I am trying to find away to prevent software being installed from Internet Explorer. I have Locked down XP fully with Group Policy. Users still need right click in explorer to download pictures but are able to click on a link of a program and select open, and this will then open and install the program. Users are also local power users.
I am trying to get around this by using software restriction policys which comes with 2003 server.
My idea is based on the fact whtat when Internet Explorer is downloading a file, it stores it in its Temporary Internet files folder, so I want to prevent internet Explorer from being able to create program files such as .exe .zip in the termporary folder.
Using software restriction policy should be able to do this by using path rules.
I have tried a few combinations to acheive this but no luck.
For example
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Internet Cache Files%\*.zip
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths%\*.zip
%HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders%\*.zip
What I need is to be able to apply the policy to
c:\documents and settings\%username%\local settings\temporary internet files\%cache%\*.zip
Any Ideas would be great in reaching this
Thanks
Phil
