Internet Explorer ESC will not turn off for some users

we running rd session host farm on server 2k8 r2 servers.   there 4 servers in farm.  we apply 1 gpo users log farm farm servers.  

in gpo have locked down ie settings using administrative templates (i don't use internet explorer maintenance or internet settings, administrative templates).  some of settings include hiding internet settings pages, setting security levels , assigning site-to-zone list.

the problem is, users esc appears on , many of gpo settings not applied.  i have verified that esc turned off both admin , users on servers including dc used create gpo.  i looked @ both server manager , registry key , both indicate esc off admins/users.  i have verified happens new users log farm first time, not happening users.  

performing gpupdate /force doesn't help.

if compare gpresults between user is experiencing the issue , 1 not, don't see differences.  all of ie settings appear there , says were successfully applied when user opens ie esc icon present , none of site-to-zone mapping applied.  the settings restrict access internet settings seem apply , work correctly, none of security settings do.

i feel i've tried everything.  does know why happen??   

hi,

 

by default, fast logon optimization feature set both domain , workgroup members. result, windows not wait network initialized @ startup , logon. existing users logged on using cached credentials. results in shorter logon times. group policy applied in background after network becomes available. note because background refresh, extensions such software installation , folder redirection take 2 logons apply changes. additionally, changes made user object, such adding roaming profile path, home directory, or user object logon script, may take 2 logons detected.

 

please enable group policy “computer configuration\administrative templates\system\logon\always wait network @ computer startup , logon” check result.

 

for more information, please refer following microsoft kb article:

 

description of windows xp professional fast logon optimization feature

http://support.microsoft.com/kb/305293

 

if not case, please collect log files , upload them me here our further research?

 

collect gpmc log

==============

1.     on domain controller, click start -> run, type gpmc.msc, load gpmc console. if gpmc snap-in not installed.

2.     right click on "group policy result" , choose wizard generate report problematic computer , user account (please place appropriately). (choose computer , select proper user in wizard)

3.     right click resulting group policy result , click "save report…" => save report , upload link provided.

 

collect gpsvc.log

==============

to collect gpsvc.log, need modify following registry:

 

subkey: hklm\software\microsoft\windows nt\currentversion\diagnostics

entry: gpsvcdebuglevel

type: reg_dword

vaule data: 0x30002

 

after issue reoccurs, find , upload %windir%\debug\usermode\gpsvc.log file.

 

collect gpresult output

==============

1.     run command gpresult /v >c:\gpresult.txt.

2.     upload c:\gpresult.txt above link.

 

regards,

---

arthur li

technet community support

Windows Server  >  Group Policy