Solved

Block downloads using group policy in windows server 2008

Posted on 2011-03-14
6
1,484 Views
Last Modified: 2012-05-11
Hi,
I have Windows Server 2008 domain environment. My previous administrator has blocked downloads using group policy, whenever user tries to download any file they get message saying 'Local Security Policy does not allow to download'. I have verified, it has not configured on local machines. In the local PC IE Options, I also see a message 'Some of the settings have been controlled by Administrator'. But I am not finding any setting on Group Policy. There are only two configurations are done in Group Policy.  They are 1. user cannot change proxy settings and 2. security tab on IE Options is disabled. Can you please help me find out where that setting has been set.
Thanks in advance.
KP
0
Comment
Question by:kpvarahagiri
  • 3
  • 2
6 Comments
 
LVL 8

Expert Comment

by:jawa29
ID: 35126741
Have you ran a Group Policy Result against a PC with these settings?

This way you can see what polices are applying and what settings they are stamping down.

Jawa29
0
 
LVL 15

Expert Comment

by:JBond2010
ID: 35126778
On a PC go to the command prompt and type

gpresult /v and then press enter.
0
 

Author Comment

by:kpvarahagiri
ID: 35126962
Thanks for response. The gpresult file is pasted hereunder for reference.
Apart from Default Domain Policy, there is another GPO called 'Internet PCs' is enabled on it. Internet PCs is a separate OU that has been created exclusively for Internet Users in the office. The said 2 policies i.e., security option disabled in IE Options and disabled proxy settings change are from this GPO only.
Can you please go through it and see if you can help me further.
Thanks

COMPUTER SETTINGS
------------------
    CN=NETUSE2,OU=Internet PCs,DC=xxxxx
   
    Applied Group Policy Objects
    -----------------------------
        Internet PCs
        Default Domain Policy

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Local Group Policy
            Filtering:  Not Applied (Empty)

    The computer is a part of the following security groups:
    --------------------------------------------------------
        BUILTIN\Administrators
        Everyone
        BUILTIN\Users
        NT AUTHORITY\NETWORK
        NT AUTHORITY\Authenticated Users
        NETUSE2$
        Domain Computers

    Resultant Set Of Policies for Computer:
    ----------------------------------------

        Software Installations
        ----------------------
            N/A

        Startup Scripts
        ---------------
            GPO: Default Domain Policy
                Name:         NetworkDrives.bat
                Parameters:
                LastExecuted: This script has not yet been executed.

        Shutdown Scripts
        ----------------
            N/A

        Account Policies
        ----------------
            GPO: Default Domain Policy
                Policy:            MinimumPasswordAge
                Computer Setting:  N/A

            GPO: Default Domain Policy
                Policy:            MinimumPasswordLength
                Computer Setting:  6

            GPO: Default Domain Policy
                Policy:            LockoutBadCount
                Computer Setting:  N/A

            GPO: Default Domain Policy
                Policy:            MaximumPasswordAge
                Computer Setting:  999

        Audit Policy
        ------------
            N/A

        User Rights
        -----------
            N/A

        Security Options
        ----------------
            GPO: Default Domain Policy
                Policy:            RequireLogonToChangePassword
                Computer Setting:  Not Enabled

            GPO: Default Domain Policy
                Policy:            PasswordComplexity
                Computer Setting:  Not Enabled

            GPO: Default Domain Policy
                Policy:            ForceLogoffWhenHourExpire
                Computer Setting:  Not Enabled

            GPO: Default Domain Policy
                Policy:            LSAAnonymousNameLookup
                Computer Setting:  Not Enabled

            GPO: Default Domain Policy
                Policy:            ClearTextPassword
                Computer Setting:  Not Enabled

        Event Log Settings
        ------------------
            N/A

        Restricted Groups
        -----------------
            N/A

        System Services
        ---------------
            N/A

        Registry Settings
        -----------------
            N/A

        File System Settings
        --------------------
            N/A

        Public Key Policies
        -------------------
            N/A

        Administrative Templates
        ------------------------
            GPO: Internet PCs
                Setting: Software\Policies\Microsoft\Internet Explorer\Control Panel
                State:   Enabled

            GPO: Internet PCs
                Setting: Software\Policies\Microsoft\Internet Explorer\Control Panel
                State:   Enabled


USER SETTINGS
--------------
    CN=Netuse,OU=Internet PCs,DC=xxxx
   

    Applied Group Policy Objects
    -----------------------------
        Internet PCs
        Default Domain Policy

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Local Group Policy
            Filtering:  Not Applied (Empty)

    The user is a part of the following security groups:
    ----------------------------------------------------
        Domain Users
        Everyone
        Remote Desktop Users
        Network Configuration Operators
        BUILTIN\Users
        NT AUTHORITY\INTERACTIVE
        NT AUTHORITY\Authenticated Users
        LOCAL

    Resultant Set Of Policies for User:
    ------------------------------------

        Software Installations
        ----------------------
            N/A

        Public Key Policies
        -------------------
            N/A

        Administrative Templates
        ------------------------
            GPO: Internet PCs
                Setting: Software\Policies\Microsoft\Internet Explorer\Control Panel
                State:   Enabled

            GPO: Internet PCs
                Setting: Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
                State:   Enabled

        Folder Redirection
        ------------------
            N/A

        Internet Explorer Browser User Interface
        ----------------------------------------
            GPO: Internet PCs
                Large Animated Bitmap Name:      N/A
                Large Custom Logo Bitmap Name:   N/A
                Title BarText:                   N/A
                UserAgent Text:                  N/A
                Delete existing toolbar buttons: No

        Internet Explorer URLs
        ----------------------
            GPO: Internet PCs
                Home page URL:           N/A
                Search page URL:         N/A
                Online support page URL: N/A

        Internet Explorer Security
        --------------------------
            Always Viewable Sites:     N/A
            Password Override Enabled: False

            GPO: Internet PCs
                Import the current Content Ratings Settings:      No
                Import the current Security Zones Settings:       No
                Import current Authenticode Security Information: No
                Enable trusted publisher lockdown:                No

        Internet Explorer Programs
        --------------------------
            GPO: Internet PCs
                Import the current Program Settings: No
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 
LVL 8

Accepted Solution

by:
jawa29 earned 50 total points
ID: 35126989
If you look under Group Policy Objects in the GPO Management Console, find the policy called Internet PCs then right click on it and in the sub menu GPO Status set it to All Settings Disabled.

Go to a client PC and run GPUpdate /force - Reboot if needed.

This will tell us if this is the policy causing the issue.

Jawa29
0
 

Author Comment

by:kpvarahagiri
ID: 35127046
Thanks alot. I got it.
Thanks for prompt response. The question is now closed.
KP
0
 

Author Closing Comment

by:kpvarahagiri
ID: 35127052
I could find out way with assistance of Jawa29. Thanks.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Do we need servers??? 5 190
Migrate 2008 DNS server to Windows 2012 RS 8 61
RSOP Red "X" 7 30
What are the Scan to network folder ports? 7 39
To effectively work with Diskpart on a Server Core, it is necessary to write some small batch script's, because you can't execute diskpart in a remote powershell session. To get startet, place the Diskpart batch script's into a share on your loca…
I had a question today where the user wanted to know how to delete an SSL Certificate, so I thought that I would quickly add this How to! Article for your reference. WHY WOULD YOU WANT TO DELETE A CERTIFICATE? 1. If an incorrect certificate was …
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now