IE restriction

  • Thread starter Thread starter user
  • Start date Start date
U

user

Hi all,

We have some machines that we don't want to let have access to the internet
I stopped this by adding iexplore.exe to the list of windows applications
that are not allowed to run in group policy. This does indeed work fine. If
you try to launch Internet Explorer you get a message about restrictions.
However, some of our more enterprising users have found that if they type
the web address in Word, then click on it that launches IE and works fine.
If you look at the process list, iexplore.exe is alive, well and running
just great!

Any help or suggestions would be greatly appreciated!

Bill
 
Hi,

You can define a fake proxy server and prohibit access to Internet Properties.
Regards,
 
I had considered that but heres the snag...
All of the time user x will be logged on hopefully with the restrictions in
place. I need to be able to let user y use Internet Explorer using the
runas.exe.
My other thought was to remove the autocorrecting of hyperlinks in Word, but
as they've worked out about typing the URL in Word to get IE to work, I
figure they can work out how to change the autocorrect back!

Bill
 
Hi all,

We have some machines that we don't want to let have access to
the internet
I stopped this by adding iexplore.exe to the list of windows
applications
that are not allowed to run in group policy. This does indeed
work fine. If
you try to launch Internet Explorer you get a message about
restrictions.
However, some of our more enterprising users have found that
if they type
the web address in Word, then click on it that launches IE and
works fine.
If you look at the process list, iexplore.exe is alive, well
and running
just great!

Any help or suggestions would be greatly appreciated!

Bil
Click to expand...

Hi,

Disabling access to the Internet properly requires the use of a
Firewall Server like ISA where you can block access via username. All
the Windows "tricks" can easily be circumvented. Eg. They can download
Mozilla and run it of their home directory and then bypass any
Internet restrictions.

The one way you can do it is to use permissions on iexplore.exe on
each of the workstations. You can just remove the "Users" group,
create a Domain group called "Internet Users" and then just give that
one access.

You can set permissions remotely using xcacls.vbs. Search for it on
the MS website.

Cheers,

Lara
 
Hi Bill,

Easy yet silly way to resolve this would be to make a policy pointing
the users "you do not want to be able to access the net" to a non
existant proxy, then within the same policy, deny them access to "lan
settings" in internet explorers "internet options" so they cannot
remove it. This way they can open IE anyway they want, yet they can't
do nothing with it.


Bingo!
 
Back
Top