[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 204
  • Last Modified:

Need to completely block the install of IE7 on XP SP2

We need to have the ability to completely block the installation of IE7 on all of our networked computers. We are running a 2003 Server/XP Client SP2 environment with full AD and GPO enforcement. We currently have IE7 blocked via WSUS, but this does not stop users from visiting Microsoft's site directly and installing it from there.
We have proprietary and other applications that simply will not work with IE7, and if someone accesses it using that version of IE, it will wreak havok on that service, causing it to be unavailable to others that need to access it.
0
gregmoore
Asked:
gregmoore
  • 5
  • 3
  • 2
1 Solution
 
BadotzCommented:
Have you tried yelling and screaming atht e fools who persist despite your restrictions? Perhaps mass firings would work?
0
 
johnb6767Commented:
DisallowRun
http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/regentry/93501.mspx

Use GPO to make the IE7 executable a restricted app, so it will not launch....
0
 
johnb6767Commented:
Then if they still persist, fire them...
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
gregmooreAuthor Commented:
Considering that this GPO setting goes by disallowing according to filename, and since IE6 and IE7 share the same executable name of "iexplore.exe", this would completely disable Internet Explorer all-together, and is not a viable option.

Any other suggestions besides firing? LOL
0
 
BadotzCommented:
Install Firefox on all machines and rename it as IE.exe?
Tear down the cubicles and force the toads to share tables? (makes what everyone does public)
Encourage reporting errant behavior? (may be accused of Nazi tactics, but so what?)
Restrict the Microsoft web site(s)?
Disallow browsing altogether?
Schedule weekly lobotomies?
0
 
johnb6767Commented:
What I was referring to was the IE downloaded module.....

IE7-WINDOWSXP-X86-ENU.EXE

If someone renames it, then it will bypass that of course. But for the most part it should stop the large majority...
0
 
gregmooreAuthor Commented:
I'm going to use the above "DisallowRun" for blocking the install straight from MS's website, using GPO's setting to not allow that executable. I have also implemented in our logout script the following for individuals that have it installed already:

@Echo off
if exist C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe /quiet
if exist C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe /quiet
if exist C:\WINDOWS\ie7\spuninst\spuninst.exe C:\WINDOWS\ie7\spuninst\spuninst.exe /quiet

This will uninstall the IE7 updates first, then IE7 itself. I have tested this, and even if it is installed on their computer, it will uninstall it immediately on restart.

Thank you for your assistance
0
 
johnb6767Commented:
Your welcome. Glad you got the answer you needed...
0
 
BadotzCommented:
Not nearly as much fun as mass firings, eh?
0
 
johnb6767Commented:
Unfortunately not.... But at least this way, hopefully your tires will be safe from mass slashings.....

:^)
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

  • 5
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now