Solved

Block Internet Explorer

Posted on 2016-08-18
3
103 Views
Last Modified: 2016-08-25
I've currently have 3 OU's I'm working with on a testing basis.  
Security_1 OU
Security_2 OU this OU doesn't have any defined GPO for the internet (I want them to have access) but IE is blocked
Security_3 OU in this OU I created a GPO for no access to the internet (using fake proxy server) this setting works great!

What do I need to do to stop Security_3's not internet access from spreading to the Security_2 OU?
0
Comment
Question by:Mary Macchioni
3 Comments
 
LVL 18

Accepted Solution

by:
LesterClayton earned 500 total points
ID: 41762067
The thing is, any settings applied to a user or computer who is on Security_3, is not removed when the user or computer is moved to another OU.  GPO's are mostly registry key changes applied to the Computer Registry or the Users' own registry.  These settings are not removed or updated when the policy no longer applies.

What you would need to do is actively set a different policy at Security_2, overwriting any other policies it may have received from either of the other OU's.  The other options are to create a new profile, if the policy is user based, or to reset the baseline if the policy is computer based.  Both of these are of course, undesireable.
0
 
LVL 62

Expert Comment

by:gheist
ID: 41763282
If you want to isolate machine from the internet just put it on non-routeable network?
Nothing prevents user renaming iexplore.exe into winmine.ex and running it.
1
 

Author Comment

by:Mary Macchioni
ID: 41767112
Good Information.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
The 21st century solution to antiquated pagers.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question