English Deutsch Français Italiano Español Português 繁體中文 Bahasa Indonesia Tiếng Việt ภาษาไทย
All categories

Hi,
I'd created a GP for a group of users under same OU. And keyed in a list of websites that are allowable to access under Approved Sites tab. Why is that everytime user tries to access to somewhere in that site, it'll block them right away? For example, www.yahoo.com is on the Allow list, but when the user go to yahoo, and clicks on some link like Money.yahoo.com, or realestate.yahoo.com, these will be blocked. Is there any way that this can be fixed?
Another question, even though I created GP for that particular OUusers, but if someone else in different OU tries to login the machines that restricted users login, they're also blocked.
I did disable gp applied to computers in the GP properties tab.

THanks

2006-12-21 10:47:11 · 4 answers · asked by jennie t 1 in Computers & Internet Computer Networking

4 answers

You have multiple issues. First, you're using group policy for a task it's really not designed for (Microsoft's press to the contrary). You'd be better off with some type of surf control software. That said, here's some potential fixes:

The * idea presented previously is a good one, as is the yahoo.com instead of www.yahoo.com. But some websites do not follow a logical heiarchy well, and will cause problems.

Does your OU contain computers as well as users? If so, put them in a separate OU so the GPO doesn't apply to them. If not, look at your GPO's settings to make sure there's nothing in computer configuration; only user config.

You should run RSOP (resultant set of policy) on specific users on specific computers (using both an intentionally blocked and an unblocked user on the same machine) and check the results. This should tell you your error in configuring the GPO. You may have some higher-precedence GPO causing problems.

2006-12-21 11:22:13 · answer #1 · answered by antirion 5 · 0 0

Simply because the other sites are not on the allow list. money.yahoo.com is not the same as www.yahoo.com. If you allow *.yahoo.com, then anything that ends in yahoo.com should work.

I believe that this is a machine policy that you've set; that's why other users are blocked when the log on to machines in that OU. My guess anyway as I can't see what you've done and GP is maddening enough to troubleshoot while sitting at the console.

2006-12-21 13:03:57 · answer #2 · answered by Bostonian In MO 7 · 0 0

This may or may not work.
Try putting an asterisk (*) before the yahoo.com
ex. *.yahoo.com

Not sure if it works with "allowed sites", but I know it works with other things, such as Apache web server to allow access to (anything).yahoo.com

Otherwise, try typing in just yahoo.com without the www. It may be allowing only www.yahoo.com and not money.yahoo.com.

Hope this helps!

2006-12-21 10:51:58 · answer #3 · answered by James 3 · 0 0

Dude why are you checking your emails on the server. Why are you even on the physical server. Get a regular workstation, RDP in the server when you need to and perform the rest of your work functions on the workstation itself. Server is for admin work not checking emails dude lol.

2016-05-23 07:53:11 · answer #4 · answered by Anonymous · 0 0

fedest.com, questions and answers