Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Policy Internet Explorer Disabled IE Access Restriction


  • Please log in to reply
3 replies to this topic

#1 Parvardigar

Parvardigar

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:38 PM

Posted 14 November 2016 - 07:56 AM

On Server 2008R2 - Remote Desktop Server -Webroot prevented users from access RDS. RDS locked up. To fix this I had to disable Webroot and then contacted Webroot Support. Thus the remote users were able to log in and work.
 
Because of a potential security risk I disabled Internet Explorer in a policy setting. And I confess to being double dumb. I forget to write down what I did. I have spent days struggling to fix this after reading online references to how to fix a disabled Internet Explorer with that cryptic message: 'Internet Explorer this operation has been cancelled due to restrictions on this computer....'
 
I managed to achieve disabling Internet Explorer. When I did this as Domain Admin I assumed it would prevent end users from opening Internet Explorer. What that disabling did was to disable it for all users including the Administrator.
 
Please - let me know how to revive an enabled Internet Explorer. 
 
Thanks for your attentions on this serious mistake.


BC AdBot (Login to Remove)

 


#2 JohnnyJammer

JohnnyJammer

  • Members
  • 1,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:QLD Australia
  • Local time:06:38 AM

Posted 14 November 2016 - 05:04 PM

Ok so to find the GPO you enabled mate run the command rsop.msc, then right click the ComputerConfig and click properties and do the same for UserConfig. This will show policies applied for each but im guessing you did this for the User Config so do the following.

1: Open up your Gpedit.msc.
2: Navigate to "User Configuration/Administrative Templates/System"
3: Find the setting toward the bottom that reads "Don't Run Specified Windows Applications" and double click it.

There would be the policy you added?



#3 Parvardigar

Parvardigar
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:38 PM

Posted 15 November 2016 - 07:55 AM

What you described I can locate on the Domain Controller, Server-DC01.
On the Remote Desktop Server, Server-RDS01 that feature  "Don't Run Specified Windows Applications" is not listed.

In fact all the Admin tools listed in Server-DC01 several of those admin tools are not listed in Server-RDS01

 

I have no information but it appears that Remote Desktop Servers have tools and features reduced such as  "Don't Run Specified Windows Applications" .

I am certain if  "Don't Run Specified Windows Applications"  were listed in gpedit.msc on RDS that that feature would be visible. 

Thus I am prevented from removing the I.E. disable feature.

 

I have two screen shots but I cannot add them as I see no feature here.

The images of Admin Tools would show a reduced listing; and the image of gpedit would show reduced listings. That is a problem.

I will post this note and look to see how to add photos here.

Thanks



#4 JohnnyJammer

JohnnyJammer

  • Members
  • 1,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:QLD Australia
  • Local time:06:38 AM

Posted 15 November 2016 - 07:36 PM

No gpedit.msc is a local policy, gpmc.msc (Should be run from Server-DC01) is the domain GPO editor mate. So using gpedit.msc on the RDP server will only show you the locally applied policys mate.

You would need run the command rsop.msc from the RDP server and then right click the user and Computer configs and click properties, this will give you details about what GPO's are applied mate.

 

if not look at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies

Also you can upload images to imgur.com and add link in here mate


Edited by JohnnyJammer, 15 November 2016 - 07:36 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users