Article ID: 316702
Microsoft Internet Explorer security settings in an organizational unit Group Policy may not be applied to a user whose account is in the organizational unit. This behavior occurs after the user resets the security settings, logs off, and then logs on again.
This behavior occurs because Internet Explorer security settings in Group Policy that has not changed are not to be applied to a user, even if the user has changed the same security settings in the local browser. If you change the local security settings, the settings in the local registry are overwritten.
To resolve this behavior, force the Internet Explorer settings in a Group Policy to always rewrite the appropriate registry keys when the user logs on to the computer:
Each Group Policy is identified by a 32-digit GUID. The default domain policy GUID always starts with "31B," and the default organizational unit policy starts with "6AC." To locate the GUID for any custom policy, right-click the container for the policy, and then click Properties. Click the Group Policy tab, click the policy, and then click Properties. The GUID is displayed on the General tab in the Unique Name box.
Each Group Policy is stored on the computer where it was created. For example, you may create the Group Policy setting in the %SystemRoot%\Sysvol\domain_name\Sysvol\Policies folder, where domain_name is the name of the domain. The folder is named as the GUID for that policy. There is an Adm folder, a machine folder, and a user folder. In the Adm folder, you can locate the Inetres.adm file. This is the file where the Internet Explorer settings are stored. You can open the file by using a text editor such as Notepad.
Article ID: 316702 - Last Review: June 19, 2014 - Revision: 3.0
Retired KB Content Disclaimer
This article was written about products for which Microsoft no longer offers support. Therefore, this article is offered "as is" and will no longer be updated.