Group Policy is a Windows feature that enables a wide range of advanced settings that network or system administrators can use to control the working environment of Active Directory users and computer accounts including blocking downloads on Microsoft Edge. It essentially provides a centralized location for administrators to manage and configure the settings of operating systems, applications, and users. Please see how to create, configure and apply Group Policy Objects on Windows Servers: Set Desktop Wallpaper, Prevent access to Registry Editing tools,
Microsoft Edge on the other hand is a web browser developed by Microsoft that was designed to replace the older Internet Explorer with faster speeds and more features.
When used correctly, Group Policies can help you increase the security of your users' computers and defend against both insider threats and external attacks.In this post, look at how system administrators can use GPO to block downloads from the Microsoft Edge browser on Windows Server 2019 and 2022.
You can check all available Policies for the latest version of Microsoft Edge, how to enable Screen Saver Timeout, and how to Password Protect the Screensaver as well as configure favorites on Microsoft Edge via Group Policy
What is Group Policy Object?
A Group Policy Object (GPO) is a collection of settings created with the Group Policy Editor in the Microsoft Management Console (MMC). GPOs can be linked to single or multiple Active Directory containers, such as sites, domains, or organizational units (OUs).
Users can use the MMC to create GPOs that define registry-based policies, security options, software installation, and other features.
Note: GPOs are applied in the same logical order by Active Directory: local policies, site policies, domain policies, and OU policies.Blocking Downloads on Microsoft Edge via GPO
At times, you might not want to want to allow users to download files from the internet for security reasons. If you are using the Microsoft Edge browser, it is possible to achieve that using the group policy object.
1. Download the Microsoft Edge Policy Template File
To get started with it, on the domain controller or the Server, download the latest version of the Microsoft Edge policy template file by selecting the stable version, build, and the platform.
Having downloaded the policy template file, double-click the Windows Cabinet file named Microsoft Edge Policy Templates. and extract the zip file. In the screenshot below, all files are placed on the Downloads root directory.
2. Copy the ADMX files to policy definitions directory
Navigate to the directory named Windows using the built-in Windows Command Prompt and copy the ADMX files to the Policy definitions directory.
3. Copy the ADML files to language directory
Next is to access the correct language subdirectory and copy the ADML files to the correct language directory inside the Policy definitions.
4. Open Group Policy Management Tool
Now you are one step closer to blocking downloads on Microsoft edge. On the domain controller or the Server where you want to affect the policy, Search for and open the group policy management tool.
5. Create a new Group Policy Object
Next, create a new Group Policy Object by navigating through Forest > Domain >Group Policy Object. Right-click on Group Policy Object and select “New” as shown in the screenshot below:
Enter a name for the new group policy.
6. Edit your new Group Policy Object
The screenshot above shows that we named the new GPO My-Demo-GPO. On the Group Policy Management screen, expand the folder named Group Policy Objects. Right-click your new Group Policy Object and select the Edit option.
7. Locate the Microsoft Edge Folder within User Configurations
Expand the User configuration folder on the group policy editor screen and look for the following item.
User Configuration > Policies > Administrative Templates > Microsoft EdgeThe below screenshot shows the Microsoft Edge configuration options.
8. Enable “Allow Download Restrictions”
Next, still under the Microsoft Edge configuration options locate from the right hand side of the screen and double-click on Allow download restrictions and “Enabled” and then Apply and click on Ok to effect the policy.
9. Block all downloads on Microsoft Edge
Note you must select the option “block all downloads” as shown below for the policy to work.
Effecting the above policy will disable the user’s permission to download files using Microsoft Edge. To save the group policy configuration, you need to close the Group Policy editor. Now that you have finished the GPO creation, you need to link the policy.
Linking GPO
To link the GPO, do the following: On the Group policy management screen, right-click the domain name and select the option to link an existent GPO.
Here, we are linking the group policy to the name of the GPO we created above My-Demo-GPO to the root of the domain.
Congratulations, you have successfully created a GPO and used it to block all downloads from Microsoft Edge. Wish to have the updates applied automatically, please refer to the following guide: GPUpdate Switches: GPUpdate vs GPUpdate force.