• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 947
  • Last Modified:

Stopping Window 7 Client PC from installing explorer 11

Hi

I have migrated from window XP to windows 7 and GPO templates have not been still updated. Our AD servers are Windows 2012.

Explorer 9 works fine on the PCs and  after the Microsoft updates it installs explorer 11. So explorer 11 doesn't pick up the proxy settings on these windows 7 PCs.

We use WSUS and Is it possible to stop the WSUS pushing the explorer 11 to the windows 7 client PCs.

Or is there a better way of doing this.  

Thanks
0
lianne143
Asked:
lianne143
5 Solutions
 
Santosh GuptaCommented:
Hi,

see the section Preventing Automatic Installation of Internet Explorer 11 with WSUS

http://technet.microsoft.com/en-in/ie/dn449235
0
 
John HurstBusiness Consultant (Owner)Commented:
You can also hide the update and it should not install.
0
 
lianne143Author Commented:
Please can you post me as how to hide the update
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
Santosh GuptaCommented:
i am not sure if there is any such option in WSUS. it is only on local computers.


http://www.sevenforums.com/tutorials/24376-windows-update-hide-restore-hidden-updates.html
0
 
John HurstBusiness Consultant (Owner)Commented:
When you go to Windows Update on the local machine (and before you allow it to run), you should be able to select it and hide the update. That stops it from installing.
0
 
Mike TLeading EngineerCommented:
Hi,

Santosh has given the exact answer you asked for WSUS already. Other methods are not as good. The viable options are:

1) use the TechNet directions Preventing Automatic Installation of Internet Explorer 11 with WSUS
2) Download and use the Internet Explorer 11 Blocker Toolkit. Includes
3) manually hiding IE11 on each machine
4) use App-locker to block the EXE or MSI name

Remember if you can hide something, users can un-hide it. As (3) requires a visit to each machine it is really a non-starter especially if you have more than say 5 machines. Also there is no protection to them just installing it elsewhere if they are admins on their own machine. (4) won't stop someone renaming the file and then installing it. You can still block with AppLocker but it's too much work compared to 1 or 2.

I would be tempted to do 1 & 2 together. Belt and braces.

Mike
0
 
John HurstBusiness Consultant (Owner)Commented:
@lianne143 - Thank you and I was happy to help.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now