Solved

Block Internet Explorer

Posted on 2016-08-18
3
95 Views
Last Modified: 2016-08-25
I've currently have 3 OU's I'm working with on a testing basis.  
Security_1 OU
Security_2 OU this OU doesn't have any defined GPO for the internet (I want them to have access) but IE is blocked
Security_3 OU in this OU I created a GPO for no access to the internet (using fake proxy server) this setting works great!

What do I need to do to stop Security_3's not internet access from spreading to the Security_2 OU?
0
Comment
Question by:Mary Macchioni
3 Comments
 
LVL 18

Accepted Solution

by:
LesterClayton earned 500 total points
ID: 41762067
The thing is, any settings applied to a user or computer who is on Security_3, is not removed when the user or computer is moved to another OU.  GPO's are mostly registry key changes applied to the Computer Registry or the Users' own registry.  These settings are not removed or updated when the policy no longer applies.

What you would need to do is actively set a different policy at Security_2, overwriting any other policies it may have received from either of the other OU's.  The other options are to create a new profile, if the policy is user based, or to reset the baseline if the policy is computer based.  Both of these are of course, undesireable.
0
 
LVL 61

Expert Comment

by:gheist
ID: 41763282
If you want to isolate machine from the internet just put it on non-routeable network?
Nothing prevents user renaming iexplore.exe into winmine.ex and running it.
1
 

Author Comment

by:Mary Macchioni
ID: 41767112
Good Information.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Every computer eventually fails. When that happens, your valuable data is only as safe as your current backup.
In 2017, ransomware will become so virulent and widespread that if you aren’t a victim yourself, you will know someone who is.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now