Solved

Weird group policy error

Posted on 2012-04-02
7
423 Views
Last Modified: 2012-04-02
Hi everyone, I have a user that can't open IE because of a group policy restriction.  I looked in his event log, and it shows the GUID.  So I did a search in the group policy management console (it has a search function for the top object in the tree) and searched for that GUID.  It's not there.  His machine is definitely on our domain, and it's Win7.  Our domain level is 2003.  I even have a policy that explicitly allows IE, and is being applied to his computer and other computers, but that doesn't seem to help.  I felt that enforcing the aforementioned policy was a bit extreme.  I'd rather just figure out the problem.

-M
0
Comment
Question by:schnibitz
7 Comments
 
LVL 9

Accepted Solution

by:
Geodash earned 25 total points
ID: 37798347
0
 
LVL 8

Assisted Solution

by:dmarinenko
dmarinenko earned 25 total points
ID: 37798398
What do you mean "can't run"? Does it give an error, or just not work?
Have you tried looking at local security settings?  Start-->Run-->gpedit.msc
0
 

Author Comment

by:schnibitz
ID: 37798466
Dmarinenko, it throws up an error message that says: "The program is blocked by group policy"

I don't remember blocking IE in any policies.

Geodash, I did that, but it doesn't show the GID of the policies applied.  At least I can't see it easily.  I checked the settings in the ones that looked like strong contenders, but haven't found anything yet.
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Author Comment

by:schnibitz
ID: 37798481
One other thing . . . I have a test win7 machine under the influence of the same policies, but so far I can't replicate the problem.  Admittedly I'm logging in as a domain admin though.  My next test is to make a copy of his account and see if I get the same error.
0
 
LVL 9

Expert Comment

by:Geodash
ID: 37798487
Sounds like maybe profile. Can you try from a diff profile?
0
 
LVL 54

Expert Comment

by:McKnife
ID: 37798737
Don't forget local policies. rsop.msc would have shown those, too. To block a program and get that very error message, either software restriction policies or applocker would have to be used. Please inform yourself, where those could be found in gpedit.msc.
0
 

Author Closing Comment

by:schnibitz
ID: 37799219
win7 was misreporting the problem policy.  i found it through trial and error.<br /><br />-M
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to install and use the NTBackup utility that comes with Windows Server.
In-place Upgrading Dirsync to Azure AD Connect
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question