Restricting explorer.exe

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I'm trying to restrict the use of explorer.exe. I put it into the programs
that a user can not use, but when a user right clicks on the start button
they can select explorer and open explorer.exe.

Any way to block this?
 
I don't think you really want to be doing this, it's pretty tightly woven
into the whole Windows experience. Try killing the explorer.exe process on
your PC and see what happens. Then try running IE and type c: in the address
bar.
 
Westley said:
I'm trying to restrict the use of explorer.exe. I put it into the programs
that a user can not use, but when a user right clicks on the start button
they can select explorer and open explorer.exe.

Any way to block this?
Click to expand...

Why would you want to? Explorer.exe is the user's shell and therefore their
interface into the OS. By blocking this they have nothing to use to manage
their icons,windows, and files. As the other poster already said, try killing
explorer.exe and see just what happens to your Windows Desktop. If you still
want to block it then you must be doing it wrong by using the wrong setting.
Besides, when you block applications you also have to block all the different
ways a user can launch the app including through a command window, the Run
box, the IE address bar, and possibly even through the Microsoft Help
documentation. The particular group policy that let's you specify filenames
of binary files has its limitations as the documentation for that setting
describes and you may be running into something like that. What comes to mind
is a catch22 where the policy will block the execution of binaries spawned
from explorer.exe, which is the very binary you are trying to block.
 
With a gpo you can block users from right clicking on the desktop, task bar
or start menu.

--


Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.
 
I’m trying to restrict the use of explorer.exe. I put it into
the programs that a user can not use, but when a user right clicks on
the start button they can select explorer and open explorer.exe.
Click to expand...

Hi,

Are you confusing iexplore.exe (Internet Explorer) with explorer.exe
with is basically (as the previous posts said) the main app running
the users desktops.

Basically IF you are trying to restrict iexplore.exe (Internet
Explorer) then just go to C:\Program Files\Internet Explorer and
uncheck inherited permissions. Click Copy and then remove everything
but System and Administrator.

If you are trying to restrict explorer.exe then don’t bother giving
the users an account because they won’t be able to do anything when
they login without a desktop.

Cheers,

Lara
 
Back
Top