So I'm trying to fix an operational issue related to coaching. We use AD groups to give access to personal network storage and media sharing sites. If you're a member of the right AD group you can get access to ANY PNS or media sharing site. Obviously that's pretty inclusive. I'm trying to create a 2nd coaching rule that says you, person in this other PNS group, can go to dropbox only. It isn't working - I either allow everyone regardless of group membership access or I block people in the correct groups. If I reorder the rules and put the Dropbox rule set above the PNS ruleset and am just a member of the Dropbox group I get the coaching page but I then get the block page after continuing rather than being allowed to go to Dropbox.
Coaching rule that works just fine for all access to all Personal Network Storage URLs:
Coaching rule that isn't working to limit users to Dropbox:
Thanks for your potential help,
I find that doing rule traces--even when the logic seems like it should just work--can be very enlightening.
Also, rule traces will show you exactly what groups are coming through, and you are likely only getting the groups that are proper "security" groups in AD.