none
GPO Applied Issue

    Question

  • I have a need
    to set Internet Explorer homepage to open an additional tab to an internal
    SharePoint site. The site is for company managers to view\edit.<o:p></o:p>

    The need is
    for both IE and Chrome browsers. I have the ADMX installed for Chrome. I have
    the following settings set for IE.<o:p></o:p>

    Path is User
    Configuration\Administrative Templates\Windows Components\Internet
    Explorer\Disable changing secondary homepage settings<o:p></o:p>

    I have it set
    to Enabled and using the Show list for the Secondary Home Pages in the Options
    box I set the SharePoint site.<o:p></o:p>

    I have
    basically the same settings for Chrome but I would guess that I would need to
    contact Google to research that issue so I'm not adding that here, unless
    someone here wants to discuss that.<o:p></o:p>

    <o:p> </o:p>

    I've created
    a Security group in Active Directory to use to add the necessary people to
    instead of listing out each user and having to edit the GPO each time a user
    needs added\removed. And I have that setting made in the GPO under Security
    Filter on the Scope tap of this GPO. I then linked the GPO to the top level
    (not at the Domain level) OU containing the OU's for all the departments where
    the managers accounts live. I've even set it to Enforced to ensure that Block
    Inheritance will not stop the GPO from being applied.<o:p></o:p>

    My issue is
    that it never actually makes the browser setting changes and opens the
    additional tab in IE and Chrome. I've run the Group Policy Modeling Wizard
    against the users individually and the policies show as applied.<o:p></o:p>

    <o:p> </o:p>

    I've even
    changed the policy to not look at the Security group and only at the users listed
    individually and the GPO does show as applied but settings never get passed to
    the browsers.<o:p></o:p>

    Any and all
    assistance is greatly appreciated.<o:p></o:p>

    <o:p> </o:p>

    Len<o:p></o:p>



    Leonard Hoffman

    Monday, January 23, 2017 7:23 PM

Answers

  • Hi Leonard,
    Please check if MS16-072 update is installed on clients and domain controllers which might cause user group policy not working, if that is the case, please use the Group Policy Management Console (GPMC.MSC) and add the Authenticated Users group with Read Permissions on the Group Policy Object (GPO). If you are using security filtering, add the Domain Computers group with read permission. You could see details from: https://support.microsoft.com/en-sg/kb/3163622
    Best regards,
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Tuesday, January 24, 2017 6:44 AM
    Moderator
  • > You stated adding the Authenticated Users group to the Security Filtering in the GPO. I don't want this GPO to be applied to all authenticated users
     
    It's not "adding authusers to security filtering", but add them on the delegation tab with "read" and nothing else.
     
    • Marked as answer by LenJr1 Monday, January 30, 2017 7:09 PM
    Wednesday, January 25, 2017 4:20 PM

All replies

  • Hi Leonard,
    Please check if MS16-072 update is installed on clients and domain controllers which might cause user group policy not working, if that is the case, please use the Group Policy Management Console (GPMC.MSC) and add the Authenticated Users group with Read Permissions on the Group Policy Object (GPO). If you are using security filtering, add the Domain Computers group with read permission. You could see details from: https://support.microsoft.com/en-sg/kb/3163622
    Best regards,
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Tuesday, January 24, 2017 6:44 AM
    Moderator
  • Wendy,

    thanks for the reply. I'm going to read the article you suggested to see if we have that update applied.

    While I'm doing that I wanted to be clear on the structure of the OU's and the GPO.

    You stated adding the Authenticated Users group to the Security Filtering in the GPO. I don't want this GPO to be applied to all authenticated users just the listed users in the Security group I created. The users needing this GPO are in other departmental OU's nested under the OU's "Location1 and Location2".

    In other words:

    Location1 OU>Depatrment1

    Location1 OU>Depatrment2

    Location1 OU>Depatrment3

    Location2 OU>Depatrment1

    Location2 OU>Depatrment2

    Location2 OU>Depatrment3

    the GPO is applied at Location1 and at Location2 OU's

    Also, this is a user setting not a computer setting so adding the Domain Computers group I don't believe would help.


    Leonard Hoffman

    Tuesday, January 24, 2017 3:42 PM
  • > You stated adding the Authenticated Users group to the Security Filtering in the GPO. I don't want this GPO to be applied to all authenticated users
     
    It's not "adding authusers to security filtering", but add them on the delegation tab with "read" and nothing else.
     
    • Marked as answer by LenJr1 Monday, January 30, 2017 7:09 PM
    Wednesday, January 25, 2017 4:20 PM
  • Hi Martin,

    Thanks for your reply to clarify that for me. I add the Authenticated Users to the Delegation Tab with Read permissions and at this point the same issue persists. I'm reading the articles Wendy has provided at the moment but if there is anything else that may help please feel free to suggest.

    Thanks,

    Len


    Leonard Hoffman

    Friday, January 27, 2017 3:23 PM
  • Hi,

    I am checking how the issue going, if you still have any questions, please feel free to contact us.

    And if the replies as above are helpful, we would appreciate you to mark them as answers, and if you resolve it using your own solution, please share your experience and solution here. It will be greatly helpful to others who have the same question.

    Appreciate for your feedback.

    Best regards,

    Wendy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, January 30, 2017 3:51 AM
    Moderator
  • Hi Wendy,

    The solution you gave for adding the Authenticated Users back to the Security Filter Delegations Tab worked as you stated, it took sometime for the change to be seen but the GPO for the IE Homepage now appends the sites I need to the users currently listed pages to be opened, thanks for the help on that.

    The only Issue I have now is making Chrome work the same way. Any thoughts on that GPO?

    Thanks,

    Len


    Leonard Hoffman

    Monday, January 30, 2017 7:05 PM
  • Hi Martin,

    I added the Authenticated Users as Wendy and yourself had suggested. It is actually working at this point. Not entirely sure why it took a day to get the changes to be seen but it's now working. My only issue at this time is to make Chrome work in the same way. Any thoughts on Chrome settings? They are basically the same as IE but it's not working at this point.

    Thanks,

    Len


    Leonard Hoffman

    Monday, January 30, 2017 7:08 PM
  • Hi Len,
    Appreciate for the feedback and marking the answer.
    If you are asking how to set the same configuration for chrome via group policy, I am sorry that as it is third party application, I have no idea what exact settings could work for it. In my opinion, you might need to contact google for support.
    Best regards,
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Tuesday, January 31, 2017 2:15 AM
    Moderator