Blocking Internet Explorer temporarily



  • Luke Nichols

    Assuming that your objective is to get people to use Google Chrome instead of IE, I don't think renaming the IE executable is a good way to go about it. Windows has functions that rely on IE and many applications are hard coded to use IE for some tasks. This is liable to cause you many issues. It's also likely to be reverted every time you do Windows updates.

    Personally I would just delete the IE shortcuts entirely and instruct the users to use Chrome instead, but I understand that IT does not always get the leverage to dictate policy like that.

    If you want to be sneaky about it, you could create a fake IE shortcut that actually opens Chrome instead. That would be easy to revert as well.

    Do the following:

    • Grab an IE shortcut from your computer. Make a copy of it. Modify the copy to change the target to point at the Google Chrome executable instead. You might also need to change the icon afterward. You can find the IE icon by clicking "Change icon" in the shortcut properties and navigating to "C:\Program Files\internet explorer\iexplore.exe"
    • Put the new shortcut in your PDQ Deploy repository.
    • Copy the original shortcut to your PDQ Deploy repository as well so you can easily revert later. Since they will have the same filename you will need to put them in different folders.
    • Create a PDQ Deploy package with a File Copy step. Source should be the new shortcut in your repo and destination should be "C:\Users\Public\Desktop\Internet Explorer.lnk" Make sure you check the box for "Overwrite Existing Files"
    • From there you can make it as simple or as elaborate as you want. You could just deploy your package once to all your machines or you could add C:\Users\Public\Desktop\* to your standard scan profile and then have an Inventory collection that finds those desktop shortcuts that have a Date Created from before you started pushing your changes and create a recurring Deploy schedule that points to that Inventory collection. You could also forego all the shortcut copying and just use a command step to create the shortcuts dynamically. In any case a Windows Update will probably break this solution eventually by placing a new IE shortcut on the desktop, which is why my instinct is to just delete the IE shortcuts entirely and tell people to use Chrome.

    You may want to also replace the Start Menu IE shortcut. That's going to be a bit more complicated since it's stored in "%AppData%\Microsoft\Windows\Start Menu\Programs\Windows Accessories" which is unique to each user profile.

    Comment actions Permalink
  • Adrian Brown

    Great idea! I know they're alternative methods to go about this such as the windows feature removal of IE or creating a GPO to prevent the program from opening, I could even make a script to send down the pipeline to block it inbound/outbound through the firewall but since we use a stand alone firewall it would be a little more complicated. 

    Your method is great and if the students find a loophole or go exploring for the executable then a GPO policy will be created, I am trying to utilize the Admin Google console for the safesearch feature amongst other security features and don't want them to utilize IE or Firefox to go around the security settings. 

    Thanks for the quick response! 

    Comment actions Permalink

Please sign in to leave a comment.