here’s the scenario, We wanted users not to have internet
connection therefore i had to change the proxy settings to false ip
address 0.0.0. ... so created an OU and then made a new gp with the
necessary settings and then used a Block Policy Inheritance whereby we
don’t get any Default Domain Policy
Hi,
First of all, it is a big no-no to block the Default Domain Policy.
Just so you know =).
Second. Policy Settings applied under IE Maintenance are only applied
once on first logon. There is a setting that you can use to enable if
you want it to process it all the time. However, it is a Computer
Policy so it needs to be on the Computer OU’s - Under Computer -
Admin - System - Group Policy - Internet Explorer Maintenance Policy
Processing "Process even if Group policy objects have not changed".
Third - Creating a phony Proxy is a nice little hack, but it doesn’t
always work and you can get around it. If you don’t want users to
access Internet Explorer, Run a startup script using xcacls.vbs and
set permissions on the C
rogram FilesInternet Explorer to
Admin=Full Control and System = Full Control, removing Users and every
other group.
Just so you know that the best way to do this is to get a
Authenticated Proxy Server like ISA or the like. I am not sure if the
newest Linux proxy servers allow you to do it via authentication or
not but at least they are free.
Cheers,
Lara