[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 324
  • Last Modified:

content advisors applied to seperate OU's with group policy.

win2Kserver with 70 xp pro clients and 400 users (School enviroment)
I am trying to apply different content advisors to several OU's in the same domain to allow different levels of access to users.
I have been trying to apply this through group policy but the same settings are being applied to all  of the domain.
I do not want users to have to supply a password to view sites.
There is a central filtering policy which stops most less tastefull sites but I need to control some users even further without affecting others.
0
revliss
Asked:
revliss
  • 5
  • 2
1 Solution
 
visioneerCommented:
Where are you applying the Group Policy, specifically?
0
 
revlissAuthor Commented:
On the OU>user conf.>windows settings>internet explorer maintainance>security>security zones and content.
If i import settings they are the same domain wide. if i modify they change domain wide.
If i do not import settings it all goes pear shaped domain wide.
What i need to know is can i have different settings on diffferent OU'S or am I restricted to one domain level control.
0
 
visioneerCommented:
What I'm asking is more specific to where the GPO is linked.

Did you modify the Default Domain Policy?  Or did you create a new policy?  If it's a new one, is it linked to the domain or to specific OUs, or both?
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
visioneerCommented:
And to answer your question, yes you can have different group policy objects on a per-OU basis.  If you are modifying the Default Domain Policy, or if you created a new policy at the domain level, that's your problem.  

Go to the properties of the OU and create your GPO there.
0
 
revlissAuthor Commented:
It was a new policy set on a new OU and I then modified the imported content advisor settings.
After it was set all OU's took on the new level of restriction.
I have since tried modifying the different ou policies and domain level policy and eventually got back where I started.
What I need to achieve are no restrictions at domain level to cover most OU's and another policy to totally restrict most sites on one OU.
Would blocking inheritance achieve this???????
0
 
visioneerCommented:
Yes.
0
 
visioneerCommented:
Let me clarify... there is another way to do this.

Create a new GPO that has no content advisor restrictions, link it to the domain.  Great another GPO that has your content advisor restrictions, link it to an OU.  The OU policy will automatically override the domain policy, because that's the order in which they are applied (Local -> Site -> Domain -> OU, and each one overrides the previous one if there are conflicting settings).  You should not need to block inheritance in this case.

0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 5
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now