Question : Changing IE Content Advisor approved sites for non-administrators

I am trying to distribute Content Advisor Approved Sites to all computers on an NT network. The .reg file that I use in the batch is correctly adding the approved sites to the correct registry keys and all users have Full Access to those keys in the registry. However, the Approved Sites only function when an administrator (local or network) logs into the NT computer. When users without administrative rights log in, the Approved Sites have to be re-entered every time they open IE, even though it is set to alwys allow access to those sites. Why won't the Content Advisor settings stick for non-users?

Answer : Changing IE Content Advisor approved sites for non-administrators

Try giving authenticated users or anonymous users full access to the policies key and check allow inherited ........

I use this on my network and it works flawlessly.

Below I have documented my setup.

Here is the info on how to control web access on a network. This will
only work with Internet Explorer. Also all machines should be running
win2k in a client server environment.

Initial Setup

First you need to create a new ratings file. Cut and paste the
following and name it noaccess.rat

-----------begin here------------
((PICS-version 1.0)
(rating-system "http://www.microsoft.com")
(rating-service "http://www.microsoft.com")
(name "Noaccess")
(description "This file will block all sites.")
(category
(transmit-as "m")
(name "Yes")
(label
(name "Level 0: No Setting")
(description "No Setting")
(value 0) )
(label
(name "Level 1: No Setting")
(description "No Setting")
(value 1) ) ))
------------end here-------------

Paste it into the system32 directory of your test machine.

Next, create a batch file with the following to save your ratings with
the original unrestricted settings. This will allow you to give full
internet access to the machine at a later time and also remove the
password protection if you need to. Create makeunrestricted.bat and
execute.

-----------begin here------------
regedit /e unrestricted.reg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ra
tings
------------end here-----------

On the same machine go to Tools>Content>Enable>General tab>Rating
Systems>Add

Add the noaccess.rat and remove the rsaci.rat then click OK.

Click on create supervisor password and enter a password.

Go to the Approved Sites tab and proceed to enter all of the approved
sites. Some sites might require asterisks in the site addresses. Ex.
ups.com or http://ups

. Once you are completed, the machine can now only view those sites.
Now copy the unrestricted.bat batch file and rename it to
makerestricted.bat. Change unrestricted.reg to restricted.reg. It
would be better to change the save location to a folder on the server
for future ease of use. I use ieratings.

-----------begin here------------
regedit /e restricted.reg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ra
tings
------------end here-----------

Open regedt32 and locate the
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies
key and make sure the users who will logon have full permissions to this
key and subkeys. You will have to do this on each machine. (I also
prevent users except for admin from accessing regedt32 and regedit via
group policy) You must reboot for permission changes to take effect.

Create the following registry file. This will delete all of ratings
registry settings

Deleteratings.reg
-----------begin here------------
Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
Ratings]
------------end here-----------

Place the 3 reg files in a folder which will be accessed by the batch
file used in the logon script. Create the resticted.bat for the
restricted users. Make sure to use the correct path to the reg files.

-----------begin here------------
regedit.exe /s \\d3server\Util\IERatings\deleteratings.reg
regedit.exe /s \\d3server\Util\IERatings\restricted.reg
------------end here-----------

Create the unrestricted.bat

-----------begin here------------
regedit.exe /s \\d3server\Util\IERatings\deleteratings.reg
regedit.exe /s \\d3server\Util\IERatings\unrestricted.reg
------------end here-----------

Place the bat files in the logon script folder. In active Directory, go
to the user and click properties>profile and add the bat file to the
logon script field.

Have a user logoff and logon and Voila!!

To add and remove additional sites is very easy. To add a site go to a
restricted machine logon as administrator. Open the website. You will
be prompted for a password to give access to that site. Select always
and enter your supervisor password. Now execute the makerestricted.bat
file. If it maps to the directory on the server where the reg files
are, all the users have to do is logoff and logon, or you can create a
batch file which resides on the users desktop which he or she can
execute. Modifying these reg entries does not require a reboot. I
recommend creating a com file so they do not have access to it to modify
or see what is running. You can also add or remove multiple sites by
accessing the ratings via IE>Tools>Internet Options>Content
Advisor>Approved Sites.

You can have multiple levels of access by using this method. This may
not seem easy, but once completed it runs very smooth. There are other
solutions out there but this is completely free.

Random Solutions

Local shared profile

MS SQL truncate script needed

Could not find a table or object named 'TableName'. Check sysobjects

Flash player will not work in IE6

Windows XP Home Edition Problems starting up

IIS5.1 "Request Control Not Valid For this Service"!?!? HELP!!

On Exchange 2007, how do I change the default domain extension from .loc to .net?

Active Record LIKE

Cange maximum autonumber value in access

Copy Access report to Powerpoint slide