Block websites and exceptions to blocked websites not working
Hello, I have a series of laptops that I need to block access to all URLs and only allow access to one. These laptops are not joined to an AD domain so I downloaded the ADMX templates and copied them to c:\windows\policydefinitions. I ran gpedit.msc and added <all_urls> to the Blocked Websites policy and then added the specific URL to the Exceptions to Blocked Websites policy. However I am unable to access the allowed URL as Firefox is blocking it, despite having the URL defined in the exceptions policy.
I have added various other URLs to the exceptions policy like https://www.msn.com, https://www.yahoo.com, and https://www.mozilla.org, and all are blocked. I have tried different match patterns in the blocked policy and none blocked any URL, which I didn't expect them to anyway. I tried these patterns:
*://*.*.* https://*.*.* http://*.*.* *
Also in my testing I added https://www.yahoo.com to the block policy, did not enable the exceptions policy and found Firefox did not block that site, which makes zero sense. Am I missing something? I was able to do something similar to this in Chrome with its ADMX templates copied locally to a non-domain joined PC, and it worked flawlessly.
由mgorski10于
被采纳的解决方案
I figured out how to fix my issue. Setting <all_urls> in the block list was working and I found the problem was the match pattern I had set in the exclude policy was not entered correctly. Apparently explicitly entering the exact URL I wanted to allow wasn't correct. As an example the correct pattern is *://msn.com/*. Not including the asterisk after the domain caused the browser to not account for the path that might be added after accessing the website. Hopefully this helps someone else that runs into the same issue.
定位到答案原位置 👍 1所有回复 (2)
选择的解决方案
I figured out how to fix my issue. Setting <all_urls> in the block list was working and I found the problem was the match pattern I had set in the exclude policy was not entered correctly. Apparently explicitly entering the exact URL I wanted to allow wasn't correct. As an example the correct pattern is *://msn.com/*. Not including the asterisk after the domain caused the browser to not account for the path that might be added after accessing the website. Hopefully this helps someone else that runs into the same issue.