Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Group Policy question

Status
Not open for further replies.
jendar

jendar

Technical User
Dec 3, 2008
3
US
Trying to setup a GP to prevent users from being able to download from the internet.

Is this possible with GPs or should I just use a reg hack?

TIA
 
Sort by date Sort by votes
If you are worried about downloading like music or software I would close all ports accept nessasory ones. Also make sure all users can not install software.
 
Upvote 0 Downvote
None of the users have admin rights but they are able to download from the internet and install. I have seen it first hand. I had a user download and install WinRAR without any complications.

They aren't able to install an application from a CD/DVD.



 
Upvote 0 Downvote
Then they must have admin acces to the PC's. I would check that domain user do not have admin rights on the local pc. Other issue could be is they may have the admin password.
 
Upvote 0 Downvote
There is a section in GP under User config/admin temp/windows components/IE/Security Features/Restrict File Download
You can also turn off Media Sources under
User config/admin temp/windows components/IE/Windows Installer
And under
Computer config/admin temp/windows components/IE/Windows Installer you can Prohibit User Installs
 
Upvote 0 Downvote
User config/admin temp/windows components/IE/Internet Control Panel/Security Page/internet Zone...There is an allow file Downloads. If you disable this, files are prevented from being download in this zone only.
 
Upvote 0 Downvote
Thanks Gents.

Your input has been appreciated.

 
Upvote 0 Downvote
You can also leverage Software Restriction Policies in your network.
Per
"An Internet Zone rule is similar to a certificate rule in that it can only be used to restrict Windows Installer packages. The difference between an Internet Zone rule and a Certificate Rule is that an Internet Zone rule is designed to prevent users from downloading and installing software.

At the time of the download, Internet Explorer looks to see what zone the download site falls into. Internet Explorer classifies any Web site visited into either being in the Internet, Local Intranet, Trusted Site, or Restricted Site zone. You can create a software restriction policy that allows files to be downloaded and run if they come from the local intranet or from a trusted site, but that won’t allow files from other locations to be executed."
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

edgar28
  • Locked
  • Question
Question on Network cards - Windows Server 2019
Replies
1
Views
156
DrB0b
DrB0b
rrmcguire
  • Locked
  • Question
group policy to set dns
Replies
2
Views
262
rrmcguire
rrmcguire
DrB0b
  • Locked
  • Question
HyperV Virtual Switch and Physical NIC question
Replies
3
Views
163
DrB0b
DrB0b
DrB0b
  • Locked
  • Question
General Windows Server Datacenter/Standard Licensing Question
Replies
1
Views
104
DrB0b
DrB0b
Krus1972
  • Locked
  • Question
Web.Config URL Rewrite Question
Replies
0
Views
102
Krus1972
Krus1972

Part and Inventory Search

Sponsor

Back
Top