Sunday, May 24, 2009

Disable IE8 In-Private Feature

With the release of IE8 comes a new feature that allows a user to turn on "In-Private" browsing. This makes the following true:
1. The browsing history for the session is not stored.
2. Temp Internet Files / Cookies are removed.
3. Searches / Addresses are not saved
4. Passwords are deleted

This is great for that loved one that is getting the perfect gift and doesn't want their girl/guy to accidently get clues as to what the present might be.

BUT the likely use of this feature has coined it the term "Porn-Mode". There are very few reasons that a corporate network should have need of the In-Private feature and it should be locked down.

Install IE8 on a domain controller
In Group Policy make a setting that applies to all computers (ie Default Domain Policy).
Machine/Admin Templates/Windows Components/Internet Explorer/InPrivate/Turn off In-Private Browsing

For home users this can (and should) be disabled especially if you have kids.

Click Start then click Run. Type gpedit.msc and hit Enter
User Configuration > Administrative Templates > Windows Components > Internet Explorer > InPrivate
Here you will see the option "Turn off InPrivate Browsing"
Double click the policy and set to "Enabled" to disable InPrivate Browsing
Close the Group Policy window and open IE8 and ensure that it is disabled.

(Click to enlarge)


Or

via the registry: (Making changes to your computers registry can cause unrepairable damage if done incorrectly)
HKLM/Software/Policies/Microsoft/Internet Explorer/Privacy/EnableInPrivateBrowsing
You may have to create the keys "Internet Explorer", "Privacy", or the Dword "EnableInPrivateBrowsing" with a value of 0 to disable.

10 comments:

  1. I tried to do this but found no listing for "Internet Explorer" in "Windows Components", now what?

    ReplyDelete
  2. Hi Mike,
    Sounds like you are trying to use the Add Windows Components wizard which won't work for this. This key has to be added into the computers registry settings.

    Rather than making a change to your computers registry which can cause unrepairable damage if done incorrectly a better solution for home users is the following: (I have edited the original post to include this as well)

    Click Start then click Run. Type gpedit.msc and hit Enter

    User Configuration > Administrative Templates > Windows Components > Internet Explorer > InPrivate

    Here you will see the option "Turn of InPrivate Browsing"

    Double click the policy and set to "Enabled" to disable InPrivate Browsing

    ReplyDelete
  3. Aaron -

    Nope - that's just what I did last time, and under both the computer configuration heading, as well as the user configuration heading in the gpedit.msc window, there is no listing for Internet Explorer. . .

    ReplyDelete
  4. Under User Configuration heading you should see Administrative Templates listed. Expand this and you should see Windows Components. Expand this and you'll see Internet Explorer.

    The InPrivate heading will only show if you have Internet Explorer v8 installed.

    I tested this on Windows XP Pro SP3, Vista Business SP1, v7RC, 2003 and 2008 with success.

    What version of Windows are you using? (type sysdm.cpl from the Run window)

    ReplyDelete
  5. I'm using XP Professional, SP3, IE8.0.6001, and when I do as you say, I still have no listing for IE v8, I have "Search", "Windows Media Player" and "Windows Update". . . no IE listing. I'd send a screen print so you could see, but could not paste it into the comment box.

    BtB, I do appreciate the assistance. . . thanks for your time and attention.

    ReplyDelete
  6. I added a screenshot if that helps any.

    Not sure why it wouldn't be showing.

    ReplyDelete
  7. Hi, I tried running the gpedit.msc but it didn't come up with anything. I have IE8 and am running it with Windows 7. Please can you tell me how to disable InPrivate browsing?

    ReplyDelete
  8. I have the same problem as maram. I am desperately trying to delete InPrivate Browsing but my computer won't recognize gpedit.msc. Since I can't use parental controls on my own account, what else should I do?

    ReplyDelete
  9. Aaron,
    I know this is an old thread, but a current problem none the less. I'm the CIO of a small business, and have found the need to monitor the internet activity of a few employees. I started with disabling the In Private Browsing (porn-mode) via the registry. First I tried the GP on the local machine, but any changes I made there didn't make a difference. That's a problem I can solve another time though, since I got the registry to work for me. Right now I need to disable the ability to delete browsing history. I stumbled across one site that had directions for a registry entry ( much like the one above), but this one didn't work for me, and I've had no luck anywhere else. I was hoping you might have some pointers for me.

    ReplyDelete
  10. Hi Steball,

    This can be done in a simular fashion as the private mode.
    If your running an AD environment then use Group Policy and apply it at the organization level (remember, never ever modify the default domain policy).
    Open group policy
    User Configuration - Administrative Templates - Windows Components - Internet Explorer - Delete Browsing History - Turn off "Delete Browsing History" Functionality

    Note this is from Windows 7 with IE9 fully updated.

    Can also be done with registry
    HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel
    Dword = DisableDeleteBrowsingHistory = 1

    ReplyDelete