Solved

Block Internet Explorer

Posted on 2016-08-18
3
123 Views
Last Modified: 2016-08-25
I've currently have 3 OU's I'm working with on a testing basis.  
Security_1 OU
Security_2 OU this OU doesn't have any defined GPO for the internet (I want them to have access) but IE is blocked
Security_3 OU in this OU I created a GPO for no access to the internet (using fake proxy server) this setting works great!

What do I need to do to stop Security_3's not internet access from spreading to the Security_2 OU?
0
Comment
Question by:Mary Macchioni
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 18

Accepted Solution

by:
LesterClayton earned 500 total points
ID: 41762067
The thing is, any settings applied to a user or computer who is on Security_3, is not removed when the user or computer is moved to another OU.  GPO's are mostly registry key changes applied to the Computer Registry or the Users' own registry.  These settings are not removed or updated when the policy no longer applies.

What you would need to do is actively set a different policy at Security_2, overwriting any other policies it may have received from either of the other OU's.  The other options are to create a new profile, if the policy is user based, or to reset the baseline if the policy is computer based.  Both of these are of course, undesireable.
0
 
LVL 62

Expert Comment

by:gheist
ID: 41763282
If you want to isolate machine from the internet just put it on non-routeable network?
Nothing prevents user renaming iexplore.exe into winmine.ex and running it.
1
 

Author Comment

by:Mary Macchioni
ID: 41767112
Good Information.
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question