It’s been a while since my post Blocking IE 8 "InPrivate" Mode.
In that post I looked at how IE’8 “InPrivate” web-browsing mode could be blocked or disabled.
It could either via Active Directory policy, or via a registry key.
The registry key technique should work fine for both home and business users interested in it.
I had tested it with a beta version of IE8 in XP, and surmised it should work on Vista, but never got around to validating.
Then a got the following comment the other week on that post:
Hi Claus, we use Vista Home Premium 32 bit and I cannot locate group policy. If I want to disable Inprivate browsing, can I do that by editing thw Windows Registry alone?
Yes. This registry key “fix” does successfully work on Windows Vista as well as Windows 7 just fine to prevent access (block) InPrivate mode in Internet Explorer 8.
"InPrivate" Enabled
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Privacy]
"EnableInPrivateBrowsing"=dword:00000001
"InPrivate" Disabled
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Privacy]
"EnableInPrivateBrowsing"=dword:00000000
In case it isn't clear, I exported the "Computer Configuration" registry key as shown above to indicate the specific key and value needed.
Note that on most home systems the Registry key I mentioned might not exist. So here is the quick and (fairly) safe way to do it.
Right-click on your desktop and select "New"..."Text Document".
You should see one appear on your desktop.
Rename it to something like "IE8SafeMode.reg" (Note I changed the file extension from .txt to .reg)
Save the change and tell Windows you know you changed the file extension name. OK.
Right-click on the file you just made and select "Edit".
It should open in notepad.
Copy the following text (all three lines) and paste it into that Notepad file:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Privacy]
"EnableInPrivateBrowsing"=dword:00000000
Save the file and then close it.
When you double-click the file it will ask you if you want to add those changes into the Registry. Select Yes.
Then reopen IE8 and you should now have InPrivate mode disabled.
To enable it again, just re-modify your file so the last number on the last line is a "1" and not a "0".
Save the file and run it and say "Yes" to add the info to the registry again.
If this doesn't work, then it is likely your account doesn't have sufficient administrator level permissions to make those changes...
As always, making changes in the Windows Registry carries risks, up to and including nuking your system. However these steps do works on my system fine. Proceed at your own discretion.
Note that InPrivate browsing is disabled by default on systems where Windows One-Care or Windows Family One-Care has been installed. Or if application of “Parental Controls” settings have been applied to the account. In those cases, use of the registry keys to “enable” blocked InPrivate mode will be ignored and InPrivate mode can not be enabled. Conversely, parents wanted to harden the blocking of this mode in IE8 may want to look into those products.
--Claus V.
Chrissy
Said
Thanks so much for posting what registry key to change in XP Home. I spent quite awhile looking for a solution like this. The majority of the websites just tell you how to exit the InPrivate browsing session by closing out the window -- not how to block it entirely. Very thankful for this solution.
Anonymous
Said
I have windows 7 home permium windows IE8 and i want to block inprivate browsing entirley, please help
Claus
Said
@ Anonymous - I have Windows 7 Home Premium with IE 8 also!
As I said in this post, the steps listed here with the registry "hack" worked for XP and as I then tested, both Vista and Windows 7 Beta/RC versions.
I am happy to say that I just got done testing this on my "Final" version of Windows 7 right now and it worked like a champ. It should work both for x32 and x64-bit versions just fine (mine is a x64 bit load by the way). And no, I didn't see these keys in place in the registry until I created them above for the first time.
However, to really effectively disable InPrivate browsing and prevent someone from just following these steps to do a "reverse" of the registry key value, you will have to do some more work:
Install with Windows Live Family Safety application and properly configure it and your user accounts, or Configure Parental Controls in Windows 7 and use password enabled user-accounts for each child you want to block.
If the kids aren't too old and Windows sophisticated you can probably get away with the registry hack I mention here just fine. However if they are older and/or smarter, you will almost certainly need to do the later.
And for teens they could work around it pretty simply by using Chrome/Firefox or other browsers that also have this feature and don't have their settings control by the Windows Registry like IE 8. Even if you configure the parental controls to keep such apps from running on the local machine under their account, they still might be able to run them from a "portable" mode off a USB stick....
I hope this helps you for now and I don't want to sound discouraging. There are things that can be done, but to be truly effective, they will take some monitoring and more advanced configuration work on your part.
Good luck!
--Claus V.
Anonymous
Said
Oh My goodness thank you so much!!!!! Love it it worked wonderful!!!!!!!
Anonymous
Said
i followed the instructions and everything seemed to work like it was supposed to i created the new file changed it from txt to reg. copied the lines and when my computer warned me about changing the registry i continued. It said the changes would be made in the registry,but the in private browsing is still active, any ideas?
Claus
Said
@ Anonymous - two thoughts come to mind without additional information.
1) was the account you used set with "administrator" level permissions? If not you might have to execute the reg file as administrator to get the registry change to take.
2) did you go into "regedit" and trace out the path noted in the registry key to see if the key was actually created/changed?
If you don't see it, again I'd wonder if there was a permissions issue going on.
You could also try running regedit as administrator, then manually creating the key. That might work as well.
If you do find it and it was created but In Private mode is still active, then likely another security program is protecting the key from going into effect. I'd be interested to know which one if that ended up being the case since generally (Family Safety from MS) they work to keep Private mode browser from being enabled...not disabled.
Please let me know what you find out.
--Claus V.