none
How to block edge from running RRS feed

  • Question

  • Hi we have a requirement for a login not to be able to open browsers like chrome, firefox etc.

    But edge seems a little bit different, there is no apparent executable that I can deny in group policy.

    the settings for edge are extremely limited in Group policy, cannot even set a default start page.

    any body know how I can block edge from loading via group policy?

    thanks

    Thursday, September 3, 2015 4:07 PM

Answers

  • There is an exe and it is located here (see snip)

    If you right click edge in task manager>open file location>it will show you the folder


    Wanikiya and Dyami--Team Zigzag

    Thursday, September 3, 2015 4:55 PM
    Moderator
  • Hi,

    If you are using the AppLocker group policy, Microsoft Edge is belong to Packaged app. Please use this path to deny it:

    Computer Configuration\Windows Settings\Security Settings\Application Control policies\AppLocker\Packaged app Rules

    Here when you crate a rule to deny the app, it automatically let you select the packages as below:


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Friday, September 4, 2015 8:48 AM
    Moderator

All replies

  • There is an exe and it is located here (see snip)

    If you right click edge in task manager>open file location>it will show you the folder


    Wanikiya and Dyami--Team Zigzag

    Thursday, September 3, 2015 4:55 PM
    Moderator
  • Hi,

    If you are using the AppLocker group policy, Microsoft Edge is belong to Packaged app. Please use this path to deny it:

    Computer Configuration\Windows Settings\Security Settings\Application Control policies\AppLocker\Packaged app Rules

    Here when you crate a rule to deny the app, it automatically let you select the packages as below:


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Friday, September 4, 2015 8:48 AM
    Moderator
  • The problem with the above solution is that when I am using an Enterprise computer and I edit the local policy.. or use RSAT group policy.. When I open applokcer and try and create a new packaged app rule, if I click select then all I get is a Message saying "MMC has detected an error" .. I have tried on 3 different enterprise Windows 10 computers with the same problem. So currently I cannot create the policy rule due to some error with the mmc.

    seems as if this is a known issue as others have reported it.

    https://community.spiceworks.com/topic/902123-gpmc-editor-unhandled-exception

    Monday, September 28, 2015 8:53 AM
  • Hi,

    Sounds really strange, I have edited the local policy many times to achieve this. Worked great so far..

    Don't forget to create the default app rules as well.

    http://ccmexec.com/2015/08/blocking-built-in-apps-in-windows-10-using-applocker/

    Regards,
    Jörgen


    -- My System Center blog ccmexec.com -- Twitter @ccmexec

    Monday, September 28, 2015 9:04 AM
  • I've tried on 5 Windows 10 Enterprise computers , same thing happens MMC crashes out.

    all other policies work fine except when I click Select in the Applocker

    Monday, September 28, 2015 11:51 AM
  • Turns out my Fortinet Firewall has an application rule which blocks any sites from working on Edge so that is good enough.

    Sunday, January 24, 2016 7:57 PM
  • I have shared a portable freeware but removed , what is going on I don't know , Probably I will newer share a solution again  
    • Edited by wtarkan Sunday, January 24, 2016 8:21 PM
    Sunday, January 24, 2016 8:20 PM
  • Yeah I saw that too! Weird... but thanks, I still see the freeware link in the email :)
    Sunday, January 24, 2016 8:26 PM
  • Your link was deleted beause...

    1-it triggered my malware app

    2- it was not an approved/MS method.


    Wanikiya and Dyami--Team Zigzag Windows IT-PRO (MS-MVP)

    Sunday, January 24, 2016 8:37 PM
    Moderator
  • Your link was deleted beause...

    1-it triggered my malware app

    2- it was not an approved/MS method.


    Wanikiya and Dyami--Team Zigzag Windows IT-PRO (MS-MVP)

    Here is the Virüs total link , plese don't use your Malware 



    Monday, January 25, 2016 3:33 PM
  • Did you not read number 2 in my last post.?  It is not an approved Microsoft method as it requires software written by a 3rd party and an executible that has god knows what in it.

    Wanikiya and Dyami--Team Zigzag Windows IT-PRO (MS-MVP)

    Monday, January 25, 2016 3:38 PM
    Moderator
  • Microsoft just started like us (we are a freeware development team) we used exactly the same methode Which Microsoft uses in Windows 10 Enterprise (Applocker) I think you show unnecessary aggression 

    Regards


    • Edited by wtarkan Monday, January 25, 2016 3:55 PM
    Monday, January 25, 2016 3:54 PM
  • do you honestly expect Microsoft to allow you to link to an app that blocks edge?  They want users to have it which is why you cant remove it.  They want you to use it, etc, etc, etc

    Wanikiya and Dyami--Team Zigzag Windows IT-PRO (MS-MVP)

    Monday, January 25, 2016 6:53 PM
    Moderator
  • In the environment I was working in it is necessary to block browsers from loading and that includes Firefox and Chrome.. thankfully they were fairly easy to block however Edge prooved not to be which is frustrating when you are required to block Internet browsers.

    Anyway as luck has it, Fortinet Firewalls have an application rule for Chrome, firefox and Edge so if anyone loads those up they cannot actually browse anything which is exactly what I required.

    Thanks for everyone's input, was very helpful.


    Monday, January 25, 2016 8:43 PM
  • Honestly NO :) I have just tried my chance

    Thanks 

    Monday, January 25, 2016 11:56 PM
  • I've found lots of answers about blocking Edge.  I don't like the idea of trying to uninstall it since Edge is part of Windows 10 (tightly integrated).  I also don't like installing third party apps (Edge Blocker).

    If you simple create a Windows Firewall Outbound rule to block

    "%SystemRoot%\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe", this will

    block Edge from being able to go to any Internet site.  Windows Update still seems to run OK.

    Most of my office users would never mess with Windows Firewall settings.


    tma

    Monday, February 13, 2017 5:12 PM
  • The suggested answer by Karen Hu did not work for me.  Though I could set the rule as described, and though every other package app I denied by AppLocker via Group Policy was locked out, Edge continue to be accessible.  I even verified by >gpresult that the rule was applied to the computer.

    The firewall solution proposed certainly is an answer for stopping Edge's ability to function.

    Another one is to change the permission on the Microsoft Edge folder itself. 

    Create a new "disabling" GPO for your domain, and in Computer Configuration > Windows Settings > Security Settings > File System  create an object that sets the %SystemRoot%\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe directory (where Microsoft Edge is contained) to have full control only for SYSTEM and Administrators.  When applied to a particular computer's OU in Active Directly, this effectively disables Edge by removing permission for access to the executable.

    To re-enable Edge, create a different "enabling" GPO that resets the same folder with permissions that include read and execute permissions for groups like Users, and/or Authenticated Users.  Replace the "disabling" GPO with this one and the computers in that Active Directory OU will again be able to use Edge.

    This is certainly a bit of a crazy hack, but it's the only solution I've found so far that actually prevents Edge from running

    Best Regards


    • Edited by gpooleii Monday, June 26, 2017 8:33 PM
    Monday, June 26, 2017 8:31 PM
  • Hello 

    Followed your instruction and edge still runs.  also made sure that the "Application Identity" Service is running

    but edge still opens,  what am i doing wrong?

    if i block the executable incited of the packaged app, edge is blocked but the start menu also stops working!

    help please

    Friday, October 6, 2017 7:02 AM
  • Hi,

    I'm using RSAT for Win10 1803 and when I try to do the same when creating a deny rule everything is greyed out like this, and can't click on Browse... why?

    Tuesday, July 17, 2018 1:36 PM