Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Limit users to run only MSOffice Viewers on Terminal server.

Posted on 2013-05-23
Medium Priority
Last Modified: 2013-06-13
We have Terminal Server 2003 with GPP CSE and Microsoft Office installed.

The goal is to prevent users in certain OU from using Microsoft Office applications.  When these users open MS Office document, it should use Viewer (Word, Excel and PowerPoint) instead.

User Configuration -> Preferences -> Control Panel Settings -> Folder Options all Office extensions configured to run Viewer.

The problem:
When user runs Office docs from Windows Explorer it works as designed – opens Viewers, but if the same user opens documents from Internet Explorer, for example attachment in OWA or if he/she simply drag-n-drop a doc to IE window and click ‘Open’, instead of Viewer fully functional MS Office application opens that file.

The question is how using only User’s group policies force IE to open Viewers?
Question by:tu134
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
LVL 65

Expert Comment

ID: 39193659
Looks like it is the "BrowserFlags" - not GPP though

A new window opens when you try to view a 2007 Microsoft Office program document in Windows Internet Explorer 7 or Internet Explorer 8

Also mentioned by user

How to configure Internet Explorer to open Office documents in the appropriate Office program instead of in Internet Explorer

Author Comment

ID: 39206042
Thanks breadtan

We need to open Office docs outside of browser window with appropriate apps (Viewers)

The hotfix from 3rd link forced IE8 to open docs in new browser window, but after click on Open in "Downoad File" dialog it'll still opens regular Word/Excel/PowerPoint instead of viewers.
LVL 65

Accepted Solution

btan earned 1500 total points
ID: 39206556
Just to understand the flag better:

> 0x8 indicates that a particular app should open in its own window when its associated file is clicked (as opposed to opening within IE. For eg: MS Office docs).
> 0x10 indicates that when a link is clicked, the existing window should be reused instead of opening a new window.
> 0x22 in windows explorer - when you open a folder, it opens in an existing window instead of opening a new one).
> 0x24 or 0x00 indicates that the viewer should be embedded in the browser.

Wondering if you have tried this below - may be embedded viewer though since all values start with 0x8000ZZZZ.

EditFlags (what explorer should do with a particular filetype and/or defines what class it is).
> 00 01 00 00 turns off the "Confirm open after download" box in IE.
> 00 00 00 means no special attributes have been defined for that class.
> 02 00 00 00 is used for the mailto: protocol for mail clients.

But coming back if you notice in the 3rd link, the document type will each have a subkey e.g. Microsoft Office Excel 2007-2010 Worksheet is to Excel.Sheet.12. For excel viewer, it is ExcelViewer.Sheet.12 if I am not wrong. You can find out more info below

http://extension.nirsoft.net/<ext> where ext is the file extension

I was wondering the options to tweak the app default for opening based on MSDN guide but do be careful when testing. But it is would be global

      (Default) = ProgID.ext.1
      Content Type = MIME content type
      PerceivedType = PerceivedType

      (Default) = YourProgID
               (Default) = yourapp.exe %1

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question