Hi,
Thank you for your update.
You can disable Internet Explorer Enhanced Security Configuration feature
through group policy. To do so, download the Managing Internet Explorer
Enhanced Security Configuration document from the link below, go to
Appendix A: InetESC.adm section, and follow the instructions to Disable IE
Enhanced Security Configuration via the GPO.
Managing Internet Explorer Enhanced Security Configuration
http://www.microsoft.com/downloads/details.aspx?FamilyID=d41b036c-e2e1-4960-
99bb-9757f7e9e31b&DisplayLang=en
Hope this helps, if anything unclear, please do not hesitate to let me know.
Have a nice day!
Best Regards,
Chace Zhang (MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Subject: RE: GPO trusted sites not working
| From: Oem <***@XXXtelelineXXX.es>
| References: <***@207.46.248.16>
<VY2lMRv$***@TK2MSFTNGXA01.phx.gbl>
| Message-ID: <***@207.46.248.16>
| User-Agent: Xnews/5.04.25
| Newsgroups: microsoft.public.windows.server.sbs
| Date: Fri, 03 Nov 2006 01:29:10 -0800
| NNTP-Posting-Host: 190.118.14.62.dynamic.jazztel.es 62.14.118.190
| Lines: 1
| Path:
TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP0
4.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:310041
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| SBS2003 R2 -> IE ESC On (users and administrators)
| XP SP2 Clients -> seems ESC Off
|
| How turn on ESC in the workstations?
| I see under Control Panel -> Add/Quit Windows components
| But i don't see ESC there, only IE 6
|
| I have to put ESC off on the server to have trusted sites GPO working if
| the clients haven't ESC??
|
|
| Thanks!
|
|
|
|
|
|
|
| v-***@microsoft.com (chace zhang) wrote in
| news:VY2lMRv$***@TK2MSFTNGXA01.phx.gbl:
|
| > Hi,
| >
| > Thanks for posting here.
| >
| > From your post, my understanding of this issue is: your client
| > configured Group Policy for Local intranet zone settings, but the
| > policy doesn't work on clients. If this is not correct, please feel
| > free to let me know.
| >
| > Analysis
| > ==================
| > This issue may occur because Internet Explorer Enhanced Security
| > Configuration is turned on by default in Windows Server 2003 and
| > Windows XP the settings of Local intranet zone was not imported to the
| > list that is currently in use.
| >
| > When you configure the following policy and select "Import the current
| > security zones and privacy settings" on a computer without Enhanced
| > Security Configuration, you will get a warning "These security
| > settings will be ignored on machines where the enhanced security
| > configuration is enabled" which indicates that these settings will not
| > be applied in Windows Server 2003 due to the enabled Internet Explorer
| > Enhanced Security Configuration:
| > Security Zones and Content Ratings under
| > User Configuration\Windows Settings\Internet Explorer
| > Maintenance\Security
| >
| > Resolution
| > ==================
| > First of all, please check whether Enhanced Security Configuration is
| > turned on in the problematic workstations. If Internet Explorer
| > Enhanced Security Configuration is enabled, when you start Internet
| > Explorer, you receive the following message:
| >
| > Microsoft Internet Explorer's Enhanced Security Configuration is
| > currently enabled on your server. This enhanced level of security
| > reduces the risk of attack from Web-based content that is not secure,
| > but it may also prevent Web sites from displaying correctly and
| > restrict access to network resources.
| >
| > If you want the settings in the Security Zones and Content Ratings
| > policy is applied to the server with enabled Enhanced Security
| > Configuration, you must configure this policy on a computer with
| > enabled Enhanced Security Configuration.
| >
| > If you want the settings in the Security Zones and Content Ratings
| > policy is applied to the workstations (such as Windows XP) without
| > enabled Enhanced Security Configuration, you must configure this
| > policy on a computer without enabled Enhanced Security Configuration.
| >
| > For more information, please refer to the following Microsoft Web
| > sites:
| >
| > Internet Explorer Enhanced Security Configuration changes the browsing
| > experience
| > http://support.microsoft.com/kb/815141
| >
| > Trusted Sites Missing After Upgrade to Windows 2003 Server
| > http://support.microsoft.com/kb/816465
| >
| > In addition, in SBS you can use Group Policy Management Console to
| > create a new GPO link.
| >
| > To do so:
| >
| > 1. Open Group Policy Management console run "gpmc.msc" in command
| > prompt (without quotation marks)
| >
| > 2. Right-click the YourDomain.local and select Create and Link a GPO
| > Here
| >
| > 3. Create and link the Domain.local so this GPO will be applied to
| > your domain(all the users and computers).
| >
| >
| > Please try the above and then let me know the results. If you believe
| > the results are incorrect, please let me know the detailed steps to
| > reproduce it. I look forward to hearing from you.
| >
| >
| > Hope this helps! Please try the suggestions above and let me know the
| > results at your earliest convenience. I look forward to hearing from
| > you soon.
| >
| > Have a nice day!
| >
| > Best Regards,
| >
| > Chace Zhang (MSFT)
| >
| > Microsoft CSS Online Newsgroup Support
| >
| > Get Secure! - www.microsoft.com/security
| >
| > =====================================================
| > This newsgroup only focuses on SBS technical issues. If you have
| > issues regarding other Microsoft products, you'd better post in the
| > corresponding newsgroups so that they can be resolved in an efficient
| > and timely manner. You can locate the newsgroup here:
| > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| >
| > When opening a new thread via the web interface, we recommend you
| > check the "Notify me of replies" box to receive e-mail notifications
| > when there are any updates in your thread. When responding to posts
| > via your newsreader, please "Reply to Group" so that others may learn
| > and benefit from your issue.
| >
| > Microsoft engineers can only focus on one issue per thread. Although
| > we provide other information for your reference, we recommend you post
| > different incidents in different threads to keep the thread clean. In
| > doing so, it will ensure your issues are resolved in a timely manner.
| >
| > For urgent issues, you may want to contact Microsoft CSS directly.
| > Please check http://support.microsoft.com for regional support phone
| > numbers.
| >
| > Any input or comments in this thread are highly appreciated.
| >
| > =====================================================
| >
| > This posting is provided "AS IS" with no warranties, and confers no
| > rights.
| >
| >
| > --------------------
| >| Subject: GPO trusted sites not working
| >| From: Oem <***@XXXtelelineXXX.es>
| >| Message-ID: <***@207.46.248.16>
| >| User-Agent: Xnews/5.04.25
| >| Newsgroups: microsoft.public.windows.server.sbs
| >| Date: Thu, 02 Nov 2006 04:11:36 -0800
| >| NNTP-Posting-Host: 190.118.14.62.dynamic.jazztel.es 62.14.118.190
| >| Lines: 1
| >| Path:
| > TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP01.phx.gbl!
| TK2MSF
| > TNGP0 4.phx.gbl
| >| Xref: TK2MSFTNGXA01.phx.gbl
| >| microsoft.public.windows.server.sbs:309754 X-Tomcat-NG:
| >| microsoft.public.windows.server.sbs
| >|
| >| Hello,
| >|
| >| I'm trying to manage the client trusted sites using a GPO in
| >|
| >| SBS2003 R2 Standard (New installation)
| >|
| >|
| >|
| >| Group Policy Object Editor -> New GPO called something like
| >| "MyCompany Internet Policy"
| >|
| >| Then
| >|
| >| Configuration\Windows Settings\Internet Explorer Maintenance\Security
| >| ->
| >|
| >| Security Zones and Content Ratings ->
| >|
| >| Import the current security ->
| >|
| >| Modify Settings -> Add my new trusted sites
| >|
| >| In this GPO, i add a IE start page in importants URL too (http:
| >| \\companyweb\default.aspx)
| >|
| >| I linked the GPO and make a gpupdate.
| >|
| >|
| >| But this doesn't works at all. I open IE in a client and goes to
| >| companyweb (the GPO seems works), but when i goes to the trusted
| >| sites, the list is empty.
| >|
| >| I look other post about GPOs and IE, but i don't arrange nothing.
| >|
| >| Any ideas?
| >|
| >| Thanks in advance!
| >|
| >|
| >
|
|