Managing Internet Explorer Add-Ons for All Users



I guess we all heard about the Java security breach. I don't know about you but I've heard about it and decided to take action like a good IT Professional. :)  We decided to deactivate the Java add-on on our Terminal Server which is running Windows Server 2008 R2. I realized that if I turn off the add-on manually from the Internet Explorer settings, the action is only takes effect only for the user account that your are logged in. But, what do you do for a Terminal server or on system that multiple user is using? I've found the answer on Microsoft TechNet forums and I wanted to share it with you guys because the answer wasn't easy to find at all.

First, here is the forum thread that I'm talking about;

http://social.technet.microsoft.com/Forums/en-US/winserverTS/thread/fe5b7fb6-bbda-42ac-87d2-a64f57f5d6a0

Here is the original article from Microsoft (even though it says Windows XP in the article, this applies to Windows 7 & Server 2008 R2 systems as well;

http://support.microsoft.com/kb/883256

Personally, I've configured these settings trrough GPO by setting up these 2 settings;

 - Computer Configuration, Administrative Templates, Windows Components, Internet Explorer, Security Features, Add-On Management
          * Deny All add-ons unless specifically allowed in the Add-On List = Enabled
          * Add-On List = Enabled

Optionally you might want to activate some of the add-ons. In this case, you will need to find out what is the CLSID (.....)
To find out what is your add-ons CLSID value for internet explorer, follow these steps;
 1 - Open Internet Explorer
 2 - Under Tools, click on "Manage Add-Ons"
 3 - Under "Toolbars and Extensions" on the right pane, right click on one of the add-ons in the list and go to "Columns" and make sure that the "Class ID" is checked. When this setting is checked you will see that the CLSID is shown along with all add-ons.
 4 - Use the CLSID value of the add-on that you want to enable in the "Add-On List"  GPO.

With all these settings in place, you will have the control of what is enabled and used in Internet Explorer by your users. You don't need to worry about Java or any other add-on security breaches.

Never forget to keep it up-to-date :)
Location: Montreal, QC, Canada

Comments

Post a Comment

Popular posts from this blog

System.Messaging.MessageQueueException (0x80004005): A workgroup installation computer does not support the operation (Public Queue create issue)

This is a weird issue that I don't fully understand why it would happen. But the symptoms are very persistent as we're able to reproduce these behavior easily. Issue: The MSMQ (Microsoft Message Queuing) fails to create Public Queues and throws  "the System.Messaging.MessageQueueException (0x80004005): A workgroup installation computer does not support the operation" exception.
Read more

Veeam Backup Error : Failed to prepare guest for hot backup. Error: VSSControl

Image
Problem Description; I had this issue on one of my backup jobs recently and I was able to fix the issue with the solution explained below. After a quick google search, I realized that I'm not the only one and neither you are :) Full Error Description; Failed to prepare guest for hot backup. Error: VSSControl: Failed to prepare guest for freeze, wait tim eout 9 00 sec Error: VSSControl: Failed to prepare guest for freeze, wait timeout 900 sec
Read more

warning: Win32API is deprecated after Ruby 1.9.1; use fiddle directly instead - Chef Development Kit Update

Today, I needed to do some tests with a newer version of the Chef Client and test my cookbooks. To version 14.12.9-1 to be precise. I also upgraded my ChefDK on my workstation to the 4.2.0 version. I believe that upgrades Ruby version as well and now I have ruby version 2.6.3p62 Right after the upgrade, I tried with a basic knife node list command to see if I needed to reboot or anything was broke... Everything seems to be working fine, except I get this annoying "warning" message. As it's just a warning, I don't really care about it as it just seems to annonce something that is deprecated... Problem; You receive "warning: Win32API is deprecated after Ruby 1.9.1; use fiddle directly instead" warning when using ruby or chef knife commands. Solution; You need to comment out that warning message in Ruby lib scripts.
Read more