Solved

Weird group policy error

Posted on 2012-04-02
7
422 Views
Last Modified: 2012-04-02
Hi everyone, I have a user that can't open IE because of a group policy restriction.  I looked in his event log, and it shows the GUID.  So I did a search in the group policy management console (it has a search function for the top object in the tree) and searched for that GUID.  It's not there.  His machine is definitely on our domain, and it's Win7.  Our domain level is 2003.  I even have a policy that explicitly allows IE, and is being applied to his computer and other computers, but that doesn't seem to help.  I felt that enforcing the aforementioned policy was a bit extreme.  I'd rather just figure out the problem.

-M
0
Comment
Question by:schnibitz
7 Comments
 
LVL 9

Accepted Solution

by:
Geodash earned 25 total points
ID: 37798347
0
 
LVL 8

Assisted Solution

by:dmarinenko
dmarinenko earned 25 total points
ID: 37798398
What do you mean "can't run"? Does it give an error, or just not work?
Have you tried looking at local security settings?  Start-->Run-->gpedit.msc
0
 

Author Comment

by:schnibitz
ID: 37798466
Dmarinenko, it throws up an error message that says: "The program is blocked by group policy"

I don't remember blocking IE in any policies.

Geodash, I did that, but it doesn't show the GID of the policies applied.  At least I can't see it easily.  I checked the settings in the ones that looked like strong contenders, but haven't found anything yet.
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 

Author Comment

by:schnibitz
ID: 37798481
One other thing . . . I have a test win7 machine under the influence of the same policies, but so far I can't replicate the problem.  Admittedly I'm logging in as a domain admin though.  My next test is to make a copy of his account and see if I get the same error.
0
 
LVL 9

Expert Comment

by:Geodash
ID: 37798487
Sounds like maybe profile. Can you try from a diff profile?
0
 
LVL 54

Expert Comment

by:McKnife
ID: 37798737
Don't forget local policies. rsop.msc would have shown those, too. To block a program and get that very error message, either software restriction policies or applocker would have to be used. Please inform yourself, where those could be found in gpedit.msc.
0
 

Author Closing Comment

by:schnibitz
ID: 37799219
win7 was misreporting the problem policy.  i found it through trial and error.<br /><br />-M
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

789 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question