0

I have two forests/domains A and B with a non-transitive trust and cross-forest user GPOs enabled.

I am enforcing IE proxy settings via a user GPO linked to a server OU in Domain B. It actually works when a user from Domain A logs in to Server 1 (in Domain B).

But when a user from Domain B logs in to Server 1 (still in Domain B), the proxy settings do not apply. I ran RSoP and it shows the policies applying, but the IE brand log shows the error "Processing of this Wininet.dll connection settings failed".

I have seen indications that others have had this same problem, but I have seen no resolution. Any thoughts?

1 Answers1

0

I havent come across this issue personally. But it looks like you'd have to troublehoot the CSE involved here for processing that policy. It looks like you are using the legacy IE maintenance extension.

I am not sure what loopback mode you are using. Is it possible you have more than one GPO with IE maintenance settngs to process and the error is in another GPO?

Where possible, the recommendation is to use the first preference of ADM files for IE, next 2nd preference is group policy preferences and last and certaintly least the IE maintenance extension from Windows 2000 days.

I don't know what OS the server1 is here and the IE version on it. But given that you tagged Windows 2008, I assume thats the OS. As long as server1 is at least Windows Server 2003, you have the option of configuring a group policy preferences for IE 6,7 or 8. You would need a Windows Vista and above machine with the new GPMC to create the GPO with the preference though. The DC OS is irrelevant (unless you intend to create GPO from the DC).

On server1 you'd need the GP Preferences extensions. http://support.microsoft.com/kb/943729 has the links to download. You also need to use the new GPMC to create the GPO. Start here for details on getting the new GPMC installed with the RSAT http://technet.microsoft.com/en-us/library/cc731892(WS.10).aspx.

maweeras
  • 2,674
  • 2
  • 16
  • 23