gregmoore
asked on
Need to completely block the install of IE7 on XP SP2
We need to have the ability to completely block the installation of IE7 on all of our networked computers. We are running a 2003 Server/XP Client SP2 environment with full AD and GPO enforcement. We currently have IE7 blocked via WSUS, but this does not stop users from visiting Microsoft's site directly and installing it from there.
We have proprietary and other applications that simply will not work with IE7, and if someone accesses it using that version of IE, it will wreak havok on that service, causing it to be unavailable to others that need to access it.
We have proprietary and other applications that simply will not work with IE7, and if someone accesses it using that version of IE, it will wreak havok on that service, causing it to be unavailable to others that need to access it.
Badotz
Have you tried yelling and screaming atht e fools who persist despite your restrictions? Perhaps mass firings would work?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Then if they still persist, fire them...
ASKER
Considering that this GPO setting goes by disallowing according to filename, and since IE6 and IE7 share the same executable name of "iexplore.exe", this would completely disable Internet Explorer all-together, and is not a viable option.
Any other suggestions besides firing? LOL
Any other suggestions besides firing? LOL
Install Firefox on all machines and rename it as IE.exe?
Tear down the cubicles and force the toads to share tables? (makes what everyone does public)
Encourage reporting errant behavior? (may be accused of Nazi tactics, but so what?)
Restrict the Microsoft web site(s)?
Disallow browsing altogether?
Schedule weekly lobotomies?
Tear down the cubicles and force the toads to share tables? (makes what everyone does public)
Encourage reporting errant behavior? (may be accused of Nazi tactics, but so what?)
Restrict the Microsoft web site(s)?
Disallow browsing altogether?
Schedule weekly lobotomies?
What I was referring to was the IE downloaded module.....
IE7-WINDOWSXP-X86-ENU.EXE
If someone renames it, then it will bypass that of course. But for the most part it should stop the large majority...
IE7-WINDOWSXP-X86-ENU.EXE
If someone renames it, then it will bypass that of course. But for the most part it should stop the large majority...
ASKER
I'm going to use the above "DisallowRun" for blocking the install straight from MS's website, using GPO's setting to not allow that executable. I have also implemented in our logout script the following for individuals that have it installed already:
@Echo off
if exist C:\WINDOWS\$NtUninstallKB9
if exist C:\WINDOWS\ie7updates\KB92
if exist C:\WINDOWS\ie7\spuninst\sp
This will uninstall the IE7 updates first, then IE7 itself. I have tested this, and even if it is installed on their computer, it will uninstall it immediately on restart.
Thank you for your assistance
@Echo off
if exist C:\WINDOWS\$NtUninstallKB9
if exist C:\WINDOWS\ie7updates\KB92
if exist C:\WINDOWS\ie7\spuninst\sp
This will uninstall the IE7 updates first, then IE7 itself. I have tested this, and even if it is installed on their computer, it will uninstall it immediately on restart.
Thank you for your assistance
Your welcome. Glad you got the answer you needed...
Not nearly as much fun as mass firings, eh?
Unfortunately not.... But at least this way, hopefully your tires will be safe from mass slashings.....
:^)
:^)