Solved

Block downloads using group policy in windows server 2008

Posted on 2011-03-14
6
1,597 Views
Last Modified: 2012-05-11
Hi,
I have Windows Server 2008 domain environment. My previous administrator has blocked downloads using group policy, whenever user tries to download any file they get message saying 'Local Security Policy does not allow to download'. I have verified, it has not configured on local machines. In the local PC IE Options, I also see a message 'Some of the settings have been controlled by Administrator'. But I am not finding any setting on Group Policy. There are only two configurations are done in Group Policy.  They are 1. user cannot change proxy settings and 2. security tab on IE Options is disabled. Can you please help me find out where that setting has been set.
Thanks in advance.
KP
0
Comment
Question by:kpvarahagiri
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 8

Expert Comment

by:jawa29
ID: 35126741
Have you ran a Group Policy Result against a PC with these settings?

This way you can see what polices are applying and what settings they are stamping down.

Jawa29
0
 
LVL 15

Expert Comment

by:JBond2010
ID: 35126778
On a PC go to the command prompt and type

gpresult /v and then press enter.
0
 

Author Comment

by:kpvarahagiri
ID: 35126962
Thanks for response. The gpresult file is pasted hereunder for reference.
Apart from Default Domain Policy, there is another GPO called 'Internet PCs' is enabled on it. Internet PCs is a separate OU that has been created exclusively for Internet Users in the office. The said 2 policies i.e., security option disabled in IE Options and disabled proxy settings change are from this GPO only.
Can you please go through it and see if you can help me further.
Thanks

COMPUTER SETTINGS
------------------
    CN=NETUSE2,OU=Internet PCs,DC=xxxxx
   
    Applied Group Policy Objects
    -----------------------------
        Internet PCs
        Default Domain Policy

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Local Group Policy
            Filtering:  Not Applied (Empty)

    The computer is a part of the following security groups:
    --------------------------------------------------------
        BUILTIN\Administrators
        Everyone
        BUILTIN\Users
        NT AUTHORITY\NETWORK
        NT AUTHORITY\Authenticated Users
        NETUSE2$
        Domain Computers

    Resultant Set Of Policies for Computer:
    ----------------------------------------

        Software Installations
        ----------------------
            N/A

        Startup Scripts
        ---------------
            GPO: Default Domain Policy
                Name:         NetworkDrives.bat
                Parameters:
                LastExecuted: This script has not yet been executed.

        Shutdown Scripts
        ----------------
            N/A

        Account Policies
        ----------------
            GPO: Default Domain Policy
                Policy:            MinimumPasswordAge
                Computer Setting:  N/A

            GPO: Default Domain Policy
                Policy:            MinimumPasswordLength
                Computer Setting:  6

            GPO: Default Domain Policy
                Policy:            LockoutBadCount
                Computer Setting:  N/A

            GPO: Default Domain Policy
                Policy:            MaximumPasswordAge
                Computer Setting:  999

        Audit Policy
        ------------
            N/A

        User Rights
        -----------
            N/A

        Security Options
        ----------------
            GPO: Default Domain Policy
                Policy:            RequireLogonToChangePassword
                Computer Setting:  Not Enabled

            GPO: Default Domain Policy
                Policy:            PasswordComplexity
                Computer Setting:  Not Enabled

            GPO: Default Domain Policy
                Policy:            ForceLogoffWhenHourExpire
                Computer Setting:  Not Enabled

            GPO: Default Domain Policy
                Policy:            LSAAnonymousNameLookup
                Computer Setting:  Not Enabled

            GPO: Default Domain Policy
                Policy:            ClearTextPassword
                Computer Setting:  Not Enabled

        Event Log Settings
        ------------------
            N/A

        Restricted Groups
        -----------------
            N/A

        System Services
        ---------------
            N/A

        Registry Settings
        -----------------
            N/A

        File System Settings
        --------------------
            N/A

        Public Key Policies
        -------------------
            N/A

        Administrative Templates
        ------------------------
            GPO: Internet PCs
                Setting: Software\Policies\Microsoft\Internet Explorer\Control Panel
                State:   Enabled

            GPO: Internet PCs
                Setting: Software\Policies\Microsoft\Internet Explorer\Control Panel
                State:   Enabled


USER SETTINGS
--------------
    CN=Netuse,OU=Internet PCs,DC=xxxx
   

    Applied Group Policy Objects
    -----------------------------
        Internet PCs
        Default Domain Policy

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Local Group Policy
            Filtering:  Not Applied (Empty)

    The user is a part of the following security groups:
    ----------------------------------------------------
        Domain Users
        Everyone
        Remote Desktop Users
        Network Configuration Operators
        BUILTIN\Users
        NT AUTHORITY\INTERACTIVE
        NT AUTHORITY\Authenticated Users
        LOCAL

    Resultant Set Of Policies for User:
    ------------------------------------

        Software Installations
        ----------------------
            N/A

        Public Key Policies
        -------------------
            N/A

        Administrative Templates
        ------------------------
            GPO: Internet PCs
                Setting: Software\Policies\Microsoft\Internet Explorer\Control Panel
                State:   Enabled

            GPO: Internet PCs
                Setting: Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
                State:   Enabled

        Folder Redirection
        ------------------
            N/A

        Internet Explorer Browser User Interface
        ----------------------------------------
            GPO: Internet PCs
                Large Animated Bitmap Name:      N/A
                Large Custom Logo Bitmap Name:   N/A
                Title BarText:                   N/A
                UserAgent Text:                  N/A
                Delete existing toolbar buttons: No

        Internet Explorer URLs
        ----------------------
            GPO: Internet PCs
                Home page URL:           N/A
                Search page URL:         N/A
                Online support page URL: N/A

        Internet Explorer Security
        --------------------------
            Always Viewable Sites:     N/A
            Password Override Enabled: False

            GPO: Internet PCs
                Import the current Content Ratings Settings:      No
                Import the current Security Zones Settings:       No
                Import current Authenticode Security Information: No
                Enable trusted publisher lockdown:                No

        Internet Explorer Programs
        --------------------------
            GPO: Internet PCs
                Import the current Program Settings: No
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 8

Accepted Solution

by:
jawa29 earned 50 total points
ID: 35126989
If you look under Group Policy Objects in the GPO Management Console, find the policy called Internet PCs then right click on it and in the sub menu GPO Status set it to All Settings Disabled.

Go to a client PC and run GPUpdate /force - Reboot if needed.

This will tell us if this is the policy causing the issue.

Jawa29
0
 

Author Comment

by:kpvarahagiri
ID: 35127046
Thanks alot. I got it.
Thanks for prompt response. The question is now closed.
KP
0
 

Author Closing Comment

by:kpvarahagiri
ID: 35127052
I could find out way with assistance of Jawa29. Thanks.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Redirected folders in a windows domain can be quite useful for a number of reasons, one of them being that with redirected application data, you can give users more seamless experience when logging into different workstations.  For example, if a use…
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Suggested Courses

634 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question