GPO Computer Software Restriction Policy Stopped Working

Toggle sidebar Toggle sidebar
A

Andy

Distinguished
Mar 31, 2004
1,239
0
19,280
Archived from groups: microsoft.public.win2000.group_policy (More info?)

I have a computer restriction policy defined to certain
computers in an OU. This policy has been working for
months. This policy is marked enforced. The policy
restricts these computers from using Internet Explorer
(path rule C:\Program Files\Internet
Explorer\IEXPLORE.EXE). This week, the policy stopped
working. All of the computers in the OU can now use
Internet Explorer. I have verified that the policy has
not changed and nothing on these computers looks any
different (33 computers).

I deleted the current policy and recreated it; however
this had no effect.
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.group_policy (More info?)

Hi Andy,

If you logon as the user and run rsop.msc does it show the SAFER policy is
applied with the correct configuration? If you right-click on the setting,
choose Properties and select the Precedence tab does it show the correct
policy applying the setting?

Any chance these users are Local Admins on their workstations and the
Enforcement setting in the GPO has been changed to apply the software
restriction policy to "All users except local administrators"?

Is the group policy applying according to the Application event log? Does
SceCli generate errors?

You stated, "...computer restriction policy defined to certain computers in
an OU." How did you do this? Did you remove Read and Apply Group Policy
permissions from Authenticated users and grant these rights to the specific
workstations only?

--
David Everett
Microsoft Corporation

This posting is provided "AS IS" with no warranties, and confers no rights.

"Andy" <adamron@norfolk.gov> wrote in message
news:d10001c48a98$62eb0cd0$a601280a@phx.gbl...
> I have a computer restriction policy defined to certain
> computers in an OU. This policy has been working for
> months. This policy is marked enforced. The policy
> restricts these computers from using Internet Explorer
> (path rule C:\Program Files\Internet
> Explorer\IEXPLORE.EXE). This week, the policy stopped
> working. All of the computers in the OU can now use
> Internet Explorer. I have verified that the policy has
> not changed and nothing on these computers looks any
> different (33 computers).
>
> I deleted the current policy and recreated it; however
> this had no effect.
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom