Solved

Limit users to run only MSOffice Viewers on Terminal server.

Posted on 2013-05-23
3
494 Views
Last Modified: 2013-06-13
We have Terminal Server 2003 with GPP CSE and Microsoft Office installed.

The goal is to prevent users in certain OU from using Microsoft Office applications.  When these users open MS Office document, it should use Viewer (Word, Excel and PowerPoint) instead.

In GPP:
User Configuration -> Preferences -> Control Panel Settings -> Folder Options all Office extensions configured to run Viewer.

The problem:
When user runs Office docs from Windows Explorer it works as designed – opens Viewers, but if the same user opens documents from Internet Explorer, for example attachment in OWA or if he/she simply drag-n-drop a doc to IE window and click ‘Open’, instead of Viewer fully functional MS Office application opens that file.

The question is how using only User’s group policies force IE to open Viewers?
0
Comment
Question by:tu134
  • 2
3 Comments
 
LVL 61

Expert Comment

by:btan
ID: 39193659
Looks like it is the "BrowserFlags" - not GPP though

A new window opens when you try to view a 2007 Microsoft Office program document in Windows Internet Explorer 7 or Internet Explorer 8
http://support.microsoft.com/kb/927009

Also mentioned by user
http://social.technet.microsoft.com/Forums/en-US/w7itproappcompat/thread/3188cf4b-8faf-45e7-a8ba-8e61314d14af

How to configure Internet Explorer to open Office documents in the appropriate Office program instead of in Internet Explorer
http://support.microsoft.com/kb/162059
0
 

Author Comment

by:tu134
ID: 39206042
Thanks breadtan

We need to open Office docs outside of browser window with appropriate apps (Viewers)

The hotfix from 3rd link forced IE8 to open docs in new browser window, but after click on Open in "Downoad File" dialog it'll still opens regular Word/Excel/PowerPoint instead of viewers.
0
 
LVL 61

Accepted Solution

by:
btan earned 500 total points
ID: 39206556
Just to understand the flag better:

BrowserFlags
> 0x8 indicates that a particular app should open in its own window when its associated file is clicked (as opposed to opening within IE. For eg: MS Office docs).
> 0x10 indicates that when a link is clicked, the existing window should be reused instead of opening a new window.
> 0x22 in windows explorer - when you open a folder, it opens in an existing window instead of opening a new one).
> 0x24 or 0x00 indicates that the viewer should be embedded in the browser.

Wondering if you have tried this below - may be embedded viewer though since all values start with 0x8000ZZZZ.
http://social.technet.microsoft.com/Forums/en-US/w7itproappcompat/thread/3188cf4b-8faf-45e7-a8ba-8e61314d14af

EditFlags (what explorer should do with a particular filetype and/or defines what class it is).
> 00 01 00 00 turns off the "Confirm open after download" box in IE.
> 00 00 00 means no special attributes have been defined for that class.
> 02 00 00 00 is used for the mailto: protocol for mail clients.

But coming back if you notice in the 3rd link, the document type will each have a subkey e.g. Microsoft Office Excel 2007-2010 Worksheet is to Excel.Sheet.12. For excel viewer, it is ExcelViewer.Sheet.12 if I am not wrong. You can find out more info below

http://extension.nirsoft.net/xlsx
or
http://extension.nirsoft.net/<ext> where ext is the file extension

I was wondering the options to tweak the app default for opening based on MSDN guide but do be careful when testing. But it is would be global
http://msdn.microsoft.com/en-us/library/windows/desktop/cc144148(v=vs.85).aspx

HKEY_CLASSES_ROOT
   .ext
      (Default) = ProgID.ext.1
      Content Type = MIME content type
      PerceivedType = PerceivedType
      OpenWithProgids
         ProgID2.ext.1
         ProgID3.ext.1
      ProgID.ext.1
         shellnew

HKEY_CLASSES_ROOT
   .mp3
      (Default) = YourProgID
   YourProgID
      shell
         open
            command
               (Default) = yourapp.exe %1
0

Join & Write a Comment

Remote Apps is a feature in server 2008 which allows users to run applications off Remote Desktop Servers without having to log into them to run the applications.  The user can either have a desktop shortcut installed or go through the web portal to…
Know what services you can and cannot, should and should not combine on your server.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now