Solved

Weird group policy error

Posted on 2012-04-02
7
419 Views
Last Modified: 2012-04-02
Hi everyone, I have a user that can't open IE because of a group policy restriction.  I looked in his event log, and it shows the GUID.  So I did a search in the group policy management console (it has a search function for the top object in the tree) and searched for that GUID.  It's not there.  His machine is definitely on our domain, and it's Win7.  Our domain level is 2003.  I even have a policy that explicitly allows IE, and is being applied to his computer and other computers, but that doesn't seem to help.  I felt that enforcing the aforementioned policy was a bit extreme.  I'd rather just figure out the problem.

-M
0
Comment
Question by:schnibitz
7 Comments
 
LVL 9

Accepted Solution

by:
Geodash earned 25 total points
ID: 37798347
0
 
LVL 8

Assisted Solution

by:dmarinenko
dmarinenko earned 25 total points
ID: 37798398
What do you mean "can't run"? Does it give an error, or just not work?
Have you tried looking at local security settings?  Start-->Run-->gpedit.msc
0
 

Author Comment

by:schnibitz
ID: 37798466
Dmarinenko, it throws up an error message that says: "The program is blocked by group policy"

I don't remember blocking IE in any policies.

Geodash, I did that, but it doesn't show the GID of the policies applied.  At least I can't see it easily.  I checked the settings in the ones that looked like strong contenders, but haven't found anything yet.
0
 

Author Comment

by:schnibitz
ID: 37798481
One other thing . . . I have a test win7 machine under the influence of the same policies, but so far I can't replicate the problem.  Admittedly I'm logging in as a domain admin though.  My next test is to make a copy of his account and see if I get the same error.
0
 
LVL 9

Expert Comment

by:Geodash
ID: 37798487
Sounds like maybe profile. Can you try from a diff profile?
0
 
LVL 53

Expert Comment

by:McKnife
ID: 37798737
Don't forget local policies. rsop.msc would have shown those, too. To block a program and get that very error message, either software restriction policies or applocker would have to be used. Please inform yourself, where those could be found in gpedit.msc.
0
 

Author Closing Comment

by:schnibitz
ID: 37799219
win7 was misreporting the problem policy.  i found it through trial and error.<br /><br />-M
0

Join & Write a Comment

Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now