Solved

Block downloads using group policy in windows server 2008

Posted on 2011-03-14
6
1,495 Views
Last Modified: 2012-05-11
Hi,
I have Windows Server 2008 domain environment. My previous administrator has blocked downloads using group policy, whenever user tries to download any file they get message saying 'Local Security Policy does not allow to download'. I have verified, it has not configured on local machines. In the local PC IE Options, I also see a message 'Some of the settings have been controlled by Administrator'. But I am not finding any setting on Group Policy. There are only two configurations are done in Group Policy.  They are 1. user cannot change proxy settings and 2. security tab on IE Options is disabled. Can you please help me find out where that setting has been set.
Thanks in advance.
KP
0
Comment
Question by:kpvarahagiri
  • 3
  • 2
6 Comments
 
LVL 8

Expert Comment

by:jawa29
ID: 35126741
Have you ran a Group Policy Result against a PC with these settings?

This way you can see what polices are applying and what settings they are stamping down.

Jawa29
0
 
LVL 15

Expert Comment

by:JBond2010
ID: 35126778
On a PC go to the command prompt and type

gpresult /v and then press enter.
0
 

Author Comment

by:kpvarahagiri
ID: 35126962
Thanks for response. The gpresult file is pasted hereunder for reference.
Apart from Default Domain Policy, there is another GPO called 'Internet PCs' is enabled on it. Internet PCs is a separate OU that has been created exclusively for Internet Users in the office. The said 2 policies i.e., security option disabled in IE Options and disabled proxy settings change are from this GPO only.
Can you please go through it and see if you can help me further.
Thanks

COMPUTER SETTINGS
------------------
    CN=NETUSE2,OU=Internet PCs,DC=xxxxx
   
    Applied Group Policy Objects
    -----------------------------
        Internet PCs
        Default Domain Policy

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Local Group Policy
            Filtering:  Not Applied (Empty)

    The computer is a part of the following security groups:
    --------------------------------------------------------
        BUILTIN\Administrators
        Everyone
        BUILTIN\Users
        NT AUTHORITY\NETWORK
        NT AUTHORITY\Authenticated Users
        NETUSE2$
        Domain Computers

    Resultant Set Of Policies for Computer:
    ----------------------------------------

        Software Installations
        ----------------------
            N/A

        Startup Scripts
        ---------------
            GPO: Default Domain Policy
                Name:         NetworkDrives.bat
                Parameters:
                LastExecuted: This script has not yet been executed.

        Shutdown Scripts
        ----------------
            N/A

        Account Policies
        ----------------
            GPO: Default Domain Policy
                Policy:            MinimumPasswordAge
                Computer Setting:  N/A

            GPO: Default Domain Policy
                Policy:            MinimumPasswordLength
                Computer Setting:  6

            GPO: Default Domain Policy
                Policy:            LockoutBadCount
                Computer Setting:  N/A

            GPO: Default Domain Policy
                Policy:            MaximumPasswordAge
                Computer Setting:  999

        Audit Policy
        ------------
            N/A

        User Rights
        -----------
            N/A

        Security Options
        ----------------
            GPO: Default Domain Policy
                Policy:            RequireLogonToChangePassword
                Computer Setting:  Not Enabled

            GPO: Default Domain Policy
                Policy:            PasswordComplexity
                Computer Setting:  Not Enabled

            GPO: Default Domain Policy
                Policy:            ForceLogoffWhenHourExpire
                Computer Setting:  Not Enabled

            GPO: Default Domain Policy
                Policy:            LSAAnonymousNameLookup
                Computer Setting:  Not Enabled

            GPO: Default Domain Policy
                Policy:            ClearTextPassword
                Computer Setting:  Not Enabled

        Event Log Settings
        ------------------
            N/A

        Restricted Groups
        -----------------
            N/A

        System Services
        ---------------
            N/A

        Registry Settings
        -----------------
            N/A

        File System Settings
        --------------------
            N/A

        Public Key Policies
        -------------------
            N/A

        Administrative Templates
        ------------------------
            GPO: Internet PCs
                Setting: Software\Policies\Microsoft\Internet Explorer\Control Panel
                State:   Enabled

            GPO: Internet PCs
                Setting: Software\Policies\Microsoft\Internet Explorer\Control Panel
                State:   Enabled


USER SETTINGS
--------------
    CN=Netuse,OU=Internet PCs,DC=xxxx
   

    Applied Group Policy Objects
    -----------------------------
        Internet PCs
        Default Domain Policy

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Local Group Policy
            Filtering:  Not Applied (Empty)

    The user is a part of the following security groups:
    ----------------------------------------------------
        Domain Users
        Everyone
        Remote Desktop Users
        Network Configuration Operators
        BUILTIN\Users
        NT AUTHORITY\INTERACTIVE
        NT AUTHORITY\Authenticated Users
        LOCAL

    Resultant Set Of Policies for User:
    ------------------------------------

        Software Installations
        ----------------------
            N/A

        Public Key Policies
        -------------------
            N/A

        Administrative Templates
        ------------------------
            GPO: Internet PCs
                Setting: Software\Policies\Microsoft\Internet Explorer\Control Panel
                State:   Enabled

            GPO: Internet PCs
                Setting: Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
                State:   Enabled

        Folder Redirection
        ------------------
            N/A

        Internet Explorer Browser User Interface
        ----------------------------------------
            GPO: Internet PCs
                Large Animated Bitmap Name:      N/A
                Large Custom Logo Bitmap Name:   N/A
                Title BarText:                   N/A
                UserAgent Text:                  N/A
                Delete existing toolbar buttons: No

        Internet Explorer URLs
        ----------------------
            GPO: Internet PCs
                Home page URL:           N/A
                Search page URL:         N/A
                Online support page URL: N/A

        Internet Explorer Security
        --------------------------
            Always Viewable Sites:     N/A
            Password Override Enabled: False

            GPO: Internet PCs
                Import the current Content Ratings Settings:      No
                Import the current Security Zones Settings:       No
                Import current Authenticode Security Information: No
                Enable trusted publisher lockdown:                No

        Internet Explorer Programs
        --------------------------
            GPO: Internet PCs
                Import the current Program Settings: No
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 8

Accepted Solution

by:
jawa29 earned 50 total points
ID: 35126989
If you look under Group Policy Objects in the GPO Management Console, find the policy called Internet PCs then right click on it and in the sub menu GPO Status set it to All Settings Disabled.

Go to a client PC and run GPUpdate /force - Reboot if needed.

This will tell us if this is the policy causing the issue.

Jawa29
0
 

Author Comment

by:kpvarahagiri
ID: 35127046
Thanks alot. I got it.
Thanks for prompt response. The question is now closed.
KP
0
 

Author Closing Comment

by:kpvarahagiri
ID: 35127052
I could find out way with assistance of Jawa29. Thanks.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have been working as System Administrators since 2003. I recently started working as a FreeLancer and was amazed to find out that very few people are taking full advantage of their Windows Server Machines. Microsoft Windows Server comes with so…
I was asked if I could set up a fax machine so that incoming faxes were delivered to people's Exchange inboxes and so that they could send faxes from their desktops without needing to print the document first.  I knew it was possible but I had no id…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question