Regular Visitor
Posts: 6
Registered: ‎Wed 24-Oct-2012
Accepted Solution

Unable to create block/allow policy

I need to block access to and for all users who are not a member of a Web-SocialNetworking AD group.


Facebook is categorised as Personals and Dating

Twitter is categorised as Blogs and Forums


The default policy is applied to domain users and blocks Personals and Dating, but allows Blogs and Forums. 


I have created two entries for the sites in the local site list, and tagged both as social networking. 

I have created two additional policies, one to block sites tagged with social networking, applied to domain users and another to allow sites tagged as social networking for members of Web-Socialnetworking.


The sites are blocked for all users. It seems that as I have blocked for domain users, this is overriding the web-socialnetworking group policy to allow.


Is there a solution to my problem? I'd appreciate some help please if anyone has any time. 




Posts: 146
Registered: ‎Wed 08-Jun-2011

Re: Unable to create block/allow policy

[ Edited ]



Your policy sounds good to me, assuming the priority of each policy is in the right order.  Eg:


Policy #1 

Users - Web-SocialNetworking

Tags - Social Networking (allow)


Policy #2 

Users - Domain Users

Tags - Social Networking (blocked)


Also, remember that the sync with AD only happens every 2 hours, so if you have just changed the group membership you should perform a manual sync to make it take effect.


By the way, in order for the pages to render correctly, their might be more domains you need to add.  IIRC.... (Facebook) (Twitter)






For our other self-service and peer-to-peer online support systems: