Sign in with
Sign up | Sign in
Your question

Disable Firefox while on premises

Last response: in Business Computing
Share
May 7, 2012 12:47:09 AM

I work for a school where we have given students laptops. We have a student WiFi network, and a proxy setup for IE9. While they are at home, they can use Firefox to use their home internet as Firefox doesn't have a proxy setup. But we have noticed that seom stduents have created WiFi hotspots with there smart phones and are connecting their laptops to them and accessig social networking sites and game sites while at school.

I am trying to find a way so that they are forced to use IE9 with proxy while at school, but when they go home they have the availablity to connect to their home WiFi and use Firefox.

Is there are way to do this?

More about : disable firefox premises

May 7, 2012 2:05:05 PM

Not really. They're connected to a different internet source off of your network. You don't have a way to control the device at that point.

Don't allow them to install Firefox? You could use AppLocker or force it to uninstall so they only can use IE. But once they're off the network, you don't have much control over them in your situation.
May 7, 2012 2:13:21 PM

Riser, he doesn't have an issue with them using FF at home. Only at school.

Only thing that comes to mind is to use one of those cell phone jamming devices. It will probably cost a bunch but its the only thing that will stop the cells from working. The kids and probably the parents will get pissed however.
Related resources
May 7, 2012 2:24:25 PM

Exactly, which is why I said to not allow them to install it. Think it about.. he wants control of the device but the user has control, not him. So applying AppLocker would restrict a firefox install and other browsers.

While it isn't the ideal solution it is a solution. Jamming cell phones would be a horrible idea considering how much people rely on them and many schools user them to alert the population of an active shooter or emergency.
May 7, 2012 2:56:01 PM

are the laptops part of a domain, if so what version of server are you using.



so things you can try (test in a non-production enviroment first)

how to set Default Browser via Group policy


You may try the following steps on a Windows Server 2008 domain controller and check if it can achieve your goal.

1. Open the Start menu, go into the "Administrative Tools" folder and select "Group Policy Management."

2. Right-click on your primary Group Policy Object from the list on the left side of the window and choose the "Edit" option. This will launch the Group Policy Object Editor tool.

3. Open the "User Configuration" and "Windows Settings" folders.

4. Right-click on the entry labeled "Internet Explorer Maintenance" and select "Preference Mode."

5. Double-click on the "Programs (Preference Mode)" icon to view the additional Internet Explorer settings.

6. Click on the radio button next to "Import the Current Program Settings" and then press "Modify Settings."

7. Click on the "Make Default" button in the "Default web browser" section of the window.

8. Press "OK" twice to save the Group Policy Object settings. Now Internet Explorer will automatically be the default browser for all computers on the local network.



Note Preference mode settings are set by an administrator; however, you can change the settings after the policy is applied (for example, your home page or settings on the Advanced tab). After the policy is applied to a client computer, you can change your home page and advanced settings.



If the administrator does not want users to change the settings, the administrator can apply a restriction by using the Administrative templates in the GPO.

manage browser settings via group policy
http://technet.microsoft.com/en-us/library/cc985341.asp...
May 7, 2012 4:18:22 PM

I'm not sure how forcing IE to be the default browser will help. I would think they'd still be able to use FF. Perhaps there is something in the GPO that will prevent them from being able to connect to the Cell Phone? Disable Ad Hoc networking, blue tooth, or something like that? I'm not sure how you connect your laptop to your cell.

And I admit the Cell jamming is a bad idea. Running a blocking program might be the best option.
May 8, 2012 11:19:51 AM

If the school has given the laptops (e.g., the school owns them), then the school has the right to disable certain hardware - the cellphone. USB tethering is easy, disable all USB networking devices (or all USB devices if you want).
The wifi hotspot will be more difficult, but I think it could be done via disabling AdHoc/BT networking, like 4745454b said. This would take some testing time to identify it completely.
AD GPOs should be able to do this. But Symantec's SEP might make it easier (at an additional cost).
May 8, 2012 11:50:02 AM

4745454b said:
Riser, he doesn't have an issue with them using FF at home. Only at school.

Only thing that comes to mind is to use one of those cell phone jamming devices. It will probably cost a bunch but its the only thing that will stop the cells from working. The kids and probably the parents will get pissed however.


FYI cell phone jammers are illegal, so while a novel idea, don't try it :) 
May 8, 2012 12:28:10 PM

Lol, i wish i had todays sort of tech to do this in school.
May 8, 2012 12:32:49 PM

easy to use free tool for locking down pc's = http://www.microsoft.com/en-us/download/details.aspx?id...

Windows SteadyState does not support Windows 7; however, many of its features can be replicated by using native Windows 7 features and free tools from Microsoft. This document is intended primarily for IT pros who configure shared-computer access in business environments, but partners who support shared-computer access in schools, libraries, and Internet cafes

i have not found a way to role this out to multiple pc's and have it work right. but one by one i set up steady state on a few pc's
a b 8 Security
May 8, 2012 12:43:30 PM

Can you not setup something on the login script to check if logging into domain and run a watchdog to stop the exe from running.
May 8, 2012 1:21:28 PM

I'd just go for the simple route of disabling Ad-hoc networking via Group Policy. That should prevent most of tethering, save for some devices that can run in Infrastructure mode.
May 15, 2012 1:27:27 AM

Disabling Ad Hoc seems like a good idea to try. We might give that a shot in a test environment. And as for the login script, they are always connected to the domain, but the have their profile saved as a local profile for when they are at home.
!