none
GPO User Settings Not Applying When SCM Computer Settings Applied RRS feed

  • Question

  • I can apply 'Site Zone Assignement' successfully to user:
    User Settings -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page.
    I can use this to add sites to trusted sites.

    When I apply the 'Security Compliance Manager' 4.0 Internet Explorer GPO template to the workstation, the user site zone assignment settings "stop taking". I say stop taking, because according to group policy modeling, and gpresult, the user GPO is present and applied.

    Of note:
    If I change the 'Site Zone Assignement' to a computer setting, it takes. {My manager doesn't want to do this}
    If I enable loopback processing it does not take.

    I've seen this issue on windows 7 and 10 Enterprise x64 clients.
    I feel like there is something set in the SCM internet Explorer GPO set that's preventing user settings (whether from GPO or user) from applying, but I can't put my finger on it. Does anyone else know?

    P.S. Link to SCM: https://blogs.technet.microsoft.com/secguide/2014/09/04/scm-baselines-for-windows-8-1-ie-11-and-server-2012-r2-are-now-live/
    http://go.microsoft.com/fwlink/?LinkID=507389&clcid=0x409
    Internet-Explorer-11-Security-Compliance-Baseline_Attachments-2.cab\BaselineDocuments\94949772-335f-402b-bb8e-9904a31b1cba\Internet Explorer 11 CCE Reference.xlsm


    Friday, August 25, 2017 11:02 PM

All replies