none
Internet Explorer 11 Hardening RRS feed

  • Question

  • Dear all,

    I have to implement a "Hardening" for the Internet Explorer on some systems, because the users should have VERY restricted access to the systems. Unfortunately my only information is related to IE 8 !

    Here I have a list of what should be restricted :

    • Browser Bars disabled
    • Browser Options disabled
    • Browser File Open/File new disabled (Save As enabled since required by end users)
    • Browser Favorites disabled
    • Browser Help disabled (Menu, Feedback option, Tip of the day, Tutorial)
    • Browser Media Bar disabled
    • Browser TheaterMode disabled
    • Browser ViewSource disabled
    • Browser FindFiles disabled
    • Browser proxy hardcoded to “proxy01.dcl.tetrapak.com:8080” (required for Internet type applications)
    • Browser link to Windows update disabled

    and to achieve this, I have a complete list of registry keys that have to be changed and several local policy settings.

    Does anybody have some hints how I can implement this on IE11 ? Which registry settings / policies I have to adapt so that a user is no longer allowed to see the favorites, view the source of a website and so on ?

    Thanks in advance for your help !

    Tuesday, September 30, 2014 3:07 PM

Answers

  • I would goto a Group Policy Editor and find your settings.

    W.Maxx MCITP MCSE MCSA MCP 2k8 2k3 2k nt4 AD, Exchange, DNS, msProject, SharePoint IBM iSeries RIM blackberry

    • Marked as answer by HPunkt-CPunkt Wednesday, October 8, 2014 12:58 PM
    Tuesday, September 30, 2014 4:04 PM
  • Hi,

    With so many options disabled, I would suggest you force user to launch IE in full screen mode instead, for example, launch registry editor, navigate to the key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main , right-click on the name entry FullScreen and select Modify, change the value to yes, F5 to refresh registry

    this display IE in a full screenmode, with no toolbar, menubar, address bar, while the user cna use keyboard hotkeys ctrl-O to lanuch the address bar and alt-F4 to exist IE.

    And group policy under Administrative Templates>Windows Components>Internet Explorer can also help you control some IE settings


    Yolanda Zhu
    TechNet Community Support

    Thursday, October 2, 2014 1:29 AM
    Moderator

All replies

  • I would goto a Group Policy Editor and find your settings.

    W.Maxx MCITP MCSE MCSA MCP 2k8 2k3 2k nt4 AD, Exchange, DNS, msProject, SharePoint IBM iSeries RIM blackberry

    • Marked as answer by HPunkt-CPunkt Wednesday, October 8, 2014 12:58 PM
    Tuesday, September 30, 2014 4:04 PM
  • https://support.microsoft.com/kb/2898604?wa=wsignin1.0

    W.Maxx MCITP MCSE MCSA MCP 2k8 2k3 2k nt4 AD, Exchange, DNS, msProject, SharePoint IBM iSeries RIM blackberry

    Tuesday, September 30, 2014 4:06 PM
  • Hi,

    With so many options disabled, I would suggest you force user to launch IE in full screen mode instead, for example, launch registry editor, navigate to the key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main , right-click on the name entry FullScreen and select Modify, change the value to yes, F5 to refresh registry

    this display IE in a full screenmode, with no toolbar, menubar, address bar, while the user cna use keyboard hotkeys ctrl-O to lanuch the address bar and alt-F4 to exist IE.

    And group policy under Administrative Templates>Windows Components>Internet Explorer can also help you control some IE settings


    Yolanda Zhu
    TechNet Community Support

    Thursday, October 2, 2014 1:29 AM
    Moderator
  • Thank you very much !

    We have implemented these restrictions within the group policy and it looks exactly as expected !

    Thanks again ! :)

    Wednesday, October 8, 2014 12:58 PM