Isolate Internet Explorer

We’ve seen multiple exploits, when the users visits a malicious web site, and next the whole organization is compromised, the data is leaked, business loses A LOT of money.

So, what are we going to do? Use Linux? Yeah, like there are no exploits for all Linux browsers, including the console based Lynx… yes, text only browsing is dangerous too!

Let’s imagine most our users are admins on their own machines. Or even Power users. Dangerous situation. What would I do? Run IE as… Guest! This is isolating internet explorer for safe browsing.

Here’s the How-To:
Start - > Run - > type lusrmgr.msc, press Enter, right-click on Users, create a new user, choose a nice password for it, Clear the check-box “User must change password at next log on” - this account will be used only for running your internet facing applications like Internet Explorer, Firefox, Outlook, etc.

Next, right-click on the user you created, choose Properties, click on the Member of tab, remove Users group, click Add, type Guests in the box, click Ok.

To create a shortcut on the Desktop for the new Internet Explorer instance, right-click on the Desktop, choose New -> Shortcut, in the field for the program paste this (where newuser is the username of the user you created previously):
runas /user:newuser “c:\Program Files\Internet Explorer\iexplore.exe”
Press Next, when it asks for a name for the new shortcut, type Inernet Explorer, press Next, done.
For Firefox: runas /user:newuser “c:\Program Files\Mozilla Firefox\firefox.exe”

The icon is not pretty, I know. Right-click on it, choose Properties, Change Icon, and choose a nice icon, maybe even the Internet Explorer one at the end of the list.

Update: This does not work with IE7 in Vista, so to run IE7 as Guest, you will need to login with your new user. That is actually much better, as it will protect you from other threats from internet facing programs you run.

This entry was posted on Friday, August 8th, 2008 at 6:05 pm and is filed under Windows. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

No Comments

Be the first to comment on this entry.

Have your say

You must be logged in to post a comment.

  1. Recent Posts

  2. Categories

  3. Tags