Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How Can I Dissalow IE Use for One User 1

Status
Not open for further replies.
baldhead

baldhead

Technical User
Apr 27, 2004
111
US
Hello all,

Does anyone know howto dissalow IE use for one user on a domain that has local admin rights on all computers (by the way they need local admin rights so they can play certain games). I've used the GPO setting of "Don't Run specified Windows Applications" and added iexplore.exe which dissalows them from executing this actual file as well as disabled access to the command prompt, but if there's an html/htm file that resides on the computer they're on which points to a website they can simply double click this file and they're up and surfing to wherever they want (the GPO settings don't affect this). What do you guys recommend I do to make it so that a certain user has no rights to use IE as local admin? Finally they can't login locally.

thanks
baldhead
 
Sort by date Sort by votes
Setup a GPO that sets their IE connection to use a proxy server that does not exist! You can also set this same GPO to hide the connection tab in IE properties! Both of these GPO settings are user settings they can easily be assigned to whatever users you want.

 
Upvote 0 Downvote
Here's another idea:

Implement ISA Server and deny web protocols (http, https, ftp and gopher) to this specific domain account.

(or use any other web proxy software)
 
Upvote 0 Downvote
Both sets of advice above are good. The only problem with going with the ISA route is the expense. ISA will give you the ability to allow the person to use Internal web sites if you choose also while allowing them to be restricted from going externally.

The proxy configuration can give yo the same result by checking the box to bypass the proxy for all Internal Addresses. If you don't want them to be able to surf at all then leave this box blank.

Finally, I'd lock them out of the games too. Calmly explain to them that this is a busienss machine and not their home playstation. You might even want to have some fun with them, change the shortcust to the games so that they report each time a game is launched prior to actually opening the file. Then show them the report to demonstrate how often they are goofing off.

I hope you find this post helpful. Please let me know if it was.

Regards,

Mark
 
Upvote 0 Downvote

markdmac,

It would be really sweet if you could tell me the shortcut command that will report each time a program is launched prior to actually opening the file.
 
Upvote 0 Downvote
You basically would need to create a script that write to a log file and then starts the game they want. Then replace their game shortcusts with the script and specify to use the game EXE for the icon so they don't know the difference.

Here is the script that should do it for you.

Set WSHShell = CreateObject("WScript.Shell")
Set WSHNetwork = CreateObject("WScript.Network")
Set fso = CreateObject("Scripting.FileSystemObject")

UserName = WSHNetwork.UserName

'edit the line below with the server path to where the user log will go
WSHNetwork.MapNetworkDrive "G:", "\\server\reports",True

'Edit the line below For the name of the game you want to track.
report = UserName & " started Solitaire at " & Date

Set ts = fso.CreateTextFile ( "G:\" & UserName "GameReport.txt", ForAppending)
ts.write report
'Report is written now remove the drive letter so the user does not see it.
WSHNetwork.RemoveNetworkDrive "G:"

'Edit this line for the path to the game to start
Call WSHShell.Run("C:\Windows\sol.exe")

I hope you find this post helpful. Please let me know if it was.

Regards,

Mark
 
Upvote 0 Downvote
Thanks markdmac,

That was very informative.

I imagine that the script is written in VB? I don't know VB yet, but I will record your directions for future use after I do learn it!

~Matt.
 
Upvote 0 Downvote
Yes, this is a vbscript. Just copy the above text to a text file and give it a vbs extension.

I hope you find this post helpful. Please let me know if it was.

Regards,

Mark
 
Upvote 0 Downvote
Any idea why your script gets a

(13, 48) Compilation error: expected ')'

I can't see a prob (but then i'm not a VB developer, just a VB 'modifier' ha)

Cheers

Gurner

What is Divine Paradox?

 
Upvote 0 Downvote
Sorry about that, my fault.
Please replace
Code: 
Set ts = fso.CreateTextFile ( "G:\" & UserName "GameReport.txt", ForAppending)
with
Code: 
Set ts = fso.CreateTextFile ( "G:\" & UserName [b]&[/b] "GameReport.txt", ForAppending)

I hope you find this post helpful. Please let me know if it was.

Regards,

Mark
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Abdullah Al Maruf
  • Locked
  • Question
Telnet help for
Replies
2
Views
231
gbaughma
gbaughma
microsGuy16
  • Locked
  • Question
Can not copy files to Mapped drive
Replies
0
Views
229
microsGuy16
microsGuy16
penguinroundup
  • Locked
  • Question
programmatically delete all saved passwords for IE for any user
Replies
0
Views
96
penguinroundup
penguinroundup
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
270
DrB0b
DrB0b
nukeinfer
  • Locked
  • Question
Internet restrictions for isolated PCs in the Network
Replies
1
Views
205
mangentle
mangentle

Part and Inventory Search

Sponsor

Back
Top