We are running SEP 12.1.6 MP4 on three Server 2012 R2 Standard SEPMs. We set up locations for our workstations in response to applications that still needed us to run IE 8 on some machines. We set up the policy initially to detect registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Version Vector\IE = 8.0000. When the value is detected iexplorer.exe is blocked from access to anything outside a 1918 address and a white list. In testing it worked brilliantly and we rolled it out to the workstations in phases.
It has, however, recently come to my attention that three members of the IT Security Commitee for one one of our hospitals are running IE 8 and have normal access to the internet. I spoke with tech support and they told me that I either a) need to set the Quarantine location to default or b) add another location for NOT that registry value. I also noticed that in the groups General Settings remember location is checked.
I started by moving these three individuals to a seperate group and copied the policies from their original group and unchecked the remember location toggle. They reported in, downloaded the new policy but did not move. I next moved on to select the Quarantine location as the default but again they checked in, updated but did not move. As a third step I created a rule for an Access location that does NOT have the registry value but only got the same result. At this point the Access location is the default and is the first in my list of locations, Quarantine is second in the list and the Default group is disabled and I am seeing no result in the Client Activity log.
This is working for a number of clients as we have had 1225 switch to the Quarantine group in the past week. The next step is to reach out to work on the user's machines. I was just wondering if anyone had any ideas as to the described set up.