Our company had the need to deploy a workstation with a web browser to access a couple of web pages. I felt the need to lock the devices down a little tighter than what they already were and chose a few policies for Internet Explorer to help keep the honest people honest. I figured I would share these policies as I’m sure I’m not the only one looking to do this. Like I said, I wanted to keep the honest people honest, and my primary goals were to make sure they didn’t have an address bar and were unable to enable settings I disabled.
General Restrictions
HKLMSoftwarePoliciesMicrosoftInternet ExplorerRestrictions
NoBrowserSaveAs
DWORD 1
Prevent the user from performing the Save As function
NoFileNew
DWORD 1
Prevent the user from creating new documents
NoFileOpen
DWORD 1
Prevent the user from opening files directly
NoFindFiles
DWORD 1
Prevent the user from Searching for Files locally
NoHelpItemSendFeedback
DWORD 1
Remove the Help|Send Feedback menu item
NoSelectDownloadDir
DWORD 1
Prevent the user from Downloading Files
NoViewSource
DWORD 1
Prevent the user from viewing the source
Toolbars
HKLMSoftwarePoliciesMicrosoftInternet ExplorerToolbarsRestrictions
NoAddressBar
DWORD 1
Remove the Address Bar
NoLinksBar
DWORD 1
Remove the Links Bar
NoToolbarOptions
DWORD 1
Prevent the user from turning the toolbars on that we disabled
Synchronization
HKLMSoftwarePoliciesMicrosoftInternet ExplorerInfodeliveryRestrictions
NoManualUpdates
DWORD 1
Disable the Synchronize command
More information on these settings, as well as a few more restrictions, can be found here.
Hopefully this will help someone else who is looking for this exact information.