Link to home
Start Free TrialLog in
Avatar of supercell29
supercell29

asked on

Internet access via GPO

Hello. I have a AD PDC (Server 2003 Standard) and would like to allow a specific user access to only one particular web site via GPO. Is there a way to do this?

Thank you,

Supercell
Avatar of jss1199
jss1199

Hi supercell29,

You can do this by setting Approved Sites through Content Advisor by importing the Content Ratings settings in User Configuration\Windows Settings\Internet Explorer Maintenance\Security and adding a list of approved sites.  Be sure to place the user in a specific OU and apply this GPO only to that OU

Cheers!
Avatar of supercell29

ASKER

This is great, however, even though this is assigned to a specific user in a specific OU and the GPO is assigned to the OU I am still able to surf all sites as that specific user. I rebooted the machine and still everything is viewable. In approved sites in the GPO I have the specific sites listed that this person can go to. What am I missing?
Multiple users login to this PC. It seems that it works now, however, ALL users using this machine are restricted even though I have a specific user within that OU on the PDC.
enable "Always wait for the network at computer startup and logon" in your GPO and the client using gpupdate....Reboot and log on as a user that should be able to access Inet and test.  Then logon as the restricted user and test
Will try this tomorrow. I will let you know then.

Thank you so far!!

sc
ASKER CERTIFIED SOLUTION
Avatar of Bradley Fox
Bradley Fox
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
"Always wait for the network at computer startup and logon": Where do I find this? I also cannot find gpupdate.

I will try this out before looking into Cyberpatrol.

Thanks,

Ian

"Always wait for the network at computer startup and logon" is in your domain Group Policy.  Open ADU&C and right click on your domain name and select Properties -> Group Policy - EDIT.

When your GPO comes up, select Computer Configuration -> Administrative templates -> System -> Logon.  You will see the setting at the right.  Double-click and select enable.

after making the change, on the CLIENT PC run the command gpupdate /force from start -> Run dialog.

Reboot.

test
mcsween: The bugs still exist! Cyberpatrol will be my next option.

jss1199: Thank you for all the information, however, no dice. Even though the GPO assigned to the OU in which the specific user is located was altered with all the information you have given I still am restricted on Internet Explorer when I log in as myself (the administrator), and as another user who needs total web access. My solution is to allow the user who is allowed full web access to use Firefox while the restricted user is only allowed to use Internet Explorer via GPO restrictions. If you know of any other way please let me know. This PC will be here most of today.

SC