Microsoft KB Archive/316702

= Internet Explorer security settings that you set with a Group Policy object are not propagated =

Article ID: 316702

Article Last Modified on 3/2/2007

-

APPLIES TO


 * Microsoft Internet Explorer 5.5 Service Pack 1
 * Microsoft Internet Explorer 5.5 Service Pack 2

-



This article was previously published under Q316702



SYMPTOMS
Microsoft Internet Explorer security settings in an organizational unit Group Policy may not be applied to a user whose account is in the organizational unit. This behavior occurs after the user resets the security settings, logs off, and then logs on again.



CAUSE
This behavior occurs because Internet Explorer security settings in Group Policy that has not changed are not to be applied to a user, even if the user has changed the same security settings in the local browser. If you change the local security settings, the settings in the local registry are overwritten.



RESOLUTION
To resolve this behavior, force the Internet Explorer settings in a Group Policy to always rewrite the appropriate registry keys when the user logs on to the computer:
 * 1) On a domain controller, open the Active Directory Users and Computers snap-in.
 * 2) Right-click the domain name, and then click Properties.
 * 3) Click the Group Policy tab, click the default domain policy, and then click Edit.
 * 4) Expand Administrative Templates under Computer Configuration in the Tree pane.
 * 5) Expand System under Administrative Templates, and then click Group Policy.
 * 6) Click Internet Explorer Maintenance Policy Processing in the Policy pane.
 * 7) Double-click Internet Explorer Maintenance Policy Processing to open the properties for Internet Explorer Maintenance Policy Processing.
 * 8) Click Enable on the Policy tab, and then click Process, even if Group Policy objects have not changed.
 * 9) Click OK to set the policy.

Note It takes approximately 45 minutes for this policy to propagate to all domain controllers and to all users. You can force the update on a user workstation if you type the following command at a command prompt on the user workstation:

secedit/refreshpolicy user_policy/enforce



MORE INFORMATION
Each Group Policy is identified by a 32-digit GUID. The default domain policy GUID always starts with &quot;31B,&quot; and the default organizational unit policy starts with &quot;6AC.&quot; To locate the GUID for any custom policy, right-click the container for the policy, and then click Properties. Click the Group Policy tab, click the policy, and then click Properties. The GUID is displayed on the General tab in the Unique Name box.

Each Group Policy is stored on the computer where it was created. For example, you may create the Group Policy setting in the %SystemRoot%\Sysvol\ \Sysvol\Policies folder, where  is the name of the domain. The folder is named as the GUID for that policy. There is an Adm folder, a machine folder, and a user folder. In the Adm folder, you can locate the Inetres.adm file. This is the file where the Internet Explorer settings are stored. You can open the file by using a text editor such as Notepad.

Additional query words: ou

Keywords: kbenv kbprb KB316702

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.