A. In this walkthrough, I'll show you how to block the Automatic Updates deployment of IE 7 to all computers in an organizational unit (OU) called NoIE7.

  1. Start the Microsoft Management Console (MMC) Active Directory Users and Computers snap-in (Start, Programs, Administrative Tools, Active Directory Users and Computers).
  2. Right-click the OU to which you want to have the policy applied and select Properties.
  3. Select the Group Policy tab.
  4. Click the New button and enter a name for the policy (e.g., "Block IE7") and press Enter.
  5. Select the new policy and click Edit.
  6. Right-click Administrative Templates under Computer Configuration and select Add/Remove Templates.
  7. Click Add and select the IE70Blocker.adm system template. Click Open, then select Close on the Add/Remove Templates dialog box.
  8. From the View menu, select Filtering.
  9. Clear the "Only show policy settings that can be fully managed" check box and click OK.
  10. Navigate to Computer Configuration, Administrative Templates, Windows Components, Windows Update, Automatic Updates Blockers.
  11. Double-click "Do not allow delivery of Internet Explorer 7 through Automatic Updates" and set to Enabled, then click OK, as the figureshows.
  12. Close the Group Policy Object Editor. The next time machines refresh their policy, the new setting will take effect.