This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unable to create block/allow policy

I need to block access to facebook.com and twitter.com for all users who are not a member of a Web-SocialNetworking AD group.

Facebook is categorised as Personals and Dating

Twitter is categorised as Blogs and Forums

The default policy is applied to domain users and blocks Personals and Dating, but allows Blogs and Forums. 

I have created two entries for the sites in the local site list, and tagged both as social networking. 

I have created two additional policies, one to block sites tagged with social networking, applied to domain users and another to allow sites tagged as social networking for members of Web-Socialnetworking.

The sites are blocked for all users. It seems that as I have blocked for domain users, this is overriding the web-socialnetworking group policy to allow.

Is there a solution to my problem? I'd appreciate some help please if anyone has any time. 

Thanks

:36333


This thread was automatically locked due to age.
Parents
  • Hi,

    Your policy sounds good to me, assuming the priority of each policy is in the right order.  Eg:

    Policy #1 

    Users - Web-SocialNetworking

    Tags - Social Networking (allow)

    Policy #2 

    Users - Domain Users

    Tags - Social Networking (blocked)

    Also, remember that the sync with AD only happens every 2 hours, so if you have just changed the group membership you should perform a manual sync to make it take effect.

    By the way, in order for the pages to render correctly, their might be more domains you need to add.  IIRC....

    fbcdn.net (Facebook)

    twimg.com (Twitter)

    Thanks,
    Tom.

    :36335
Reply
  • Hi,

    Your policy sounds good to me, assuming the priority of each policy is in the right order.  Eg:

    Policy #1 

    Users - Web-SocialNetworking

    Tags - Social Networking (allow)

    Policy #2 

    Users - Domain Users

    Tags - Social Networking (blocked)

    Also, remember that the sync with AD only happens every 2 hours, so if you have just changed the group membership you should perform a manual sync to make it take effect.

    By the way, in order for the pages to render correctly, their might be more domains you need to add.  IIRC....

    fbcdn.net (Facebook)

    twimg.com (Twitter)

    Thanks,
    Tom.

    :36335
Children
No Data