Group Policies Not Letting Me Edit IE9 Security Settings
This
problem has reared its ugly head more than once during the last few
years. A user complains that some feature on a web site does not work
properly for them. For example an active-x script will not run or a
flash plugin does not function. So I go to set the security settings in
IE but they are all greyed-out even for the Administrator. You can’t
customize the security zones in IE or add to the trusted sites list for
any-one site
This
usually happens after the users bring their laptop somewhere where it
is added to the local domain and policies pushed to it etc. As well
intentioned as these policies are, they are a pain-in-the ass and cause
more grief than they are worth for me. The problem is that it is not
readily evident which Policies need to be disabled/adjusted to fix this.
I usually recommend that these users stick to FireFox where possible.
After
many Google searches on the topic and following recommendations
describing which registry keys to edit and what policies to disable etc I
finally stumbled on an answer that worked without fail.
Ref:
https://experts.missouristate.edu/display/csvhelpdesk/Trusted+Sites+in+Internet+Explorer+not+editable
Edit/disable these policies and you and your users can control IE as needed:
Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\
Security Zones Do not allow users to change policies
(Prevent
your users from editing security zone settings. When enabled the Custom
Level button and the security-level slider greyed out “)
Security Zones Do not allow users to add delete sites
(What it says)
Security Zones use only machine settings
(Determines whether Security Zones are controlled on a per user basis or or at the local machine level)
And the most important:
Local Computer Policy\Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security Page\
site to zone assignment list
(This
policy allow admins to use a GPO to populate the sites in the different IE
security zones but when enabled in IE7+ it prevents users from editing
the sites list)
Thursday, September 20, 2012
Tuesday, September 18, 2012
yum update fail: Cannot retrieve repository metadata (repomd.xml) for repository
12 Sept 12
On a new RHEL 6 Build freshly registered to a local SAT server I could not get a yum update.
kept getting error:
Cannot retrieve repository metadata (repomd.xml) for repository:
Please verify its path and try again
Did the usual yum clean commands but no help. Followed many suggestions on Google like verifying hostnames, host files, yum conf files, etc but none seemed to work.
Finally found a clue and checked this file /etc/sysconfig/rhn/up2date
Found the server URL and changed it from https to http and my problem was fixed.
Not sure what was up with that since I did not have this issue during the first install I did on that same system on the same day or again after I rebuilt it again that same day. In both those cases I registered and updated with no problems.
On a new RHEL 6 Build freshly registered to a local SAT server I could not get a yum update.
kept getting error:
Cannot retrieve repository metadata (repomd.xml) for repository:
Please verify its path and try again
Did the usual yum clean commands but no help. Followed many suggestions on Google like verifying hostnames, host files, yum conf files, etc but none seemed to work.
Finally found a clue and checked this file /etc/sysconfig/rhn/up2date
Found the server URL and changed it from https to http and my problem was fixed.
Not sure what was up with that since I did not have this issue during the first install I did on that same system on the same day or again after I rebuilt it again that same day. In both those cases I registered and updated with no problems.
RHEL 6 Desktop GUI Install
If you are building a RHEL 6 system and end up with a command line only load that is probably a good thing since why would you need a GUI to administer a linux server. By default RHEL 6 does not install a desktop unless you tell it to so.
There may be reasons why you would want a desktop on your RHEL 6 server, maybe you just like using GUI tools to administer the system. In my case I prefer the command line but need the GUI for end users.
The best time to add desktop support is during the build. During installation you will be prompted for the type of system you are building, i.e. basic server, web server, database server, etc. this is what sets up the packages that will be installed. There is also an option for a desktop system but what if you want a "basic server" with a GUI? By default the "basic server" will not have a desktop.
What to do? After setting your choice click the "custom" button on the bottom of the page go to the "Desktop" section and choose GNOME, KDE, etc, along with X windows. This will give you a desktop when the build is finished.
If you manage to build your server and forgot to add the desktop you can still add it via YUM. Get your server registered with a Satellite Server or RHN and group install GNOME or KDE along with X windows.
for example to install GNOME:
#yum groupinstall "X Window System" "Desktop"
Note: You will see many examples online saying
yum groupinstall "X Window System" "GNOME Desktop Environment"
However this will error out.
There may be reasons why you would want a desktop on your RHEL 6 server, maybe you just like using GUI tools to administer the system. In my case I prefer the command line but need the GUI for end users.
The best time to add desktop support is during the build. During installation you will be prompted for the type of system you are building, i.e. basic server, web server, database server, etc. this is what sets up the packages that will be installed. There is also an option for a desktop system but what if you want a "basic server" with a GUI? By default the "basic server" will not have a desktop.
What to do? After setting your choice click the "custom" button on the bottom of the page go to the "Desktop" section and choose GNOME, KDE, etc, along with X windows. This will give you a desktop when the build is finished.
If you manage to build your server and forgot to add the desktop you can still add it via YUM. Get your server registered with a Satellite Server or RHN and group install GNOME or KDE along with X windows.
for example to install GNOME:
#yum groupinstall "X Window System" "Desktop"
Note: You will see many examples online saying
yum groupinstall "X Window System" "GNOME Desktop Environment"
However this will error out.
Subscribe to:
Comments (Atom)