Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Limit users to run only MSOffice Viewers on Terminal server.

Posted on 2013-05-23
Last Modified: 2013-06-13
We have Terminal Server 2003 with GPP CSE and Microsoft Office installed.

The goal is to prevent users in certain OU from using Microsoft Office applications.  When these users open MS Office document, it should use Viewer (Word, Excel and PowerPoint) instead.

User Configuration -> Preferences -> Control Panel Settings -> Folder Options all Office extensions configured to run Viewer.

The problem:
When user runs Office docs from Windows Explorer it works as designed – opens Viewers, but if the same user opens documents from Internet Explorer, for example attachment in OWA or if he/she simply drag-n-drop a doc to IE window and click ‘Open’, instead of Viewer fully functional MS Office application opens that file.

The question is how using only User’s group policies force IE to open Viewers?
Question by:tu134
  • 2
LVL 63

Expert Comment

ID: 39193659
Looks like it is the "BrowserFlags" - not GPP though

A new window opens when you try to view a 2007 Microsoft Office program document in Windows Internet Explorer 7 or Internet Explorer 8

Also mentioned by user

How to configure Internet Explorer to open Office documents in the appropriate Office program instead of in Internet Explorer

Author Comment

ID: 39206042
Thanks breadtan

We need to open Office docs outside of browser window with appropriate apps (Viewers)

The hotfix from 3rd link forced IE8 to open docs in new browser window, but after click on Open in "Downoad File" dialog it'll still opens regular Word/Excel/PowerPoint instead of viewers.
LVL 63

Accepted Solution

btan earned 500 total points
ID: 39206556
Just to understand the flag better:

> 0x8 indicates that a particular app should open in its own window when its associated file is clicked (as opposed to opening within IE. For eg: MS Office docs).
> 0x10 indicates that when a link is clicked, the existing window should be reused instead of opening a new window.
> 0x22 in windows explorer - when you open a folder, it opens in an existing window instead of opening a new one).
> 0x24 or 0x00 indicates that the viewer should be embedded in the browser.

Wondering if you have tried this below - may be embedded viewer though since all values start with 0x8000ZZZZ.

EditFlags (what explorer should do with a particular filetype and/or defines what class it is).
> 00 01 00 00 turns off the "Confirm open after download" box in IE.
> 00 00 00 means no special attributes have been defined for that class.
> 02 00 00 00 is used for the mailto: protocol for mail clients.

But coming back if you notice in the 3rd link, the document type will each have a subkey e.g. Microsoft Office Excel 2007-2010 Worksheet is to Excel.Sheet.12. For excel viewer, it is ExcelViewer.Sheet.12 if I am not wrong. You can find out more info below

http://extension.nirsoft.net/<ext> where ext is the file extension

I was wondering the options to tweak the app default for opening based on MSDN guide but do be careful when testing. But it is would be global

      (Default) = ProgID.ext.1
      Content Type = MIME content type
      PerceivedType = PerceivedType

      (Default) = YourProgID
               (Default) = yourapp.exe %1

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Issue: One Windows 2008 R2 64bit server on the network unable to connect to a buffalo Device (Linkstation) with firmware version 1.56. There are a total of four servers on the network this being one of them. Troubleshooting Steps: Connect via h…
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

790 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question