Group policy in Windows 2003 server and Active Directory

How can I block the downloading of files from Internet by clients using MS Windows 2003 server AD and Group policy? I am using Server 2003 Enterprise Edition.
shahidaengAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Pete LongTechnical ConsultantCommented:
Hello shahidaeng,

Farm out this registry key http://www.pctools.com/guides/registry/detail/901/ via GPO

Distribute Registry Entries via Grop policy

On an Client PC (that has the admin tools installed) set up the registry key as required (HKLM, HKU or HKCR only)
Start > Run > dsa.msc
Launch the policy editor (right click Domain/OU> Properties> Group policy)
Navigate to, Computer configuration > Windows Settings > Security Settings > Registry

Right click in the right hand pane > add Key
Navigate to the key you set up earlier.


How to add, modify, or delete registry subkeys and values by using a registration entries (.reg) file
http://support.microsoft.com/default.aspx?kbid=310516


Regards,

PeteLong
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
shahidaengAuthor Commented:
Without editing the registry can I do it?
0
Pete LongTechnical ConsultantCommented:
Not that Im aware of - unless you have an ISA server
0
Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

shahidaengAuthor Commented:
Could you plz explain little more?
0
Pete LongTechnical ConsultantCommented:
oh hang on yes you can...................
0
Pete LongTechnical ConsultantCommented:
................... Heres how todo it without touching the registry

On the Server Open Internet Explorer > Tools Internet Options > Security > Click “Custom Level” Button.
Drill down to Downloads > File Downloads > Tick Disable. OK > Apply > OK

Now create or edit an existing group policy and Navigate to
User Configuration > Windows Settings > Internet Explorer Maintenance > Security > Security Zones and Content Rating > On the security zones and privacy section, >  "Import the current security zones and privacy settings".

job done
0
shahidaengAuthor Commented:
In our domain we have one OU with all clients. For that OU there is already one Group policy. I edited that like......... User confgrn->Admin templates->Windows components->IE->Internet Control panel-> Security page->                    For Internet zone and Trusted sites zone I disabled file downloading and applied it.   But it is not working.  What is the difference between Internet zone and Locked Internet zone?
And if one property is enabled in Domain level policy and the same disabled in OU level policy, which will take effect.
0
shahidaengAuthor Commented:
I had tried the solution you said also, but that is also not working. Still I can download files.
0
shahidaengAuthor Commented:
How can I block the downloading of files from Internet by clients using MS Windows 2003 server AD and Group policy? I am using Server 2003 Enterprise Edition. plz answer me. i hav already tried a couple of ways, bt stil none of them didnt work. plz help me. many tnx.
0
shahidaengAuthor Commented:
You instructed me to edit HKLM, HKU, and HKCR. So do I want to add all these three values to Group policy- security settings registry?
0
shahidaengAuthor Commented:
Now when I click Download it will prompt for Save, Open, Cancel.
If I will give Save it will show message that security settings are not allowing this.
But if I wll click on open, it will first download to Temp and I can open the file. This is also equal to downloading, right? So how can I block that also?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.