Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations John Tel on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Block Internet for Security Group 1

Status
Not open for further replies.
andyds

andyds

IS-IT--Management
Feb 22, 2007
91
GB
I have many security groups that use a single GPO to lock them down.

I want one of those security groups to be blocked from using Internet Explorer. I don't however want to create a new GPO to block them.

Any ideas how I could do this so the other groups are not affected?
 
Sort by date Sort by votes
Well you need to specify if you want to block IE use or block Internet use. Your problem description and subject are in conflict.

To block Internet use is simple. Use a GPO and set a fictitious Proxy Server. This will prevent users from accessing the Internet while enabling them to still access your intranet.

Your statement that you don't want to create another GPO seems irrational to me. Take a look at my GPO FAQ. faq329-6116

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at
 
Upvote 0 Downvote
How do I copy my existing GPO then. Copy it to a new OU so I can block IE?
 
Upvote 0 Downvote
You do not say if you are using Windows 2000 or Windows 2003. How you do it would be slightly different.

I would suggest using GPMC. It is easy to LINK a GPO to many locations that way. No need to actually copy them.

However GPOs CAN be copied. So for the academics of the question the easiest way is to create a new blank GPO. Then delete the contents of the folder in the
WINDOWS\SYSVOL\sysvol\domainname\Policies\GUID folder and copy the contents of the other policy into this location.

Identifying the GUID of the new folders can be easily done in GPMC on the details page. Or by clicking to open/browse the login scripts and navigating UP the directory tree from that point.

GPMC also has methods for backing up and restoring GPO settings.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at
 
Upvote 0 Downvote
Also you have again stated block IE. Is that your intention or is it to block Internet use?

Blocking IE is accomplished by setting the value of iexplore.exe in the policy "Do not allow these applications" or is it "Do not run these applications" either way I guess I am paraphrasing since i don't recall the exact text and don't have access to my server at the moment.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Abdullah Al Maruf
  • Locked
  • Question
Telnet help for
Replies
2
Views
700
gbaughma
gbaughma
nukeinfer
  • Locked
  • Question
Internet restrictions for isolated PCs in the Network
Replies
1
Views
577
mangentle
mangentle
mangentle
  • Locked
  • Question
What are the key advantages of using Microsoft Windows Servers for businesses?
Replies
1
Views
988
gbaughma
gbaughma
Teo En Ming
  • Locked
  • Question
Actions taken during Disaster Recovery for client whose IBM Megaraid controller has failed
Replies
2
Views
593
fightaccording
fightaccording
penguinroundup
  • Locked
  • Question
programmatically delete all saved passwords for IE for any user
Replies
0
Views
282
penguinroundup
penguinroundup

Part and Inventory Search

Sponsor

Back
Top