Group Policy Errors
15 years 6 months ago #34047
by rizin
Known is a drop, unknown is an Ocean
Group Policy Errors was created by rizin
Hi All,
1. I have one client Who is having Windows 2003 standard SBS Server.
2. Task to be Completed.
A. Restrict the users to use Youtube, Downloading File and Watching Videos in Web Browser.
Solutions:
A. Apply Group Policy for all users.
3. What I Did ?
A. Created OU Name ABC Users.
B. Created Groups Called Staff Policies and added the Actived Directory User Whom will get restriction.
c. Created New and Link GPO called PolicesGPO in the ABCusers.
d. Added the Groups in Security Setting applied Zones in Group Policy Management.
d. Edit the Group Policy, Navigate User configurations>>>Window Settings>>> Internet Explorer Maintenance>>>> Security Zones and Content ratings>>>>> Import the Current Security Zones and privacy settings >>>> Internet Explorer Properties >>>> Chosen security Tab>>>>Restricted Sites Added the Youtube, Metacafe, Dailymotion.
* Chosen the Internet, Trusted Sited Edited the Custom level Enable / Disable required Fields.
Link the GPO PoliciesGPO to forest Domain and Given Enforce in Both The OU called ABCusers and Forest Domain.
E. Finished Applying Policy in GPMC.
4. log into the User Systems Click Run >>> ''gpupdate / force'' COMMAND applied.
5. USERS ARE ABLE TO BROWSE AND DOWNLOAD FROM INTERNET EXPLORER WITHOUT ANY RESTRICTIONS

6. Where I'm I wrong ?
7. If these restrictions edited and applied in each computer without the Group policy settings Works awesome.
Any suggestions will be highly appreciable.
Thanks
Rizin
1. I have one client Who is having Windows 2003 standard SBS Server.
2. Task to be Completed.
A. Restrict the users to use Youtube, Downloading File and Watching Videos in Web Browser.
Solutions:
A. Apply Group Policy for all users.
3. What I Did ?
A. Created OU Name ABC Users.
B. Created Groups Called Staff Policies and added the Actived Directory User Whom will get restriction.
c. Created New and Link GPO called PolicesGPO in the ABCusers.
d. Added the Groups in Security Setting applied Zones in Group Policy Management.
d. Edit the Group Policy, Navigate User configurations>>>Window Settings>>> Internet Explorer Maintenance>>>> Security Zones and Content ratings>>>>> Import the Current Security Zones and privacy settings >>>> Internet Explorer Properties >>>> Chosen security Tab>>>>Restricted Sites Added the Youtube, Metacafe, Dailymotion.
* Chosen the Internet, Trusted Sited Edited the Custom level Enable / Disable required Fields.
Link the GPO PoliciesGPO to forest Domain and Given Enforce in Both The OU called ABCusers and Forest Domain.
E. Finished Applying Policy in GPMC.
4. log into the User Systems Click Run >>> ''gpupdate / force'' COMMAND applied.
5. USERS ARE ABLE TO BROWSE AND DOWNLOAD FROM INTERNET EXPLORER WITHOUT ANY RESTRICTIONS

6. Where I'm I wrong ?
7. If these restrictions edited and applied in each computer without the Group policy settings Works awesome.
Any suggestions will be highly appreciable.
Thanks
Rizin
Known is a drop, unknown is an Ocean
15 years 6 months ago #34048
by Bublitz
The Bublitz
Systems Admin
Hospice of the Red River Valley
Replied by Bublitz on topic Re: Group Policy Errors
I've never tried this way to block sites so I can't speak to it directly. I have however used GP to block sites. Its nice because then its integrated into AD and you just add them to a certain group or move them to another folder as you have done.
I typically use the GP options to change the browser settings that force them to use a proxy server. In that proxy server have a list of blocked sites. They also cannot change these settings because in the browser its grayed out since its defined by group policy.
I used squid proxy which is free so there isn't much cost they have windows and linux installs.
I typically use the GP options to change the browser settings that force them to use a proxy server. In that proxy server have a list of blocked sites. They also cannot change these settings because in the browser its grayed out since its defined by group policy.
I used squid proxy which is free so there isn't much cost they have windows and linux installs.
The Bublitz
Systems Admin
Hospice of the Red River Valley
15 years 6 months ago #34055
by rizin
Known is a drop, unknown is an Ocean
Replied by rizin on topic Re: Group Policy Errors
Thanks bublitz.
I would like to be sure whether the method i applied above will it work for to restrict some websites and stop files downloading, If yes then Why it is not getting applied on users, Where I'm i wrong ?
Bublitz i never use squid proxy is it like executable file or just source code. Well even i use squid proxy will Group policy applied to users or not.
My main concern here is Where I'm i wrong that let users not get applied group policies.
I would like to be sure whether the method i applied above will it work for to restrict some websites and stop files downloading, If yes then Why it is not getting applied on users, Where I'm i wrong ?
Bublitz i never use squid proxy is it like executable file or just source code. Well even i use squid proxy will Group policy applied to users or not.
My main concern here is Where I'm i wrong that let users not get applied group policies.
Known is a drop, unknown is an Ocean
15 years 6 months ago #34056
by Bublitz
The Bublitz
Systems Admin
Hospice of the Red River Valley
Replied by Bublitz on topic Re: Group Policy Errors
Well all this policy does at least from what I can tell is put the web site in the restricted sites category. So if that category in IE is set to maximum or high security it should block the streaming part of youtube because youtube will load JavaScript and flash high security in IE will prevent this.
This will not ever prevent users from actually going to this site it just makes it very secure so it won't not allow any addons and such.
Make sure you lock down users being able to change the security level even if you the site to restricted if they are allowed to change the security level to low they can get around this. (looking from your first post this was done just verify its working)
I guess log on as one of your users and verify that the site is added to the site list. Maybe it is set and its in the list but your restricted sites security level is too low.
When you do a gpupdate /force it should always log if it was successful or not in the app logs do you get this message?
Also when you are using Internet Explorer maintenance modes you have to make sure you set the mode to Preference Mode.
Right click on internet explorer Maintenance and select "Preference Mode".
Squid proxy does come with an .exe for windows. Similar to apache just install and edit the config file. It will take a while to read the settings and get it going but it works. I'm a total linux dumbarse so if I can do its possible.
You'll have to make sure your users are getting their settings to use squid proxy anyway so I defiantly would try the restricted sites first.
This will not ever prevent users from actually going to this site it just makes it very secure so it won't not allow any addons and such.
Make sure you lock down users being able to change the security level even if you the site to restricted if they are allowed to change the security level to low they can get around this. (looking from your first post this was done just verify its working)
I guess log on as one of your users and verify that the site is added to the site list. Maybe it is set and its in the list but your restricted sites security level is too low.
When you do a gpupdate /force it should always log if it was successful or not in the app logs do you get this message?
Also when you are using Internet Explorer maintenance modes you have to make sure you set the mode to Preference Mode.
Right click on internet explorer Maintenance and select "Preference Mode".
Squid proxy does come with an .exe for windows. Similar to apache just install and edit the config file. It will take a while to read the settings and get it going but it works. I'm a total linux dumbarse so if I can do its possible.
You'll have to make sure your users are getting their settings to use squid proxy anyway so I defiantly would try the restricted sites first.
The Bublitz
Systems Admin
Hospice of the Red River Valley
15 years 6 months ago #34060
by rizin
Known is a drop, unknown is an Ocean
Replied by rizin on topic Re: Group Policy Errors
Thanks bublitz,
Well you gave me a tip to check app logs that will be useful, let me check it.
We have to be more strong in answering on Windows servers too.
Let us do effort to fulfill this gap too.
Chris and his teams concentrate on networking cisco that is a Very great job too.
And from our part being a firewall members, We should also put effort to clear the problems in Windows servers.
Thanks for you all being patience to read my suggestions.
Rizin
Well you gave me a tip to check app logs that will be useful, let me check it.
We have to be more strong in answering on Windows servers too.
Let us do effort to fulfill this gap too.
Chris and his teams concentrate on networking cisco that is a Very great job too.
And from our part being a firewall members, We should also put effort to clear the problems in Windows servers.
Thanks for you all being patience to read my suggestions.
Rizin
Known is a drop, unknown is an Ocean
Time to create page: 0.088 seconds