Disable 'Run > iexplore' ??
Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Disable 'Run > iexplore' ??

  1. #1
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,188

    Disable 'Run > iexplore' ??

    I have been searching AO, and Google for a way to block 'Start > Run > IExplore' ... So far I have not come up with much, other than deleting or renaming IExplore.exe ... I was wondering if anyone could offer any suggestions. Is there a PATH statement I can delete ... This would be on Win2K. I appreciate any ideas/suggestions

    Westin
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    http://technet.microsoft.com/en-us/l.../bb457006.aspx
    That's for XP but most of the policy restrictions work on W2K too.


    Mind you, this would also prevent the user from using Internet Explorer...
    Not sure why you would want to do this or what you're trying to accomplish.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  3. #3
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hi westin,

    I agree with SirDice. We might be able to come up with other solutions if you tell us a bit more about your end objective.

    I am intrigued by:
    a way to block 'Start > Run > IExplore
    That sounds as if you have something specific in mind?

    Questions that come to mind:are you trying to do this by:

    1. User/ user groups?
    2. Hardware instances?

    Also:

    3. Do you want "start" available?
    4. Do you want "run" available?
    5. Are you trying to block net browsing?
    6. Do you want to force the use of an alternative browser?

    and so on......................

    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  4. #4
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Location
    Button Moon
    Posts
    1,696
    You can disable the run prompt via gpedit.msc - (run it from the run prompt - or a command prompt) if you just want to prevent IE from being run via the run prompt but this won't stop it being ran from the command line or a BAT file etc

    (I'm going to for most instances of the word run in one post by the way)

    There are better ways to remove IE or to render it unusable to be more exact.

    Via BAT file:
    Code:
    @echo off 
    C: 
    cd "\Program Files\Internet Explorer" 
    if not exist IEXPLORE.EXE goto End 
    if exist IEXPLORE.EX_ del IEXPLORE.EX_ 
    if not exist IEXPLORE.DIR md IEXPLORE.DIR 
    if not exist IEXPLORE.DIR goto End 
    attrib -r -h -s IEXPLORE.EXE 
    ren IEXPLORE.EXE IEXPLORE.EX_ 
    if exist IEXPLORE.EXE goto End 
    ren IEXPLORE.DIR IEXPLORE.EXE 
    echo IE disabled. 
    echo If prompted, click "Cancel" then "Yes" on File Protection restore. 
    echo Run enable-ie.bat to allow IE to run again. 
    :End
    To enable it again via BAT file:
    Code:
    @echo off 
    C: 
    cd "\Program Files\Internet Explorer" 
    if not exist IEXPLORE.EX_ goto End 
    if not exist IEXPLORE.EXE goto Activate 
    attrib -r -h -s IEXPLORE.EXE 
    rd IEXPLORE.EXE 
    if exist IEXPLORE.EXE del IEXPLORE.EXE 
    :Activate 
    ren IEXPLORE.EX_ IEXPLORE.EXE 
    echo IE enabled. 
    :End
    ( I have set these as logon / logoff scripts to prevent certain users from using IE...)

    You can do it via a Group Policy Object if you are on a domain

    You can set IE to use a proxy and enter 0.0.0.0 on port 00 to stop it getting onto the Internet (if the user has local admin rights then they will be able to change this back again)

    The MS method is to set the IEAccess=off switch in the Unattend.txt file in WIndows XP to disable IE but leave all the code intact so services that rely on it can still function - such as Automatic Windows Updates.....

    You can also do it via the control panel: from HERE
    Navigate to the Control Panel by clicking on Start, followed by Control Panel (or Settings and then Control Panel, depending on how you're setup).

    In the Control Panel window, open Add or Remove Programs.

    Note: In Microsoft Windows XP, depending on how your operating system is setup, you may not see the Add or Remove Programs icon. To correct this, click on the link on the left-hand side of the Control Panel window that says Switch to Classic View.

    In the Add or Remove Programs window, click on the Set Program Access and Defaults button on the menu on the left.

    Choose the Custom option in the Choose a configuration: area.

    Click OK. Windows XP will apply your changes and the Add or Remove Programs window will close automatically.
    If you do not want to disable IE then ignore all of the above
    Last edited by Nokia; September 18th, 2007 at 11:37 AM.
    Drugs have taught an entire generation of kids the metric system.

    http://tazforum.**********.com/

  5. #5
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,188
    wow. thanks for the quick replies. I work for a bottle shoppe [fancy name for a liquor store] ... my boss wanted a way to restrict IE access, but did not want to block it completely... I know there are a ton of ways to prevent access to IE, but he wanted me to do it in a way that there were no major changes to the way we log in, or the general setup of the computers. So I figure I will go with a security through obscurity approach. I wrote a small program in VB.NET that just uses an IF/THEN statement to check the "password", then opens up IExplore.exe ... I removed the shortcut for IE from the desktop and start menu. So far this seems to be working. Like I said, I know there are a lot more thorough ways of doing this, but with the group of people I work with, you could change the color of the e from blue to red, and they would never find it. Disabling IE from opening through the run command is just one more precaution.
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

  6. #6
    Senior Member WolfeTone's Avatar
    Join Date
    Jun 2007
    Location
    Ireland
    Posts
    197
    What if somebody opens up "My Computer" and types www.google.com???

  7. #7
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,188
    Quote Originally Posted by WolfeTone
    What if somebody opens up "My Computer" and types www.google.com???
    *L* good point. I could probably hide the address bar in "My Computer" and that would eliminate 90% of the other employees ever even thinking about trying that. I wish I could explain all of the circumstances... Most of the people I work with think a computer is just a myspace machine. We are trying to prevent those people from accessing the internet. To make matters worse, I am not the one in charge of the network. They are using the people that installed their POS/Inventory software. The same people that insist that we need to have the entire C drive shared with Read AND Write permissions, on every computer in the building. I am sure you can imagine some problems with this setup. Files that are supposed to be accessed only through the software suite with the manager's password, are open to anyone with access to "My Computer" or "My Network Places"... it has been this way for several years, and I am the only person to ever question the logic of this setup... sorry I am getting carried away here... back to my point ... I think as far as IE access goes, blocking the easy routes to the browser will be enough.

    Thanks again for the quick, and informational responses.
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

  8. #8
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Location
    Button Moon
    Posts
    1,696
    It sounds like folks using the Internet is the least of your worries
    Drugs have taught an entire generation of kids the metric system.

    http://tazforum.**********.com/

  9. #9
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,188
    Quote Originally Posted by Nokia
    It sounds like folks using the Internet is the least of your worries

    you are exactly right... but many warnings have fallen on deaf ears... seems kind of like the cassandra complex ... I am just glad that I am the only one that has noticed this huge privacy invasion... [that I know of at least] ... I am almost afraid to say anything about it... I would not be surprised if I was terminated for bringing this to the owners attention. I have discovered some pretty sensitive information. someone could actually change their rate of pay, or have access to all of the employees SSNs, DOBs, rate of pay, alarm codes etc... I would love to help my co-workers by pointing this problem out, but quite frankly I am scared. if any of you have any advice on how to approach this, I would appreciate any advice. this has turned from a simple discussion on disabling the run command for a specific application to a sort of ethics issue, I hope you don't mind. All of this has sort of come to a head in the last couple of days...

    westin
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

  10. #10
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Well...

    I would down load\find what your privacy laws are in your region...highlight where the company is in violation...and present it to the owner of the company...cause ultimately...its his a$$ on the line..here in Canada anyway.

    and if you find your personal info is available to anyone and everyone...and you get fired....sue them for breach of privacy

    You could do it anonymously...I guess.

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

Similar Threads

  1. Securing 2000 Pro
    By akachuckie in forum The Security Tutorials Forum
    Replies: 8
    Last Post: February 24th, 2005, 01:47 AM
  2. Network Security made easy?
    By Tiger Shark in forum Microsoft Security Discussions
    Replies: 5
    Last Post: January 14th, 2005, 08:47 PM
  3. Playing with Windows
    By gizmofreak in forum AntiOnline's General Chit Chat
    Replies: 2
    Last Post: December 7th, 2003, 06:43 PM
  4. Secure Windows (All Versions)
    By spools.exe in forum Microsoft Security Discussions
    Replies: 3
    Last Post: October 5th, 2003, 12:54 AM
  5. Registry Editing
    By Pandabean in forum Other Tutorials Forum
    Replies: 13
    Last Post: June 8th, 2002, 06:11 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •