KC Lemson

By KC Lemson [MS]

Blogs

Do not install... and stop asking!

  • Comments 13
  • Likes

Jeff blogs about some changes in IE in Win XP SP2. The parts that jumped out at me:

On Pop-ups:

Users almost never want to see pop-ups.  So we started by saying all pop-ups will be blocked.  There are exceptions-- brokerage sites use window.open() to display small windows with definitions of trading terms.  E-tailors use window.open() to display small windows with sizing charts (clothing) and definitions of technical terms (computers, electronics, etc).  To handle these exceptions we added code to detect user initiated actions-- if the user clicks a link that wants to open a new window, we allow it to open one new window

This is great news... I frequently see complaints from people using poor pop-up blocking software that just blocks all window.open()s, and that causes havoc in Outlook Web Access. I have had customers berate me for how crappy OWA is because it requires them to hold down the control button in order to open a message... oh, how to explain that I swear, it's not our fault. BTW, I realize that other pop-up blockers are smart enough to allow user-initiated window.opens as well, so kudos to any pop-up-blocker-author that has chosen this route.

On ActiveX control install prompts:

there are a few things I love about the work we did here.  You can now say “Do not install this control and never ask me again.”

Yes! Now I never need to see a prompt for “Install Gator (click here for more information about this fantastic progra...” again. Great job!

Comments
  • Thank GOD the ActiveX control blocking is in. This will save my life.

    Now if I can just figure out how to set a group policy to block ActiveX installations on a network...

  • the 3rd party pop-up blocker I use allows you to choose on a site by site basis what sites to allow pop-ups from. 9 times out of 8 for 99% of websites, I don't want to see nary a single pop-up, it's a little frustrating that something that easy can't be coded into the new pop-up blocker in IE. If it allows any kind of javascript pop-ups to be opened by a user, I guarantee pop-up writers (if there is such a thing) will find a way around it.

    As for the ActiveX control blocking, that's excellent news!

    Vermyndax -- I am not an admin, but I would think the IEAK would allow this to be deployed organization-wide?

    cheers

  • In RC1 we do block the name resolution dialog, since it happens some time after you click [Send] in OWA.

  • Jeff - thanks for the heads up. Will that be fixed by RTM? Or is there no way to tell that it *should* pop-up since it's not exactly a direct user action?

  • Agree with Jayson - I use the Google Toolbar and it lets me easily specify which sites (like our OWA site) should be allowed popups and which should not.

    That said I welcome any innovations that improve the process and discourage popup ads.

    -B-

  • Jayson...

    The policies from the IEAK were put into Group Policies for the most part, and I'm sure I've seen them in there before... just never taken a shot at getting it to work because it didn't look entirely intuitive. I think what I meant to say was - an EASY way to set a group policy to block activex controls that are known to be ugly... like, an activex control from a certain website or group of websites rather than blocking by executable name.

  • You know what I find ironic? IE has its default set to block pop ups. The ASP.Net team created a pop up ad server control.

    Which team is going to win the pop-up race?

  • This is a bit off-topic, but at least it's about OWA and XP SP2... So here it goes:

    Is it by design that if I set "Open files based on content, not extension" option to "Disable", OWA starts to show the HTML markup when I reply to a message?

    For example, this is how it actually looks when I click Reply (not sure if the server is going to properly escape all the angle brackets etc):

    From: XXX XXX
    Sent: Thu 3/25/2004 9:26 PM
    To: XXX XXX
    Subject: RE: XXXXXXXXXXXXXXXXX

    <script></script>
    <html>

    <head>
    <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">

    <meta name=Generator content="Microsoft Word 11 (filtered medium)">
    <style>
    ...

  • What's really strange is that even though I added my OWA server to the Trusted Sites zone, it's still affected by the "open file based on content, not extension" setting from the Internet zone... Something is not right here.

  • Another Microsoft blogger that I should have known about before: K.C.

  • This is for Vermyndax (I emailed personally, but thought I'd share for posterity's sake):

    The way that I have found to block ActiveX installs on networked computers is to take the certificate that the program is signed with (for instance, Gator Inc) and put it as a "Restricted" certificate in my GPOs, under "Policy / Computer / Windows / Security / Software Restriction Policies." You have to right-click the SRP folder and click "Create New Policies" and then two folders will appear underneath. Under the "Additional Rules" heading, right click, choose "New Certificate Rule..." and fill in the dialog (setting "Security level" to "Disallowed"). Hit OK, propogate the policy, and you're done. Whenever someone tries to run a piece of software (installer exe, cab, vbs -- any "executable" that can be signed) with this certificate, it will inform them that it has been disallowed by an Administrator.

    It's worth noting that the Gator cert is on a short-list of certs that I put into my disk images in the local computer policy; that way, even if the computer is not connected to the domain, it still disallowes the install.