Some organization may want to prohibit its member to download file from the internet but still allowing regular internet access. It could be for efficiency reason. By restricting file download, the organization can keep its shared bandwidth usage at minimum. It could be for the security reason as well. By doing so, it will minimize the risk of end-users downloading infected files or malicious programs to the computer. In this article, weâ€™re going to show you how to Disable File Download in Internet Explorer using Group Policy.
Disable File Download in Internet Explorer using Group Policy
If youâ€™re using Group Policy, you can enforce the setting to block file download to all computers in the organization. When the setting is applied, user will no longer able to download file from the internet even though they are still able to open the sites.
Now we’re going to demonstrate the steps to disable file download in Internet Explorer using Group Policy. In this scenario, a company with domain name mustbegeek.com wants to disable file download in Internet Explorer for all employee computers. The Domain Controller installed on Windows Server 2012 R2, and all employee computers are stored under OU named Endpoints.
As the network administrator, the task is to setup a policy object that contains a setting that blocks file download, and apply it to the right target. Here’s how we do it:
1. Determine the policy object
The setting must be configured in a policy object. You can either create a new policy object or use existing ones. In this example, weâ€™re creating a new policy named “MBG Internet Policy”.
Open GPMC in the Domain Controller. Right click on Group Policy Objects and select New.
Enter the policy name then click OK to confirm.
2. Configuring the policy
The next step is to configure the setting in the chosen policy object. In our case, the policy name is “MBG Internet Policy” so we right click on that policy object and select Edit.
Navigate to Computer Configuration > Policies > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page > Internet Zone. The setting that weâ€™re looking for should be there with name “Allow file downloads” as shown below:
Double click that setting and a new window will pop up. Set the state as “Enabled” but on the Allow file downloads section, choose “Disable” from the drop down menu. See figure below:
Hit OK button to confirm.
3. Apply policy to the target OU
The last step is to link the policy on the target OU if it hasnâ€™t been done yet. As this setting is under Computer Configurations, remember to link this policy on an OU that contains computers.
Right click on the target OU and select Link an Existing GPO as shown below. In our case the target OU is “Endpoints”.
Select the right policy name and that’s all the steps.
Things to Note
When the policy has been applied to the computers, user will receive notification “Security Warning: Your Current Settings do not Allow This File to be Downloaded” when they attempt to download any file. You can wait for the Group Policy to apply naturally by itself, or force it by using the command gpupdate /force.
Note that the Group Policy only enforce this setting for Internet Explorer and thereâ€™s no way to control other browser. Therefore, as the workaround we usually need to combine this setting with other settings that blocks other browsers than Internet Explorer.
And that’s how you disable file download in Internet Explorer using Group Policy.
You may also like -
Latest posts by Arranda Saputra (see all)
- How to move OneDrive Folder to a Different Location - October 15, 2019
- Enable Event Logging in Windows DNS Server - June 29, 2019
- Your Current Security Settings do not Allow this File to be Downloaded - June 18, 2019