asked on

Block downloads using group policy in windows server 2008

Hi,
I have Windows Server 2008 domain environment. My previous administrator has blocked downloads using group policy, whenever user tries to download any file they get message saying 'Local Security Policy does not allow to download'. I have verified, it has not configured on local machines. In the local PC IE Options, I also see a message 'Some of the settings have been controlled by Administrator'. But I am not finding any setting on Group Policy. There are only two configurations are done in Group Policy. They are 1. user cannot change proxy settings and 2. security tab on IE Options is disabled. Can you please help me find out where that setting has been set.
Thanks in advance.
KP

jawa29

Have you ran a Group Policy Result against a PC with these settings?

This way you can see what polices are applying and what settings they are stamping down.

Jawa29

James

On a PC go to the command prompt and type

gpresult /v and then press enter.

kpvarahagiri

ASKER

Thanks for response. The gpresult file is pasted hereunder for reference.
Apart from Default Domain Policy, there is another GPO called 'Internet PCs' is enabled on it. Internet PCs is a separate OU that has been created exclusively for Internet Users in the office. The said 2 policies i.e., security option disabled in IE Options and disabled proxy settings change are from this GPO only.
Can you please go through it and see if you can help me further.
Thanks

COMPUTER SETTINGS
------------------
CN=NETUSE2,OU=Internet PCs,DC=xxxxx

Applied Group Policy Objects
-----------------------------
Internet PCs
Default Domain Policy

The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Local Group Policy
Filtering: Not Applied (Empty)

The computer is a part of the following security groups:
--------------------------------------------------------
BUILTIN\Administrators
Everyone
BUILTIN\Users
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
NETUSE2$
Domain Computers

Resultant Set Of Policies for Computer:
----------------------------------------

Software Installations
----------------------
N/A

Startup Scripts
---------------
GPO: Default Domain Policy
Name: NetworkDrives.bat
Parameters:
LastExecuted: This script has not yet been executed.

Shutdown Scripts
----------------
N/A

Account Policies
----------------
GPO: Default Domain Policy
Policy: MinimumPasswordAge
Computer Setting: N/A

GPO: Default Domain Policy
Policy: MinimumPasswordLength
Computer Setting: 6

GPO: Default Domain Policy
Policy: LockoutBadCount
Computer Setting: N/A

GPO: Default Domain Policy
Policy: MaximumPasswordAge
Computer Setting: 999

Audit Policy
------------
N/A

User Rights
-----------
N/A

Security Options
----------------
GPO: Default Domain Policy
Policy: RequireLogonToChangePassword
Computer Setting: Not Enabled

GPO: Default Domain Policy
Policy: PasswordComplexity
Computer Setting: Not Enabled

GPO: Default Domain Policy
Policy: ForceLogoffWhenHourExpire
Computer Setting: Not Enabled

GPO: Default Domain Policy
Policy: LSAAnonymousNameLookup
Computer Setting: Not Enabled

GPO: Default Domain Policy
Policy: ClearTextPassword
Computer Setting: Not Enabled

Event Log Settings
------------------
N/A

Restricted Groups
-----------------
N/A

System Services
---------------
N/A

Registry Settings
-----------------
N/A

File System Settings
--------------------
N/A

Public Key Policies
-------------------
N/A

Administrative Templates
------------------------
GPO: Internet PCs
Setting: Software\Policies\Microsoft\Internet Explorer\Control Panel
State: Enabled

GPO: Internet PCs
Setting: Software\Policies\Microsoft\Internet Explorer\Control Panel
State: Enabled

USER SETTINGS
--------------
CN=Netuse,OU=Internet PCs,DC=xxxx

Applied Group Policy Objects
-----------------------------
Internet PCs
Default Domain Policy

The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Local Group Policy
Filtering: Not Applied (Empty)

The user is a part of the following security groups:
----------------------------------------------------
Domain Users
Everyone
Remote Desktop Users
Network Configuration Operators
BUILTIN\Users
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
LOCAL

Resultant Set Of Policies for User:
------------------------------------

Software Installations
----------------------
N/A

Public Key Policies
-------------------
N/A

Administrative Templates
------------------------
GPO: Internet PCs
Setting: Software\Policies\Microsoft\Internet Explorer\Control Panel
State: Enabled

GPO: Internet PCs
Setting: Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
State: Enabled

Folder Redirection
------------------
N/A

Internet Explorer Browser User Interface
----------------------------------------
GPO: Internet PCs
Large Animated Bitmap Name: N/A
Large Custom Logo Bitmap Name: N/A
Title BarText: N/A
UserAgent Text: N/A
Delete existing toolbar buttons: No

Internet Explorer URLs
----------------------
GPO: Internet PCs
Home page URL: N/A
Search page URL: N/A
Online support page URL: N/A

Internet Explorer Security
--------------------------
Always Viewable Sites: N/A
Password Override Enabled: False

GPO: Internet PCs
Import the current Content Ratings Settings: No
Import the current Security Zones Settings: No
Import current Authenticode Security Information: No
Enable trusted publisher lockdown: No

Internet Explorer Programs
--------------------------
GPO: Internet PCs
Import the current Program Settings: No

ASKER CERTIFIED SOLUTION

jawa29

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

kpvarahagiri

ASKER

Thanks alot. I got it.
Thanks for prompt response. The question is now closed.
KP

kpvarahagiri

ASKER

I could find out way with assistance of Jawa29. Thanks.