Hard to say about that approach. The advantage of a hash rule is that you are sure you are getting the right-executable. However, since IE 8 is only in beta, and since they have different versions for each version of Windows, it could get complicated. Would anyone be interested if I could build a command-line utility that let you create SRP hash rules in either the local GPO or domain-based GPOs based on feeding in a setup file path? Darren From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Frank Sent: Monday, September 22, 2008 12:41 PM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: Forbid IE 8.0 Installation... How about faking a "more recent" version? What happens if you try to install IE when a "newer" version is (allegedly) installed? --I haven't checked, by my first thought was to check the Install conditions on that package, if it does come as an MSI. f. On Mon, Sep 22, 2008 at 3:30 PM, Darren Mar-Elia <darren@xxxxxxxxxx> wrote: That would only work if MS has put some kind of hook into the IE 8 setup to respect a particular reg value. I haven't heard of that yet, though it may exist. Darren