• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 521
  • Last Modified:

Limit users to run only MSOffice Viewers on Terminal server.

We have Terminal Server 2003 with GPP CSE and Microsoft Office installed.

The goal is to prevent users in certain OU from using Microsoft Office applications.  When these users open MS Office document, it should use Viewer (Word, Excel and PowerPoint) instead.

User Configuration -> Preferences -> Control Panel Settings -> Folder Options all Office extensions configured to run Viewer.

The problem:
When user runs Office docs from Windows Explorer it works as designed – opens Viewers, but if the same user opens documents from Internet Explorer, for example attachment in OWA or if he/she simply drag-n-drop a doc to IE window and click ‘Open’, instead of Viewer fully functional MS Office application opens that file.

The question is how using only User’s group policies force IE to open Viewers?
  • 2
1 Solution
btanExec ConsultantCommented:
Looks like it is the "BrowserFlags" - not GPP though

A new window opens when you try to view a 2007 Microsoft Office program document in Windows Internet Explorer 7 or Internet Explorer 8

Also mentioned by user

How to configure Internet Explorer to open Office documents in the appropriate Office program instead of in Internet Explorer
tu134Author Commented:
Thanks breadtan

We need to open Office docs outside of browser window with appropriate apps (Viewers)

The hotfix from 3rd link forced IE8 to open docs in new browser window, but after click on Open in "Downoad File" dialog it'll still opens regular Word/Excel/PowerPoint instead of viewers.
btanExec ConsultantCommented:
Just to understand the flag better:

> 0x8 indicates that a particular app should open in its own window when its associated file is clicked (as opposed to opening within IE. For eg: MS Office docs).
> 0x10 indicates that when a link is clicked, the existing window should be reused instead of opening a new window.
> 0x22 in windows explorer - when you open a folder, it opens in an existing window instead of opening a new one).
> 0x24 or 0x00 indicates that the viewer should be embedded in the browser.

Wondering if you have tried this below - may be embedded viewer though since all values start with 0x8000ZZZZ.

EditFlags (what explorer should do with a particular filetype and/or defines what class it is).
> 00 01 00 00 turns off the "Confirm open after download" box in IE.
> 00 00 00 means no special attributes have been defined for that class.
> 02 00 00 00 is used for the mailto: protocol for mail clients.

But coming back if you notice in the 3rd link, the document type will each have a subkey e.g. Microsoft Office Excel 2007-2010 Worksheet is to Excel.Sheet.12. For excel viewer, it is ExcelViewer.Sheet.12 if I am not wrong. You can find out more info below

http://extension.nirsoft.net/<ext> where ext is the file extension

I was wondering the options to tweak the app default for opening based on MSDN guide but do be careful when testing. But it is would be global

      (Default) = ProgID.ext.1
      Content Type = MIME content type
      PerceivedType = PerceivedType

      (Default) = YourProgID
               (Default) = yourapp.exe %1
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now