nschwend
asked on
disable Internet Explorer on specific computers via GPO
Hello Everybody,
I need your help setting up a GPO which prevent Internet Explorer on specific computers. The users, even if enabled to browse the internet, cannot navigate on specific computers of one area...
how can I do that?
thank you a lot
nick
I need your help setting up a GPO which prevent Internet Explorer on specific computers. The users, even if enabled to browse the internet, cannot navigate on specific computers of one area...
how can I do that?
thank you a lot
nick
ASKER
Hi jvuz,
thank you for your answer...
this cannot be my solution because the users should have the ability to go to internet in all workstations except some wks in a specific ou...
with your solution, the users couldn't navigate from everywhere in the domain...
thank you for your answer...
this cannot be my solution because the users should have the ability to go to internet in all workstations except some wks in a specific ou...
with your solution, the users couldn't navigate from everywhere in the domain...
OK, I see
On those PC's, try removing Execute rights from all users on c:\Program Files\Internet Explorer\iexplore.exe
IE is not something designed to be limited, as it is built in to the core Os...
At minimum, manually set the Proxy to 0.0.0.0, and grey out the Connections tab in IE so it cant be changed....
[HKEY_LOCAL_MACHINE\Softwa re\Policie s\Microsof t\Internet Explorer\Control Panel]
"Proxy"=dword:00000001
IE is not something designed to be limited, as it is built in to the core Os...
At minimum, manually set the Proxy to 0.0.0.0, and grey out the Connections tab in IE so it cant be changed....
[HKEY_LOCAL_MACHINE\Softwa
"Proxy"=dword:00000001
ASKER
my idea was something like in the user environment with the policy: don't run specified application... but applied to the computer settings.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SRP is your best option here mentioned by johnb6767
setting default to allowed and then set explicit the iexplore.exe to disallowed.
You can also use the setting you mentioned "Do not run specified applications" if you use the loopback function for these computer. If they are in a separate OU or you can filter using security filtering or maybe even WMI
setting default to allowed and then set explicit the iexplore.exe to disallowed.
You can also use the setting you mentioned "Do not run specified applications" if you use the loopback function for these computer. If they are in a separate OU or you can filter using security filtering or maybe even WMI
ASKER
thank you all...
1. On your domain controller, right-click the organizational unit that contains your domain users, and select Properties.
2. On the Group Policy tab, click Edit.
3. Expand User Configuration to set restrictions on a per-user basis.
4. Expand Windows Settings, and expand Internet Explorer Maintenance.
5. Select Connection, and double-click Proxy Settings.
6. Select the Enable Proxy Settings check box, add 0.0.0.0 to the HTTP entry, and click OK.
7. Expand Administrative Templates, and expand Windows Components.
8. Select Internet Explorer, and double-click Disable Changing Proxy Settings.
9. Select Enabled, and click OK.