Hello - this may have been covered previously but I couldn't find anything. I just bought a computer with Win7 Home Premium. Didn't know that they removed the ability to disable IE access from User Access Controls as you can in Vista. I cannot find a way with Home Premium to disable IE for certain users. Parental Controls does not do the job. I am ok upgrading to Professional so I can use Group Policy settings (if it will solve my problem) but would like to know before I do how I would disable IE using Group Policy settings and if it can be done for some users and not others. There seem to be hundreds of IE settings. Is there just one that will disable IE from starting up completely? thanks

Why do you want to do this? IE8 with protected mode is a very secure browser."A programmer is just a tool which converts caffeine into code" CLIP- Stellvertreter http://www.winvistaside.de/

I don't want this to sound sarcastic in anyway, but honestly the reason does not matter. There is one person who uses my computer who I don't want to have access to the internet for reasons that I will not go into publicly. My question is simply - can it be done?

You could apply a software restriction policy on the machine and set the security filter to the policy so, that all other users are not allowed to read it. For the home editions this might be done with an registry key (either swapped into the HKCU key of that user: regedit file load hive navigate to the users folder in c:\users and load ntuser.dat add the policy for restrict iexplore.exe (not sure, if this works on user level at all, since software restriction policies can only be set on machine level in local group policy editor) or by making the policy on machine level and editing the permissions in the registry, so that the group containing the allowed users would not be able to read the key). (Not sure, if the home editions show permissions in the registry, either.) On a server 2003 the exported policy looked that way: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\windows\safer\codeidentifiers\0\Paths\{888aa5d0-2aaa-4011-a45c-a2c245b9ea97}] "LastModified"=hex(b):2e,c6,48,3e,db,81,cb,01 "Description"="" "SaferFlags"=dword:00000000 "ItemData"="C:\\Program Files\\Internet Explorer\\iexplore.exe" Maybe something is different with your Windows version, so also no guarantee, that this works unchanged ... If you save that as .reg file and import it, all users and system are resticted. So you would now have to edit the ACLs for the registry entry, so that only the user, which has to be limited, can read it. A different and easier way (assuming the user is not member of the local Administrators group) would be to alter the ntfs permissions, so that the user cannot access the path with iexplore.exe in it. Best greetings from Germany Olaf Best greetings from Germany Olaf

With Home Premium, enable the Guest account for their use or Create a Standard User account for their use. Log-in to the new account and remove the internet explorer shortcut from the Start Menu and Taskbar. You'll need to provide your admin credentials. This will provide them access to installed applications and prevent changes (creating a new shortcut to iexplore.exe) and other application installations. (although, the new firefox installs without needing admin credentials and avoids GP settings. for now anyway. A local college admin is trying to solve this one)