Prevent Remote Desktop Clients from running Internet Explorer

This is a stand alone 2003 Terminal Server. There are no local clients. I want to use Group Policy to prevent Remote Clients from running Internet Explorer. As far as I can tell, the setting I need is in : User Configuration -> Admin Templates -> System -> Dont run specified apps.

My problem is that I cannot find this policy in Default Domain Controller Settings, or in Default Domain Security Settings. Logged in as Administrator, I ran GPEDIT.MSC and set it there, but this only applied to the Adminstrator Account.

How can I set this policy to apply to other users?


Who is Participating?

Improve company productivity with a Business Account.Sign Up

BembiConnect With a Mentor CEOCommented:
I use the old menu structure, this is different, yes :-))

> But this prevents even myself...
Yes, as machine based

The same feature is within the group policies, but as policies are stored in the startup folder, they are only used and available if you logon as member of a domain and the TS is a member server of a domain. Otherwise the startup folder is not touched. You said this is a stand alone server.

You may have the Domain GPO admin tools on your machine, but they can only show, what they can find on the machine --> the local policies. Domain policies are only shown if you are part of a domain. Therfore I assume, that changing the settings within GPO console are excacly the same that within the security console. Means if you change the settings with the GPO console, they will also be show by the security console.  

Case is different, if your TS server is part of a domain.
As you can see --> Admin Template -->, the policy is within a template (ADM) file. You should have this on your computer, usually localted a C:\windows\inf.

Right click on administrative templates and have a look there, which templates are loaded or not. There you can add additional templates.
ipendleburyAuthor Commented:
Thanks for the reply. I need you to be a bit more explanatory please....

>> Right click on administrative templates and have a look there,
>> which templates are loaded or not.

Where should I be doing this? The only place I can find something that says "Administrative Templates" is in GPEDIT.MSC which only applies to the current user.

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

OK I see...

Have a look here:
Open local security setting
Goto Policies for Software restrictions
--> Additional rules
There you can set file based rules to block applications.

(My system is non english, maybe the pathes differ from my description).

Classic group policies can only applied, it the TS is part of a domain as the logon of users is handled by the domain. If you have only local accounts, you cant assign policies to these local accounts.  

Not the restriction above is machine based...
ipendleburyAuthor Commented:
Sorry, i'm still struggling to understand you.....
Where is this 'Local Security Setting'?
Start - settings  - system setting, there you can find the local security policy...

Or run
ipendleburyAuthor Commented:
OK I got a bit further now... But I think your system is totally different from the systems I administer. I never saw a system with 'Settings' in the Start Menu. I couldn't find Local Security Policy anywhere either. But I ran Secol.msc and got myself in there.

OK I added a new software restriction policy. But this prevents even myself from running Internet Explorer. I need to be able to run this occasionally. I was l looking and wondering if I could create a new security level in the next menu, and have that security level applying to all members of the Users Group.

Can I ask also why you got me to look in the Local Security Policy. The same feature is available in the Default Demain Policy which is readily available to me. Would it not be better to use this?

Oh, the local policies are store under
There are also the local INF files.
ipendleburyAuthor Commented:
Ok thank you for all that

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.