What I was hoping to do is to create a group policy to block users from accessing the connections tab of internet explorer. At the moment, we have a proxy enabled but users disable this in connection settings to access internet.
The steps I have taken to create this is:
1) I’ve created a group called ‘blockusersinternet’. It is a global security group and contains the users I require to block internet access to.
2) Next, I opened the GPMC. Right clicked on group ‘blockinternetaccess’ and created and link a gpo.
3) In this group, I removed ‘Authenticated users’ and added the ‘blockusersinternet’ group.
4) After this, I edited the gpo to disable the connections page in internet explorer.
5) I ran gpupdate /force on the server.
6) I’ve checked this on a machine as the user I hoped to block, but they still have access to connections page in internet explorer. I’ve done log off, restarts etc.
7) I’ve ran a group policy modelling wizard, but while it lists the user as a member of the ‘blockusersinternet’ group, it doesn’t list the gpo to block internet access in either applied or denied gpo’s.
8) At the moment, there is only a default group policy that applies to all users. This appears to work.
9) I’ve tried creating a similar policy at another location and here it worked.
I’ve had a look at the event viewer and am getting the following message:
Security policies where propagated with warning 0x534. No mapping between account names and security id’s was done.
The particular group that I’m applying this to has only a single user. It was added with the ‘check names’ functionality so should be correct. User can log in and access domain.