Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Thursday, September 3, 2015 4:07 PM
Hi we have a requirement for a login not to be able to open browsers like chrome, firefox etc.
But edge seems a little bit different, there is no apparent executable that I can deny in group policy.
the settings for edge are extremely limited in Group policy, cannot even set a default start page.
any body know how I can block edge from loading via group policy?
thanks
All replies (19)
Thursday, September 3, 2015 4:55 PM ✅Answered | 1 vote
There is an exe and it is located here (see snip)
If you right click edge in task manager>open file location>it will show you the folder
Wanikiya and Dyami--Team Zigzag
Friday, September 4, 2015 8:48 AM ✅Answered | 1 vote
Hi,
If you are using the AppLocker group policy, Microsoft Edge is belong to Packaged app. Please use this path to deny it:
Computer Configuration\Windows Settings\Security Settings\Application Control policies\AppLocker\Packaged app Rules
Here when you crate a rule to deny the app, it automatically let you select the packages as below:
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected].
Monday, September 28, 2015 8:53 AM
The problem with the above solution is that when I am using an Enterprise computer and I edit the local policy.. or use RSAT group policy.. When I open applokcer and try and create a new packaged app rule, if I click select then all I get is a Message saying "MMC has detected an error" .. I have tried on 3 different enterprise Windows 10 computers with the same problem. So currently I cannot create the policy rule due to some error with the mmc.
seems as if this is a known issue as others have reported it.
https://community.spiceworks.com/topic/902123-gpmc-editor-unhandled-exception
Monday, September 28, 2015 9:04 AM
Hi,
Sounds really strange, I have edited the local policy many times to achieve this. Worked great so far..
Don't forget to create the default app rules as well.
http://ccmexec.com/2015/08/blocking-built-in-apps-in-windows-10-using-applocker/
Regards,
Jörgen
-- My System Center blog ccmexec.com -- Twitter @ccmexec
Monday, September 28, 2015 11:51 AM
I've tried on 5 Windows 10 Enterprise computers , same thing happens MMC crashes out.
all other policies work fine except when I click Select in the Applocker
Sunday, January 24, 2016 7:57 PM
Turns out my Fortinet Firewall has an application rule which blocks any sites from working on Edge so that is good enough.
Sunday, January 24, 2016 8:20 PM | 1 vote
I have shared a portable freeware but removed , what is going on I don't know , Probably I will newer share a solution again
Sunday, January 24, 2016 8:26 PM
Yeah I saw that too! Weird... but thanks, I still see the freeware link in the email :)
Sunday, January 24, 2016 8:37 PM
Your link was deleted beause...
1-it triggered my malware app
2- it was not an approved/MS method.
Wanikiya and Dyami--Team Zigzag Windows IT-PRO (MS-MVP)
Monday, January 25, 2016 3:33 PM
Your link was deleted beause...
1-it triggered my malware app
2- it was not an approved/MS method.
Wanikiya and Dyami--Team Zigzag Windows IT-PRO (MS-MVP)
Here is the Virüs total link , plese don't use your Malware
Monday, January 25, 2016 3:38 PM
Did you not read number 2 in my last post.? It is not an approved Microsoft method as it requires software written by a 3rd party and an executible that has god knows what in it.
Wanikiya and Dyami--Team Zigzag Windows IT-PRO (MS-MVP)
Monday, January 25, 2016 3:54 PM
Microsoft just started like us (we are a freeware development team) we used exactly the same methode Which Microsoft uses in Windows 10 Enterprise (Applocker) I think you show unnecessary aggression
Regards
Monday, January 25, 2016 6:53 PM
do you honestly expect Microsoft to allow you to link to an app that blocks edge? They want users to have it which is why you cant remove it. They want you to use it, etc, etc, etc
Wanikiya and Dyami--Team Zigzag Windows IT-PRO (MS-MVP)
Monday, January 25, 2016 8:43 PM | 1 vote
In the environment I was working in it is necessary to block browsers from loading and that includes Firefox and Chrome.. thankfully they were fairly easy to block however Edge prooved not to be which is frustrating when you are required to block Internet browsers.
Anyway as luck has it, Fortinet Firewalls have an application rule for Chrome, firefox and Edge so if anyone loads those up they cannot actually browse anything which is exactly what I required.
Thanks for everyone's input, was very helpful.
Monday, January 25, 2016 11:56 PM
Honestly NO :) I have just tried my chance
Thanks
Monday, February 13, 2017 5:12 PM
I've found lots of answers about blocking Edge. I don't like the idea of trying to uninstall it since Edge is part of Windows 10 (tightly integrated). I also don't like installing third party apps (Edge Blocker).
If you simple create a Windows Firewall Outbound rule to block
"%SystemRoot%\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe", this will
block Edge from being able to go to any Internet site. Windows Update still seems to run OK.
Most of my office users would never mess with Windows Firewall settings.
tma
Monday, June 26, 2017 8:31 PM
The suggested answer by Karen Hu did not work for me. Though I could set the rule as described, and though every other package app I denied by AppLocker via Group Policy was locked out, Edge continue to be accessible. I even verified by >gpresult that the rule was applied to the computer.
The firewall solution proposed certainly is an answer for stopping Edge's ability to function.
Another one is to change the permission on the Microsoft Edge folder itself.
Create a new "disabling" GPO for your domain, and in Computer Configuration > Windows Settings > Security Settings > File System create an object that sets the %SystemRoot%\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe directory (where Microsoft Edge is contained) to have full control only for SYSTEM and Administrators. When applied to a particular computer's OU in Active Directly, this effectively disables Edge by removing permission for access to the executable.
To re-enable Edge, create a different "enabling" GPO that resets the same folder with permissions that include read and execute permissions for groups like Users, and/or Authenticated Users. Replace the "disabling" GPO with this one and the computers in that Active Directory OU will again be able to use Edge.
This is certainly a bit of a crazy hack, but it's the only solution I've found so far that actually prevents Edge from running
Best Regards
Friday, October 6, 2017 7:02 AM
Hello
Followed your instruction and edge still runs. also made sure that the "Application Identity" Service is running
but edge still opens, what am i doing wrong?
if i block the executable incited of the packaged app, edge is blocked but the start menu also stops working!
help please
Tuesday, July 17, 2018 1:36 PM
Hi,
I'm using RSAT for Win10 1803 and when I try to do the same when creating a deny rule everything is greyed out like this, and can't click on Browse... why?
