Sunday, August 16, 2009

how to lock down internet explorer 8 with GPO registry

Please purchase these instructions for $4.99 USD here (a value of over $100 for Microsoft support) :










In my search to lock down internet explorer 8 with group policy objects through registry entries I have found the following techniques work best:

1. You may want use the default settings from IE8 group policy objects available (this wasn't sufficient for me) to do that you need to download and save the install file of IE8 from IE installer website, open the file with winrar or 7zip then find and extract the following file: inetres.adm into your desktop or my documents or the default template location (C:\WINDOWS\inf). Now load it using my instructions on the bottom of this post.

The default settings might work fine for removing the options menu, status bar and such but there were two more things I need that were not there. I searched high and low for the following tasks:
  • Hide/remove/disable address bar
  • Hide/remove/disable favourites and the command bar


I finally found them and will show you the registry changes first and then how to put it together into an adm template, which can be added to your group policy editor and modified from there. (Instructions for that are found at the bottom of this post)

  • To remove/hide the address bar the following registry change must be made:

HKEY_Current_USER\software\policies\microsoft\internet explorer\toolbars\restrictions
Value name: NoNavBar
Type: DWORD
Value: 1 (on)

  • To remove/hide the command bar (includes favourites), this registry change must be made:

HKEY_Current_USER\software\policies\microsoft\internet explorer\toolbars\restrictions
Value name: NoCommandBar
Type: DWORD
Value: 1 (on)


create a new notepad text file/or open notepad and copy+past the following
class user

category IESettings

policy "disable/hide IE command bar"
keyname "software\policies\microsoft\internet explorer\toolbars\restrictions"
explain "here is the explaination"
valuename "NoCommandBar"
valueon numeric 1
valueoff numeric 0
end policy

policy "disable/hide IE nav bar"
keyname "Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions"
explain "here is the explaination"
valuename "NoNavBar"
valueon numeric 1
valueoff numeric 0
end policy

end category

Make sure to add this blank space at the bottom of the file (ask MS why this is, I just know the gpo editor won't accept it otherwise)

Save it as NAME.adm (remove the .txt) where NAME is what you would like to name it i.e removeaddressbar.adm (doesn't make any difference)

Now to add the file to gpo editor user the instructions at the bottom of THIS POST.

Once that is done you will see it under IESettings, enable the nessary objects for you and replicate the changes (Go to Start>Run>cmd and type "gpupdate /force" to speed things up)

This works for me but as we know with different environments and settings so let me know if you have problems!


Enjoy and good luck!

P.S. If you would like to leave the back, forward and refresh buttons follow this post

Sunday, August 9, 2009

Gargoyle router for bandwidth limiting / cap linksys wrt54g

Not as bad as it sounds. Actually this firmware wins me over the best right now!

Gargoyle is based on openwrt, in fact if you have it installed gargoyle is just a package install away!

Basically what i love about this firmware most is that it allows me to STOP [Update: now you can throttle it to slow it down after the cap is reached!] internet traffic when i reach my bandwidth cap (rogers allows me 60GB a month at the moment)

but that is definitely not the only feature, it's also great with other features you would expect from a good firmware, like; QoS and live bandwidth display and monitoring, port forwarding, iptables and ssh with your usual Linux commands normally provided in the busybox system on these types of firmware, as well as the dnsmasq and other packages that are typical in this firmware distros (ie.e dd-wrt, tomato) .

It had some drawbacks as you can expect, but they are fixed and patched as the firmware is actively being developed you can track versions and fixes provided. New features and addition to previous ones so always be on the lookout for new updates on the main site.

in this post i talked about tomato and sure it is great with neat features (which mostly gargoyle has) including javascript, ajax, svg bandwidth graphs, QoS - but the major feature that i was looking for and could not figure out how to do (i have extensive Linux knowledge, which is what these firmwares are based on... just look in the blog - and take my word for it * ) which was to stop my internet when my cap is reached, when you go over - you pay extra;

i used a lot of bandwidth recently and found that only 5 extra GB cost as much as $12 which might not sound like much but looking at my history from before the new caps i quickly found this project on my hands...

*of course i suspect there is a way to do this with lots of scripts but it just isn't what i am used to, can't save scripts except for the gui, nor is there much if any documentation; found a bandwidth statistic backup script which didn't work... go figure reverse engineering these things... much too complex to try to do, i should hope they will have this in the future in which point i will be glad to switch back to tomato because it still wins the graphics and usability [maybe stability too] of most things but for now it was just easier to implement gargoyle for my needs...

But I am open to any custom scripts or implementations of tomato that anyone may have out there, feel free to send them my way and i will test it out!

so for those American users with 200gb or 250gb cap from Comcast or Time Warner (which is a heck of a lot more than what we Canadians get!) - i found posts while searching for a solution and seems they were searching for one also, well for the time being, this is your match.

to update to gargoyle: use the .bin if your upgrading from the default Linksys firmware or .trx files when upgrading from tomato or dd-wrt (or any other third party firmware except for openwrt) but make sure to read the documentation - it is well documented for what seems like a small but growing project

so install and enjoy the benefits!!!

P.S. I forgot to post this before but the first few months after installing the initial versions (new ones are even much better now) I can confirm that the bandwidth is very accurate. From my research which composed of taking daily Mb usage from the router and comparing to my ISP's Mb usage (from the self service interface) the results are great, although not 100% I would put it at 99.9% which is excellent
So it is very safe to use and with the new throttling instead of internet stopping once the quote is reached you have a great service that is unmatched.

And I use the web interface as a quick check on much percent is currently taken which is way faster if anyone knows how slow login into rogers is :)

(Updated Sep. 1 2010)
References:
http://www.gargoyle-router.com
http://digiex.net/guides-tutorials/776-how-backup-tomato-firmwares-bandwidth-logs-rstats-ftp-server.html