering with DENY group policy security rights. You need to open the GPO for editing then from the gp editor window- right-click the gpo and choose properties and select the security tab- add the new group with deny in here and leave all other permissions alone
*
Take the copied GPO and use security filtering to apply this GPO to the new security group only using the GPMC console.
*
Edit the new/copied GPO and add this site to the trusted site list- and then link it to the correct OU.

that's one way you can do it- but then you have two GPOs that need updates when the entire company needs an update.



Omar


________________________________
From: xxxxxxxxxxxxxxxx [xxxxxxxxxxxxxxxx] On Behalf Of daniel [xxxxxxxxxxxxxxxx]
Sent: Sunday, February 07, 2010 7:53 PM
To: xxxxxxxxxxxxxxxx
Subject: [gptalk] ie security zones exceptions

hi all,

we have about 10 users who need to access an online training course that utilises clipboard access.

the users are currently being prompted if they want to allow clipboard access when they use the site. this is fine because in a gpo linked to the users ou we have setup cutom ie zones and this is one of the settings in the internet zone.

what we need to do is to allow clipboard access for this site so no prompt is displayed. at this time i'm thinking i will just add the url of this site to the trusted sites zone (which has clipboard access allowed). only issue with this is that now all users in the users ou have this url as a trusted site, not just 10 users.

not a big deal i guess, but i was just hoping to keep it as tight as possible. does anyone have any better suggestions?

daniel.

rpo8373User is Offline

Posts:58

02/15/2010 11:34 PM  
thanks.

does anyone know of an easy way to actually add a site to the trusted zone?

when i try to edit the security zone and content ratings settings within the
ie maintenance section of the gpo, it wants to import all of the four zone
settings in order to let me edit the trusted sites. surely there's an easier
way?

i've also found a setting in admin templates\windows components\windows
components\internet explorer\internet control panel\security page\site to
zone assignment. i've added the trusted site with a value of 2 to indciate
it should be added to the trusted zone as per documentation i've read, but
this simply doesn't work. nothing in the trusted sites.

any other ideas?

daniel.

On 9 February 2010 06:01, Omar Droubi <xxxxxxxxxxxxxxxx> wrote:

>
> - Create a new security group add the ten users to it.
> - Take the original GPO and create a copy of it and rename the copy.
> - Take the original GPO and add that new security group to the security
> filtering with DENY group policy security rights. You need to open the GPO
> for editing then from the gp editor window- right-click the gpo and choose
> properties and select the security tab- add the new group with deny in here
> and leave all other permissions alone
> - Take the copied GPO and use security filtering to apply this GPO to
> the new security group only using the GPMC console.
> - Edit the new/copied GPO and add this site to the trusted site list-
> and then link it to the correct OU.
>
> that's one way you can do it- but then you have two GPOs that need updates
> when the entire company needs an update.
>
>
>
> Omar
>
> ------------------------------
> *From:* xxxxxxxxxxxxxxxx [xxxxxxxxxxxxxxxx] On
> Behalf Of daniel [xxxxxxxxxxxxxxxx]
> *Sent:* Sunday, February 07, 2010 7:53 PM
> *To:* xxxxxxxxxxxxxxxx
> *Subject:* [gptalk] ie security zones exceptions
>
> hi all,
>
> we have about 10 users who need to access an online training course that
> utilises clipboard access.
>
> the users are currently being prompted if they want to allow clipboard
> access when they use the site. this is fine because in a gpo linked to the
> users ou we have setup cutom ie zones and this is one of the settings in the
> internet zone.
>
> what we need to do is to allow clipboard access for this site so no prompt
> is displayed. at this time i'm thinking i will just add the url of this site
> to the trusted sites zone (which has clipboard access allowed). only issue
> with this is that now all users in the users ou have this url as a trusted
> site, not just 10 users.
>
> not a big deal i guess, but i was just hoping to keep it as tight as
> possible. does anyone have any better suggestions?
>
> daniel.
>

omarUser is Offline

Posts:97

02/16/2010 4:21 AM  
Login script works well as long as you dont need to enforce the zone and you want to add it.
Search the archive of this list for this topic and you can find an easy reg script that i posted a few years ago on this topic -----Original Message----- From: daniel <xxxxxxxxxxxxxxxx>
Sent: Monday, February 15, 2010 3:29 PM
To: xxxxxxxxxxxxxxxx
Subject: Re: [gptalk] ie security zones exceptions

thanks.

does anyone know of an easy way to actually add a site to the trusted zone?

when i try to edit the security zone and content ratings settings within the ie maintenance section of the gpo, it wants to import all of the four zone settings in order to let me edit the trusted sites. surely there's an easier way?

i've also found a setting in admin templates\windows components\windows components\internet explorer\internet control panel\security page\site to zone assignment. i've added the trusted site with a value of 2 to indciate it should be added to the trusted zone as per documentation i've read, but this simply doesn't work. nothing in the trusted sites.

any other ideas?

daniel.

On 9 February 2010 06:01, Omar Droubi <xxxxxxxxxxxxxxxx> wrote:
Create a new security group add the ten users to it.
Take the original GPO and create a copy of it and rename the copy.
Take the original GPO and add that new security group to the security filtering with DENY group policy security rights. You need to open the GPO for editing then from the gp editor window- right-click the gpo and choose properties and select the security tab- add the new group with deny in here and leave all other permissions alone
Take the copied GPO and use security filtering to apply this GPO to the new security group only using the GPMC console.
Edit the new/copied GPO and add this site to the trusted site list- and then link it to the correct OU.
that's one way you can do it- but then you have two GPOs that need updates when the entire company needs an update.

Omar

From: xxxxxxxxxxxxxxxx [xxxxxxxxxxxxxxxx] On Behalf Of daniel [xxxxxxxxxxxxxxxx]
Sent: Sunday, February 07, 2010 7:53 PM
To: xxxxxxxxxxxxxxxx
Subject: [gptalk] ie security zones exceptions

hi all,

we have about 10 users who need to access an online training course that utilises clipboard access.

the users are currently being prompted if they want to allow clipboard access when they use the site. this is fine because in a gpo linked to the users ou we have setup cutom ie zones and this is one of the settings in the internet zone.

what we need to do is to allow clipboard access for this site so no prompt is displayed. at this time i'm thinking i will just add the url of this site to the trusted sites zone (which has clipboard access allowed). only issue with this is that now all users in the users ou have this url as a trusted site, not just 10 users.

not a big deal i guess, but i was just hoping to keep it as tight as possible. does anyone have any better suggestions?

daniel.

You are not authorized to post a reply.
Forums >GPTalk >GPTalk Mailing List > [gptalk] ie security zones exceptions



ActiveForums 3.7

Members

MembershipMembership:
Latest New UserLatest:carmicklec
New TodayNew Today:1
New YesterdayNew Yesterday:1
User CountOverall:1399
People OnlinePeople Online:
VisitorsVisitors:0
MembersMembers:0
TotalTotal:0
Online NowOnline Now:

Ads

Banner Inv
Copyright 2009 by GPOGUY.COM
Terms Of Use