Solved

content advisors applied to seperate OU's with group policy.

Posted on 2004-03-29
9
316 Views
Last Modified: 2010-04-11
win2Kserver with 70 xp pro clients and 400 users (School enviroment)
I am trying to apply different content advisors to several OU's in the same domain to allow different levels of access to users.
I have been trying to apply this through group policy but the same settings are being applied to all  of the domain.
I do not want users to have to supply a password to view sites.
There is a central filtering policy which stops most less tastefull sites but I need to control some users even further without affecting others.
0
Comment
Question by:revliss
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
9 Comments
 
LVL 5

Expert Comment

by:visioneer
ID: 10708391
Where are you applying the Group Policy, specifically?
0
 

Author Comment

by:revliss
ID: 10713030
On the OU>user conf.>windows settings>internet explorer maintainance>security>security zones and content.
If i import settings they are the same domain wide. if i modify they change domain wide.
If i do not import settings it all goes pear shaped domain wide.
What i need to know is can i have different settings on diffferent OU'S or am I restricted to one domain level control.
0
 
LVL 5

Expert Comment

by:visioneer
ID: 10715826
What I'm asking is more specific to where the GPO is linked.

Did you modify the Default Domain Policy?  Or did you create a new policy?  If it's a new one, is it linked to the domain or to specific OUs, or both?
0
Major Incident Management Communications

Major incidents and IT service outages cost companies millions. Often the solution to minimizing damage is automated communication. Find out more in our Major Incident Management Communications infographic.

 
LVL 5

Accepted Solution

by:
visioneer earned 500 total points
ID: 10715888
And to answer your question, yes you can have different group policy objects on a per-OU basis.  If you are modifying the Default Domain Policy, or if you created a new policy at the domain level, that's your problem.  

Go to the properties of the OU and create your GPO there.
0
 

Author Comment

by:revliss
ID: 10719122
It was a new policy set on a new OU and I then modified the imported content advisor settings.
After it was set all OU's took on the new level of restriction.
I have since tried modifying the different ou policies and domain level policy and eventually got back where I started.
What I need to achieve are no restrictions at domain level to cover most OU's and another policy to totally restrict most sites on one OU.
Would blocking inheritance achieve this???????
0
 
LVL 5

Expert Comment

by:visioneer
ID: 10719175
Yes.
0
 
LVL 5

Expert Comment

by:visioneer
ID: 10719212
Let me clarify... there is another way to do this.

Create a new GPO that has no content advisor restrictions, link it to the domain.  Great another GPO that has your content advisor restrictions, link it to an OU.  The OU policy will automatically override the domain policy, because that's the order in which they are applied (Local -> Site -> Domain -> OU, and each one overrides the previous one if there are conflicting settings).  You should not need to block inheritance in this case.

0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Keystroke loggers have been around for a very long time. While the threat is old, some of the remedies are new!
A hard and fast method for reducing Active Directory Administrators members.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question