Internet access via GPO

Hello. I have a AD PDC (Server 2003 Standard) and would like to allow a specific user access to only one particular web site via GPO. Is there a way to do this?

Thank you,

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Hi supercell29,

You can do this by setting Approved Sites through Content Advisor by importing the Content Ratings settings in User Configuration\Windows Settings\Internet Explorer Maintenance\Security and adding a list of approved sites.  Be sure to place the user in a specific OU and apply this GPO only to that OU

supercell29Author Commented:
This is great, however, even though this is assigned to a specific user in a specific OU and the GPO is assigned to the OU I am still able to surf all sites as that specific user. I rebooted the machine and still everything is viewable. In approved sites in the GPO I have the specific sites listed that this person can go to. What am I missing?
supercell29Author Commented:
Multiple users login to this PC. It seems that it works now, however, ALL users using this machine are restricted even though I have a specific user within that OU on the PDC.
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

enable "Always wait for the network at computer startup and logon" in your GPO and the client using gpupdate....Reboot and log on as a user that should be able to access Inet and test.  Then logon as the restricted user and test
supercell29Author Commented:
Will try this tomorrow. I will let you know then.

Thank you so far!!

mcsweenSr. Network AdministratorCommented:
While this is possible via a GPO I have experienced it being very buggy in the past.  I have a couple computers that require a little more specific lockdown other than all or nothing.  On these computers I use Cyberpatrol.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
supercell29Author Commented:
"Always wait for the network at computer startup and logon": Where do I find this? I also cannot find gpupdate.

I will try this out before looking into Cyberpatrol.



"Always wait for the network at computer startup and logon" is in your domain Group Policy.  Open ADU&C and right click on your domain name and select Properties -> Group Policy - EDIT.

When your GPO comes up, select Computer Configuration -> Administrative templates -> System -> Logon.  You will see the setting at the right.  Double-click and select enable.

after making the change, on the CLIENT PC run the command gpupdate /force from start -> Run dialog.


supercell29Author Commented:
mcsween: The bugs still exist! Cyberpatrol will be my next option.

jss1199: Thank you for all the information, however, no dice. Even though the GPO assigned to the OU in which the specific user is located was altered with all the information you have given I still am restricted on Internet Explorer when I log in as myself (the administrator), and as another user who needs total web access. My solution is to allow the user who is allowed full web access to use Firefox while the restricted user is only allowed to use Internet Explorer via GPO restrictions. If you know of any other way please let me know. This PC will be here most of today.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.