Solved

Block Internet Explorer

Posted on 2016-08-18
3
69 Views
Last Modified: 2016-08-25
I've currently have 3 OU's I'm working with on a testing basis.  
Security_1 OU
Security_2 OU this OU doesn't have any defined GPO for the internet (I want them to have access) but IE is blocked
Security_3 OU in this OU I created a GPO for no access to the internet (using fake proxy server) this setting works great!

What do I need to do to stop Security_3's not internet access from spreading to the Security_2 OU?
0
Comment
Question by:Mary Macchioni
3 Comments
 
LVL 17

Accepted Solution

by:
LesterClayton earned 500 total points
Comment Utility
The thing is, any settings applied to a user or computer who is on Security_3, is not removed when the user or computer is moved to another OU.  GPO's are mostly registry key changes applied to the Computer Registry or the Users' own registry.  These settings are not removed or updated when the policy no longer applies.

What you would need to do is actively set a different policy at Security_2, overwriting any other policies it may have received from either of the other OU's.  The other options are to create a new profile, if the policy is user based, or to reset the baseline if the policy is computer based.  Both of these are of course, undesireable.
0
 
LVL 61

Expert Comment

by:gheist
Comment Utility
If you want to isolate machine from the internet just put it on non-routeable network?
Nothing prevents user renaming iexplore.exe into winmine.ex and running it.
1
 

Author Comment

by:Mary Macchioni
Comment Utility
Good Information.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Healthcare organizations in the United States must adhere to the guidance of both the HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health Act) for securing and protec…
It’s a strangely common occurrence that when you send someone their login details for a system, they can’t get in. This article will help you understand why it happens, and what you can do about it.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now