Tue 18-Dec-2012 13:23
I need to block access to facebook.com and twitter.com for all users who are not a member of a Web-SocialNetworking AD group.
Facebook is categorised as Personals and Dating
Twitter is categorised as Blogs and Forums
The default policy is applied to domain users and blocks Personals and Dating, but allows Blogs and Forums.
I have created two entries for the sites in the local site list, and tagged both as social networking.
I have created two additional policies, one to block sites tagged with social networking, applied to domain users and another to allow sites tagged as social networking for members of Web-Socialnetworking.
The sites are blocked for all users. It seems that as I have blocked for domain users, this is overriding the web-socialnetworking group policy to allow.
Is there a solution to my problem? I'd appreciate some help please if anyone has any time.
Solved! Go to Solution.
Tue 18-Dec-2012 15:27 - edited Tue 18-Dec-2012 15:28
Your policy sounds good to me, assuming the priority of each policy is in the right order. Eg:
Users - Web-SocialNetworking
Tags - Social Networking (allow)
Users - Domain Users
Tags - Social Networking (blocked)
Also, remember that the sync with AD only happens every 2 hours, so if you have just changed the group membership you should perform a manual sync to make it take effect.
By the way, in order for the pages to render correctly, their might be more domains you need to add. IIRC....