Ask the Expert

Preventing laptops from running Internet Explorer

At our school we have a number of wireless laptops that can be moved from class to class when needed. I would like to be able to stop users of the laptops from running Internet Explorer when needed. We are running Windows 2000 server with Windows XP clients. I have created a new OU in AD called 'Laptops' and would like to be able to move the laptops from the 'Computers' group to the new 'Laptops' OU when needed and have a GPO based in the 'Laptops' OU to stop Internet Explorer from running. When Internet access is next required, I would like to simply move the laptops back to the 'Computers' group.

    Requires Free Membership to View

Good news and bad news. I was able to write a Software Restriction Policy to restrict IEXPLORE.EXE. And that worked! The bad news: I just opened a regular "Explorer" window and typed in and went out to the Internet.


So, that isn't going to work. However, when XP/SP2 comes out, it will have a Policy Setting called Restrict Internet communication, which will restrict all Internet Communication. This MIGHT be more heavy-handed than what you are after. But, give it a shot. It will be found in Administrative Templates | System | Internet Communication Management.

You might also try control via Internet Zones. Check out:;en-us;182569 for more assistance.

This was first published in June 2004

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: