Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Block downloads using group policy in windows server 2008

Posted on 2011-03-14
6
Medium Priority
?
1,674 Views
Last Modified: 2012-05-11
Hi,
I have Windows Server 2008 domain environment. My previous administrator has blocked downloads using group policy, whenever user tries to download any file they get message saying 'Local Security Policy does not allow to download'. I have verified, it has not configured on local machines. In the local PC IE Options, I also see a message 'Some of the settings have been controlled by Administrator'. But I am not finding any setting on Group Policy. There are only two configurations are done in Group Policy.  They are 1. user cannot change proxy settings and 2. security tab on IE Options is disabled. Can you please help me find out where that setting has been set.
Thanks in advance.
KP
0
Comment
Question by:kpvarahagiri
  • 3
  • 2
6 Comments
 
LVL 8

Expert Comment

by:jawa29
ID: 35126741
Have you ran a Group Policy Result against a PC with these settings?

This way you can see what polices are applying and what settings they are stamping down.

Jawa29
0
 
LVL 15

Expert Comment

by:JBond2010
ID: 35126778
On a PC go to the command prompt and type

gpresult /v and then press enter.
0
 

Author Comment

by:kpvarahagiri
ID: 35126962
Thanks for response. The gpresult file is pasted hereunder for reference.
Apart from Default Domain Policy, there is another GPO called 'Internet PCs' is enabled on it. Internet PCs is a separate OU that has been created exclusively for Internet Users in the office. The said 2 policies i.e., security option disabled in IE Options and disabled proxy settings change are from this GPO only.
Can you please go through it and see if you can help me further.
Thanks

COMPUTER SETTINGS
------------------
    CN=NETUSE2,OU=Internet PCs,DC=xxxxx
   
    Applied Group Policy Objects
    -----------------------------
        Internet PCs
        Default Domain Policy

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Local Group Policy
            Filtering:  Not Applied (Empty)

    The computer is a part of the following security groups:
    --------------------------------------------------------
        BUILTIN\Administrators
        Everyone
        BUILTIN\Users
        NT AUTHORITY\NETWORK
        NT AUTHORITY\Authenticated Users
        NETUSE2$
        Domain Computers

    Resultant Set Of Policies for Computer:
    ----------------------------------------

        Software Installations
        ----------------------
            N/A

        Startup Scripts
        ---------------
            GPO: Default Domain Policy
                Name:         NetworkDrives.bat
                Parameters:
                LastExecuted: This script has not yet been executed.

        Shutdown Scripts
        ----------------
            N/A

        Account Policies
        ----------------
            GPO: Default Domain Policy
                Policy:            MinimumPasswordAge
                Computer Setting:  N/A

            GPO: Default Domain Policy
                Policy:            MinimumPasswordLength
                Computer Setting:  6

            GPO: Default Domain Policy
                Policy:            LockoutBadCount
                Computer Setting:  N/A

            GPO: Default Domain Policy
                Policy:            MaximumPasswordAge
                Computer Setting:  999

        Audit Policy
        ------------
            N/A

        User Rights
        -----------
            N/A

        Security Options
        ----------------
            GPO: Default Domain Policy
                Policy:            RequireLogonToChangePassword
                Computer Setting:  Not Enabled

            GPO: Default Domain Policy
                Policy:            PasswordComplexity
                Computer Setting:  Not Enabled

            GPO: Default Domain Policy
                Policy:            ForceLogoffWhenHourExpire
                Computer Setting:  Not Enabled

            GPO: Default Domain Policy
                Policy:            LSAAnonymousNameLookup
                Computer Setting:  Not Enabled

            GPO: Default Domain Policy
                Policy:            ClearTextPassword
                Computer Setting:  Not Enabled

        Event Log Settings
        ------------------
            N/A

        Restricted Groups
        -----------------
            N/A

        System Services
        ---------------
            N/A

        Registry Settings
        -----------------
            N/A

        File System Settings
        --------------------
            N/A

        Public Key Policies
        -------------------
            N/A

        Administrative Templates
        ------------------------
            GPO: Internet PCs
                Setting: Software\Policies\Microsoft\Internet Explorer\Control Panel
                State:   Enabled

            GPO: Internet PCs
                Setting: Software\Policies\Microsoft\Internet Explorer\Control Panel
                State:   Enabled


USER SETTINGS
--------------
    CN=Netuse,OU=Internet PCs,DC=xxxx
   

    Applied Group Policy Objects
    -----------------------------
        Internet PCs
        Default Domain Policy

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Local Group Policy
            Filtering:  Not Applied (Empty)

    The user is a part of the following security groups:
    ----------------------------------------------------
        Domain Users
        Everyone
        Remote Desktop Users
        Network Configuration Operators
        BUILTIN\Users
        NT AUTHORITY\INTERACTIVE
        NT AUTHORITY\Authenticated Users
        LOCAL

    Resultant Set Of Policies for User:
    ------------------------------------

        Software Installations
        ----------------------
            N/A

        Public Key Policies
        -------------------
            N/A

        Administrative Templates
        ------------------------
            GPO: Internet PCs
                Setting: Software\Policies\Microsoft\Internet Explorer\Control Panel
                State:   Enabled

            GPO: Internet PCs
                Setting: Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
                State:   Enabled

        Folder Redirection
        ------------------
            N/A

        Internet Explorer Browser User Interface
        ----------------------------------------
            GPO: Internet PCs
                Large Animated Bitmap Name:      N/A
                Large Custom Logo Bitmap Name:   N/A
                Title BarText:                   N/A
                UserAgent Text:                  N/A
                Delete existing toolbar buttons: No

        Internet Explorer URLs
        ----------------------
            GPO: Internet PCs
                Home page URL:           N/A
                Search page URL:         N/A
                Online support page URL: N/A

        Internet Explorer Security
        --------------------------
            Always Viewable Sites:     N/A
            Password Override Enabled: False

            GPO: Internet PCs
                Import the current Content Ratings Settings:      No
                Import the current Security Zones Settings:       No
                Import current Authenticode Security Information: No
                Enable trusted publisher lockdown:                No

        Internet Explorer Programs
        --------------------------
            GPO: Internet PCs
                Import the current Program Settings: No
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 8

Accepted Solution

by:
jawa29 earned 150 total points
ID: 35126989
If you look under Group Policy Objects in the GPO Management Console, find the policy called Internet PCs then right click on it and in the sub menu GPO Status set it to All Settings Disabled.

Go to a client PC and run GPUpdate /force - Reboot if needed.

This will tell us if this is the policy causing the issue.

Jawa29
0
 

Author Comment

by:kpvarahagiri
ID: 35127046
Thanks alot. I got it.
Thanks for prompt response. The question is now closed.
KP
0
 

Author Closing Comment

by:kpvarahagiri
ID: 35127052
I could find out way with assistance of Jawa29. Thanks.
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This article explains how to install and use the NTBackup utility that comes with Windows Server.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question