GPO Computer Software Restriction Policy Stopped Working

A

Andy

I have a computer restriction policy defined to certain
computers in an OU. This policy has been working for
months. This policy is marked enforced. The policy
restricts these computers from using Internet Explorer
(path rule C:\Program Files\Internet
Explorer\IEXPLORE.EXE). This week, the policy stopped
working. All of the computers in the OU can now use
Internet Explorer. I have verified that the policy has
not changed and nothing on these computers looks any
different (33 computers).

I deleted the current policy and recreated it; however
this had no effect.
 
D

David Everett [MSFT]

Hi Andy,

If you logon as the user and run rsop.msc does it show the SAFER policy is
applied with the correct configuration? If you right-click on the setting,
choose Properties and select the Precedence tab does it show the correct
policy applying the setting?

Any chance these users are Local Admins on their workstations and the
Enforcement setting in the GPO has been changed to apply the software
restriction policy to "All users except local administrators"?

Is the group policy applying according to the Application event log? Does
SceCli generate errors?

You stated, "...computer restriction policy defined to certain computers in
an OU." How did you do this? Did you remove Read and Apply Group Policy
permissions from Authenticated users and grant these rights to the specific
workstations only?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Setting internet Home page 2
Web-only Computer Policy? 2
Software Installation GPO 3
Computer based group policy 5
GPO Password Policy is applied but not working 4
Computer Policy not being applied 8
Software restriction 2
GPO Creation oddity... please help 4

Top