Advanced Windows PowerShell Scripting Video Training

Advanced Windows PowerShell Scripting Video Training
Advanced Windows PowerShell Scripting Video Training

Friday, December 9, 2011

How to control the installation of Add-Ons in Internet Explorer.

For many organizations, controlling what can be added to clients help to reduce the Total Cost of Ownership (TCO) of a network.  Controlling what extensions can be added to Internet Explorer is part of the TCO reduction effort by preventing the IT staff from support issues caused me non-approved Add-ons.

 

The first thing we need to do is to discover the GUID of an Add-On that we want to prevent from being installed.  For this reason, you fist need to install it on a test client.

 

Once installed, open Internet Explorer.

 

Click Tools / Manage Add-ons.

 

Browser to the Add-on that you want to prevent the installation of.

 

Right mouse click the Add-on and select More Information.

 

Record the GUID ( curly braces as well ) and the Name.

image

 

Close the window.

 

Open a Group Policy that is scoped to the computers that your want to prevent add-ons from being installed.

 

Browse to Computer Configuration / Policies / Administrative Templates / Windows Components / Internet Explorer / Security Features / Add-on Management.

 

Enable the policy for Add-on List.

 

Click Show  and enter the Name in the Value Name field and the Class ID/GUID in the Value field. Click OK when done.

image

Click OK again.

 

Enable the policy for Deny all add-ons unless specifically allowed in the Add-on List.

 

Now, only the Add-on that you listed can be installed once this GPO is applied to your clients.

No comments: