Is there a way to block file downloads

  • Thread starter Thread starter Debbie Giuliano
  • Start date Start date
D

Debbie Giuliano

Hello,

I am working with an XP Embedded SP 2 that is designed for the medical
industry and they do not want these units to log on to a domain. They want
them to log on the workstation itself. The end-users want the doctors to be
able to browse the internet anywhere they want but only download files from
two specific url's. And I do not know if there will only be two specific
pages that will host these updates or not it can be more. Is there a way I
can set something up in the embedded unit itself with the local security
policy? Or does someone have a better suggestion?

Thanks,

Debbie Giuliano
 
Debbie,

That should be easy to accomplish if you set up Internet Zone settings on your image (either in TD, or at run time).

Just make sure to lock down "Internet" Zone and prevent downloads there.
Add those two Urls you mentioned to "Trusted" Zone and make sure to open downloads there.

And there is of course an IE policy to disable a way for end user to play with the IE Security options. (let us know if you want to
know the policy reg.value)
 
KM.

I actually tried this on my xp pro machine as a test and it did not work the
way I originally thought. I added the two urls to my trusted site and made
sure that downloads was enabled. Then I want to the Internet zone and
disabled it there and I could not download anything even from my trusted
sites and that surprised me. I made sure that the site was trusted and when
I went to download from there I got the message that I was allowed to do
this. And I defnitely would like to have the registry value so I can remove
the security tab from IE.

What have I missed?

Thanks,

Deb
 
Debbie,
I actually tried this on my xp pro machine as a test and it did not work the way I originally thought. I added the two urls to my
trusted site and made sure that downloads was enabled. Then I want to the Internet zone and disabled it there and I could not
download anything even from my trusted

You set Custom level for both zones, did you?
sites and that surprised me. I made sure that the site was trusted and when I went to download from there I got the message that
I was allowed to do this.

Allowed or NOT allowed?
If allowed, I din't see any problems with the approach.
If NOT allowed, please check out the Trusted Zone settings as well. Make sure the File Downloads are enbled there.
And I defnitely would like to have the registry value so I can remove the security tab from IE.

[HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel],"SecurityTab"=dword:0
[HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel],"SecurityTab"=dword:0
[HKUS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel],"SecurityTab"=dword:0
 
You could also try out the ms public newsgroups for IE, maybe one of these 3
can also help.

microsoft.public.internetexplorer.rights_management
microsoft.public.internetexplorer.security
microsoft.public.internetexplorer.general

-andy
 
Back
Top