Solved

Stopping Window 7 Client PC from installing  explorer 11

Posted on 2014-04-17
7
885 Views
Last Modified: 2014-04-29
Hi

I have migrated from window XP to windows 7 and GPO templates have not been still updated. Our AD servers are Windows 2012.

Explorer 9 works fine on the PCs and  after the Microsoft updates it installs explorer 11. So explorer 11 doesn't pick up the proxy settings on these windows 7 PCs.

We use WSUS and Is it possible to stop the WSUS pushing the explorer 11 to the windows 7 client PCs.

Or is there a better way of doing this.  

Thanks
0
Comment
Question by:lianne143
7 Comments
 
LVL 13

Accepted Solution

by:
Santosh Gupta earned 200 total points
ID: 40006323
Hi,

see the section Preventing Automatic Installation of Internet Explorer 11 with WSUS

http://technet.microsoft.com/en-in/ie/dn449235
0
 
LVL 90

Assisted Solution

by:John Hurst
John Hurst earned 200 total points
ID: 40006335
You can also hide the update and it should not install.
0
 

Author Comment

by:lianne143
ID: 40006724
Please can you post me as how to hide the update
0
 
LVL 13

Assisted Solution

by:Santosh Gupta
Santosh Gupta earned 200 total points
ID: 40006790
i am not sure if there is any such option in WSUS. it is only on local computers.


http://www.sevenforums.com/tutorials/24376-windows-update-hide-restore-hidden-updates.html
0
 
LVL 90

Assisted Solution

by:John Hurst
John Hurst earned 200 total points
ID: 40006884
When you go to Windows Update on the local machine (and before you allow it to run), you should be able to select it and hide the update. That stops it from installing.
0
 
LVL 16

Assisted Solution

by:Mike T
Mike T earned 100 total points
ID: 40009217
Hi,

Santosh has given the exact answer you asked for WSUS already. Other methods are not as good. The viable options are:

1) use the TechNet directions Preventing Automatic Installation of Internet Explorer 11 with WSUS
2) Download and use the Internet Explorer 11 Blocker Toolkit. Includes
3) manually hiding IE11 on each machine
4) use App-locker to block the EXE or MSI name

Remember if you can hide something, users can un-hide it. As (3) requires a visit to each machine it is really a non-starter especially if you have more than say 5 machines. Also there is no protection to them just installing it elsewhere if they are admins on their own machine. (4) won't stop someone renaming the file and then installing it. You can still block with AppLocker but it's too much work compared to 1 or 2.

I would be tempted to do 1 & 2 together. Belt and braces.

Mike
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 40029328
@lianne143 - Thank you and I was happy to help.
0

Join & Write a Comment

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now