• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 957
  • Last Modified:

Stopping Window 7 Client PC from installing explorer 11

Hi

I have migrated from window XP to windows 7 and GPO templates have not been still updated. Our AD servers are Windows 2012.

Explorer 9 works fine on the PCs and  after the Microsoft updates it installs explorer 11. So explorer 11 doesn't pick up the proxy settings on these windows 7 PCs.

We use WSUS and Is it possible to stop the WSUS pushing the explorer 11 to the windows 7 client PCs.

Or is there a better way of doing this.  

Thanks
0
lianne143
Asked:
lianne143
5 Solutions
 
Santosh GuptaCommented:
Hi,

see the section Preventing Automatic Installation of Internet Explorer 11 with WSUS

http://technet.microsoft.com/en-in/ie/dn449235
0
 
JohnBusiness Consultant (Owner)Commented:
You can also hide the update and it should not install.
0
 
lianne143Author Commented:
Please can you post me as how to hide the update
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
Santosh GuptaCommented:
i am not sure if there is any such option in WSUS. it is only on local computers.


http://www.sevenforums.com/tutorials/24376-windows-update-hide-restore-hidden-updates.html
0
 
JohnBusiness Consultant (Owner)Commented:
When you go to Windows Update on the local machine (and before you allow it to run), you should be able to select it and hide the update. That stops it from installing.
0
 
Mike TLeading EngineerCommented:
Hi,

Santosh has given the exact answer you asked for WSUS already. Other methods are not as good. The viable options are:

1) use the TechNet directions Preventing Automatic Installation of Internet Explorer 11 with WSUS
2) Download and use the Internet Explorer 11 Blocker Toolkit. Includes
3) manually hiding IE11 on each machine
4) use App-locker to block the EXE or MSI name

Remember if you can hide something, users can un-hide it. As (3) requires a visit to each machine it is really a non-starter especially if you have more than say 5 machines. Also there is no protection to them just installing it elsewhere if they are admins on their own machine. (4) won't stop someone renaming the file and then installing it. You can still block with AppLocker but it's too much work compared to 1 or 2.

I would be tempted to do 1 & 2 together. Belt and braces.

Mike
0
 
JohnBusiness Consultant (Owner)Commented:
@lianne143 - Thank you and I was happy to help.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now