10

Can I deny "Internet Explorer" via GPO and use Google Chrome as a default and the only Browser?

I wonder as Internet Explorer is a part of an Windows operating system, if it's possible to deny it.

I would like to force users to use Google Chrome only as a browser.

user9517
  • 114,104
  • 20
  • 206
  • 289
bakytn
  • 1,097
  • 4
  • 15
  • 27

2 Answers2

8

I think that you can try and use Software Restriction Policies (SRP) and deny access to "Program Files\Internet Explorer\iexplore.exe" to restrict IE. Also if you have Win2008 R2 as a DC and all of your clients have Win7, then you can use the new feature that is similar to SRP but much better and it is called AppLocker, which can also be found on the list the other Group Policy Settings:

On a Windows 7 Client go to:
Group Policy Editor ("Start", in the search field enter "gpedit.msc") -> Computer Configuration -> Windows Settings -> Security Setings -> AppLocker.

Just be adviced that if you use SRP first and then you apply some policies with the AppLocker then the AppLocker settings will take precedence and will override any settings that were defined through SRP and all of the SRP settings will be instantly disabled.

You can find more info about the new AppLocker feature on this two links:
http://technet.microsoft.com/en-us/windows/dd320283
http://technet.microsoft.com/en-us/windows/dd320283

Spirit
  • 1,144
  • 7
  • 25
  • 45
3

Deny access to iexplore.exe executable with file system rights. You might have problems with other windows components and it might be easier just to educate the users. The European releases of Windows have a non-IE and a non-MediaPlayer version.

Aaron Copley
  • 12,345
  • 5
  • 46
  • 67
Mircea Vutcovici
  • 16,706
  • 4
  • 52
  • 80
  • 3
    Ugh, really, did you have to put that last line in there? -1 But you're absolutally correct that you can get versions of Windows that do not have IE, so +1. Which evens out to +0. – Mark Henderson Dec 17 '11 at 02:43
  • 4
    Linux is not always perfect solution. Windows is a necessity at most places and most likely always be so. -1 – Jacob Dec 17 '11 at 02:52
  • I never stated that Linux is a perfect solution. I just wanted to add as an alternative. – Mircea Vutcovici Dec 19 '11 at 17:01
  • -1's over a single line in a legitimate answer? – Aaron Copley Dec 19 '11 at 22:55
  • @AaronCopley yes. Operating system wars are down the hall, to the left and through the door marked "not welcome on Server Fault". – Rob Moir Dec 19 '11 at 23:20
  • This is a site for professional systems administrators. I think it's safe to assume that we're aware that Internet Explorer doesn't run on non-MS platforms. – MDMarra Dec 20 '11 at 18:09
  • MSIE can be installed to run inside WINE. Can you please give the source where you found that IE does not run on non-MS platforms? See: http://www.tatanka.com.br/ies4linux/page/Main_Page – Mircea Vutcovici Dec 20 '11 at 18:41