Solved

content advisors applied to seperate OU's with group policy.

Posted on 2004-03-29
9
314 Views
Last Modified: 2010-04-11
win2Kserver with 70 xp pro clients and 400 users (School enviroment)
I am trying to apply different content advisors to several OU's in the same domain to allow different levels of access to users.
I have been trying to apply this through group policy but the same settings are being applied to all  of the domain.
I do not want users to have to supply a password to view sites.
There is a central filtering policy which stops most less tastefull sites but I need to control some users even further without affecting others.
0
Comment
Question by:revliss
  • 5
  • 2
9 Comments
 
LVL 5

Expert Comment

by:visioneer
ID: 10708391
Where are you applying the Group Policy, specifically?
0
 

Author Comment

by:revliss
ID: 10713030
On the OU>user conf.>windows settings>internet explorer maintainance>security>security zones and content.
If i import settings they are the same domain wide. if i modify they change domain wide.
If i do not import settings it all goes pear shaped domain wide.
What i need to know is can i have different settings on diffferent OU'S or am I restricted to one domain level control.
0
 
LVL 5

Expert Comment

by:visioneer
ID: 10715826
What I'm asking is more specific to where the GPO is linked.

Did you modify the Default Domain Policy?  Or did you create a new policy?  If it's a new one, is it linked to the domain or to specific OUs, or both?
0
DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

 
LVL 5

Accepted Solution

by:
visioneer earned 500 total points
ID: 10715888
And to answer your question, yes you can have different group policy objects on a per-OU basis.  If you are modifying the Default Domain Policy, or if you created a new policy at the domain level, that's your problem.  

Go to the properties of the OU and create your GPO there.
0
 

Author Comment

by:revliss
ID: 10719122
It was a new policy set on a new OU and I then modified the imported content advisor settings.
After it was set all OU's took on the new level of restriction.
I have since tried modifying the different ou policies and domain level policy and eventually got back where I started.
What I need to achieve are no restrictions at domain level to cover most OU's and another policy to totally restrict most sites on one OU.
Would blocking inheritance achieve this???????
0
 
LVL 5

Expert Comment

by:visioneer
ID: 10719175
Yes.
0
 
LVL 5

Expert Comment

by:visioneer
ID: 10719212
Let me clarify... there is another way to do this.

Create a new GPO that has no content advisor restrictions, link it to the domain.  Great another GPO that has your content advisor restrictions, link it to an OU.  The OU policy will automatically override the domain policy, because that's the order in which they are applied (Local -> Site -> Domain -> OU, and each one overrides the previous one if there are conflicting settings).  You should not need to block inheritance in this case.

0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question