Solved

Blocking a website via Group Policy

Posted on 2008-11-03
29
6,116 Views
Last Modified: 2011-10-19
hi guys,

I'm trying to block access to facebook for all users on the domain a a small business I look after (XP Pro clients, SBS2003).

I have followed the instructions here:

http://www.chrisse.se/MAQB.asp?ID=17

Which are referecned on Google and via a similar EE question here:  

http://www.experts-exchange.com/Operating_Systems/Q_21495239.html

I have followed the instructions to the letter however the blocking of www.facebook.com only works on the SBS2003 server where I editted the group policy.  It hasn't rolled out to any of the client machines, even after forcing gpupdates, rebooting everything, and waiting 24 hours.

I have tried creating a new object and also edititng the Default Domain Policy but it is still only blocked on the SBS machine itself, as if I'm edititng the local group policy, not the global one.

Any advice?
0
Comment
Question by:natrat22
  • 16
  • 7
  • 4
  • +1
29 Comments
 

Expert Comment

by:Namtvedt
ID: 22866307
Have you looked at the permissions on the GPO object that autentcated users have Aplie on the GPO, another way you can do this is to create a Alias in DNS that points www.facebook.com to your SBS homepage...
0
 
LVL 7

Expert Comment

by:efg-uae
ID: 22866310
Hi
Please check that group policy is properly linked and enforced.
then follow the steps below to block a website.
Edit the Default Group Policy Object.
Go to the -> User Configuration -> Windows Settings -> Internet Explorer Maintenance
Then Security Zones and Content Rating.
Then Select the Radio buttion "Import the current security zones and privacy settings" and then Click on the Modify Settings -> and then Go to Restricted Sites and then Add the Website and Press OK.
After this you have to Wait for some time when all computers in the domain will sychronize the Group Policy.
Cheers
ASIF
0
 
LVL 1

Author Comment

by:natrat22
ID: 22866420
It must be a problem with the linking, as even when i edit the defaulkt domain policy the same thing happens.

I've attached a couple of screenshots showing the policy i created "Website Blocking" and the screen I get when i right click and choose Edit.

MY concern is that when i right click and choose edit on either the Website Blocking poliocy or the Default Domain Polcy, the GP object editor screen says "Website Blocking [HINTERSERV] Policy" which is the local machine name.  Or is that normal?

I'm a GP noob so i'm sure i'm missing something.

thanks
nathan
GPedit.jpg
gpManage.jpg
0
 
LVL 7

Expert Comment

by:efg-uae
ID: 22873601
Ok do one thing. Remove this policy and Edit the default domain policy and do the same thing into that. so that we can track the problem.
 
0
 
LVL 1

Author Comment

by:natrat22
ID: 22875772
Done, and exactly the same thing happens.  Policy enforced on the server where i am editting the policy, but not rolled out to any clients.

I've attached a screenshot of the default domain policy editting.
default-domain-policy.jpg
0
 
LVL 7

Expert Comment

by:efg-uae
ID: 22875809
Screenshots shows that everything is ok.
Open Command Prompt and type following command to forefully apply the group policies
GPUPDATE /force

You may need to resrart the computer to the policy to apply. i hope this should help. please write if problem is not solved.
0
 
LVL 1

Author Comment

by:natrat22
ID: 22875944
Still not working.  I've done gpupdate /force on server and two client machines, rebooted both client machines, and still the policy isn't enforced on them.  the server is the only machine where the policy is enforced.
0
 
LVL 7

Expert Comment

by:efg-uae
ID: 22876016
Please apply the Latest Service pack for Windows 2003
below is the article which describes this problem.
http://support.microsoft.com/kb/908129
 
0
 
LVL 1

Author Comment

by:natrat22
ID: 22876256
I don't think that applies to me, this is a very simple domain setup with just 8 or so computers, no links to any other domains.  I have the latest service pack (2) and two days ago i installed all other available patches for the server.  I've just run windows update and installed every single patch there is and the issue remains :(
0
 
LVL 7

Expert Comment

by:efg-uae
ID: 22883330
Does your OU have user accounts or computer accounts?
If it has computer accounts only, that policy will never apply because there are no user accounts in that OU.  
You would need to apply that policy to the OU that has the user accounts
and please tell me that on client computer when you run the gpupdate /force
what results it give?
 
0
 
LVL 7

Expert Comment

by:efg-uae
ID: 22883376
Group Policy also need users on which it is going to be applied
Please see the screenshot and add the users on which you want to apply this group policy.
 

gpobject.JPG
0
 
LVL 1

Author Comment

by:natrat22
ID: 22883468
Authenticated Users are already listed on my object - doesn't that then apply the policy to all authenticated users, regardless of which group they are in (ie. Domain Users, Domain Power Users etc)?  That is working fine on other SBS2003 boxes I manage for different group policy settings.

The domain has users and computers.  I also tried creating the GPO under the same place the users are ie. Domains / Hinterliving.local / My Business / Users / SBS Users but still no effect except locally.

0
 
LVL 1

Author Comment

by:natrat22
ID: 22914227
I've run a gpresult on the client computer and the policy appears to be being applied:

USER SETTINGS
--------------
    CN=Hinterliving Administrator,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=hinterli
ving,DC=local
    Last time Group Policy was applied: 9/11/2008 at 9:13:01 AM
    Group Policy was applied from:      HINTERSERV.hinterliving.local
    Group Policy slow link threshold:   500 kbps

    Applied Group Policy Objects
    -----------------------------
        Website Blocking
        Default Domain Policy

I know the policy itself works as it is working on the server itself.  So why wouldn't it be working on the client, considering the policy itself is definately being pulled from the server?
0
 
LVL 1

Author Comment

by:natrat22
ID: 22914281
I've now established it isn't a problem with Group Policy being updated on the client.  I changed another random user setting on the Default Domain Policy (removed Windows Update links) and that worked fine.  I then added the website filtering to the Default Domain Policy again, and it is still not showing up on the client even though there are no errors in the updating of the policies to the client.
0
 
LVL 1

Author Comment

by:natrat22
ID: 22914349
It appears that this ois the exacxt problem I have:

http://support.microsoft.com/kb/293766

I've tested and it is also the Trusted Sites setting of security zone that is not being implemented, as well as the Content Ratings.  However this article says it is for Windows 200 and was fixed in SP3.  I'm running SBS2003 with all the latest service packs and patches.

Another article here seems to narrow down the issue:

http://www.petri.co.il/forums/showthread.php?t=20987

However there is no apparent fix.  Need some help on this one.
0
 
LVL 1

Author Comment

by:natrat22
ID: 22914593
I've confirmed that on the client under C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Internet Explorer\Custom Settings (then custom0 and custom1 folders) there is a ratings.inf folder which contains the restricted sites from Group Policy.  If i manually merge that file then the ratings are applied.  However the file isn't being processed during GP updates, even though it is being pulled from the server.  I've pasted my branding log below.


11/09/2008 10:15:53        COM initialized on a second attempt with S_FALSE success code!

11/09/2008 10:15:53    Processing Group Policy...
11/09/2008 10:15:53    Starting Internet Explorer group policy processing part 1 (copying files) ...
11/09/2008 10:15:54    Done.

11/09/2008 10:15:54    Clearing policies set by a previous list of GPOs...
11/09/2008 10:15:54    Done.

11/09/2008 10:15:54    Starting Internet Explorer group policy processing part 2 ...

11/09/2008 10:15:54        Branding Internet Explorer...
11/09/2008 10:15:54        Command line is "BrandInternetExplorer /mode:gp /ins:"C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Internet Explorer\Custom Settings\Custom0\INSTALL.INS" /flags:eriu=1,favo=1,qlo=1,chl=1,chlb=1".

11/09/2008 10:15:54        Global branding settings are:
11/09/2008 10:15:54            Context is (0x00800200) "Group Policy";
11/09/2008 10:15:54            Settings file is        "C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Internet Explorer\Custom Settings\Custom0\INSTALL.INS";
11/09/2008 10:15:54            Target folder path is   "C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Internet Explorer\Custom Settings\Custom0".
11/09/2008 10:15:54        Done.

11/09/2008 10:15:54            About to clear previous branding...
11/09/2008 10:15:54            Done.

11/09/2008 10:15:54            Processing migration of old settings...
11/09/2008 10:15:54            Done.

11/09/2008 10:15:54            Processing wininet setup...
11/09/2008 10:15:54            There are no connection settings to process!
11/09/2008 10:15:54            Done.

11/09/2008 10:15:54            Processing deletion of connection settings...
11/09/2008 10:15:54            Existing connection settings weren't specified to be deleted!
11/09/2008 10:15:54            Done.

11/09/2008 10:15:54            Processing zones HKCU settings...
11/09/2008 10:15:54            Done.

11/09/2008 10:15:54            Processing local machine policies and restrictions...
11/09/2008 10:15:54            There are no local machine *.inf files to process!
11/09/2008 10:15:54            Done.

11/09/2008 10:15:54            Processing current user policies and restrictions...
11/09/2008 10:15:54            There are no current user *.inf files to process!
11/09/2008 10:15:54            Done.

11/09/2008 10:15:54            Processing legacy policies and restrictions...
11/09/2008 10:15:54                There are no local machine *.inf files to process!
11/09/2008 10:15:54                There are no current user *.inf files to process!
11/09/2008 10:15:54            There are no legacy *.inf files to process!
11/09/2008 10:15:54            Done.

11/09/2008 10:15:54            Processing general customizations...
11/09/2008 10:15:54            Done.

11/09/2008 10:15:54            Processing Help->About customization...
11/09/2008 10:15:54            Done.

11/09/2008 10:15:54            Processing browser toolbar buttons...
11/09/2008 10:15:54            There are no toolbar buttons to process!
11/09/2008 10:15:54            Done.

11/09/2008 10:15:54            Processing root certificates...
11/09/2008 10:15:54            This feature is for ISPs only!
11/09/2008 10:15:54            Done.

11/09/2008 10:15:54            Processing default favorites and/or quick links...
11/09/2008 10:15:54                There are no favorites to add!
11/09/2008 10:15:54                There are no quick links to add!
11/09/2008 10:15:54            Done.

11/09/2008 10:15:54            Processing deletion of favorites and/or quick links...
11/09/2008 10:15:54            None of the favorites folders were specified to be deleted!
11/09/2008 10:15:54            Done.

11/09/2008 10:15:54            Processing favorites...
11/09/2008 10:15:54            There are no favorites to add!
11/09/2008 10:15:54            Done.

11/09/2008 10:15:54            Processing ordering of favorites...
11/09/2008 10:15:54            Favorites will be put into the default position!
11/09/2008 10:15:54            Done.

11/09/2008 10:15:54            Processing quick links...
11/09/2008 10:15:54            There are no quick links to add!
11/09/2008 10:15:54            Done.

11/09/2008 10:15:54            Processing ordering of quick links...
11/09/2008 10:15:54            Quick Links will be put into the default position!
11/09/2008 10:15:54            Done.

11/09/2008 10:15:54            Processing connection settings...
11/09/2008 10:15:54            There are no connection settings to process!
11/09/2008 10:15:54            Done.

11/09/2008 10:15:54            Processing TrustedPublisherLockdown restriction...
11/09/2008 10:15:54            This restriction is not set!
11/09/2008 10:15:54            Done.

11/09/2008 10:15:54            Registering download URLs as safe for updating IE...
11/09/2008 10:15:54            Done.

11/09/2008 10:15:54            Deleting links...
11/09/2008 10:15:54            No links to delete!
11/09/2008 10:15:54            Done.

11/09/2008 10:15:54            Creating feeds...
11/09/2008 10:15:54            Done.

11/09/2008 10:15:54            Creating start pages...
11/09/2008 10:15:54            There are no start pages to add!
11/09/2008 10:15:54            Done.

11/09/2008 10:15:54            Creating search providers...
11/09/2008 10:15:54            There are no search providers to add!
11/09/2008 10:15:54            Done.

11/09/2008 10:15:54            Processing active desktop customizations...
11/09/2008 10:15:54            No desktop customizations to process!
11/09/2008 10:15:54            Done.

11/09/2008 10:15:54            Processing channels and their categories (if any)...
11/09/2008 10:15:54            There are no channels to process!
11/09/2008 10:15:54            Done.

11/09/2008 10:15:54            Processing software update channels...
11/09/2008 10:15:54            There are no software update channels to add!
11/09/2008 10:15:54            Done.

11/09/2008 10:15:54            Actual processing of channels by calling webcheck.dll "DllInstall" API...
11/09/2008 10:15:54            There is no webcheck processing necessary!
11/09/2008 10:15:54            Done.

11/09/2008 10:15:54            Showing channel bar on the desktop...
11/09/2008 10:15:54            Done.

11/09/2008 10:15:54            Processing subscriptions...
11/09/2008 10:15:54            There are no subscriptions to process!
11/09/2008 10:15:54            Done.

11/09/2008 10:15:54            Refreshing browser settings...
11/09/2008 10:15:54            Broadcasting "Windows settings change" to all top level windows...
11/09/2008 10:15:54            Done.
11/09/2008 10:15:54        Done.
11/09/2008 10:15:54        There are no current user *.inf files to process!
11/09/2008 10:15:54        Favorites will be put into the default position!
11/09/2008 10:15:54        Quick Links will be put into the default position!
11/09/2008 10:15:54        There are no channels to process!

11/09/2008 10:15:54        Branding Internet Explorer...
11/09/2008 10:15:54        Command line is "BrandInternetExplorer /mode:gp /ins:"C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Internet Explorer\Custom Settings\Custom1\INSTALL.INS" /flags:eriu=1,favo=1,qlo=1,chl=1,chlb=1".

11/09/2008 10:15:54        Global branding settings are:
11/09/2008 10:15:54            Context is (0x00800200) "Group Policy";
11/09/2008 10:15:54            Settings file is        "C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Internet Explorer\Custom Settings\Custom1\INSTALL.INS";
11/09/2008 10:15:54            Target folder path is   "C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Internet Explorer\Custom Settings\Custom1".
11/09/2008 10:15:54        Done.

11/09/2008 10:15:54            About to clear previous branding...
11/09/2008 10:15:54            Done.

11/09/2008 10:15:54            Processing migration of old settings...
11/09/2008 10:15:54            Done.

11/09/2008 10:15:54            Processing wininet setup...
11/09/2008 10:15:54            There are no connection settings to process!
11/09/2008 10:15:54            Done.

11/09/2008 10:15:54            Processing deletion of connection settings...
11/09/2008 10:15:54            Existing connection settings weren't specified to be deleted!
11/09/2008 10:15:54            Done.

11/09/2008 10:15:54            Processing zones HKCU settings...
11/09/2008 10:15:54            Done.

11/09/2008 10:15:54            Processing local machine policies and restrictions...
11/09/2008 10:15:54            GP context. Not processing the HKLM sections.!
11/09/2008 10:15:54            Done.

11/09/2008 10:15:54            Processing current user policies and restrictions...
11/09/2008 10:15:54                ! processExtRegInfSectionHelper for section"ExtRegInf.Hkcu".
11/09/2008 10:15:54                ! Key is  "SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}".
11/09/2008 10:15:54                Not Delaying executing C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Internet Explorer\Custom Settings\Custom1\seczones.inf.
11/09/2008 10:15:54                "seczones.inf" processed successfully.
11/09/2008 10:15:54                ! Key is  "SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}".
11/09/2008 10:15:54                Machine is not hardened

11/09/2008 10:15:54            Done.

11/09/2008 10:15:54            Processing legacy policies and restrictions...
11/09/2008 10:15:54            There are no legacy *.inf files to process!
11/09/2008 10:15:54            Done.

11/09/2008 10:15:54            Processing general customizations...
11/09/2008 10:15:54            Done.

11/09/2008 10:15:54            Processing Help->About customization...
11/09/2008 10:15:54            Done.

11/09/2008 10:15:54            Processing browser toolbar buttons...
11/09/2008 10:15:54            There are no toolbar buttons to process!
11/09/2008 10:15:54            Done.

11/09/2008 10:15:54            Processing root certificates...
11/09/2008 10:15:54            This feature is for ISPs only!
11/09/2008 10:15:54            Done.

11/09/2008 10:15:54            Processing default favorites and/or quick links...
11/09/2008 10:15:54                There are no favorites to add!
11/09/2008 10:15:54                There are no quick links to add!
11/09/2008 10:15:54            Done.

11/09/2008 10:15:54            Processing deletion of favorites and/or quick links...
11/09/2008 10:15:54            None of the favorites folders were specified to be deleted!
11/09/2008 10:15:54            Done.

11/09/2008 10:15:54            Processing favorites...
11/09/2008 10:15:54            There are no favorites to add!
11/09/2008 10:15:54            Done.

11/09/2008 10:15:54            Processing ordering of favorites...
11/09/2008 10:15:54            Favorites will be put into the default position!
11/09/2008 10:15:54            Done.

11/09/2008 10:15:54            Processing quick links...
11/09/2008 10:15:54            There are no quick links to add!
11/09/2008 10:15:54            Done.

11/09/2008 10:15:54            Processing ordering of quick links...
11/09/2008 10:15:54            Quick Links will be put into the default position!
11/09/2008 10:15:54            Done.

11/09/2008 10:15:54            Processing connection settings...
11/09/2008 10:15:54            There are no connection settings to process!
11/09/2008 10:15:54            Done.

11/09/2008 10:15:54            Processing TrustedPublisherLockdown restriction...
11/09/2008 10:15:54            This restriction is not set!
11/09/2008 10:15:54            Done.

11/09/2008 10:15:54            Registering download URLs as safe for updating IE...
11/09/2008 10:15:54            Done.

11/09/2008 10:15:54            Deleting links...
11/09/2008 10:15:54            No links to delete!
11/09/2008 10:15:54            Done.

11/09/2008 10:15:54            Creating feeds...
11/09/2008 10:15:54            Done.

11/09/2008 10:15:54            Creating start pages...
11/09/2008 10:15:54            There are no start pages to add!
11/09/2008 10:15:54            Done.

11/09/2008 10:15:54            Creating search providers...
11/09/2008 10:15:54            There are no search providers to add!
11/09/2008 10:15:54            Done.

11/09/2008 10:15:54            Processing active desktop customizations...
11/09/2008 10:15:54            No desktop customizations to process!
11/09/2008 10:15:54            Done.

11/09/2008 10:15:54            Processing channels and their categories (if any)...
11/09/2008 10:15:54            There are no channels to process!
11/09/2008 10:15:54            Done.

11/09/2008 10:15:54            Processing software update channels...
11/09/2008 10:15:54            There are no software update channels to add!
11/09/2008 10:15:54            Done.

11/09/2008 10:15:54            Actual processing of channels by calling webcheck.dll "DllInstall" API...
11/09/2008 10:15:54            There is no webcheck processing necessary!
11/09/2008 10:15:54            Done.

11/09/2008 10:15:54            Showing channel bar on the desktop...
11/09/2008 10:15:54            Done.

11/09/2008 10:15:54            Processing subscriptions...
11/09/2008 10:15:54            There are no subscriptions to process!
11/09/2008 10:15:54            Done.

11/09/2008 10:15:54            Refreshing browser settings...
11/09/2008 10:15:54            Broadcasting "Windows settings change" to all top level windows...
11/09/2008 10:15:54            Done.
11/09/2008 10:15:54        Done.
11/09/2008 10:15:54        Favorites will be put into the default position!
11/09/2008 10:15:54        Quick Links will be put into the default position!
11/09/2008 10:15:54        There are no channels to process!


11/09/2008 10:15:54        COM initialized with S_OK success code.

11/09/2008 10:15:54    Branding Internet Explorer...
11/09/2008 10:15:54    Command line is "/mode:gp /ins:"C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Internet Explorer\Custom Settings\Custom1\install.ins" /disable /flags:eriu=0,favo=0,qlo=0,chl=0,chlb=0,znu=0".

11/09/2008 10:15:54    Global branding settings are:
11/09/2008 10:15:54        Context is (0x04800200) "Group Policy, spawned in a child process";
11/09/2008 10:15:54        Settings file is        "C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Internet Explorer\Custom Settings\Custom1\install.ins";
11/09/2008 10:15:54        Target folder path is   "C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Internet Explorer\Custom Settings\Custom1".
11/09/2008 10:15:54    Done.

11/09/2008 10:15:54        Processing wininet setup...
11/09/2008 10:15:54        Done.

11/09/2008 10:15:54        Processing current user policies and restrictions...
11/09/2008 10:15:54            ! processExtRegInfSectionHelper for section"ExtRegInf.Hkcu".
11/09/2008 10:15:54            ! Key is  "SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}".
11/09/2008 10:15:54            Not Delaying executing C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Internet Explorer\Custom Settings\Custom1\seczones.inf.
11/09/2008 10:15:54            "seczones.inf" processed successfully.
11/09/2008 10:15:54            ! Key is  "SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}".
11/09/2008 10:15:54            Machine is not hardened

11/09/2008 10:15:54        Done.

11/09/2008 10:15:54        Registering download URLs as safe for updating IE...
11/09/2008 10:15:54        Done.

11/09/2008 10:15:54        Refreshing browser settings...
11/09/2008 10:15:54        Posted update request to the hidden browser window!
11/09/2008 10:15:54        Broadcasting "Windows settings change" to all top level windows...
11/09/2008 10:15:54        Done.
11/09/2008 10:15:54    Done.
11/09/2008 10:15:54    Done processing group policy.
0
 
LVL 1

Author Comment

by:natrat22
ID: 22915251
I can also confirm that exactly the same issue is present on a different customers SBS2003 setup, basic domain, a dozen or so computers, single domain controller (the SBS box).  
0
 
LVL 38

Expert Comment

by:Philip Elder
ID: 22918674
You are trying to implement a User applicable GPO at the domain level. While this will work, it is not the proper method for implementing this setup.

Attach the GPO to the SBSUsers OU where your users are located.
Disable the Computer portion of the GPO because you are not using it.
Right click on the GPO and put a check mark beside "Enforced" to force the GP settings.
Make sure the Scope of your GPO is Authenticated Users.

Run the GP Modelling wizard to test things if necessary. But, the above instructions should make it clear how to apply User level GP settings in an SBS environment.

Philip
0
 
LVL 1

Author Comment

by:natrat22
ID: 22919555
Hi Phillip,

I have already done exactly as you describe (see screenshot).  The only reason i went back to putting the setting on the default domain policy was to confirm that it still didn't work.  

The content ratings files are being copied to the client machines when gpupdate is run, however they are not being applied.  All other policy settings are working except this particular one.

nathan
gp.jpg
0
 
LVL 38

Expert Comment

by:Philip Elder
ID: 22919665
As Petri says the hook is here:
11/09/2008 10:15:54            Processing local machine policies and restrictions...
11/09/2008 10:15:54            GP context. Not processing the HKLM sections.!
11/09/2008 10:15:54            Done.

Sounds like you need to setup the computer side with the appropriate HKLM registry settings in your GPO. The client should then import them okay. Have a look at that ratings.inf file to see how those keys are structured and set them up into the Registry portion of your GPO.

Philip
0
 
LVL 38

Expert Comment

by:Philip Elder
ID: 22919668
You may need to create and link a new GPO to the SBSComputers OU and enforce it and place the registry settings therein.
Philip
0
 
LVL 1

Author Comment

by:natrat22
ID: 22919769
That would be classed as a workaround yes?  It should actually be applying successfully as is?  
0
 
LVL 38

Expert Comment

by:Philip Elder
ID: 22919946
IE 6 took the settings successfully where IE7 does not. The error indicates that IE7 wants its updates to come through Group Policy from what I can tell.

It makes sense since IE 7 is a lot tigher around its security structures. Things changed greatly between the two editions.

Philip
0
 
LVL 7

Expert Comment

by:efg-uae
ID: 22919961
For me i dont have any issue for IE7, All changes made in GPO are successfully applied to all clients.
 
0
 
LVL 1

Author Comment

by:natrat22
ID: 22920077
Have you tested the content ratings?  All other IE7 changes are working for me also.
0
 
LVL 1

Author Comment

by:natrat22
ID: 22948302
Despite having now confirmed this issue is on three seperate SBS systems, it seems i'll need a workaround if everybody else says the content ratings policy works fine for them with SBS.

I've no idea about how to use Group Policy to forec the insertion of registry keys.  Can someone help?

I've attached the ratings.inf file that group policy successfully creates on the client (but doesn't apply).  It has the registry keys relating to blocking facebook.  How can i use group policy to force these to work?

ta
nathan
0
 
LVL 1

Author Comment

by:natrat22
ID: 22948308
oops and here is the attachment.  Have renamed it to a .txt.
ratings.txt
0
 
LVL 1

Accepted Solution

by:
natrat22 earned 0 total points
ID: 23081570
Ok well i didn't get anywhere with this, the same behaviour for that particular group policy happens on all the SBS2003 boxes I manage.  All other GP settings I do are working so i'm pretty sure it's not an issue with my setup now.  In any case without any further help this question might as well be closed.  I've just added facebook.com to DNS pointing to their companyweb as a workaround.

Ta for the attempts.
0

Join & Write a Comment

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now