After our home computer became infected for the umpteenth time with an Internet Explorer exploit, even after I admonished my kids to avoid using Internet Explorer at all costs, I decided it was time to take drastic action. There are a lot of reasons why you may want to configure a computer so that it has blocked Windows Internet Explorer. Tim wrote about an effective method a while back on how to do just that, however the approach he uses still allows any user to launch the application from the run command and access the Internet.
What if you simply want to block all of Windows Internet access from Internet Explorer, but you still want to allow any other browser or Internet application to work?
It is possible to cast Internet Explorer into isolation while all other Internet apps run free, and I’ll show you how to do it in just a couple of easy steps.
Modify Internet Explorer To Use A Proxy Server
The first step in this two step process is to trick Internet Explorer into accessing the Internet using a dummy proxy server. By default your LAN settings in IE are usually set up to automatically detect your Internet connection settings. We’re going to change that.
First, go to Tools -> Internet Options -> Connections -> LAN Settings.
First, uncheck “Automatically detect settings” and select the option to use a proxy server. Set the address to some dummy IP followed by port 80. It doesn’t matter what you use, just make sure it isn’t a real server.
Or, another option I’ve seen some school network administrators do is to configure a proxy server that’s set up to serve an internal webpage that says something along the lines of “You’ve reached the end of the Internet.” The students may not laugh – but at least you’ll get a chuckle!
Click OK, go back to IE and try to browse the web. You’ll see the following error.
Nice! Mission accomplished right? Wrong! All a clever little eight-year old girl needs to do is open up the Internet Options, click on “Automatically detect settings” and she’s back in business. Don’t think an eight-year old could do that? Well she did. So the next step is to disable every user’s ability to tweak the IE Internet options settings.
Disable Internet Options In The Control Panel
To do this, click Start -> Run and type “Regedit.exe“.
Go to My Computer/HKEY_CURRENT_USER/Software/Policies/Microsoft/Internet Explorer/Restrictions. You may have to create the Internet Explorer and Restrictions keys if they aren’t already there. Then, create a new DWORD called “NoBrowserOptions” and set it equal to 1. Now, restart Internet Explorer.
You still won’t be able to browse anywhere, because it’s defaulting to the proxy server. So, go ahead and try to access Tools -> Internet Options. Your little ones will be faced with the following warning.
This effectively blocks most normal users from accessing the Internet through IE. An especially clever user will just go to the Control Panel and enable the Internet Options that way, so you’ll also need to disable those control panel settings in the registry as well.
Go to My Computer/HKEY_CURRENT_USER/Software/Policies/Microsoft/Internet Explorer/Control Panel(or create the key if you have to). I’ve added several policy restrictions to the control panel, but the important one here is the DWORD ConnectionsTab. Setting this to 1 will disable the Connections tab in the control panel, so the user can’t change the Internet settings from the proxy you set up.
You’ve completely blocked IE from accessing the Internet, and the only thing that a clever user could do to fix it is to find the right registry keys and fix them. So, this won’t block a seasoned geek, but it’ll at least keep your kids from opening up the wrong browser! Be warned that there are some Internet applications that make use of the connection settings in your Internet Options. Most applications allow you to configure proxy settings from within the app itself, but not all – so if any of your Internet apps don’t work after you lock down IE, this is probably why.
Have you ever had the need to block IE from accessing the Internet? Does this technique work for your application? Share your own experiences and how you have blocked your own Windows Internet Explorer access to the Internet.