Group Policy is a Windows feature that enables a wide range of advanced settings that network or system administrators can use to control the working environment of Active Directory users and computer accounts. It essentially provides a centralized location for administrators to manage and configure the settings of operating systems, applications, and users. Microsoft Edge on the other hand is a web browser developed by Microsoft that was designed to replace the older Internet Explorer with faster speeds and more features. You can check all available Policies for the latest version of Microsoft Edge . You can also create, configure and apply Group Policy Objects on Windows Servers: Set Desktop Wallpaper, Prevent access to Registry Editing tools, how to enable Screen Saver Timeout, and how to Password Protect the Screensaver as well as configure favorites on Microsoft Edge via Group Policy
When used correctly, Group Policies can help you increase the security of your users' computers and defend against both insider threats and external attacks.
In this post, look at how system administrators can use GPO to block downloads from the Microsoft Edge browser on Windows Server 2019 and 2022.
What is Group Policy Object?
A Group Policy Object (GPO) is a collection of settings created with the Group Policy Editor in the Microsoft Management Console (MMC). GPOs can be linked to single or multiple Active Directory containers, such as sites, domains, or organizational units (OUs). Users can use the MMC to create GPOs that define registry-based policies, security options, software installation, and other features.
Note: GPOs are applied in the same logical order by Active Directory: local policies, site policies, domain policies, and OU policies.
Blocking Downloads on Microsoft Edge via GPO
At times, you might not want to want to allow users to download files from the internet for security reasons. If you are using the Microsoft Edge browser, it is possible to achieve that using the group policy object.
To get started with it, on the domain controller or the Server, download the latest version of the Microsoft Edge policy template file by selecting the stable version, build, and the platform.
Having downloaded the policy template file, double-click the Windows Cabinet file named MicrosoftEdgePolicyTemplates. and extract the zip file. In the screenshot below, all files are placed on the Downloads root directory.
Navigate to the directory named Windows using the built-in Windows Command Prompt and copy the ADMX files to the Policy definitions directory.
Next is to access the correct language subdirectory and copy the ADML files to the correct language directory inside the Policy definitions.
On the domain controller or the Server where you want to affect the policy, Search for and open the group policy management tool.
Next, create a new Group Policy Object by navigating through Forest > Domain >Group Policy Object. Right-click on Group Policy Object and select “New” as shown in the screenshot below:
Enter a name for the new group policy.
The screenshot above shows that we named the new GPO My-Demo-GPO. On the Group Policy Management screen, expand the folder named Group Policy Objects. Right-click your new Group Policy Object and select the Edit option.
Expand the User configuration folder on the group policy editor screen and look for the following item.
User Configuration > Policies > Administrative Templates > Microsoft Edge
The below screenshot shows the Microsoft Edge configuration options.
Next, still under the Microsoft Edge configuration options locate from the right hand side of the screen and double-click on
Allow download restrictions and “Enabled” and then
Apply and click on
Ok to effect the policy.
Note you must select the option “block all downloads” as shown below for the policy to work.
Effecting the above policy will disable the user’s permission to download files using Microsoft Edge. To save the group policy configuration, you need to close the Group Policy editor. Now that you have finished the GPO creation, you need to link the policy.
To link the GPO, do the following: On the Group policy management screen, right-click the domain name and select the option to link an existent GPO.
Here, we are linking the group policy to the name of the GPO we created above
My-Demo-GPO to the root of the domain.
Congratulations, you have successfully created a GPO and used it to block all downloads from Microsoft Edge. Wish to have the updates applied automatically, please refer to the following guide: GPUpdate Switches: GPUpdate vs GPUpdate force.