Browser Control with CtrlOne
By CtrlOne Team ·
For most users the browser is the operating system. It is where work happens, and it is also the surface through which the most varied risks arrive, from distracting sites to pages that try to trick people into unsafe actions. Browser control is the practice of shaping what the browser is allowed to do on a managed device. CtrlOne provides it through browser and website restrictions expressed as named toggles, pushed to enrolled Windows devices, versioned on every change, and re-asserted when a machine drifts. This article explains what browser control in CtrlOne covers and how to apply it in a way that supports work rather than fighting it.

Why the browser needs governance
The browser touches almost everything a user does, which makes it both essential and exposed. Left ungoverned, it becomes an unpredictable surface where settings vary from machine to machine.
Browser control brings that surface under deliberate management. Instead of hoping each machine is configured sensibly, you define the intended behaviour and apply it consistently.
Website and browser restrictions as toggles
CtrlOne expresses browser control as named toggles covering website restrictions and browser lockdown behaviours. The intent is visible in the console, so the policy is easy to review and explain.
- Restrict access to categories or specific sites.
- Lock down browser settings that users should not change.
- Apply kiosk-style browsing for shared or public devices.
- Scope restrictions per group so context is respected.
Keeping the policy applied
Browser settings are easy to change locally, which is exactly why enforcement matters. CtrlOne versions every change and re-asserts the intended toggles when a device drifts.
That keeps a shared kiosk locked to its intended browsing state and stops managed workstations from quietly slipping out of policy after an update or a manual tweak.
A complement to security tooling
Restricting risky browsing surfaces reduces the ways trouble can reach a machine, which is a hardening benefit. It works alongside your web filtering and detection tools rather than replacing them.
CtrlOne is not antivirus, a secure web gateway, or a threat-analytics product. It does not inspect traffic for malware. It governs the browser configuration so your other controls face a tidier surface.
Applying browser control by context
A public-access PC and a finance workstation call for very different browser policies. Match the level of restriction to the role, and pilot changes so you do not block a tool people depend on.
- Use tight kiosk browsing for public and shared devices.
- Apply lighter restrictions to trusted staff workstations.
- Pilot restrictions before broad rollout.
- Keep a rollback version ready in case a rule bites.
Frequently asked questions
Does CtrlOne inspect web traffic for malware?
No. CtrlOne governs browser and website restrictions as configuration. It does not inspect traffic and is complementary to web filtering and antivirus.
Can I lock a device to a single site or kiosk mode?
Yes. You can apply kiosk-style browsing and website restrictions, which suits public-access and shared devices.
Will users be able to change browser settings back?
Locked settings are re-asserted if a device drifts, so controlled browser behaviours return to the intended state.
Can different groups get different browser rules?
Yes. Browser control toggles are scoped by group, so kiosks, staff, and specialised roles can each get appropriate restrictions.
Bring the browser under control
See how CtrlOne applies browser and website restrictions as named toggles, versioned and enforced across your Windows fleet.