Disable File Download in Internet Explorer using Group Policy

Some organization may want to prohibit its member to download file from the internet but still allowing regular internet access. It could be for efficiency reason. By restricting file download, the organization can keep its shared bandwidth usage at minimum. It could be for the security reason as well. By doing so, it will minimize the risk of end-users downloading infected files or malicious programs to the computer. In this article, we’re going to show you how to Disable File Download in Internet Explorer using Group Policy.

Disable File Download in Internet Explorer using Group Policy

If you’re using Group Policy, you can enforce the setting to block file download to all computers in the organization. When the setting is applied, user will no longer able to download file from the internet even though they are still able to open the sites.

Now we’re going to demonstrate the steps to disable file download in Internet Explorer using Group Policy. In this scenario, a company with domain name mustbegeek.com wants to disable file download in Internet Explorer for all employee computers. The Domain Controller installed on Windows Server 2012 R2, and all employee computers are stored under OU named Endpoints.

As the network administrator, the task is to setup a policy object that contains a setting that blocks file download, and apply it to the right target. Here’s how we do it:

1. Determine the policy object

The setting must be configured in a policy object. You can either create a new policy object or use existing ones. In this example, we’re creating a new policy named “MBG Internet Policy”.

Open GPMC in the Domain Controller. Right click on Group Policy Objects and select New.

Disable File Download in Internet Explorer using Group Policy - 1

Enter the policy name then click OK to confirm.

Disable File Download in Internet Explorer using Group Policy - 2

2. Configuring the policy

The next step is to configure the setting in the chosen policy object. In our case, the policy name is “MBG Internet Policy” so we right click on that policy object and select Edit.

Disable File Download in Internet Explorer using Group Policy - 3

Navigate to Computer Configuration > Policies > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page > Internet Zone. The setting that we’re looking for should be there with name “Allow file downloads” as shown below:

Disable File Download in Internet Explorer using Group Policy - 4

Double click that setting and a new window will pop up. Set the state as “Enabled” but on the Allow file downloads section, choose “Disable” from the drop down menu. See figure below:

Disable File Download in Internet Explorer using Group Policy - 5

Hit OK button to confirm.

3. Apply policy to the target OU

The last step is to link the policy on the target OU if it hasn’t been done yet. As this setting is under Computer Configurations, remember to link this policy on an OU that contains computers.

Right click on the target OU and select Link an Existing GPO as shown below. In our case the target OU is “Endpoints”.

Disable File Download in Internet Explorer using Group Policy - 6

Select the right policy name and that’s all the steps.

Things to Note

When the policy has been applied to the computers, user will receive notification “Security Warning: Your Current Settings do not Allow This File to be Downloaded” when they attempt to download any file. You can wait for the Group Policy to apply naturally by itself, or force it by using the command gpupdate /force.

Note that the Group Policy only enforce this setting for Internet Explorer and there’s no way to control other browser. Therefore, as the workaround we usually need to combine this setting with other settings that blocks other browsers than Internet Explorer.

And that’s how you disable file download in Internet Explorer using Group Policy.

The following two tabs change content below.
Arranda Saputra

Arranda Saputra

ITIL Certified, CCNA, CCDA, VCP6-DCV, MCSA Administering Windows Server 2012
I am IT practitioner in real life with specialization in network and server infrastructure. I have years of experience in design, analysis, operation, and optimization of infrastructure solutions for enterprise-scaled network. You can send me a message on LinkedIn or email to arranda.saputra@outlook.com for further inquiry regarding stuffs that I wrote or opportunity to collaborate in a project.
scroll to top