Tip

Disable or restrict Internet access

Due to the fact that we are rolling out all new PCs with Windows 2000, and Internet Explorer is an integral part of this system (no matter what Microsoft told the courts), we needed to be able to turn off or disable Internet Explorer for several thousand users, in several different states and locations. The solution needed to be very flexible and easily deployed and managed. This is the solution that I presented and we are currently rolling out as the testing is completed.

These registry settings work in both NT4 and Windows 2000. They can be distributed at start up and set to "Force Run," "Distribute Always" and "Install Only" (no executable needed). This works well in Novell or Active Directory.

That way if a person with Internet access privileges logs onto a PC, the registry is configured to allow them access to the Internet. If another person logs on to the same PC without Internet access rights, the registry is automatically adjusted to prevent Internet access.

Below are the exact registry settings and their values:

[HKEY_CURRENT_USER\Software\MicrosoftWindows\CurrentVersion\Internet Settings]
"ProxyHttp1.1"=dword:00000000
"ProxyServer"="ftp=0.0.0.0:80;gopher=0.0.0.0:80;http=0.0.0.0:80;https=0.0.0.0:80"
"ProxyOverride"="Do not use proxy server for addresses beginning with:" (ie.. http://www.msn.com;http://www.searchwin2000)
"ProxyEnable"=dword:00000001
"ProxyOverrideText"="Separate multiple addresses with a semi-colon."
[HKEY_CURRENT_USER\SoftwarePolicies\MicrosoftInternet\ ExplorerControl Panel]
"Proxy"=dword:00000001

Because we have specified 0.0.0.0:80 as the proxy server, any Internet access will be immediately rejected. By specifying this address for every type of protocol, the proxy address will not be displayed in the proxy settings tab. The last entry in the registry file prevents users from changing the proxy settings in the Control Panel or in Internet Explorers Internet Options.

We set up several different Group Policies, as some departments need to be able to access a couple of different Web sites for information databases. By adding the beginning of the URL, they are allowed to access into the "ProxyOverride" key. These users can access any content on these Web sites as long as it stays within that domain. If they click a link or attempt to go to another Web site, the access is immediately denied.

Other settings that can be used to further restict user interference:

[HKEY_CURRENT_USER\SoftwarePolicies\MicrosoftInternet\ ExplorerRestrictions: Each DWORD value must be set to 1 to be enabled or 0 to restrict.
"NoFileOpen"= Disables open command on file menu, CTL+O, and CTL+L.
"NoFileView"= Disables FileNewWindow, CTL+N"
"NoBrowserSaveAs"= Disables SAVE and SAVE AS in the file menu.
"NoFavorites"= No Favorites menu, adding to favorites, or organizing favorites.
"NoSelectDownloadDir"= Prevents user from being able to select a download folder by not displaying the Save As dialog box when a file is downloaded.
"NoBrowserContextMenu"= Disables HTML context menu when right clicking web page to get IE properties.
"NoBrowserClose"= Disables ALT+F4.
"NoTheaterMode"= Disables F11 key.
"NoBrowserOptions"= Disables Internet Options on the tools menu (disables changing browser settings).


This was first published in October 2001

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.