Group policy is a security administrator's friend: it allows centralized administration of what a user can, and cannot do on their computer. While this is usually helpful and benign, it can also be a right pain when there are unintended consequences. 

Has this ever happened to you? 

You go home on Friday after a productive week at work, using Orion on a daily basis, and getting lots of good things done. Monday, you come to work ready to tackle the day, start up the Orion web interface and you see: 

"Access denied.: 

Or 

"Page cannot be displayed."

This is no way to start your week. It's not like you can't remember your password - the website won't even load!

While there are a bunch of things that could be going wrong, one common culprit is group policy. We get a lot of support calls when GPOs are dropped that limit access to Orion directories, or they disable access to the application pool services in IIS (below). 

 

The really annoying thing about group policy errors is that while we can fix them, they will usually "unfix" themselves when the policies are refreshed (usually every 5 minutes). So it's going to take a call to your security folks to get exempted from those certain GPOs going forward. 

Top Errors that Indicate You Have a Group Policy Problem

1. Suddenly, you get an "Access Denied" screen when you try to access the Orion website. 

2. You're heard talk that your systems have been recently hardened. 

3. You can't access the temp directories on your machine. 

 

What to do?

1. First of all, call your security administrator and see if they've implemented a new GPO. Chances are, you can track it down that way.

2. If you prefer to be armed with a little more data - you can check your event logs by following the directions here: http://technet.microsoft.com/en-us/library/cc749336(WS.10).aspx. Errors are easy to find in your logs - just go to: control panel -> administrative tools -> event viewer. Once you're there, choose "application" and sort them by "event." Anything in the 5000 range is a new group policy. You can see I have a few from a while back. 

 

Keep in mind that sooner or later you'll still have to address it with the security folks, otherwise the magic of group policy will keep undoing everything you've done.