Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Stop users downloading Programs from Net 1

Status
Not open for further replies.
rdrunner40

rdrunner40

MIS
Apr 25, 2002
156
GB
HI,

A cry of help.... How can i setup internet explorer to stop users being able to download exe's, and scr's from the Net.

We have a issue where i have rolled out new PC's and within 2 days of them being issued to new users there were screen savers and images being downloaded.

regards,

Murray
 
Sort by date Sort by votes
Isn't that something that is done at the firewall level ?

Pascal.
 
Upvote 0 Downvote
use google search with keyword "lock down downloads"
a million softwares will show up

BR

East Or West Google Is The Best
 
Upvote 0 Downvote
To be honest no matter what software you use there is always a way around them.

Why not set up a company wide policy that people are not allowed to download files unless it is strictly for business purposes. Warn them that it is a punishable offence and then periodically check the PC's (which can be done remotely) for new scr's or other downloads.

If you find anything then they are given a warning and the company is warned that breaches of the policy have been found and people reprimanded.

While it may not stop all downloads in my experience it has much more impact than installing lockdown software.

Also if you have either not too many machines or Ad then you can use Group policy.

start -> run-> mmc-> file-> add/remove snap-ins-> add-> groups policy object editor-> finish-> ok

then drill down to

computer configuration -administrative templates -windows components -internet explorer- internet control panel- security page
in each zone
set "allow file downloads" to Enable and then set the drop down box to disable.
Then even if they change it on the security tab in I.E. it just reverts back.

If you want to be double sure enable "Disable the security page"

Greg Palmer
Freeware Utilities for Windows Administrators.
 
Upvote 0 Downvote
Hi,

That looks like it might be the answer as to what we are looking to acheive.

Will this interfere with Windows Updates ?

regards,

Murray
 
Upvote 0 Downvote
Nope not at all, this will only stop people from being able to download from within Internet Explorer. I believe Windows Update uses a different system for downloading the updates.

One thing to note is that this will only stop downloads from within Internet Explorer if people have Firefox, netscape or any other browser then they could download from them.

Greg Palmer
Freeware Utilities for Windows Administrators.
 
Upvote 0 Downvote
In the company where I work, FTP is locked at the firewall except for the Helpdesk techs, and only a few sites are allowed for download (again, at firewall level). Also, all internet activity is logged.

There is no "way around" this lock, nor is this limited to IE. If I want to download something from my regular sites that I visit on a personal basis, I have to do it from home (which is perfectly normal).

But of course, having a very public company policy is a good thing too.

Pascal.
 
Upvote 0 Downvote
We block all level 1 attachments both at the firewall (Fortigate's Fortinet-60) and in our anti-virus (CA's InoculateIT). That way they can't bypass the firewall by emailing a download from home into the office. The users can't even rename an executable to something else and mail it through because our anit-spam (XWall) catches it and forwards it to Postmaster (me). If that happens the user has some explaining to do.

It also doesn't interfere with users adding sites to their trusted sites, which "disable the security page" would.

We have a separate firewall policy set up for the administrators group to allow for legit software downloads.

We also allow the least possible permissions for domain users on our XP clients W2K3 and terminal servers and only admins have local accounts on the XP clients. Everyone else has to log on to the domain so any Group Policy we set can't be bypassed.

Cheers.
 
Upvote 0 Downvote
The best is to disable all admin rights even if ppl download the apps frm net, it will prevent its execution, which wil frustrate users and they stop it ultimately as they soon reliase they wont b able to install them. this worked for my company where 17000 odd ppl work and we have implemented it as a policy. As far as updates as concerned, if u can use SMS or any kinda pusing s/w etc u can use it effectively to deploy patches and updates.
SMS, Marimba,Patchlink etc are good tools available but it costs ur company. or else check if u can implement regsistry policy on all the pc's, this will disable any one from doing monkey business.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

pjw001
  • Locked
  • Question
Programs not loading on Windows 11 Version 22H2.
Replies
9
Views
1K
pjw001
pjw001
hamburg18w
  • Locked
  • Question
Task Host is Stopping the Shutdown
Replies
1
Views
1K
Ign3us
Ign3us
DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
1
Views
884
pjw001
pjw001
Flinx
  • Locked
  • Question
very slow transfers from windows 10 to NAS
Replies
9
Views
701
Flinx
Flinx
Chelsea7
  • Locked
  • Question
Windows 8.1 failed to update .NET Framework 4.6.2
Replies
1
Views
243
Chelsea7
Chelsea7

Part and Inventory Search

Sponsor

Back
Top