asked on
GPO to "Disable IE as standalone browser" not working
"Disable Internet Explorer 11 as a standalone browser" GPO enforcement has no effect.
Attempting to use Group Policy to disable IE11 in our env. This is described in numerous articles, all using the same method - https://www.thewindowsclub.com/disable-internet-explorer-11-as-a-standalone-browser
I have set this GPO to Enabled: Computer Configuration > Administrative Templates > Windows Components > Internet Explorer > Disable Internet Explorer 11 as a standalone browser : Always
I linked the GPO to my Testing OU, then placed my Windows 10 Build 1809 computer account in that OU. I have performed GPUPDATEs galor, rebooted, ran a RSOP and verified that the GPO setting is, in fact, applied to the box....yet IE11 still opens without a hitch. Very frustrating! My DCs are Server 2016 and I meet the pre-reqs listed for the Diable feature, which are:
Prerequisites to Disable IE11
The following Windows updates and Microsoft Edge software are required
- Windows updates
- Windows 10, version 2004, Windows Server version 2004, Windows 10, version 20H2: KB4598291 or later
- Windows 10 version 1909, Windows Server version 1909: KB4598298 or later
- Windows 10 version 1809, Windows Server version 1809, and Windows Server 2019: KB4598296 or later
- Windows 10, version 1607, Windows Server 2016: KB4601318 or later
- Windows 10 initial version (July 2015): KB4601331 or later
- Windows 8.1: KB4601384 or later
- Windows Server 2012: KB4601348 or later
- Microsoft Edge Stable Channel (Actually no idea what this is, but my test box is patched to current)
Upgrade to a current Version of Windoze 10 (21H1) is the current version).
Besides that, just don't install IE anyway. Normally it doesn't get installed by default and you have to do that via the Control Panel, Programs & Features, also I'm not sure if the newest Build even includes that option, as support for IE has ended. You can still use a kind of IE Compatibility mode from within Edge...
ASKER
Perhaps my time is better spent reasearching a global IE uninstall, but I know our Devs will want the ability to "fall back" to IE if needed. By EoL for IE next summer, we will def have it gone.
Use GPMC to confirm the GPO you are setting applied and if not, you will see why it did not.
ASKER
ASKER
The policy you setup should take hold, its just unlear why it is not.
GPMC is one way to determine.
policy wizard
ASKER