none
disable Internet Explorer Add-ons for all the users in Terminal Server

    Question

  • Hi we have Server 2008 r2 Terminal Server. All the users logon from Thin Clients. This server has Internet Explorer 9; How can I disable add-ons (few of them) so that it will affect all the users login to this Terminal Server.

    Any help would be much appreciated, thank you.

    Monday, December 10, 2012 11:51 AM

Answers

  • You may want to use group Policy to disable add-ons. Quoted from Microsoft:

    Managing add-ons by using registry entries and Group Policy

    Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
    322756
    (http://support.microsoft.com/kb/322756/ )
    How to back up and restore the registry in Windows

    As an administrator, you can use Group Policy to predefine the controls that users can enable or disable. Use the Group Policy Object Editor to change the policy settings.
    1. Click Start, click Run, type gpedit.msc, and then click OK.
    2. Expand Computer Configuration or User Configuration, expand Administrative Templates, expand Windows Components, expand Internet Explorer, expand Security Features, and then click Add-on Management.
    The following policy settings are available:
    • Deny all add-ons unless specifically allowed in the Add-on List
    • Add-on List
    • Process List
    • All Processes
    Deny all add-ons unless specifically allowed in the Add-on List
    You can configure each client to deny all the add-ons that are not included in the Add-on List policy setting by enabling the following policy setting:
    Deny all add-ons unless specifically allowed in the Add-on List
    This policy setting prevents add-ons from being installed or from being used. This restriction also prevents the user from managing add-on policy settings individually. If you do not configure this policy setting, users can manage add-ons that are not already defined in the Add-on List.
    Add-on List
    You specify individual add-ons by using the CLSID in the Add-on List policy setting. The Value Name part of the policy setting must be the CLSID of the add-on, and the CLSID must include the braces that enclose the rest of the CLSID. The Value part of the policy setting must contain one of three possible values:
    • 0 - The add-on is disabled, and users cannot manage the add-on from the user interface.
    • 1 - The add-on is enabled, and users cannot manage the add-on from the user interface.
    • 2 - The add-on is enabled, and users can manage the add-on from the user interface.
    The list of add-ons that are contained in the Add-on List policy setting are stored in one of the following registry subkeys:
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID
    The subkey contains the CLSIDs of the individual add-ons as strings with the data.

    Bob Lin, MVP, MCSE & CNE Networking, Internet, Routing, VPN Troubleshooting on

    http://www.ChicagoTech.net

    How to Setup Windows, Network, VPN & Remote Access on

    http://www.howtonetworking.com


    Monday, December 10, 2012 4:35 PM