[gptalk] Re: gp template for internet explorer only

  • From: "Delaney, Doug" <doug.delaney@xxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Wed, 6 Jun 2007 14:22:20 -0400

This article describes how to use the GPO to replace the standard shell
(explorer.exe) http://msdn2.microsoft.com/en-US/library/aa479087.aspx
 
You could try it with iexplore.exe instead (launched in kiosk mode)
either called from a script or directly.
 

Doug Delaney
EDS - Integration Engineering-GM
GM Desktop Engineering
1075 W. Entrance Dr., MS 2B, Cube 2130
Auburn Hills, MI 48326
Lab: 248-365-9187
Tel: 248-754-7917
Pg: 248-870-0306 pager
Mail: Doug.Delaney@xxxxxxx <mailto:Doug.Delaney@xxxxxxx>  
Note: The information in this email is intended solely for the
addressee. Access to this email by anyone else is unauthorized. If you
are not the intended recipient, any disclosure, copying, distribution or
any action taken or omitted to be taken in reliance on it is prohibited.

 


________________________________

        From: gptalk-bounce@xxxxxxxxxxxxx
[mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Omar Droubi
        Sent: Wednesday, June 06, 2007 12:54 PM
        To: gptalk@xxxxxxxxxxxxx
        Subject: RE: [gptalk] Re: gp template for internet explorer only
        
        
        No it wont restrict the desktop or other applications but you
can do most of that with GPO's as well.
         
        here is an article that can explain a bit about that but from my
experience it takes a lot of time and testing to get this right. This is
a w2k article but the steps should work. 
         
        http://support.microsoft.com/kb/323525
         
         

________________________________

        From: gptalk-bounce@xxxxxxxxxxxxx on behalf of DiGenova, Dave
        Sent: Wed 6/6/2007 9:32 AM
        To: gptalk@xxxxxxxxxxxxx
        Subject: [gptalk] Re: gp template for internet explorer only
        
        

        Thanks will try that method

         

         

        But that does not restrict any other windows function like start
button etc.

        Administration was hoping to lock the user down to just IE to
oursite.com

         

        
________________________________


        From: gptalk-bounce@xxxxxxxxxxxxx
[mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Omar Droubi
        Sent: Wednesday, June 06, 2007 12:26 PM
        To: gptalk@xxxxxxxxxxxxx
        Subject: RE: [gptalk] Re: gp template for internet explorer only

         

        In that case the IE content advisor settings will work for you.

         

        configure www.oursite.com <http://www.oursite.com/>  as allowed
and *.* as Never

         

        When a user types in any URL not www.oursite.com
<http://www.oursite.com/>  they will either get prompted to enter a
password to access the site or they will get an administrative message
that tells them the sites are restricted. It is not the prettiest
solution but it is a solution that is included with the product at no
charge.

         

        Omar

        
________________________________


        From: gptalk-bounce@xxxxxxxxxxxxx on behalf of DiGenova, Dave
        Sent: Wed 6/6/2007 9:09 AM
        To: gptalk@xxxxxxxxxxxxx
        Subject: [gptalk] Re: gp template for internet explorer only

        Hi Omar

        Yes to specific users only able to use IE.

        We would run IE in kiosk mode and direct it to our intranet
site. iexplore -k https://www.oursite.com <https://www.oursite.com/>
which has no external links etc therefore they are "stuck" in there.

         

         

         

        
________________________________


        From: gptalk-bounce@xxxxxxxxxxxxx
[mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Omar Droubi
        Sent: Wednesday, June 06, 2007 12:06 PM
        To: gptalk@xxxxxxxxxxxxx
        Subject: RE: [gptalk] gp template for internet explorer only

         

        Dave,

         

        I am not sure what you are asking is really coming through loud
and clear maybe you can elaborate.

         

        Let me try to interpret what you are asking and you can say if
it is right or wrong.

         

        You want to be able to limit a specific set of users in an OU to
only be able to use Internet Explorer to access the intranet and no
Internet sites. when a user types in an Internet URL you want them
redirected to an Internal URL.

         

        Is that about right?

         

        The GPO settings for IE can restrict sites but the redirection
will need to happen on a proxy server, router of firewall. ISA 2006
makes that real easy if it is the gateway or configured as the proxy.

         

        For a GPO you can configure the content Ratings allowed sites to
add your URLs and then you may be able to use a wildcard entries for
everything else but I am not sure how or if the wildcard configuration
will work as desired but it is definitely worth a try.

         

        In the GPO you can find this setting in :

         

        user configuration-Internet Explorer
Maintenance-Security-Security Zones and Content Ratings-Then in the
content rating section choose to import the content ratings and
configure the intranet dns zones to always allow and then create a
wildcard for the Never allowed sites something like *.com and then
restricted

         

        Good luck,

         

        Omar

         

         

        
________________________________


        From: gptalk-bounce@xxxxxxxxxxxxx on behalf of DiGenova, Dave
        Sent: Wed 6/6/2007 8:47 AM
        To: gptalk@xxxxxxxxxxxxx
        Subject: [gptalk] gp template for internet explorer only

        Hi all

        Is there any predefined/easy way to have an OU (2003) have
access to internet explorer only?

        Which we will redirect to one of our intranet sites with no
external links.

        Thanks!!

Other related posts:

  1. Home
  2. gptalk
  3. Archive
  4. 06-2007