Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Force IE 10 to be the default browser via 2012 GPO

Posted on 2014-04-29
10
Medium Priority
?
14,312 Views
Last Modified: 2014-12-05
I would like to force our computers to use IE 10 by default, and I would like to prevent our users from changing their default to Chrome/Firefox...etc. I would like to accomplish this via GPO if possible.

I've looked at links like this, but these settings in Group Policy are not available for me as I have 2012 installed.
Possible Options

I will be forcing this setting for Windows 7 x64 machines.

Accomplishing this via a startup script, or logon script, would be OK, but I would prefer a GPO setting instead.  :)

Thanks Experts!

-IT_Crowd
0
Comment
Question by:IT_Crowd
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +2
10 Comments
 
LVL 70

Expert Comment

by:Merete
ID: 40031806
Hold off doing this for a while and use Chrome please

Microsoft has released a security advisory that warns about remote code executions in various versions of Internet Explorer.
"This issue allows remote code execution if users visit a malicious website with an affected browser," Microsoft said. "This would typically occur by an attacker convincing someone to click a link in an email or instant message."
The bug affects Internet Explorer 6 - 11, though according to security firm FireEye, "the attack is targeting IE9 through IE11."
http://www.pcmag.com/article2/0,2817,2457206,00.asp
Zero-Day Internet Explorer Vulnerability Let Loose in the Wild
http://www.symantec.com/connect/blogs/zero-day-internet-vulnerability-let-loose-wild
Symantics offers a patch
Symantec has also provided a batch file that you can download to automate the command-line and you can get it here: Zero-Day Internet Explorer Vulnerability Let Loose in the Wild
http://www.symantec.com/connect/blogs/zero-day-internet-vulnerability-let-loose-wild
0
 
LVL 13

Author Comment

by:IT_Crowd
ID: 40031940
Yes, we've also heard about this. We are going to wait until this issue is patched.  I still would like to know how this can be accomplished though.   :)
0
 
LVL 50

Expert Comment

by:jcimarron
ID: 40032527
IT_Crowd--
Adobe offers a new version of Flash Player that should prevent the zero day problem on IE.
https://helpx.adobe.com/security/products/flash-player/apsb14-13.html
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 70

Assisted Solution

by:Merete
Merete earned 664 total points
ID: 40033599
I believe you would do it through the gpedit.msc
Pity though as Chrome is better and safer than Internet Explorer.
Open run type in gpedit.msc
 User Configuration, Administrative Templates, Windows Components, and then select Internet Explorer in the left column of the Group Policy editor.
Double-click Disable changing default browser check in the Settings section of the Group Policy editor.
prevent changing default search providerFurther down the list is All Settings
You can also set higher security
I don't know how to add this to all users hopefully you do.
I sourced this as a reference
http://www.thewindowsclub.com/internet-explorer-group-policy-editor
0
 
LVL 13

Author Comment

by:IT_Crowd
ID: 40034370
Thank you - I will try this. Unfortunately, we live in a world were certain applications rely on Internet Explorer. Our accounting package, for instance, requires IE. Our Intranet, and other sub applications - require IE. Trust me, we aren't doing this because we LOVE Internet Explorer....
0
 
LVL 70

Expert Comment

by:Merete
ID: 40036081
Thank you, yes I understand.
According to Microsoft users can protect themselves against this exploit by simply enforcing>Enabled Protected Mode in the Security tab of IE.
You should also be aware of this flash virus that targets all browsers
Remove “WARNING! Your Flash Player may be out of date” virus
http://malwaretips.com/blogs/warning-your-flash-player-may-be-out-of-date-virus/
0
 
LVL 56

Assisted Solution

by:McKnife
McKnife earned 1336 total points
ID: 40041015
Setting it as default browser is possible via GPO. But MS would not be MS if they hadn't made this complicated. You have to assign all file types (.htm, .html,.mht,...) and all protocols (http,https,ftp,...) to internet explorer.
There is a nice way with win8, that is at least somewhat easy: http://blogs.technet.com/b/mrmlcgn/archive/2013/02/26/windows-8-associate-a-file-type-or-protocol-with-a-specific-app-using-a-gpo-e-g-default-mail-client-for-mailto-protocol.aspx

...but you still run win7...
File types: http://www.grouppolicy.biz/2011/09/how-to-use-group-policy-to-change-open-with-file-associations/
I am not sure if we can assign protocols in a similar way.
Maybe also read http://www.autohotkey.com/board/topic/89803-set-default-browser-in-registry-correctly-handles-url-files/ which supplies a scripted way to do it.
0
 
LVL 70

Expert Comment

by:Merete
ID: 40041035
The exploit was patched last week my time
If you have automatic updates install enabled it would have been installed on Friday my time. Otherwise check your windows updates you'll see one there for IE.
Microsoft has issued a patch for the Internet Explorer flaw that lets hackers take control of your computer -- even for users of Windows XP.
http://money.cnn.com/2014/05/01/technology/security/internet-explorer-bug/
0
 
LVL 56

Accepted Solution

by:
McKnife earned 1336 total points
ID: 40041047
And to add to my solution: that's how you do it with the protocols - by manipulating the registry which can be deployed using group policy preferences: http://superuser.com/questions/368814/how-do-i-change-my-default-browser-to-an-unlisted-program-in-windows-7
Last thing missing: what are those file types? :)
file types
0
 
LVL 1

Expert Comment

by:JoeEdafio
ID: 40483766
No browser is completely safe!
Browsing habits and reading and understanding messages within are critically important along with common sense.
If it doesn't look right it probably isn't....

Google Chrome. http://www.huffingtonpost.com/2013/08/07/google-chrome-security_n_3719233.html

Most of the changes in Group Policy that you propose are not supported on version of IE after IE9.
Versions IE9 and prior  do not have the added safety features of IE 10 & IE11
IE11 is a pain because many sites do not work with it.
So FireFox is another viable option... but then again refer to the first statement...
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to extract and to view the contents of a Microsoft Update Standalone Package (MSU) for Windows Vista, you cannot extract the files from the MSU. Here we are going to explain how to extract those hotfix details without using any third pa…
On some Windows 7 (SP1) computers, Windows Update becomes super slow even the computer is reasonably fast.  There's one solution that seemed to have worked well for me (after trying a few other suggested solutions).
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question