- 03
- Jan
I wrote earlier today about how to circumvent the blocking of Internet Explorer by using Microsoft HTML Help. Lets turn in the opposite direction and look at ways we can block Internet Explorer.
Not only does this work in Internet Explorer, it works with any program.
The following method has been tested on Windows 2000/XP/2003. If you have Vista, and are willing to test this method, please let me know if it works..
One way would be to use a Software Restriction Policy through Group Policy, either locally or through the domain level. However, this does not work on XP Home Edition.
All Group Policies are essentially registry entries. So, what I did was apply the Software Restriction Policy and copy out the registry entry.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{fc768d98-109c-4ac5-8e23-76e7576365bc}]
"LastModified"=hex(b):d2,2e,d8,5d,f9,3c,c8,01
"Description"=""
"SaferFlags"=dword:00000000
"ItemData"="C:\\Program Files\\Internet Explorer\\iexplore.exe"
NOTE: The third line above runs outside of the div. If you are having trouble copying and pasting you need to download the zip file.
Copy and paste the text above into a file named ie.reg, save it, and double click the file to apply the setting manually. Reboot, try to run Internet Explorer and you will notice a nice message:
This doesn’t prevent the Microsoft HTML Help hack, but a proxy setting for Internet Explorer will.
You might ask, “Why would I want to do this?” — because running Internet Explorer is dangerous to your system, that’s why. Also, like stated above, this method can be used to block any program, just modify the path to the executable.
![[del.icio.us]](http://images.del.icio.us/static/img/delicious.small.gif){kind=small}
Related Posts
Tags: Group Policy, Internet Explorer, Registry, Windows
January 3rd, 2008 at 11:47 pm
This could come in handy. Thanks!
But hypothetically, if I block IE completely and use a non-existent proxy, how would one go about using Windows Update? Setting proxy options in IE seems to affect the ietab addon for Firefox as well. What’s your take on this?
January 4th, 2008 at 3:46 am
[...] Posted on January 4, 2008 by PakNik Want to block IE? Why? According to Shane, of Hackosis, “You might ask, “Why would I want to do this?” — because running Internet Explorer is [...]
January 4th, 2008 at 8:15 am
Hrm, I am not sure if the automatic updates services would use the proxy or not.
One way would be autopatcher:
http://www.autopatcher.com/
January 4th, 2008 at 10:35 am
Once again I have created an freeware application that can block the use of Internet Explorer (or any other program) go to http://www.zenox.net/software and download AppBlocker XP.
January 4th, 2008 at 3:59 pm
Ah, I was thinking about manual Windows Update (the user goes to the WU site to get the updates). But the automatic updates service and things like Autopatcher will be fine. Thanks for the reply.
January 19th, 2008 at 3:01 am
[...] следующий текст (его оригинал представлен на этой [...]
January 19th, 2008 at 7:36 pm
[...] could go perfect in combination with blocking Internet Explorer through the registry. Tags: Firefox, Security Like this post? Subscibe to the Hackosis RSS [...]
March 14th, 2008 at 12:35 am
I need to block downloading files from internet
March 14th, 2008 at 9:07 am
[...] recent comment requested how to disable downloading of files through Internet [...]
April 28th, 2008 at 2:26 am
how can i re enable once if i block the internet explorer in registry
April 28th, 2008 at 7:10 am
To re-enable IE simply delete the
fc768d98-109c-4ac5-8e23-76e7576365bc
key.
May 12th, 2008 at 2:19 pm
OK, so what if I want to do the same thing, but to block Firefox instead?
May 13th, 2008 at 7:08 am
Try this:
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{fc768d98-109c-4ac5-8e23-76e7576365bc}]
“LastModified”=hex(b):d2,2e,d8,5d,f9,3c,c8,01
“Description”=”"
“SaferFlags”=dword:00000000
“ItemData”=”C:\\Program Files\\Mozilla Firefox\\firefox.exe”
Be aware that this number “fc768d98-109c-4ac5-8e23-76e7576365bc” must change if you submit multiple entries into the registry.