kpvarahagiri
asked on
Block downloads using group policy in windows server 2008
Hi,
I have Windows Server 2008 domain environment. My previous administrator has blocked downloads using group policy, whenever user tries to download any file they get message saying 'Local Security Policy does not allow to download'. I have verified, it has not configured on local machines. In the local PC IE Options, I also see a message 'Some of the settings have been controlled by Administrator'. But I am not finding any setting on Group Policy. There are only two configurations are done in Group Policy. They are 1. user cannot change proxy settings and 2. security tab on IE Options is disabled. Can you please help me find out where that setting has been set.
Thanks in advance.
KP
I have Windows Server 2008 domain environment. My previous administrator has blocked downloads using group policy, whenever user tries to download any file they get message saying 'Local Security Policy does not allow to download'. I have verified, it has not configured on local machines. In the local PC IE Options, I also see a message 'Some of the settings have been controlled by Administrator'. But I am not finding any setting on Group Policy. There are only two configurations are done in Group Policy. They are 1. user cannot change proxy settings and 2. security tab on IE Options is disabled. Can you please help me find out where that setting has been set.
Thanks in advance.
KP
On a PC go to the command prompt and type
gpresult /v and then press enter.
gpresult /v and then press enter.
ASKER
Thanks for response. The gpresult file is pasted hereunder for reference.
Apart from Default Domain Policy, there is another GPO called 'Internet PCs' is enabled on it. Internet PCs is a separate OU that has been created exclusively for Internet Users in the office. The said 2 policies i.e., security option disabled in IE Options and disabled proxy settings change are from this GPO only.
Can you please go through it and see if you can help me further.
Thanks
COMPUTER SETTINGS
------------------
CN=NETUSE2,OU=Internet PCs,DC=xxxxx
Applied Group Policy Objects
-------------------------- ---
Internet PCs
Default Domain Policy
The following GPOs were not applied because they were filtered out
-------------------------- ---------- ---------- ---------- ---------- -
Local Group Policy
Filtering: Not Applied (Empty)
The computer is a part of the following security groups:
-------------------------- ---------- ---------- ----------
BUILTIN\Administrators
Everyone
BUILTIN\Users
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
NETUSE2$
Domain Computers
Resultant Set Of Policies for Computer:
-------------------------- ---------- ----
Software Installations
----------------------
N/A
Startup Scripts
---------------
GPO: Default Domain Policy
Name: NetworkDrives.bat
Parameters:
LastExecuted: This script has not yet been executed.
Shutdown Scripts
----------------
N/A
Account Policies
----------------
GPO: Default Domain Policy
Policy: MinimumPasswordAge
Computer Setting: N/A
GPO: Default Domain Policy
Policy: MinimumPasswordLength
Computer Setting: 6
GPO: Default Domain Policy
Policy: LockoutBadCount
Computer Setting: N/A
GPO: Default Domain Policy
Policy: MaximumPasswordAge
Computer Setting: 999
Audit Policy
------------
N/A
User Rights
-----------
N/A
Security Options
----------------
GPO: Default Domain Policy
Policy: RequireLogonToChangePasswo rd
Computer Setting: Not Enabled
GPO: Default Domain Policy
Policy: PasswordComplexity
Computer Setting: Not Enabled
GPO: Default Domain Policy
Policy: ForceLogoffWhenHourExpire
Computer Setting: Not Enabled
GPO: Default Domain Policy
Policy: LSAAnonymousNameLookup
Computer Setting: Not Enabled
GPO: Default Domain Policy
Policy: ClearTextPassword
Computer Setting: Not Enabled
Event Log Settings
------------------
N/A
Restricted Groups
-----------------
N/A
System Services
---------------
N/A
Registry Settings
-----------------
N/A
File System Settings
--------------------
N/A
Public Key Policies
-------------------
N/A
Administrative Templates
------------------------
GPO: Internet PCs
Setting: Software\Policies\Microsof t\Internet Explorer\Control Panel
State: Enabled
GPO: Internet PCs
Setting: Software\Policies\Microsof t\Internet Explorer\Control Panel
State: Enabled
USER SETTINGS
--------------
CN=Netuse,OU=Internet PCs,DC=xxxx
Applied Group Policy Objects
-------------------------- ---
Internet PCs
Default Domain Policy
The following GPOs were not applied because they were filtered out
-------------------------- ---------- ---------- ---------- ---------- -
Local Group Policy
Filtering: Not Applied (Empty)
The user is a part of the following security groups:
-------------------------- ---------- ---------- ------
Domain Users
Everyone
Remote Desktop Users
Network Configuration Operators
BUILTIN\Users
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
LOCAL
Resultant Set Of Policies for User:
-------------------------- ----------
Software Installations
----------------------
N/A
Public Key Policies
-------------------
N/A
Administrative Templates
------------------------
GPO: Internet PCs
Setting: Software\Policies\Microsof t\Internet Explorer\Control Panel
State: Enabled
GPO: Internet PCs
Setting: Software\Policies\Microsof t\Windows\ CurrentVer sion\Inter net Settings\Zones\3
State: Enabled
Folder Redirection
------------------
N/A
Internet Explorer Browser User Interface
-------------------------- ---------- ----
GPO: Internet PCs
Large Animated Bitmap Name: N/A
Large Custom Logo Bitmap Name: N/A
Title BarText: N/A
UserAgent Text: N/A
Delete existing toolbar buttons: No
Internet Explorer URLs
----------------------
GPO: Internet PCs
Home page URL: N/A
Search page URL: N/A
Online support page URL: N/A
Internet Explorer Security
--------------------------
Always Viewable Sites: N/A
Password Override Enabled: False
GPO: Internet PCs
Import the current Content Ratings Settings: No
Import the current Security Zones Settings: No
Import current Authenticode Security Information: No
Enable trusted publisher lockdown: No
Internet Explorer Programs
--------------------------
GPO: Internet PCs
Import the current Program Settings: No
Apart from Default Domain Policy, there is another GPO called 'Internet PCs' is enabled on it. Internet PCs is a separate OU that has been created exclusively for Internet Users in the office. The said 2 policies i.e., security option disabled in IE Options and disabled proxy settings change are from this GPO only.
Can you please go through it and see if you can help me further.
Thanks
COMPUTER SETTINGS
------------------
CN=NETUSE2,OU=Internet PCs,DC=xxxxx
Applied Group Policy Objects
--------------------------
Internet PCs
Default Domain Policy
The following GPOs were not applied because they were filtered out
--------------------------
Local Group Policy
Filtering: Not Applied (Empty)
The computer is a part of the following security groups:
--------------------------
BUILTIN\Administrators
Everyone
BUILTIN\Users
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
NETUSE2$
Domain Computers
Resultant Set Of Policies for Computer:
--------------------------
Software Installations
----------------------
N/A
Startup Scripts
---------------
GPO: Default Domain Policy
Name: NetworkDrives.bat
Parameters:
LastExecuted: This script has not yet been executed.
Shutdown Scripts
----------------
N/A
Account Policies
----------------
GPO: Default Domain Policy
Policy: MinimumPasswordAge
Computer Setting: N/A
GPO: Default Domain Policy
Policy: MinimumPasswordLength
Computer Setting: 6
GPO: Default Domain Policy
Policy: LockoutBadCount
Computer Setting: N/A
GPO: Default Domain Policy
Policy: MaximumPasswordAge
Computer Setting: 999
Audit Policy
------------
N/A
User Rights
-----------
N/A
Security Options
----------------
GPO: Default Domain Policy
Policy: RequireLogonToChangePasswo
Computer Setting: Not Enabled
GPO: Default Domain Policy
Policy: PasswordComplexity
Computer Setting: Not Enabled
GPO: Default Domain Policy
Policy: ForceLogoffWhenHourExpire
Computer Setting: Not Enabled
GPO: Default Domain Policy
Policy: LSAAnonymousNameLookup
Computer Setting: Not Enabled
GPO: Default Domain Policy
Policy: ClearTextPassword
Computer Setting: Not Enabled
Event Log Settings
------------------
N/A
Restricted Groups
-----------------
N/A
System Services
---------------
N/A
Registry Settings
-----------------
N/A
File System Settings
--------------------
N/A
Public Key Policies
-------------------
N/A
Administrative Templates
------------------------
GPO: Internet PCs
Setting: Software\Policies\Microsof
State: Enabled
GPO: Internet PCs
Setting: Software\Policies\Microsof
State: Enabled
USER SETTINGS
--------------
CN=Netuse,OU=Internet PCs,DC=xxxx
Applied Group Policy Objects
--------------------------
Internet PCs
Default Domain Policy
The following GPOs were not applied because they were filtered out
--------------------------
Local Group Policy
Filtering: Not Applied (Empty)
The user is a part of the following security groups:
--------------------------
Domain Users
Everyone
Remote Desktop Users
Network Configuration Operators
BUILTIN\Users
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
LOCAL
Resultant Set Of Policies for User:
--------------------------
Software Installations
----------------------
N/A
Public Key Policies
-------------------
N/A
Administrative Templates
------------------------
GPO: Internet PCs
Setting: Software\Policies\Microsof
State: Enabled
GPO: Internet PCs
Setting: Software\Policies\Microsof
State: Enabled
Folder Redirection
------------------
N/A
Internet Explorer Browser User Interface
--------------------------
GPO: Internet PCs
Large Animated Bitmap Name: N/A
Large Custom Logo Bitmap Name: N/A
Title BarText: N/A
UserAgent Text: N/A
Delete existing toolbar buttons: No
Internet Explorer URLs
----------------------
GPO: Internet PCs
Home page URL: N/A
Search page URL: N/A
Online support page URL: N/A
Internet Explorer Security
--------------------------
Always Viewable Sites: N/A
Password Override Enabled: False
GPO: Internet PCs
Import the current Content Ratings Settings: No
Import the current Security Zones Settings: No
Import current Authenticode Security Information: No
Enable trusted publisher lockdown: No
Internet Explorer Programs
--------------------------
GPO: Internet PCs
Import the current Program Settings: No
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks alot. I got it.
Thanks for prompt response. The question is now closed.
KP
Thanks for prompt response. The question is now closed.
KP
ASKER
I could find out way with assistance of Jawa29. Thanks.
This way you can see what polices are applying and what settings they are stamping down.
Jawa29