Stopping Window 7 Client PC from installing explorer 11

Hi

I have migrated from window XP to windows 7 and GPO templates have not been still updated. Our AD servers are Windows 2012.

Explorer 9 works fine on the PCs and  after the Microsoft updates it installs explorer 11. So explorer 11 doesn't pick up the proxy settings on these windows 7 PCs.

We use WSUS and Is it possible to stop the WSUS pushing the explorer 11 to the windows 7 client PCs.

Or is there a better way of doing this.  

Thanks
lianne143Asked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Santosh GuptaConnect With a Mentor Commented:
Hi,

see the section Preventing Automatic Installation of Internet Explorer 11 with WSUS

http://technet.microsoft.com/en-in/ie/dn449235
0
 
JohnConnect With a Mentor Business Consultant (Owner)Commented:
You can also hide the update and it should not install.
0
 
lianne143Author Commented:
Please can you post me as how to hide the update
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
Santosh GuptaConnect With a Mentor Commented:
i am not sure if there is any such option in WSUS. it is only on local computers.


http://www.sevenforums.com/tutorials/24376-windows-update-hide-restore-hidden-updates.html
0
 
JohnConnect With a Mentor Business Consultant (Owner)Commented:
When you go to Windows Update on the local machine (and before you allow it to run), you should be able to select it and hide the update. That stops it from installing.
0
 
Mike TConnect With a Mentor Leading EngineerCommented:
Hi,

Santosh has given the exact answer you asked for WSUS already. Other methods are not as good. The viable options are:

1) use the TechNet directions Preventing Automatic Installation of Internet Explorer 11 with WSUS
2) Download and use the Internet Explorer 11 Blocker Toolkit. Includes
3) manually hiding IE11 on each machine
4) use App-locker to block the EXE or MSI name

Remember if you can hide something, users can un-hide it. As (3) requires a visit to each machine it is really a non-starter especially if you have more than say 5 machines. Also there is no protection to them just installing it elsewhere if they are admins on their own machine. (4) won't stop someone renaming the file and then installing it. You can still block with AppLocker but it's too much work compared to 1 or 2.

I would be tempted to do 1 & 2 together. Belt and braces.

Mike
0
 
JohnBusiness Consultant (Owner)Commented:
@lianne143 - Thank you and I was happy to help.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.