Block Install of Firefox

My machines are locked down and my users have no rights to install anything, however, one user was able to install firefox.  We can't use firefox in this environment because of certain software that's not compatible with it.  Is there some way, (GPP or GPO) I can stop users from installing this? If so how?
WellingtonISAsked:
Who is Participating?
 
Tushar_DarwatkarConnect With a Mentor Commented:
Hello,

Just go through the link below which suggest that you can block the executable file download on Proxy Server only. If you are not using Proxy server then you can try the other steps mentioned to configure the AppLocker as well.

http://social.technet.microsoft.com/Forums/en-US/winserverGP/thread/53f4bf00-8441-4a79-b023-6c225f883391

http://www.edugeek.net/forums/windows-7/82380-blocking-firefox-install.html
0
 
Haresh NikumbhSr. Tech leadCommented:
In GPOs in Windows XP and Vista have a mechanism called Software Restriction Policies that will allow you to block firefox either by path or file hash (I would suggest using both) as requested. Windows 7 introduced an enhanced version of this called AppLocker. Both can be found under Computer Configuration\Windows Settings\Security Settings.


http://technet.microsoft.com/en-us/library/bb457006.aspx

http://technet.microsoft.com/en-us/library/dd723678(WS.10).aspx
0
 
ienaxxxCommented:
yeah, you can use a GPO with software restriction policy to prevent:

the hash of the main firefox executable (obtain various to get the console analyze them)
the name of the exe (i mean firefox.exe).

Pay serious attention when enabling SRP and test it on a test-OU before.
You should leave an enable all/deny specific policy for the ease of implementation IMO.
0
The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

 
ienaxxxCommented:
The correct path is:
computer settings->windows settings->security settings->software restriction policies.
0
 
WellingtonISAuthor Commented:
Will GPO Applocker work on XP machines?
0
 
Haresh NikumbhSr. Tech leadCommented:
Windows 7 introduced an enhanced version of this called AppLocker
for XP Software Restriction Policies
0
 
WellingtonISAuthor Commented:
OK great I will test this. Thanks!
0
 
WellingtonISAuthor Commented:
I did the following.  See attached and tried it on my test machine.  I WAS able to install it. I also turned on Application Identity too as instructed in the instructions...  Do I make the Scope the machines or the users? (Maybe that's my issue?)
GPO.png
0
 
Haresh NikumbhSr. Tech leadCommented:
run Gpupdate.exe /force on client machine and verify
0
 
WellingtonISAuthor Commented:
Ran that and also RSOP it's applied.
0
 
ienaxxxCommented:
OK, you was able to install it.
Are you able to use it?

I mean: I told you to get hashes for the main firefox executables because IMO it's useless to block the installers...
There are also portable versions of firefox that doesn't require the setup....
0
 
WellingtonISAuthor Commented:
Yes you're correct about the portable part.  I'm now trying to block the %osdrive%\User\%username%\AppData\Loca\Mozilla\* -
0
 
ienaxxxCommented:
Why?
Why don't you block path *\firefox.exe and all the firefox.exe file versions hashes?
0
 
WellingtonISAuthor Commented:
just did thanks.  Let's see if that works.
0
 
WellingtonISAuthor Commented:
Wow this thing is a Beast!  I can't stop the installing no matter what I do?  It installs and works.
0
 
WellingtonISAuthor Commented:
In addition I added the following security settings too to try to stop the install in Appdata..
additional.png
0
 
WellingtonISAuthor Commented:
OK if I do an RSOP on the server (Advanced View) the Application Control Policy isn't showing up... I wonder if that's my issue...
0
 
WellingtonISAuthor Commented:
ok I FINALLY GOT IT to work! It does install but you can't run it.
You have to block
C:\users\%username%\AppData\Local\Mozilla Firefox\*.*
I don't know the path for XP.  Anyone???
0
 
WellingtonISAuthor Commented:
Strangely enough, just doing the app blocker didn't do the trick for me.  I had to add the registry setting too. I will install but it  will not run.
For XP I had to use c:\documents and settings\%username%\Local Settings\Application Data\Mozilla firefox\Firefox.exe
Once I added that and the other registry setting for windows 7 it worked.  I'm not sure why just running the app blocker didn't fix the issue.
the other thing with the APP blocker is unless you have the app installed you can't block it.  That to me doesn't make much sense but OK.
0
 
WellingtonISAuthor Commented:
thx this worked.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.