Block Internet Explorer

I've currently have 3 OU's I'm working with on a testing basis.  
Security_1 OU
Security_2 OU this OU doesn't have any defined GPO for the internet (I want them to have access) but IE is blocked
Security_3 OU in this OU I created a GPO for no access to the internet (using fake proxy server) this setting works great!

What do I need to do to stop Security_3's not internet access from spreading to the Security_2 OU?
Mary MacchioniAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
LesterClaytonConnect With a Mentor Commented:
The thing is, any settings applied to a user or computer who is on Security_3, is not removed when the user or computer is moved to another OU.  GPO's are mostly registry key changes applied to the Computer Registry or the Users' own registry.  These settings are not removed or updated when the policy no longer applies.

What you would need to do is actively set a different policy at Security_2, overwriting any other policies it may have received from either of the other OU's.  The other options are to create a new profile, if the policy is user based, or to reset the baseline if the policy is computer based.  Both of these are of course, undesireable.
0
 
gheistCommented:
If you want to isolate machine from the internet just put it on non-routeable network?
Nothing prevents user renaming iexplore.exe into winmine.ex and running it.
1
 
Mary MacchioniAuthor Commented:
Good Information.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.