Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

GPO 2008 R2 Question

Posted on 2014-04-29
2
Medium Priority
?
388 Views
Last Modified: 2014-04-30
I have server 2008 R2 running as my domain controllers. All of my users are in one of 2 OU's.  With this Zero Day attack and more revelations of the complete uselessness of IE, I want to block all but a few people from using IE. I hastily have it set up more or less the opposite of what I want. I have an ie deny group and then I have a GPO set to prevent iexplore.exe from running.  I would rather it be set so that perhaps for all domain users users iexplore will not run, but if you are in the allow group it will run.

I imagine I would have 2 GPO's one for allow and one for deny deny would encompass my 2 OU's  and allow would encompass an allow group.

Please help me clear this up.

Thanks in Advance
0
Comment
Question by:dustaine
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 14

Accepted Solution

by:
Schnell Solutions earned 2000 total points
ID: 40031052
Hello dustaine,

First of all let me tell you that there are many applications which behavior relies on Internet Explorer properties in order to work, such as Microsoft Outlook and many others

If you want to apply the DenyIE policy to everyone but "Users with IE" group. You just need to apply the policy and configure a security group permission in order to exlude this policy to the members of the group "Users with IE"

In order to accomplish it you can complete the following steps:

1. Open Group Policy Management and link the "DenyIE" policy at the desired level

2. Select the DenyIE policy from the navigation pane and click the "Delegation" tab in the Central Pane

3. Add the "Users with IE" group and check the following DENY boxes for this group:
- Apply Group Policy
- Read

With these steps the policy is going to be excluded for the members of the "Users with IE" group

Note: It is strongly recommended that you first test this policy with a pilot workstation before applying it globally.
0
 
LVL 56

Expert Comment

by:McKnife
ID: 40031257
I don't think that IE is still needed by other apps anymore like it used to.
0

Featured Post

WEBINAR - Latest Cyber Tips for Defense

Join the WatchGuard Threat Research Team on October 26th for an informative webinar featuring expert tips and tricks for defending your organization from today's latest cyber threats. Don't leave yourself vulnerable to attack. Register for the webinar today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Suggested Courses

597 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question