Thursday, August 25, 2011

Lockdown Internet Explorer 7 Address Bar, Print, and Menu options.

The following screenshot shows that the address bar is disabled, navigation is also disabled, as well as the print buttons and file menu item. These settings are applied by using a custom ADM file in Group Policy.

clip_image002

The following group policy settings should be applied to the servers. These policies will disable any workaround that the user may use to gain access to another website.

Users\Administrative\Templates\Internet Explorer

clip_image004

\Internet Control Panel

clip_image006

\Browser Menus

clip_image008

\Toolbars

clip_image010

ADM file to be added.

CLASS Machine
CATEGORY InternetExplorer7Lockdown
POLICY "IE7 Lockdown Settings"
EXPLAIN !!Help
KEYNAME "Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions"
PART !!Addressbar_title DROPDOWNLIST REQUIRED
VALUENAME "NoAddressBar"
ITEMLIST
NAME !!Addressbar_enable VALUE NUMERIC 0 DEFAULT
NAME !!Addressbar_disable VALUE NUMERIC 1
END ITEMLIST
END PART
PART !!NavButtons_title DROPDOWNLIST REQUIRED
VALUENAME "NoNavBar"
ITEMLIST
NAME !!NavButtons_enable VALUE NUMERIC 0 DEFAULT
NAME !!NavButtons_disable VALUE NUMERIC 1
END ITEMLIST
END PART
END POLICY
POLICY "Disable: Printing"
Explain !!Help2
KEYNAME "SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER"
PART !!PrintButton DROPDOWNLIST REQUIRED
VALUENAME "Btn_print"
ITEMLIST
NAME !!PrintShow VALUE NUMERIC 1 DEFAULT
NAME !!PrintHide VALUE NUMERIC 2
END ITEMLIST
END PART
END POLICY
POLICY "Disable: File Menu"
Explain !!Help3
KEYNAME "SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER"
PART !!FileMenu DROPDOWNLIST REQUIRED
VALUENAME "NoFileMenu"
ITEMLIST
NAME !!FileShow VALUE NUMERIC 1 DEFAULT
NAME !!FileHide VALUE NUMERIC 2
END ITEMLIST
END PART
END POLICY
END CATEGORY 
[strings]
InternetExplorer7Lockdown="IE7 Settings"
Addressbar_title="Set the IE7 Address bar to: 
Addressbar_enable="Enabled"
Addressbar_disable="Disabled" 
NavButtons_title="Set the IE7 Navagation buttons to: 
NavButtons_enable="Enabled"
NavButtons_disable="Disabled" 
PrintButton="Hide Printer button?"
PrintShow="No"
PrintHide="Yes"
FileMenu="Hide File menu?"
Fileshow="No"
Filehide="Yes"
; explains
Help="Enabled: This policy will change registry settings to disable the address bar and navigation buttons IE7." 
Help2="Enabled: This policy will allow you to Hide or Show the print button in IE7." 
Help3="Enabled: This policy will allow you to Hide or Show the File menu item in IE7."



Issues:

Users will still be able to press CTRL+P to print – I am unable to find a way around this.

Posted by at
Labels: , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)