Windows Windows Server

How to Block downloads on Microsoft Edge using GPO on Windows Server 2019 and 2022

GPO-Blocked-Downloads-3

Group Policy is a Windows feature that enables a wide range of advanced settings that network or system administrators can use to control the working environment of Active Directory users and computer accounts. It essentially provides a centralized location for administrators to manage and configure the settings of operating systems, applications, and users. Microsoft Edge on the other hand is a web browser developed by Microsoft that was designed to replace the older Internet Explorer with faster speeds and more features. You can check all available Policies for the latest version of Microsoft Edge . You can also create, configure and apply Group Policy Objects on Windows Servers: Set Desktop Wallpaper, Prevent access to Registry Editing tools, how to enable Screen Saver Timeout, and how to Password Protect the Screensaver as well as configure favorites on Microsoft Edge via Group Policy

When used correctly, Group Policies can help you increase the security of your users' computers and defend against both insider threats and external attacks.

In this post, look at how system administrators can use GPO to block downloads from the Microsoft Edge browser on Windows Server 2019 and 2022.

What is Group Policy Object?

A Group Policy Object (GPO) is a collection of settings created with the Group Policy Editor in the Microsoft Management Console (MMC). GPOs can be linked to single or multiple Active Directory containers, such as sites, domains, or organizational units (OUs). Users can use the MMC to create GPOs that define registry-based policies, security options, software installation, and other features.

Note: GPOs are applied in the same logical order by Active Directory: local policies, site policies, domain policies, and OU policies.

Blocking Downloads on Microsoft Edge via GPO

At times, you might not want to want to allow users to download files from the internet for security reasons. If you are using the Microsoft Edge browser, it is possible to achieve that using the group policy object.

To get started with it, on the domain controller or the Server, download the latest version of the Microsoft Edge policy template file by selecting the stable version, build, and the platform.

Download-Edge-Template-file
Download the Microsoft Edge Policy Template file

Having downloaded the policy template file, double-click the Windows Cabinet file named MicrosoftEdgePolicyTemplates. and extract the zip file. In the screenshot below, all files are placed on the Downloads root directory.

Exyract-Policy-Template-file-1
Extract the Policy Template file

Navigate to the directory named Windows using the built-in Windows Command Prompt and copy the ADMX files to the Policy definitions directory.

Copied-the-Admx-file
ADMX files Copied to the Policy Definitions Directory

Next is to access the correct language subdirectory and copy the ADML files to the correct language directory inside the Policy definitions.

Copied-Adml-files
ADML Files Copied to the Policy Definitions Directory

On the domain controller or the Server where you want to affect the policy, Search for and open the group policy management tool.

Search-for-GPO
Search for GPO

Next, create a new Group Policy Object by navigating through Forest > Domain >Group Policy Object. Right-click on Group Policy Object and select “New” as shown in the screenshot below:

Create-GPO
Create a New GPO

Enter a name for the new group policy.

Name-GPO
Name the new GPO

The screenshot above shows that we named the new GPO My-Demo-GPO. On the Group Policy Management screen, expand the folder named Group Policy Objects. Right-click your new Group Policy Object and select the Edit option.

Edit-the-New-GPO
Edit the New GPO

Expand the User configuration folder on the group policy editor screen and look for the following item.

User Configuration > Policies > Administrative Templates > Microsoft Edge

The below screenshot shows the Microsoft Edge configuration options.

Expand-the-Ms-Edge
Microsoft Edge Configuration options

Next, still under the Microsoft Edge configuration options locate from the right hand side of the screen and double-click on Allow download restrictions and “Enabled” and then Apply and click on Ok to effect the policy.

Allow-Downloads-Restrictions

Note you must select the option “block all downloads” as shown below for the policy to work.

Enable-Allow-download-Restrictions-1
Enable the “Allow download restrictions

Effecting the above policy will disable the user’s permission to download files using Microsoft Edge. To save the group policy configuration, you need to close the Group Policy editor. Now that you have finished the GPO creation, you need to link the policy.

Linking GPO

To link the GPO, do the following: On the Group policy management screen, right-click the domain name and select the option to link an existent GPO.

Link-GPO
Link GPO

Here, we are linking the group policy to the name of the GPO we created above My-Demo-GPO to the root of the domain.

Select-GPO-to-Link
Select GPO to Link

Congratulations, you have successfully created a GPO and used it to block all downloads from Microsoft Edge. Wish to have the updates applied automatically, please refer to the following guide: GPUpdate Switches: GPUpdate vs GPUpdate force.

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x