Limit users to run only MSOffice Viewers on Terminal server.

Posted on 2013-05-23
Medium Priority
Last Modified: 2013-06-13
We have Terminal Server 2003 with GPP CSE and Microsoft Office installed.

The goal is to prevent users in certain OU from using Microsoft Office applications.  When these users open MS Office document, it should use Viewer (Word, Excel and PowerPoint) instead.

User Configuration -> Preferences -> Control Panel Settings -> Folder Options all Office extensions configured to run Viewer.

The problem:
When user runs Office docs from Windows Explorer it works as designed – opens Viewers, but if the same user opens documents from Internet Explorer, for example attachment in OWA or if he/she simply drag-n-drop a doc to IE window and click ‘Open’, instead of Viewer fully functional MS Office application opens that file.

The question is how using only User’s group policies force IE to open Viewers?
Question by:tu134
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
LVL 64

Expert Comment

ID: 39193659
Looks like it is the "BrowserFlags" - not GPP though

A new window opens when you try to view a 2007 Microsoft Office program document in Windows Internet Explorer 7 or Internet Explorer 8

Also mentioned by user

How to configure Internet Explorer to open Office documents in the appropriate Office program instead of in Internet Explorer

Author Comment

ID: 39206042
Thanks breadtan

We need to open Office docs outside of browser window with appropriate apps (Viewers)

The hotfix from 3rd link forced IE8 to open docs in new browser window, but after click on Open in "Downoad File" dialog it'll still opens regular Word/Excel/PowerPoint instead of viewers.
LVL 64

Accepted Solution

btan earned 1500 total points
ID: 39206556
Just to understand the flag better:

> 0x8 indicates that a particular app should open in its own window when its associated file is clicked (as opposed to opening within IE. For eg: MS Office docs).
> 0x10 indicates that when a link is clicked, the existing window should be reused instead of opening a new window.
> 0x22 in windows explorer - when you open a folder, it opens in an existing window instead of opening a new one).
> 0x24 or 0x00 indicates that the viewer should be embedded in the browser.

Wondering if you have tried this below - may be embedded viewer though since all values start with 0x8000ZZZZ.

EditFlags (what explorer should do with a particular filetype and/or defines what class it is).
> 00 01 00 00 turns off the "Confirm open after download" box in IE.
> 00 00 00 means no special attributes have been defined for that class.
> 02 00 00 00 is used for the mailto: protocol for mail clients.

But coming back if you notice in the 3rd link, the document type will each have a subkey e.g. Microsoft Office Excel 2007-2010 Worksheet is to Excel.Sheet.12. For excel viewer, it is ExcelViewer.Sheet.12 if I am not wrong. You can find out more info below

http://extension.nirsoft.net/<ext> where ext is the file extension

I was wondering the options to tweak the app default for opening based on MSDN guide but do be careful when testing. But it is would be global

      (Default) = ProgID.ext.1
      Content Type = MIME content type
      PerceivedType = PerceivedType

      (Default) = YourProgID
               (Default) = yourapp.exe %1

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses
Course of the Month13 days, 14 hours left to enroll

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question