?
Solved

Weird group policy error

Posted on 2012-04-02
7
Medium Priority
?
427 Views
Last Modified: 2012-04-02
Hi everyone, I have a user that can't open IE because of a group policy restriction.  I looked in his event log, and it shows the GUID.  So I did a search in the group policy management console (it has a search function for the top object in the tree) and searched for that GUID.  It's not there.  His machine is definitely on our domain, and it's Win7.  Our domain level is 2003.  I even have a policy that explicitly allows IE, and is being applied to his computer and other computers, but that doesn't seem to help.  I felt that enforcing the aforementioned policy was a bit extreme.  I'd rather just figure out the problem.

-M
0
Comment
Question by:schnibitz
7 Comments
 
LVL 9

Accepted Solution

by:
Geodash earned 100 total points
ID: 37798347
0
 
LVL 8

Assisted Solution

by:dmarinenko
dmarinenko earned 100 total points
ID: 37798398
What do you mean "can't run"? Does it give an error, or just not work?
Have you tried looking at local security settings?  Start-->Run-->gpedit.msc
0
 

Author Comment

by:schnibitz
ID: 37798466
Dmarinenko, it throws up an error message that says: "The program is blocked by group policy"

I don't remember blocking IE in any policies.

Geodash, I did that, but it doesn't show the GID of the policies applied.  At least I can't see it easily.  I checked the settings in the ones that looked like strong contenders, but haven't found anything yet.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:schnibitz
ID: 37798481
One other thing . . . I have a test win7 machine under the influence of the same policies, but so far I can't replicate the problem.  Admittedly I'm logging in as a domain admin though.  My next test is to make a copy of his account and see if I get the same error.
0
 
LVL 9

Expert Comment

by:Geodash
ID: 37798487
Sounds like maybe profile. Can you try from a diff profile?
0
 
LVL 57

Expert Comment

by:McKnife
ID: 37798737
Don't forget local policies. rsop.msc would have shown those, too. To block a program and get that very error message, either software restriction policies or applocker would have to be used. Please inform yourself, where those could be found in gpedit.msc.
0
 

Author Closing Comment

by:schnibitz
ID: 37799219
win7 was misreporting the problem policy.  i found it through trial and error.<br /><br />-M
0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question