Solved

GPO 2008 R2 Question

Posted on 2014-04-29
2
359 Views
Last Modified: 2014-04-30
I have server 2008 R2 running as my domain controllers. All of my users are in one of 2 OU's.  With this Zero Day attack and more revelations of the complete uselessness of IE, I want to block all but a few people from using IE. I hastily have it set up more or less the opposite of what I want. I have an ie deny group and then I have a GPO set to prevent iexplore.exe from running.  I would rather it be set so that perhaps for all domain users users iexplore will not run, but if you are in the allow group it will run.

I imagine I would have 2 GPO's one for allow and one for deny deny would encompass my 2 OU's  and allow would encompass an allow group.

Please help me clear this up.

Thanks in Advance
0
Comment
Question by:dustaine
2 Comments
 
LVL 14

Accepted Solution

by:
Schnell Solutions earned 500 total points
Comment Utility
Hello dustaine,

First of all let me tell you that there are many applications which behavior relies on Internet Explorer properties in order to work, such as Microsoft Outlook and many others

If you want to apply the DenyIE policy to everyone but "Users with IE" group. You just need to apply the policy and configure a security group permission in order to exlude this policy to the members of the group "Users with IE"

In order to accomplish it you can complete the following steps:

1. Open Group Policy Management and link the "DenyIE" policy at the desired level

2. Select the DenyIE policy from the navigation pane and click the "Delegation" tab in the Central Pane

3. Add the "Users with IE" group and check the following DENY boxes for this group:
- Apply Group Policy
- Read

With these steps the policy is going to be excluded for the members of the "Users with IE" group

Note: It is strongly recommended that you first test this policy with a pilot workstation before applying it globally.
0
 
LVL 53

Expert Comment

by:McKnife
Comment Utility
I don't think that IE is still needed by other apps anymore like it used to.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Join & Write a Comment

Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
Resolve DNS query failed errors for Exchange
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now