Need to turn off the "Ctrl + O" key combination in IE 11

I don't understand your requirement. Ctrl+O is equivalent to enter a URL into the address bar. So you won't gain anything by doing so.

Apparently, I should have described my situation in more detail.  I have already (using GPO) eliminated the address bar so user's are not presented with an address bar when a browser window opens on my server.  Frankly, the only time a browser window opens up is when a user either accesses the program's "Help Topics" or when they use the AD password change module which is actually a web app.  In these two situations, I do NOT want the user to be able to access anything else from the internet, so I've disabled the address bar, but I also need to disable the "Ctrl+O" key combination as well.

Are you already implementing

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Restrictions\
NoFileOpen = 1

??

I'm not aware of such a setting. I would consider setting a proxy to localhost and add your allowed site to the proxy-bypass list.

Instead of trying to manipulate IE, can you not just whitelist the specific URLs you want and deny everything else?

I'm not a Windows Admin Expert and have long forgotten about 2008 but can't you still whitelist URLs in GPO on 2008?

Look under "Internet Explorer Maintenance".

MASQ, I did not have that setting in my Registry and, after adding it, that did resolve the "Ctrl+O" issue.  After that appeared to resolve all my issues, I got back in touch with the Security representative from the corporation I'm working with and was informed that there are other "key combinations" that, while not as obvious as the CTRL+O, would allow an individual with intent, to access my server as well.  So, in addition to the CTRL+O, I also need to find solutions to the following:  CTRL+P, CTRL+T, CTRL+F, CTRL+U and CTRL+F1.  Further, if anyone has any suggestions for disabling "PowerShell" on a Windows 2008 R2 server, that would be helpful as well.  Granted, only users from the corporation that I'm providing host services to have any access to my server, so they are treating this as a breakdown of their internal corporate guidelines as well, but, from my end, I need to be prepared to further secure my server.

slightwv, my real issue is protecting my server, I can block access to porn sites, etc., through my SonicWall firewall, but when a user gets access to any semblance of an address bar, they can simply type in "C:\" and have access to my entire server.  That said, they do NOT have any administrative rights, but they can do damage just the same!

>> but when a user gets access to any semblance of an address bar, they can simply type in "C:\"

As you can see, there is a LOT more to do when trying to stop INTENT.  Allowing outsiders to RDP into a main/shared server isn't ideal and likely dangerous!

I would look at running Hyper-V and give them their own VM.

https://technet.microsoft.com/en-us/library/dd744752.aspx

I appreciate all of your suggestions and proposed solutions.  Admittedly, all of this could be considered overkill for my situation.  Yesterday, my SEP caught and quarantined a malware file that attempted to corrupt my server.  As a result, I disabled the user who was the origination point of this malware and reported the incident to the corporation that uses my hosted software solution.  They put a security specialist in charge of determining what action to take internally (mostly) who contacted me for details.  He started going on and on about all these different ways that any of the corporate users could potentially attempt to infect my server which prompted my initial question.  99.9 % of the users who run my software (all from the same corporation) do NOT have the computer savvy nor the intent to infect my server and they are the only people with any access (besides myself) to my server.  While I certainly realize that any "hacker" could attempt to infect my server, the only "attacks" on my system (to date) have been from known corporate users who have the credentials to run my software on my network.  Thanks again for all of your input!