New
#1
How to prevent a user from accessing tools under IE9
Hello,
Since Microsoft has decided to not develop a Windows 7 version of Steady Sate. I have been following their documentation Creating_a_Steady_State_by_Using_Microsoft_Technologies.doc, Group_Policy_Settings_for_Creating_a_Steady State.doc and Windows SteadyState Reference Spreadsheet.xlsx.
We have a number of Public Access PC on our network. With Steady State I was able to prevent these PC from browsing our network, or viewing any files or folders on the PC itself. I have all the group policy changes suggested above plus a bunch more, so far 135 total.
The Public Access PC is set up with autologin the user localmachine\PublicUser with only user permissions.
How do you prevent a user from accessing tools under Internet Explorer 9 and/or View Downloads?
Example why I want to block this access.
Under this user you can go open IE9 then access to Tools by either Alt + X or clicking on the gear icon next to the Home and Favorite icon. Then open up View Downloads or jump straight to View Downloads by Ctrl + J in IE9. Once in the default download location the user then clicks on options on the bottom left of the screen. This brings up another pop up and if the user then clicks on the Browse Button he gets a nice little notice that reads
“This operation has been canceled due to restrictions in effect on this computer. Please contact your system administrator.”
Now the crazy part.
When the user clicks OK for the notice they get a new Windows Explorer window. In the Navigation pane it allows the user to the view the network. We have network discovery and file sharing turned off, so when the user clicks on Network they get a nice notice about network discovery and file sharing is turned off. If they click on the notice, a new pop up comes up with the option “Turn on network discovery and file sharing”. If the user clicks on it they get the pop up called User Account Control
So now I have turned of User Account Control Behavior of the elevation prompt for standard users. I had already set a policy to keep the user from accessing all drives from my computer. But when this Explorer Window the user can open up they had access to their my documents, libraries, music.
The real point is the user should not able to see or access anything. Once they get the operation has been canceled message it should take them straight back to the web browser not open a Windows Explorer Window.
Thanks for your assistance,
Greg