[gptalk] Re: Forbid IE 8.0 Installation...

  • From: "Salandra, Justin" <jsalandra@xxxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Mon, 22 Sep 2008 15:19:45 -0400

Has anyone made an adm or admx to prevent the install like there is one for IE7?

Justin A. Salandra
Network Engineer
jsalandra@xxxxxxxxxxx
 ------------------------------------------


       


-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On 
Behalf Of Deepu
Sent: Monday, September 22, 2008 1:40 AM
To: gptalk@xxxxxxxxxxxxx
Cc: Darren Mar-Elia
Subject: [gptalk] Re: Forbid IE 8.0 Installation...

Thanks Darren/Mathieu,

I was also thinking of the SRP hash rule........

Thx............
-------------------------

On Sun, 21 Sep 2008 Darren Mar-Elia wrote :
>Well, Mathieu is correct that if your users are admins, there is 
>nothing
>they can't truly circumvent, including GP. However, you can 
>probably use
>software restriction policy to prevent execution of the IE 8 
>setup routine
>using a hash rule on that file. I haven't installed IE 8 to know 
>how the
>setup runs, but if you can pin it down to one executable or MSI, 
>you can
>restrict that using SRP.
>
>Darren
>
>-----Original Message-----
> From: gptalk-bounce@xxxxxxxxxxxxx 
>[mailto:gptalk-bounce@xxxxxxxxxxxxx] On
>Behalf Of Deepu
>Sent: Sunday, September 21, 2008 4:51 AM
>To: Mathieu CHATEAU
>Cc: gptalk@xxxxxxxxxxxxx; darren@xxxxxxxxxx
>Subject: [gptalk] Re: Forbid IE 8.0 Installation...
>
>Hi Thanks....
>
>Lets wait for few more answers, as there may be any other
>possibility as we can restrict the installation of IE through
>automatic updates...
>
>----------------------------
>On Sun, 21 Sep 2008 Mathieu CHATEAU wrote :
> >I don't think this can be done trough gpo, and certainly not 
>the
> >"clean
> >way".
> >Anyway, as they are admin, they can ALWAYS defect your GPO 
>with
> >knowledge or tools like "killGPO.exe"
> >
> >Everytime i heard "business requirement to leave them admin", 
>i
> >could
> >defect this. Bad software needs bad right, that can be
> >circumvented by
> >settings custom rights (registry/files). Find them with 
>process
> >monitor.
> >
> >Until they are admin, IE8 should be your last concerns... Just 
>my
> >2 cents..
> >
> >Some "dirty" workaround:
> >
> >     * Create the internet Explorer 8 folder in program 
>files,
> >and deny
> >       access to users and system. So they won't be able to
> >install by
> >       default (may be pushed through GPO: Security\File
> >System)
> >     * Use the IEAK 8 (beta as IE), to set bad proxy or other
> >       "scriptkiddies stuff" to make IE8 not usable by 
>default
> >     * Use your inventory software to find IE8 and uninstall 
>it
> >automatically
> >
> >Cordialement,
> >Mathieu CHATEAU
> >french blog: http://www.lotp.fr
> >english blog: http://lordoftheping.blogspot.com
> >
> >
> >
> >Deepu a écrit :
> > > Hi,
> > >
> > > Some users are local admins as it is the business 
>requirement.
> >So, i
> > > want to know any solution which can forbid users from
> >installing IE
> > > 8.0 from any source even if they are local admins. I want 
>to
> > > accomplish this using GP...
> > >
> > > Thx..............
> > >
> > >
> > > On Sun, 21 Sep 2008 Mathieu CHATEAU wrote :
> > >> hello,
> > >>
> > >> maybe by not giving them local admin or power users 
>rights
> >?
> > >>
> > >> Cordialement,
> > >> Mathieu CHATEAU
> > >> french blog: http://www.lotp.fr
> > >> english blog: http://lordoftheping.blogspot.com
> > >>
> > >>
> > >>
> > >> Deepu a écrit :
> > >> > Hi All,
> > >> >
> > >> > Can you please tell me how to 'Forbid users to install
> >Windows
> > >> > Internet Explorer 8.0' using group policy.
> > >> >
> > >> > Users should not be able to install it from any
> >source....
> > >> >
> > >> > Thanks in Advance...
> > >> >
> > >> > ***********************
> > >> > You can unsubscribe from gptalk by sending email to
> > >> > gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the
> >Subject field
> > >> > OR by logging into the freelists.org Web interface.
> >Archives for the
> > >> > list are available at
> >http://www.freelists.org/archives/gptalk/
> > >> > ************************
> > >> >
> > >> ***********************
> > >> You can unsubscribe from gptalk by sending email to
> > >> gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the
> >Subject field
> > >> OR by logging into the freelists.org Web interface. 
>Archives
> >for the
> > >> list are available at
> >http://www.freelists.org/archives/gptalk/
> > >> ************************
> > >
> > >
>
>***********************
>You can unsubscribe from gptalk by sending email to
>gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject 
>field OR by
>logging into the freelists.org Web interface. Archives for the 
>list are
>available at http://www.freelists.org/archives/gptalk/
>************************
>
>***********************
>You can unsubscribe from gptalk by sending email to 
>gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject 
>field OR by logging into the freelists.org Web interface. 
>Archives for the list are available at 
>http://www.freelists.org/archives/gptalk/
>************************

***********************
You can unsubscribe from gptalk by sending email to 
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by 
logging into the freelists.org Web interface. Archives for the list are 
available at http://www.freelists.org/archives/gptalk/
************************
"IMPORTANT NOTICE: The information in this email 
(and any attachments hereto) is confidential and may be 
protected by legal privileges and work product immunities. 
If you are not the intended recipient, you must not use or 
disseminate the information. Receipt by anyone other than the 
intended recipient is not a waiver of any attorney-client or work 
product privilege. If you have received this email in error, please 
immediately notify me by "Reply" command and permanently 
delete the original and any copies or printouts thereof. Although 
this email and any attachments are believed to be free of any virus 
or other defect that might affect any computer system into which it
is received and opened, it is the responsibility of the recipient to 
insure that it is virus free and no responsibility is accepted by 
Transatlantic Reinsurance Company or its subsidiaries or affiliates 
either jointly or severally, for any loss or damage arising in any way 
from its use."



***********************
You can unsubscribe from gptalk by sending email to 
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by 
logging into the freelists.org Web interface. Archives for the list are 
available at http://www.freelists.org/archives/gptalk/
************************

Other related posts: