Preventing laptops from running Internet Explorer
At our school we have a number of wireless laptops that can be moved from class to class when needed. I would like to be able to stop users of the laptops from running Internet Explorer when needed. We are running Windows 2000 server with Windows XP clients. I have created a new OU in AD called 'Laptops' and would like to be able to move the laptops from the 'Computers' group to the new 'Laptops' OU when needed and have a GPO based in the 'Laptops' OU to stop Internet Explorer from running. When Internet access is next required, I would like to simply move the laptops back to the 'Computers' group.
Good news and bad news. I was able to write a Software Restriction Policy to restrict IEXPLORE.EXE. And that worked! The bad news: I just opened a regular "Explorer" window and typed in www.whatever.com and went out to the Internet.
So, that isn't going to work. However, when XP/SP2 comes out, it will have a Policy Setting called Restrict Internet communication, which will restrict all Internet Communication. This MIGHT be more heavy-handed than what you are after. But, give it a shot. It will be found in Administrative Templates | System | Internet Communication Management.
You might also try control via Internet Zones. Check out: http://support.microsoft.com/default.aspx?scid=kb;en-us;182569
for more assistance.
This was first published in June 2004