natrat22
asked on
Blocking a website via Group Policy
hi guys,
I'm trying to block access to facebook for all users on the domain a a small business I look after (XP Pro clients, SBS2003).
I have followed the instructions here:
http://www.chrisse.se/MAQB.asp?ID=17
Which are referecned on Google and via a similar EE question here:
https://www.experts-exchange.com/questions/21495239/Using-Group-Policy-to-Block-Websites.html
I have followed the instructions to the letter however the blocking of www.facebook.com only works on the SBS2003 server where I editted the group policy. It hasn't rolled out to any of the client machines, even after forcing gpupdates, rebooting everything, and waiting 24 hours.
I have tried creating a new object and also edititng the Default Domain Policy but it is still only blocked on the SBS machine itself, as if I'm edititng the local group policy, not the global one.
Any advice?
I'm trying to block access to facebook for all users on the domain a a small business I look after (XP Pro clients, SBS2003).
I have followed the instructions here:
http://www.chrisse.se/MAQB.asp?ID=17
Which are referecned on Google and via a similar EE question here:
https://www.experts-exchange.com/questions/21495239/Using-Group-Policy-to-Block-Websites.html
I have followed the instructions to the letter however the blocking of www.facebook.com only works on the SBS2003 server where I editted the group policy. It hasn't rolled out to any of the client machines, even after forcing gpupdates, rebooting everything, and waiting 24 hours.
I have tried creating a new object and also edititng the Default Domain Policy but it is still only blocked on the SBS machine itself, as if I'm edititng the local group policy, not the global one.
Any advice?
Namtvedt
Have you looked at the permissions on the GPO object that autentcated users have Aplie on the GPO, another way you can do this is to create a Alias in DNS that points www.facebook.com to your SBS homepage...
Hi
Please check that group policy is properly linked and enforced.
then follow the steps below to block a website.
Edit the Default Group Policy Object.
Go to the -> User Configuration -> Windows Settings -> Internet Explorer Maintenance
Then Security Zones and Content Rating.
Then Select the Radio buttion "Import the current security zones and privacy settings" and then Click on the Modify Settings -> and then Go to Restricted Sites and then Add the Website and Press OK.
After this you have to Wait for some time when all computers in the domain will sychronize the Group Policy.
Cheers
ASIF
Please check that group policy is properly linked and enforced.
then follow the steps below to block a website.
Edit the Default Group Policy Object.
Go to the -> User Configuration -> Windows Settings -> Internet Explorer Maintenance
Then Security Zones and Content Rating.
Then Select the Radio buttion "Import the current security zones and privacy settings" and then Click on the Modify Settings -> and then Go to Restricted Sites and then Add the Website and Press OK.
After this you have to Wait for some time when all computers in the domain will sychronize the Group Policy.
Cheers
ASIF
ASKER
It must be a problem with the linking, as even when i edit the defaulkt domain policy the same thing happens.
I've attached a couple of screenshots showing the policy i created "Website Blocking" and the screen I get when i right click and choose Edit.
MY concern is that when i right click and choose edit on either the Website Blocking poliocy or the Default Domain Polcy, the GP object editor screen says "Website Blocking [HINTERSERV] Policy" which is the local machine name. Or is that normal?
I'm a GP noob so i'm sure i'm missing something.
thanks
nathan
GPedit.jpg
gpManage.jpg
I've attached a couple of screenshots showing the policy i created "Website Blocking" and the screen I get when i right click and choose Edit.
MY concern is that when i right click and choose edit on either the Website Blocking poliocy or the Default Domain Polcy, the GP object editor screen says "Website Blocking [HINTERSERV] Policy" which is the local machine name. Or is that normal?
I'm a GP noob so i'm sure i'm missing something.
thanks
nathan
GPedit.jpg
gpManage.jpg
Ok do one thing. Remove this policy and Edit the default domain policy and do the same thing into that. so that we can track the problem.
ASKER
Done, and exactly the same thing happens. Policy enforced on the server where i am editting the policy, but not rolled out to any clients.
I've attached a screenshot of the default domain policy editting.
default-domain-policy.jpg
I've attached a screenshot of the default domain policy editting.
default-domain-policy.jpg
Screenshots shows that everything is ok.
Open Command Prompt and type following command to forefully apply the group policies
GPUPDATE /force
You may need to resrart the computer to the policy to apply. i hope this should help. please write if problem is not solved.
Open Command Prompt and type following command to forefully apply the group policies
GPUPDATE /force
You may need to resrart the computer to the policy to apply. i hope this should help. please write if problem is not solved.
ASKER
Still not working. I've done gpupdate /force on server and two client machines, rebooted both client machines, and still the policy isn't enforced on them. the server is the only machine where the policy is enforced.
Please apply the Latest Service pack for Windows 2003
below is the article which describes this problem.
http://support.microsoft.c
below is the article which describes this problem.
http://support.microsoft.c
ASKER
I don't think that applies to me, this is a very simple domain setup with just 8 or so computers, no links to any other domains. I have the latest service pack (2) and two days ago i installed all other available patches for the server. I've just run windows update and installed every single patch there is and the issue remains :(
Does your OU have user accounts or computer accounts?
If it has computer accounts only, that policy will never apply because there are no user accounts in that OU.
You would need to apply that policy to the OU that has the user accounts
and please tell me that on client computer when you run the gpupdate /force
what results it give?
If it has computer accounts only, that policy will never apply because there are no user accounts in that OU.
You would need to apply that policy to the OU that has the user accounts
and please tell me that on client computer when you run the gpupdate /force
what results it give?
Group Policy also need users on which it is going to be applied
Please see the screenshot and add the users on which you want to apply this group policy.
gpobject.JPG
Please see the screenshot and add the users on which you want to apply this group policy.
gpobject.JPG
ASKER
Authenticated Users are already listed on my object - doesn't that then apply the policy to all authenticated users, regardless of which group they are in (ie. Domain Users, Domain Power Users etc)? That is working fine on other SBS2003 boxes I manage for different group policy settings.
The domain has users and computers. I also tried creating the GPO under the same place the users are ie. Domains / Hinterliving.local / My Business / Users / SBS Users but still no effect except locally.
The domain has users and computers. I also tried creating the GPO under the same place the users are ie. Domains / Hinterliving.local / My Business / Users / SBS Users but still no effect except locally.
ASKER
I've run a gpresult on the client computer and the policy appears to be being applied:
USER SETTINGS
--------------
CN=Hinterliving Administrator,OU=SBSUsers,
ving,DC=local
Last time Group Policy was applied: 9/11/2008 at 9:13:01 AM
Group Policy was applied from: HINTERSERV.hinterliving.lo
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
--------------------------
Website Blocking
Default Domain Policy
I know the policy itself works as it is working on the server itself. So why wouldn't it be working on the client, considering the policy itself is definately being pulled from the server?
USER SETTINGS
--------------
CN=Hinterliving Administrator,OU=SBSUsers,
ving,DC=local
Last time Group Policy was applied: 9/11/2008 at 9:13:01 AM
Group Policy was applied from: HINTERSERV.hinterliving.lo
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
--------------------------
Website Blocking
Default Domain Policy
I know the policy itself works as it is working on the server itself. So why wouldn't it be working on the client, considering the policy itself is definately being pulled from the server?
ASKER
I've now established it isn't a problem with Group Policy being updated on the client. I changed another random user setting on the Default Domain Policy (removed Windows Update links) and that worked fine. I then added the website filtering to the Default Domain Policy again, and it is still not showing up on the client even though there are no errors in the updating of the policies to the client.
ASKER
It appears that this ois the exacxt problem I have:
http://support.microsoft.com/kb/293766
I've tested and it is also the Trusted Sites setting of security zone that is not being implemented, as well as the Content Ratings. However this article says it is for Windows 200 and was fixed in SP3. I'm running SBS2003 with all the latest service packs and patches.
Another article here seems to narrow down the issue:
http://www.petri.co.il/forums/showthread.php?t=20987
However there is no apparent fix. Need some help on this one.
http://support.microsoft.com/kb/293766
I've tested and it is also the Trusted Sites setting of security zone that is not being implemented, as well as the Content Ratings. However this article says it is for Windows 200 and was fixed in SP3. I'm running SBS2003 with all the latest service packs and patches.
Another article here seems to narrow down the issue:
http://www.petri.co.il/forums/showthread.php?t=20987
However there is no apparent fix. Need some help on this one.
ASKER
I've confirmed that on the client under C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Internet Explorer\Custom Settings (then custom0 and custom1 folders) there is a ratings.inf folder which contains the restricted sites from Group Policy. If i manually merge that file then the ratings are applied. However the file isn't being processed during GP updates, even though it is being pulled from the server. I've pasted my branding log below.
11/09/2008 10:15:53 COM initialized on a second attempt with S_FALSE success code!
11/09/2008 10:15:53 Processing Group Policy...
11/09/2008 10:15:53 Starting Internet Explorer group policy processing part 1 (copying files) ...
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Clearing policies set by a previous list of GPOs...
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Starting Internet Explorer group policy processing part 2 ...
11/09/2008 10:15:54 Branding Internet Explorer...
11/09/2008 10:15:54 Command line is "BrandInternetExplorer /mode:gp /ins:"C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Internet Explorer\Custom Settings\Custom0\INSTALL.I
11/09/2008 10:15:54 Global branding settings are:
11/09/2008 10:15:54 Context is (0x00800200) "Group Policy";
11/09/2008 10:15:54 Settings file is "C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Internet Explorer\Custom Settings\Custom0\INSTALL.I
11/09/2008 10:15:54 Target folder path is "C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Internet Explorer\Custom Settings\Custom0".
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 About to clear previous branding...
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing migration of old settings...
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing wininet setup...
11/09/2008 10:15:54 There are no connection settings to process!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing deletion of connection settings...
11/09/2008 10:15:54 Existing connection settings weren't specified to be deleted!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing zones HKCU settings...
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing local machine policies and restrictions...
11/09/2008 10:15:54 There are no local machine *.inf files to process!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing current user policies and restrictions...
11/09/2008 10:15:54 There are no current user *.inf files to process!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing legacy policies and restrictions...
11/09/2008 10:15:54 There are no local machine *.inf files to process!
11/09/2008 10:15:54 There are no current user *.inf files to process!
11/09/2008 10:15:54 There are no legacy *.inf files to process!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing general customizations...
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing Help->About customization...
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing browser toolbar buttons...
11/09/2008 10:15:54 There are no toolbar buttons to process!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing root certificates...
11/09/2008 10:15:54 This feature is for ISPs only!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing default favorites and/or quick links...
11/09/2008 10:15:54 There are no favorites to add!
11/09/2008 10:15:54 There are no quick links to add!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing deletion of favorites and/or quick links...
11/09/2008 10:15:54 None of the favorites folders were specified to be deleted!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing favorites...
11/09/2008 10:15:54 There are no favorites to add!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing ordering of favorites...
11/09/2008 10:15:54 Favorites will be put into the default position!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing quick links...
11/09/2008 10:15:54 There are no quick links to add!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing ordering of quick links...
11/09/2008 10:15:54 Quick Links will be put into the default position!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing connection settings...
11/09/2008 10:15:54 There are no connection settings to process!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing TrustedPublisherLockdown restriction...
11/09/2008 10:15:54 This restriction is not set!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Registering download URLs as safe for updating IE...
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Deleting links...
11/09/2008 10:15:54 No links to delete!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Creating feeds...
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Creating start pages...
11/09/2008 10:15:54 There are no start pages to add!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Creating search providers...
11/09/2008 10:15:54 There are no search providers to add!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing active desktop customizations...
11/09/2008 10:15:54 No desktop customizations to process!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing channels and their categories (if any)...
11/09/2008 10:15:54 There are no channels to process!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing software update channels...
11/09/2008 10:15:54 There are no software update channels to add!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Actual processing of channels by calling webcheck.dll "DllInstall" API...
11/09/2008 10:15:54 There is no webcheck processing necessary!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Showing channel bar on the desktop...
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing subscriptions...
11/09/2008 10:15:54 There are no subscriptions to process!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Refreshing browser settings...
11/09/2008 10:15:54 Broadcasting "Windows settings change" to all top level windows...
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 There are no current user *.inf files to process!
11/09/2008 10:15:54 Favorites will be put into the default position!
11/09/2008 10:15:54 Quick Links will be put into the default position!
11/09/2008 10:15:54 There are no channels to process!
11/09/2008 10:15:54 Branding Internet Explorer...
11/09/2008 10:15:54 Command line is "BrandInternetExplorer /mode:gp /ins:"C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Internet Explorer\Custom Settings\Custom1\INSTALL.I
11/09/2008 10:15:54 Global branding settings are:
11/09/2008 10:15:54 Context is (0x00800200) "Group Policy";
11/09/2008 10:15:54 Settings file is "C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Internet Explorer\Custom Settings\Custom1\INSTALL.I
11/09/2008 10:15:54 Target folder path is "C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Internet Explorer\Custom Settings\Custom1".
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 About to clear previous branding...
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing migration of old settings...
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing wininet setup...
11/09/2008 10:15:54 There are no connection settings to process!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing deletion of connection settings...
11/09/2008 10:15:54 Existing connection settings weren't specified to be deleted!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing zones HKCU settings...
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing local machine policies and restrictions...
11/09/2008 10:15:54 GP context. Not processing the HKLM sections.!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing current user policies and restrictions...
11/09/2008 10:15:54 ! processExtRegInfSectionHel
11/09/2008 10:15:54 ! Key is "SOFTWARE\Microsoft\Active
11/09/2008 10:15:54 Not Delaying executing C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Internet Explorer\Custom Settings\Custom1\seczones.
11/09/2008 10:15:54 "seczones.inf" processed successfully.
11/09/2008 10:15:54 ! Key is "SOFTWARE\Microsoft\Active
11/09/2008 10:15:54 Machine is not hardened
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing legacy policies and restrictions...
11/09/2008 10:15:54 There are no legacy *.inf files to process!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing general customizations...
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing Help->About customization...
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing browser toolbar buttons...
11/09/2008 10:15:54 There are no toolbar buttons to process!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing root certificates...
11/09/2008 10:15:54 This feature is for ISPs only!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing default favorites and/or quick links...
11/09/2008 10:15:54 There are no favorites to add!
11/09/2008 10:15:54 There are no quick links to add!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing deletion of favorites and/or quick links...
11/09/2008 10:15:54 None of the favorites folders were specified to be deleted!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing favorites...
11/09/2008 10:15:54 There are no favorites to add!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing ordering of favorites...
11/09/2008 10:15:54 Favorites will be put into the default position!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing quick links...
11/09/2008 10:15:54 There are no quick links to add!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing ordering of quick links...
11/09/2008 10:15:54 Quick Links will be put into the default position!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing connection settings...
11/09/2008 10:15:54 There are no connection settings to process!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing TrustedPublisherLockdown restriction...
11/09/2008 10:15:54 This restriction is not set!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Registering download URLs as safe for updating IE...
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Deleting links...
11/09/2008 10:15:54 No links to delete!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Creating feeds...
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Creating start pages...
11/09/2008 10:15:54 There are no start pages to add!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Creating search providers...
11/09/2008 10:15:54 There are no search providers to add!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing active desktop customizations...
11/09/2008 10:15:54 No desktop customizations to process!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing channels and their categories (if any)...
11/09/2008 10:15:54 There are no channels to process!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing software update channels...
11/09/2008 10:15:54 There are no software update channels to add!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Actual processing of channels by calling webcheck.dll "DllInstall" API...
11/09/2008 10:15:54 There is no webcheck processing necessary!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Showing channel bar on the desktop...
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing subscriptions...
11/09/2008 10:15:54 There are no subscriptions to process!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Refreshing browser settings...
11/09/2008 10:15:54 Broadcasting "Windows settings change" to all top level windows...
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Favorites will be put into the default position!
11/09/2008 10:15:54 Quick Links will be put into the default position!
11/09/2008 10:15:54 There are no channels to process!
11/09/2008 10:15:54 COM initialized with S_OK success code.
11/09/2008 10:15:54 Branding Internet Explorer...
11/09/2008 10:15:54 Command line is "/mode:gp /ins:"C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Internet Explorer\Custom Settings\Custom1\install.i
11/09/2008 10:15:54 Global branding settings are:
11/09/2008 10:15:54 Context is (0x04800200) "Group Policy, spawned in a child process";
11/09/2008 10:15:54 Settings file is "C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Internet Explorer\Custom Settings\Custom1\install.i
11/09/2008 10:15:54 Target folder path is "C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Internet Explorer\Custom Settings\Custom1".
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing wininet setup...
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing current user policies and restrictions...
11/09/2008 10:15:54 ! processExtRegInfSectionHel
11/09/2008 10:15:54 ! Key is "SOFTWARE\Microsoft\Active
11/09/2008 10:15:54 Not Delaying executing C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Internet Explorer\Custom Settings\Custom1\seczones.
11/09/2008 10:15:54 "seczones.inf" processed successfully.
11/09/2008 10:15:54 ! Key is "SOFTWARE\Microsoft\Active
11/09/2008 10:15:54 Machine is not hardened
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Registering download URLs as safe for updating IE...
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Refreshing browser settings...
11/09/2008 10:15:54 Posted update request to the hidden browser window!
11/09/2008 10:15:54 Broadcasting "Windows settings change" to all top level windows...
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Done processing group policy.
11/09/2008 10:15:53 COM initialized on a second attempt with S_FALSE success code!
11/09/2008 10:15:53 Processing Group Policy...
11/09/2008 10:15:53 Starting Internet Explorer group policy processing part 1 (copying files) ...
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Clearing policies set by a previous list of GPOs...
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Starting Internet Explorer group policy processing part 2 ...
11/09/2008 10:15:54 Branding Internet Explorer...
11/09/2008 10:15:54 Command line is "BrandInternetExplorer /mode:gp /ins:"C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Internet Explorer\Custom Settings\Custom0\INSTALL.I
11/09/2008 10:15:54 Global branding settings are:
11/09/2008 10:15:54 Context is (0x00800200) "Group Policy";
11/09/2008 10:15:54 Settings file is "C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Internet Explorer\Custom Settings\Custom0\INSTALL.I
11/09/2008 10:15:54 Target folder path is "C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Internet Explorer\Custom Settings\Custom0".
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 About to clear previous branding...
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing migration of old settings...
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing wininet setup...
11/09/2008 10:15:54 There are no connection settings to process!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing deletion of connection settings...
11/09/2008 10:15:54 Existing connection settings weren't specified to be deleted!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing zones HKCU settings...
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing local machine policies and restrictions...
11/09/2008 10:15:54 There are no local machine *.inf files to process!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing current user policies and restrictions...
11/09/2008 10:15:54 There are no current user *.inf files to process!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing legacy policies and restrictions...
11/09/2008 10:15:54 There are no local machine *.inf files to process!
11/09/2008 10:15:54 There are no current user *.inf files to process!
11/09/2008 10:15:54 There are no legacy *.inf files to process!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing general customizations...
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing Help->About customization...
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing browser toolbar buttons...
11/09/2008 10:15:54 There are no toolbar buttons to process!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing root certificates...
11/09/2008 10:15:54 This feature is for ISPs only!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing default favorites and/or quick links...
11/09/2008 10:15:54 There are no favorites to add!
11/09/2008 10:15:54 There are no quick links to add!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing deletion of favorites and/or quick links...
11/09/2008 10:15:54 None of the favorites folders were specified to be deleted!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing favorites...
11/09/2008 10:15:54 There are no favorites to add!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing ordering of favorites...
11/09/2008 10:15:54 Favorites will be put into the default position!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing quick links...
11/09/2008 10:15:54 There are no quick links to add!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing ordering of quick links...
11/09/2008 10:15:54 Quick Links will be put into the default position!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing connection settings...
11/09/2008 10:15:54 There are no connection settings to process!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing TrustedPublisherLockdown restriction...
11/09/2008 10:15:54 This restriction is not set!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Registering download URLs as safe for updating IE...
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Deleting links...
11/09/2008 10:15:54 No links to delete!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Creating feeds...
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Creating start pages...
11/09/2008 10:15:54 There are no start pages to add!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Creating search providers...
11/09/2008 10:15:54 There are no search providers to add!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing active desktop customizations...
11/09/2008 10:15:54 No desktop customizations to process!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing channels and their categories (if any)...
11/09/2008 10:15:54 There are no channels to process!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing software update channels...
11/09/2008 10:15:54 There are no software update channels to add!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Actual processing of channels by calling webcheck.dll "DllInstall" API...
11/09/2008 10:15:54 There is no webcheck processing necessary!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Showing channel bar on the desktop...
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing subscriptions...
11/09/2008 10:15:54 There are no subscriptions to process!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Refreshing browser settings...
11/09/2008 10:15:54 Broadcasting "Windows settings change" to all top level windows...
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 There are no current user *.inf files to process!
11/09/2008 10:15:54 Favorites will be put into the default position!
11/09/2008 10:15:54 Quick Links will be put into the default position!
11/09/2008 10:15:54 There are no channels to process!
11/09/2008 10:15:54 Branding Internet Explorer...
11/09/2008 10:15:54 Command line is "BrandInternetExplorer /mode:gp /ins:"C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Internet Explorer\Custom Settings\Custom1\INSTALL.I
11/09/2008 10:15:54 Global branding settings are:
11/09/2008 10:15:54 Context is (0x00800200) "Group Policy";
11/09/2008 10:15:54 Settings file is "C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Internet Explorer\Custom Settings\Custom1\INSTALL.I
11/09/2008 10:15:54 Target folder path is "C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Internet Explorer\Custom Settings\Custom1".
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 About to clear previous branding...
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing migration of old settings...
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing wininet setup...
11/09/2008 10:15:54 There are no connection settings to process!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing deletion of connection settings...
11/09/2008 10:15:54 Existing connection settings weren't specified to be deleted!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing zones HKCU settings...
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing local machine policies and restrictions...
11/09/2008 10:15:54 GP context. Not processing the HKLM sections.!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing current user policies and restrictions...
11/09/2008 10:15:54 ! processExtRegInfSectionHel
11/09/2008 10:15:54 ! Key is "SOFTWARE\Microsoft\Active
11/09/2008 10:15:54 Not Delaying executing C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Internet Explorer\Custom Settings\Custom1\seczones.
11/09/2008 10:15:54 "seczones.inf" processed successfully.
11/09/2008 10:15:54 ! Key is "SOFTWARE\Microsoft\Active
11/09/2008 10:15:54 Machine is not hardened
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing legacy policies and restrictions...
11/09/2008 10:15:54 There are no legacy *.inf files to process!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing general customizations...
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing Help->About customization...
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing browser toolbar buttons...
11/09/2008 10:15:54 There are no toolbar buttons to process!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing root certificates...
11/09/2008 10:15:54 This feature is for ISPs only!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing default favorites and/or quick links...
11/09/2008 10:15:54 There are no favorites to add!
11/09/2008 10:15:54 There are no quick links to add!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing deletion of favorites and/or quick links...
11/09/2008 10:15:54 None of the favorites folders were specified to be deleted!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing favorites...
11/09/2008 10:15:54 There are no favorites to add!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing ordering of favorites...
11/09/2008 10:15:54 Favorites will be put into the default position!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing quick links...
11/09/2008 10:15:54 There are no quick links to add!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing ordering of quick links...
11/09/2008 10:15:54 Quick Links will be put into the default position!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing connection settings...
11/09/2008 10:15:54 There are no connection settings to process!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing TrustedPublisherLockdown restriction...
11/09/2008 10:15:54 This restriction is not set!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Registering download URLs as safe for updating IE...
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Deleting links...
11/09/2008 10:15:54 No links to delete!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Creating feeds...
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Creating start pages...
11/09/2008 10:15:54 There are no start pages to add!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Creating search providers...
11/09/2008 10:15:54 There are no search providers to add!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing active desktop customizations...
11/09/2008 10:15:54 No desktop customizations to process!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing channels and their categories (if any)...
11/09/2008 10:15:54 There are no channels to process!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing software update channels...
11/09/2008 10:15:54 There are no software update channels to add!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Actual processing of channels by calling webcheck.dll "DllInstall" API...
11/09/2008 10:15:54 There is no webcheck processing necessary!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Showing channel bar on the desktop...
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing subscriptions...
11/09/2008 10:15:54 There are no subscriptions to process!
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Refreshing browser settings...
11/09/2008 10:15:54 Broadcasting "Windows settings change" to all top level windows...
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Favorites will be put into the default position!
11/09/2008 10:15:54 Quick Links will be put into the default position!
11/09/2008 10:15:54 There are no channels to process!
11/09/2008 10:15:54 COM initialized with S_OK success code.
11/09/2008 10:15:54 Branding Internet Explorer...
11/09/2008 10:15:54 Command line is "/mode:gp /ins:"C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Internet Explorer\Custom Settings\Custom1\install.i
11/09/2008 10:15:54 Global branding settings are:
11/09/2008 10:15:54 Context is (0x04800200) "Group Policy, spawned in a child process";
11/09/2008 10:15:54 Settings file is "C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Internet Explorer\Custom Settings\Custom1\install.i
11/09/2008 10:15:54 Target folder path is "C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Internet Explorer\Custom Settings\Custom1".
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing wininet setup...
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Processing current user policies and restrictions...
11/09/2008 10:15:54 ! processExtRegInfSectionHel
11/09/2008 10:15:54 ! Key is "SOFTWARE\Microsoft\Active
11/09/2008 10:15:54 Not Delaying executing C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Internet Explorer\Custom Settings\Custom1\seczones.
11/09/2008 10:15:54 "seczones.inf" processed successfully.
11/09/2008 10:15:54 ! Key is "SOFTWARE\Microsoft\Active
11/09/2008 10:15:54 Machine is not hardened
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Registering download URLs as safe for updating IE...
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Refreshing browser settings...
11/09/2008 10:15:54 Posted update request to the hidden browser window!
11/09/2008 10:15:54 Broadcasting "Windows settings change" to all top level windows...
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Done.
11/09/2008 10:15:54 Done processing group policy.
ASKER
I can also confirm that exactly the same issue is present on a different customers SBS2003 setup, basic domain, a dozen or so computers, single domain controller (the SBS box).
You are trying to implement a User applicable GPO at the domain level. While this will work, it is not the proper method for implementing this setup.
Attach the GPO to the SBSUsers OU where your users are located.
Disable the Computer portion of the GPO because you are not using it.
Right click on the GPO and put a check mark beside "Enforced" to force the GP settings.
Make sure the Scope of your GPO is Authenticated Users.
Run the GP Modelling wizard to test things if necessary. But, the above instructions should make it clear how to apply User level GP settings in an SBS environment.
Philip
Attach the GPO to the SBSUsers OU where your users are located.
Disable the Computer portion of the GPO because you are not using it.
Right click on the GPO and put a check mark beside "Enforced" to force the GP settings.
Make sure the Scope of your GPO is Authenticated Users.
Run the GP Modelling wizard to test things if necessary. But, the above instructions should make it clear how to apply User level GP settings in an SBS environment.
Philip
ASKER
Hi Phillip,
I have already done exactly as you describe (see screenshot). The only reason i went back to putting the setting on the default domain policy was to confirm that it still didn't work.
The content ratings files are being copied to the client machines when gpupdate is run, however they are not being applied. All other policy settings are working except this particular one.
nathan
gp.jpg
I have already done exactly as you describe (see screenshot). The only reason i went back to putting the setting on the default domain policy was to confirm that it still didn't work.
The content ratings files are being copied to the client machines when gpupdate is run, however they are not being applied. All other policy settings are working except this particular one.
nathan
gp.jpg
As Petri says the hook is here:
11/09/2008 10:15:54 Processing local machine policies and restrictions...
11/09/2008 10:15:54 GP context. Not processing the HKLM sections.!
11/09/2008 10:15:54 Done.
Sounds like you need to setup the computer side with the appropriate HKLM registry settings in your GPO. The client should then import them okay. Have a look at that ratings.inf file to see how those keys are structured and set them up into the Registry portion of your GPO.
Philip
11/09/2008 10:15:54 Processing local machine policies and restrictions...
11/09/2008 10:15:54 GP context. Not processing the HKLM sections.!
11/09/2008 10:15:54 Done.
Sounds like you need to setup the computer side with the appropriate HKLM registry settings in your GPO. The client should then import them okay. Have a look at that ratings.inf file to see how those keys are structured and set them up into the Registry portion of your GPO.
Philip
You may need to create and link a new GPO to the SBSComputers OU and enforce it and place the registry settings therein.
Philip
Philip
ASKER
That would be classed as a workaround yes? It should actually be applying successfully as is?
IE 6 took the settings successfully where IE7 does not. The error indicates that IE7 wants its updates to come through Group Policy from what I can tell.
It makes sense since IE 7 is a lot tigher around its security structures. Things changed greatly between the two editions.
Philip
It makes sense since IE 7 is a lot tigher around its security structures. Things changed greatly between the two editions.
Philip
For me i dont have any issue for IE7, All changes made in GPO are successfully applied to all clients.
ASKER
Have you tested the content ratings? All other IE7 changes are working for me also.
ASKER
Despite having now confirmed this issue is on three seperate SBS systems, it seems i'll need a workaround if everybody else says the content ratings policy works fine for them with SBS.
I've no idea about how to use Group Policy to forec the insertion of registry keys. Can someone help?
I've attached the ratings.inf file that group policy successfully creates on the client (but doesn't apply). It has the registry keys relating to blocking facebook. How can i use group policy to force these to work?
ta
nathan
I've no idea about how to use Group Policy to forec the insertion of registry keys. Can someone help?
I've attached the ratings.inf file that group policy successfully creates on the client (but doesn't apply). It has the registry keys relating to blocking facebook. How can i use group policy to force these to work?
ta
nathan
ASKER
oops and here is the attachment. Have renamed it to a .txt.
ratings.txt
ratings.txt
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.