GPO on certain users

I want to apply a GPO to restrict them from downloading and running any files. they can browse the internet but not download nor run any files.

I have a total of 10 users, only two will be exclude from that policy.

Should I create a new OU and move the users to that OU and create that policy, or what is the best way to accomplish that?

windows 2008 r2 .
LVL 1
alonig1Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Sekar ChinnakannuStaff EngineerCommented:
Create a group and add all the users to AD group.
You can create a policy and add the user group to Security Filtering in GPO and it will work for group of users.
0
alonig1Author Commented:
Do you know which option should I use to prevent the users of running / downloading programs?
0
Sekar ChinnakannuStaff EngineerCommented:
In GPO -> User Configuration -> Policies -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Internet Zone
0
The Five Tenets of the Most Secure Backup

Data loss can hit a business in any number of ways. In reality, companies should expect to lose data at some point. The challenge is having a plan to recover from such an event.

alonig1Author Commented:
Where does it say not to allow in downloads?
0
Sekar ChinnakannuStaff EngineerCommented:
Goto allow file downloads and read the content.
0
alonig1Author Commented:
"Create a group and add all the users to AD group.
You can create a policy and add the user group to Security Filtering in GPO and it will work for group of users."

I've created a group where do I apply the gpo on it. on the GPO management window I can see the security group I've created
0
Sekar ChinnakannuStaff EngineerCommented:
- Create AD group and add the users
- Create a new policy with settings as I mentioned ID: 42070899 and under security filtering add the group of users to apply the policy.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
alonig1Author Commented:
Where do I do the second part?
0
alonig1Author Commented:
found it.

let me see if it work.s
0
alonig1Author Commented:
do you know the gpupdate command?
0
Sekar ChinnakannuStaff EngineerCommented:
Yes you can....
0
alonig1Author Commented:
I set everything, and I can still download.
0
alonig1Author Commented:
gpo.JPG
0
Sekar ChinnakannuStaff EngineerCommented:
which browser you tried, hope its IE...
0
alonig1Author Commented:
yes.
0
alonig1Author Commented:
I just set a homepage through GPO the see it the changes apply . and it did.

but still can download from IE.
0
masnrockCommented:
Did you force the update on the server?

gpupdate /force
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.