Disable IE from local computer that is hooked to Domain

[Bruce McDowell]

I would like to no how to make the client computer that
is hooked up to a domain controller not have access to
any Browser like Internet Explorer by the run command or
IE icon or any other way I did not nkow if it could be
locked down by a Group Policy or any other way I dont
have ISA SERVER implemented

 

[luc wastiaux]

I would like to no how to make the client computer that
is hooked up to a domain controller not have access to
any Browser like Internet Explorer by the run command or
IE icon or any other way I did not nkow if it could be
locked down by a Group Policy or any other way I dont
have ISA SERVER implemented

You obviously want to ban web browsing from that workstation. This is
correctly achieved through firewalling and not by some kludge that
forbids you from running iexplore.exe or whatever.

 

[Steven L Umbach]

Assuming the user is not a local administrator and does not need ANY access to the
internet [mail, etc] you could configure their computer to not have a default
gateway. Other options may be to use a personal firewall, block access at the
firewall based on IP address which would need to be static or within a dhcp scope of
blocked addresses, or to configure ipsec filtering on the computer which could be
done via Group Policy to a large number of computers. An ipsec filtering policy could
start with a mirrored "block all" IP rule, and then a mirrored permit outbound rule
that includes the lan subnet and other allowed ports/protocols/IP addresses - if
any.. See the link below for an example on ipsec filtering. --- Steve

http://www.securityfocus.com/infocus/1559