Weird group policy error

Hi everyone, I have a user that can't open IE because of a group policy restriction.  I looked in his event log, and it shows the GUID.  So I did a search in the group policy management console (it has a search function for the top object in the tree) and searched for that GUID.  It's not there.  His machine is definitely on our domain, and it's Win7.  Our domain level is 2003.  I even have a policy that explicitly allows IE, and is being applied to his computer and other computers, but that doesn't seem to help.  I felt that enforcing the aforementioned policy was a bit extreme.  I'd rather just figure out the problem.

-M
schnibitzAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

GeodashCommented:
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
dmarinenkoCommented:
What do you mean "can't run"? Does it give an error, or just not work?
Have you tried looking at local security settings?  Start-->Run-->gpedit.msc
0
schnibitzAuthor Commented:
Dmarinenko, it throws up an error message that says: "The program is blocked by group policy"

I don't remember blocking IE in any policies.

Geodash, I did that, but it doesn't show the GID of the policies applied.  At least I can't see it easily.  I checked the settings in the ones that looked like strong contenders, but haven't found anything yet.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

schnibitzAuthor Commented:
One other thing . . . I have a test win7 machine under the influence of the same policies, but so far I can't replicate the problem.  Admittedly I'm logging in as a domain admin though.  My next test is to make a copy of his account and see if I get the same error.
0
GeodashCommented:
Sounds like maybe profile. Can you try from a diff profile?
0
McKnifeCommented:
Don't forget local policies. rsop.msc would have shown those, too. To block a program and get that very error message, either software restriction policies or applocker would have to be used. Please inform yourself, where those could be found in gpedit.msc.
0
schnibitzAuthor Commented:
win7 was misreporting the problem policy.  i found it through trial and error.<br /><br />-M
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.