Sign in with
Sign up | Sign in
Your question

Restrict IE access for specific users using TS

Last response: in Windows 2000/NT
Share
Anonymous
August 8, 2004 6:27:19 AM

Archived from groups: microsoft.public.windowsnt.terminalserver.misc (More info?)

HI,

Have a client that is running win2003 server standard,
and is setup for 5 users, using TS cleient / Remote
Desktop on XP machines.

Would like the simplest way to restrict certain users
from using Internet Exporer altogether. (User1 & User2).

Not using AD nor IAS on server.

Any simple way of modifying the profile for these users,
so they cant use IE ??

Thanks in advance,

Neil Horley
Gold Coast, Australia.
Anonymous
August 8, 2004 6:42:10 PM

Archived from groups: microsoft.public.windowsnt.terminalserver.misc (More info?)

By far the simplest way is to change the NTFS permissions on
iexplore.exe. Add permission "Deny" for User1 and User2. Or, more
elegant, create a user group "NO-IE", make User1 and User2
members of this group, and Deny access to iexplore.exe to user
group NO-IE. Handy if there later should come a User3, User4, etc.
which have to be restricted :-) Just make sure that the
Administrator account is *not* a member of user group NO-IE!

--
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
http://hem.fyristorg.com/vera/IT
--- please respond in newsgroup, NOT by private email ---

"neil horley" <nhorley@technet2000.com.au> wrote in
news:1f9f01c47d29$e71746d0$a301280a@phx.gbl:

> HI,
>
> Have a client that is running win2003 server standard,
> and is setup for 5 users, using TS cleient / Remote
> Desktop on XP machines.
>
> Would like the simplest way to restrict certain users
> from using Internet Exporer altogether. (User1 & User2).
>
> Not using AD nor IAS on server.
>
> Any simple way of modifying the profile for these users,
> so they cant use IE ??
>
> Thanks in advance,
>
> Neil Horley
> Gold Coast, Australia.
Anonymous
August 8, 2004 9:11:27 PM

Archived from groups: microsoft.public.windowsnt.terminalserver.misc (More info?)

Thanks Vera,

Was thinking of group & local policies, but could not
find where to apply "no-run restriction" to just two
users, but could think of where you would "apply" it
after setting up a policy. (Could not see where you would
actually add usernames or group names in grpedit.msc, but
I suspect I would have had to load AD to get the
connectivity. -, did not really want to do this as client
is only a 5 -user site).
Thanks again.

Neil Horley.

>-----Original Message-----
>By far the simplest way is to change the NTFS
permissions on
>iexplore.exe. Add permission "Deny" for User1 and User2.
Or, more
>elegant, create a user group "NO-IE", make User1 and
User2
>members of this group, and Deny access to iexplore.exe
to user
>group NO-IE. Handy if there later should come a User3,
User4, etc.
>which have to be restricted :-) Just make sure that the
>Administrator account is *not* a member of user group NO-
IE!
>
> --
>Vera Noest
>MCSE, CCEA, Microsoft MVP - Terminal Server
>http://hem.fyristorg.com/vera/IT
> --- please respond in newsgroup, NOT by private email --
-
>
>"neil horley" <nhorley@technet2000.com.au> wrote in
>news:1f9f01c47d29$e71746d0$a301280a@phx.gbl:
>
>> HI,
>>
>> Have a client that is running win2003 server standard,
>> and is setup for 5 users, using TS cleient / Remote
>> Desktop on XP machines.
>>
>> Would like the simplest way to restrict certain users
>> from using Internet Exporer altogether. (User1 &
User2).
>>
>> Not using AD nor IAS on server.
>>
>> Any simple way of modifying the profile for these
users,
>> so they cant use IE ??
>>
>> Thanks in advance,
>>
>> Neil Horley
>> Gold Coast, Australia.
>.
>
Anonymous
August 9, 2004 9:15:57 AM

Archived from groups: microsoft.public.windowsnt.terminalserver.misc (More info?)

That's the problem with not running AD: you cannot differentiate
between user groups when you create a local policy.

--
Vera Noest
MCSE,CCEA, Microsoft MVP - Terminal Server
http://hem.fyristorg.com/vera/IT
*----------- Please reply in newsgroup -------------*

"Neil Horley" <nhorley@technet2000.com.au> wrote in
news:256201c47da5$69f55c60$a501280a@phx.gbl:

> Thanks Vera,
>
> Was thinking of group & local policies, but could not
> find where to apply "no-run restriction" to just two
> users, but could think of where you would "apply" it
> after setting up a policy. (Could not see where you would
> actually add usernames or group names in grpedit.msc, but
> I suspect I would have had to load AD to get the
> connectivity. -, did not really want to do this as client
> is only a 5 -user site).
> Thanks again.
>
> Neil Horley.
>
>>-----Original Message-----
>>By far the simplest way is to change the NTFS
> permissions on
>>iexplore.exe. Add permission "Deny" for User1 and User2.
> Or, more
>>elegant, create a user group "NO-IE", make User1 and
> User2
>>members of this group, and Deny access to iexplore.exe
> to user
>>group NO-IE. Handy if there later should come a User3,
> User4, etc.
>>which have to be restricted :-) Just make sure that the
>>Administrator account is *not* a member of user group NO-
> IE!
>>
>> --
>>Vera Noest
>>MCSE, CCEA, Microsoft MVP - Terminal Server
>>http://hem.fyristorg.com/vera/IT
>> --- please respond in newsgroup, NOT by private email --
> -
>>
>>"neil horley" <nhorley@technet2000.com.au> wrote in
>>news:1f9f01c47d29$e71746d0$a301280a@phx.gbl:
>>
>>> HI,
>>>
>>> Have a client that is running win2003 server standard,
>>> and is setup for 5 users, using TS cleient / Remote
>>> Desktop on XP machines.
>>>
>>> Would like the simplest way to restrict certain users
>>> from using Internet Exporer altogether. (User1 &
> User2).
>>>
>>> Not using AD nor IAS on server.
>>>
>>> Any simple way of modifying the profile for these
> users,
>>> so they cant use IE ??
>>>
>>> Thanks in advance,
>>>
>>> Neil Horley
>>> Gold Coast, Australia.
!