none
Possible Bug? - IE9 Policy Missing in SCM Baseline GPO RRS feed

  • Question

  • I am not sure if this is a bug or not, but wanted to share in case it is.  Does anyone else see the same thing?

    The policy below is listed in both the SCM IE9 Baseline and in the IE9 Computer Security Compliance Excel report.
      Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off ActiveX opt-in prompt
        Default Value = Not Configured
        Recommended Value = Disabled
        Severity = Important

    I performed the following steps:
    - Exported the IE9 SCM GPO using GPO backup function in the SCM UI
    - Created a blank GPO on the DC
    - Imported the IE9 SCM GPO from the backup

    When viewing the settings for the newly created IE9 GPO in GPMC, the policy is not listed at all.  Editing the newly created IE9 GPO shows the policy as "Not Configured", which matches the Default value, but is contradictory to what SCM says the Baseline should be.

    Saturday, April 14, 2012 2:13 AM

Answers

  • One of my colleagues, Jose, figured out the exact problem and we'll get it fixed in the next version of SCM:

    The registry path specified in the setting definition is incorrect: HKLM\Software\

    Policies\Microsoft\Windows\CurrentVersion\Polices\Ext\NoFirsttimepromptPolicies\Ext\NoFirsttimeprompt

    The following is the correct registry path for this setting: HKLM\Software\Microsoft\Windows\CurrentVersion\


    Kurt Dillard http://www.kurtdillard.com

    Monday, April 23, 2012 10:29 PM
    Moderator

All replies

  • Tech Fiend,

    Thanks for your note, I replicated your troubleshooting steps and saw the same issue, it looks like a bug and I'll forward it to the SCM developers.

    Kurt


    Kurt Dillard http://www.kurtdillard.com

    Thursday, April 19, 2012 6:00 PM
    Moderator
  • One of my colleagues, Jose, figured out the exact problem and we'll get it fixed in the next version of SCM:

    The registry path specified in the setting definition is incorrect: HKLM\Software\

    Policies\Microsoft\Windows\CurrentVersion\Polices\Ext\NoFirsttimepromptPolicies\Ext\NoFirsttimeprompt

    The following is the correct registry path for this setting: HKLM\Software\Microsoft\Windows\CurrentVersion\


    Kurt Dillard http://www.kurtdillard.com

    Monday, April 23, 2012 10:29 PM
    Moderator