Disabling IE through GP

S

Spencer

Is there a way to disable internet browsing from a workstation based on group policy. In other words, they click on IE and it doesn't work. I know that I can disable the gateway, but I can't turn off DNS it being a Windows 2000 domain, but I want to limit this type of activity by user and not workstation. Is there a way to do it without using ISA? Thanks in advance.
 
C

Cary Shultz [A.D. MVP]

Spencer,

This question pops up every once and again. There are two things that you need to do:

1) configure the Proxy Server with a bad / invalid IP Address, and
2) disable the user's ability to change that.

HTH,

Cary

Is there a way to disable internet browsing from a workstation based on group policy. In other words, they click on IE and it doesn't work. I know that I can disable the gateway, but I can't turn off DNS it being a Windows 2000 domain, but I want to limit this type of activity by user and not workstation. Is there a way to do it without using ISA? Thanks in advance.
 
C

Chriss3

Hi Cary, there is in fact a much better way to do this, use content Advisor to only allow about:blank page.

User Configuration\Windows Settings\Internet Explorer Maintenance\Security\Security Zones and Content Ratings

Import the current content ratings settings. Click Modify Settings to change settings you are importing. You can then modify your settings using Content Advisor.
Allow only the about:blank page.


--
Regards
Christoffer Andersson

No email replies please - reply in the newsgroup

"Cary Shultz [A.D. MVP]" <[email protected]> skrev i meddelandet Spencer,

This question pops up every once and again. There are two things that you need to do:

1) configure the Proxy Server with a bad / invalid IP Address, and
2) disable the user's ability to change that.

HTH,

Cary

Is there a way to disable internet browsing from a workstation based on group policy. In other words, they click on IE and it doesn't work. I know that I can disable the gateway, but I can't turn off DNS it being a Windows 2000 domain, but I want to limit this type of activity by user and not workstation. Is there a way to do it without using ISA? Thanks in advance.
 
A

Adam Gilstrap

In Group Policy you can set blocked applications. If you set iexplore.exe to be blocked that should work. It is under User Configuration/Admin Templates, and set the Dont run specified Windows applications to include iexplore.exe
Hi Cary, there is in fact a much better way to do this, use content Advisor to only allow about:blank page.

User Configuration\Windows Settings\Internet Explorer Maintenance\Security\Security Zones and Content Ratings

Import the current content ratings settings. Click Modify Settings to change settings you are importing. You can then modify your settings using Content Advisor.
Allow only the about:blank page.


--
Regards
Christoffer Andersson

No email replies please - reply in the newsgroup

"Cary Shultz [A.D. MVP]" <[email protected]> skrev i meddelandet Spencer,

This question pops up every once and again. There are two things that you need to do:

1) configure the Proxy Server with a bad / invalid IP Address, and
2) disable the user's ability to change that.

HTH,

Cary

Is there a way to disable internet browsing from a workstation based on group policy. In other words, they click on IE and it doesn't work. I know that I can disable the gateway, but I can't turn off DNS it being a Windows 2000 domain, but I want to limit this type of activity by user and not workstation. Is there a way to do it without using ISA? Thanks in advance.
 
C

Cary Shultz [A.D. MVP]

Chris,

Looks like I learn something new every day! Just two months ago the method that I described was the way to do it (at least what everyone was suggesting ). Looks like I need to spend a little more time in here.

Thank you for the update!

Cary

Hi Cary, there is in fact a much better way to do this, use content Advisor to only allow about:blank page.

User Configuration\Windows Settings\Internet Explorer Maintenance\Security\Security Zones and Content Ratings

Import the current content ratings settings. Click Modify Settings to change settings you are importing. You can then modify your settings using Content Advisor.
Allow only the about:blank page.


--
Regards
Christoffer Andersson

No email replies please - reply in the newsgroup

"Cary Shultz [A.D. MVP]" <[email protected]> skrev i meddelandet Spencer,

This question pops up every once and again. There are two things that you need to do:

1) configure the Proxy Server with a bad / invalid IP Address, and
2) disable the user's ability to change that.

HTH,

Cary

Is there a way to disable internet browsing from a workstation based on group policy. In other words, they click on IE and it doesn't work. I know that I can disable the gateway, but I can't turn off DNS it being a Windows 2000 domain, but I want to limit this type of activity by user and not workstation. Is there a way to do it without using ISA? Thanks in advance.
 
F

Frank Reichenbacher

I do not see this in my GP:

"...and set the Dont run specified Windows applications to include iexplore.exe"

Would I have to create a new template?

Frank




In Group Policy you can set blocked applications. If you set iexplore.exe to be blocked that should work. It is under User Configuration/Admin Templates, and set the Dont run specified Windows applications to include iexplore.exe
Hi Cary, there is in fact a much better way to do this, use content Advisor to only allow about:blank page.

User Configuration\Windows Settings\Internet Explorer Maintenance\Security\Security Zones and Content Ratings

Import the current content ratings settings. Click Modify Settings to change settings you are importing. You can then modify your settings using Content Advisor.
Allow only the about:blank page.


--
Regards
Christoffer Andersson

No email replies please - reply in the newsgroup

"Cary Shultz [A.D. MVP]" <[email protected]> skrev i meddelandet Spencer,

This question pops up every once and again. There are two things that you need to do:

1) configure the Proxy Server with a bad / invalid IP Address, and
2) disable the user's ability to change that.

HTH,

Cary

Is there a way to disable internet browsing from a workstation based on group policy. In other words, they click on IE and it doesn't work. I know that I can disable the gateway, but I can't turn off DNS it being a Windows 2000 domain, but I want to limit this type of activity by user and not workstation. Is there a way to do it without using ISA? Thanks in advance.
 
A

Adam Gilstrap

You should see a policy titled "Don't run specified Windows applications. You have to double-click on that, enable it, then you can show the disabled apps and add iexplore.exe to that.
I do not see this in my GP:

"...and set the Dont run specified Windows applications to include iexplore.exe"

Would I have to create a new template?

Frank




In Group Policy you can set blocked applications. If you set iexplore.exe to be blocked that should work. It is under User Configuration/Admin Templates, and set the Dont run specified Windows applications to include iexplore.exe
Hi Cary, there is in fact a much better way to do this, use content Advisor to only allow about:blank page.

User Configuration\Windows Settings\Internet Explorer Maintenance\Security\Security Zones and Content Ratings

Import the current content ratings settings. Click Modify Settings to change settings you are importing. You can then modify your settings using Content Advisor.
Allow only the about:blank page.


--
Regards
Christoffer Andersson

No email replies please - reply in the newsgroup

"Cary Shultz [A.D. MVP]" <[email protected]> skrev i meddelandet Spencer,

This question pops up every once and again. There are two things that you need to do:

1) configure the Proxy Server with a bad / invalid IP Address, and
2) disable the user's ability to change that.

HTH,

Cary

Is there a way to disable internet browsing from a workstation based on group policy. In other words, they click on IE and it doesn't work. I know that I can disable the gateway, but I can't turn off DNS it being a Windows 2000 domain, but I want to limit this type of activity by user and not workstation. Is there a way to do it without using ISA? Thanks in advance.
 
S

Steven L Umbach

While that may stop them from starting Internet Explorer, keep in mind that it may not stop access to the internet dues to the way that the internet access is integrated into Windows these days. For instance after a user can no longer use IE, they still may be able to access the internet from Explorer address bar, the run box, or even url links in Word documents. A firewall/proxy server or even ipsec filtering may be a better way to go. --- Steve
You should see a policy titled "Don't run specified Windows applications. You have to double-click on that, enable it, then you can show the disabled apps and add iexplore.exe to that.
I do not see this in my GP:

"...and set the Dont run specified Windows applications to include iexplore.exe"

Would I have to create a new template?

Frank




In Group Policy you can set blocked applications. If you set iexplore.exe to be blocked that should work. It is under User Configuration/Admin Templates, and set the Dont run specified Windows applications to include iexplore.exe
Hi Cary, there is in fact a much better way to do this, use content Advisor to only allow about:blank page.

User Configuration\Windows Settings\Internet Explorer Maintenance\Security\Security Zones and Content Ratings

Import the current content ratings settings. Click Modify Settings to change settings you are importing. You can then modify your settings using Content Advisor.
Allow only the about:blank page.


--
Regards
Christoffer Andersson

No email replies please - reply in the newsgroup

"Cary Shultz [A.D. MVP]" <[email protected]> skrev i meddelandet Spencer,

This question pops up every once and again. There are two things that you need to do:

1) configure the Proxy Server with a bad / invalid IP Address, and
2) disable the user's ability to change that.

HTH,

Cary

Is there a way to disable internet browsing from a workstation based on group policy. In other words, they click on IE and it doesn't work. I know that I can disable the gateway, but I can't turn off DNS it being a Windows 2000 domain, but I want to limit this type of activity by user and not workstation. Is there a way to do it without using ISA? Thanks in advance.
 
A

Adam Gilstrap

True...I will have to look into that. Many times though iexplore.exe is called transparently to the user to display those items.
While that may stop them from starting Internet Explorer, keep in mind that it may not stop access to the internet dues to the way that the internet access is integrated into Windows these days. For instance after a user can no longer use IE, they still may be able to access the internet from Explorer address bar, the run box, or even url links in Word documents. A firewall/proxy server or even ipsec filtering may be a better way to go. --- Steve
You should see a policy titled "Don't run specified Windows applications. You have to double-click on that, enable it, then you can show the disabled apps and add iexplore.exe to that.
I do not see this in my GP:

"...and set the Dont run specified Windows applications to include iexplore.exe"

Would I have to create a new template?

Frank




In Group Policy you can set blocked applications. If you set iexplore.exe to be blocked that should work. It is under User Configuration/Admin Templates, and set the Dont run specified Windows applications to include iexplore.exe
Hi Cary, there is in fact a much better way to do this, use content Advisor to only allow about:blank page.

User Configuration\Windows Settings\Internet Explorer Maintenance\Security\Security Zones and Content Ratings

Import the current content ratings settings. Click Modify Settings to change settings you are importing. You can then modify your settings using Content Advisor.
Allow only the about:blank page.


--
Regards
Christoffer Andersson

No email replies please - reply in the newsgroup

"Cary Shultz [A.D. MVP]" <[email protected]> skrev i meddelandet Spencer,

This question pops up every once and again. There are two things that you need to do:

1) configure the Proxy Server with a bad / invalid IP Address, and
2) disable the user's ability to change that.

HTH,

Cary

Is there a way to disable internet browsing from a workstation based on group policy. In other words, they click on IE and it doesn't work. I know that I can disable the gateway, but I can't turn off DNS it being a Windows 2000 domain, but I want to limit this type of activity by user and not workstation. Is there a way to do it without using ISA? Thanks in advance.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Disabling Windows Firewall service using W2K GP 1
How to disable the screen saver on a single workstation 1
Hide IE History 5
IE GP Security Settings 1
IE GP Settings 1
GP not applying when logging in to a workstation 4
Internet Explorer 7 ADM files 6
Group Policy disabled Javascript 1

Top