Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

content advisors applied to seperate OU's with group policy.

Posted on 2004-03-29
9
Medium Priority
?
322 Views
Last Modified: 2010-04-11
win2Kserver with 70 xp pro clients and 400 users (School enviroment)
I am trying to apply different content advisors to several OU's in the same domain to allow different levels of access to users.
I have been trying to apply this through group policy but the same settings are being applied to all  of the domain.
I do not want users to have to supply a password to view sites.
There is a central filtering policy which stops most less tastefull sites but I need to control some users even further without affecting others.
0
Comment
Question by:revliss
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
9 Comments
 
LVL 5

Expert Comment

by:visioneer
ID: 10708391
Where are you applying the Group Policy, specifically?
0
 

Author Comment

by:revliss
ID: 10713030
On the OU>user conf.>windows settings>internet explorer maintainance>security>security zones and content.
If i import settings they are the same domain wide. if i modify they change domain wide.
If i do not import settings it all goes pear shaped domain wide.
What i need to know is can i have different settings on diffferent OU'S or am I restricted to one domain level control.
0
 
LVL 5

Expert Comment

by:visioneer
ID: 10715826
What I'm asking is more specific to where the GPO is linked.

Did you modify the Default Domain Policy?  Or did you create a new policy?  If it's a new one, is it linked to the domain or to specific OUs, or both?
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
LVL 5

Accepted Solution

by:
visioneer earned 2000 total points
ID: 10715888
And to answer your question, yes you can have different group policy objects on a per-OU basis.  If you are modifying the Default Domain Policy, or if you created a new policy at the domain level, that's your problem.  

Go to the properties of the OU and create your GPO there.
0
 

Author Comment

by:revliss
ID: 10719122
It was a new policy set on a new OU and I then modified the imported content advisor settings.
After it was set all OU's took on the new level of restriction.
I have since tried modifying the different ou policies and domain level policy and eventually got back where I started.
What I need to achieve are no restrictions at domain level to cover most OU's and another policy to totally restrict most sites on one OU.
Would blocking inheritance achieve this???????
0
 
LVL 5

Expert Comment

by:visioneer
ID: 10719175
Yes.
0
 
LVL 5

Expert Comment

by:visioneer
ID: 10719212
Let me clarify... there is another way to do this.

Create a new GPO that has no content advisor restrictions, link it to the domain.  Great another GPO that has your content advisor restrictions, link it to an OU.  The OU policy will automatically override the domain policy, because that's the order in which they are applied (Local -> Site -> Domain -> OU, and each one overrides the previous one if there are conflicting settings).  You should not need to block inheritance in this case.

0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hey fellow admins! This time, I have a little fairy tale for you. As many tales do, it starts boring and then gets pretty gory. I hope you like it. TL;DR: It is about an important security matter, you should read it if you run or administer Windows …
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question