Do not install... and stop asking!

re: Do not install... and stop asking!

Vermyndax — Thu, 25 Mar 2004 13:46:00 GMT

Thank GOD the ActiveX control blocking is in. This will save my life.

Now if I can just figure out how to set a group policy to block ActiveX installations on a network...

re: Do not install... and stop asking!

Jayson Knight — Thu, 25 Mar 2004 15:06:00 GMT

the 3rd party pop-up blocker I use allows you to choose on a site by site basis what sites to allow pop-ups from. 9 times out of 8 for 99% of websites, I don't want to see nary a single pop-up, it's a little frustrating that something that easy can't be coded into the new pop-up blocker in IE. If it allows any kind of javascript pop-ups to be opened by a user, I guarantee pop-up writers (if there is such a thing) will find a way around it.

As for the ActiveX control blocking, that's excellent news!

Vermyndax -- I am not an admin, but I would think the IEAK would allow this to be deployed organization-wide?

cheers

re: Do not install... and stop asking!

jeffdav — Thu, 25 Mar 2004 16:20:00 GMT

In RC1 we do block the name resolution dialog, since it happens some time after you click [Send] in OWA.

re: Do not install... and stop asking!

KC Lemson — Thu, 25 Mar 2004 16:24:00 GMT

Jeff - thanks for the heads up. Will that be fixed by RTM? Or is there no way to tell that it *should* pop-up since it's not exactly a direct user action?

re: Do not install... and stop asking!

Ben M. Schorr, MVP-Outlook — Thu, 25 Mar 2004 18:32:00 GMT

Agree with Jayson - I use the Google Toolbar and it lets me easily specify which sites (like our OWA site) should be allowed popups and which should not.

That said I welcome any innovations that improve the process and discourage popup ads.

-B-

re: Do not install... and stop asking!

Vermyndax — Thu, 25 Mar 2004 21:54:00 GMT

Jayson...

The policies from the IEAK were put into Group Policies for the most part, and I'm sure I've seen them in there before... just never taken a shot at getting it to work because it didn't look entirely intuitive. I think what I meant to say was - an EASY way to set a group policy to block activex controls that are known to be ugly... like, an activex control from a certain website or group of websites rather than blocking by executable name.

re: Do not install... and stop asking!

MartinJ — Fri, 26 Mar 2004 06:26:00 GMT

You know what I find ironic? IE has its default set to block pop ups. The ASP.Net team created a pop up ad server control.

Which team is going to win the pop-up race?

re: Do not install... and stop asking!

Pavel Lebedinsky — Fri, 26 Mar 2004 07:52:00 GMT

This is a bit off-topic, but at least it's about OWA and XP SP2... So here it goes:

Is it by design that if I set "Open files based on content, not extension" option to "Disable", OWA starts to show the HTML markup when I reply to a message?

For example, this is how it actually looks when I click Reply (not sure if the server is going to properly escape all the angle brackets etc):

From: XXX XXX
Sent: Thu 3/25/2004 9:26 PM
To: XXX XXX
Subject: RE: XXXXXXXXXXXXXXXXX

<script></script>
<html>

<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">

<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<style>
...

re: Do not install... and stop asking!

Pavel Lebedinsky — Fri, 26 Mar 2004 08:09:00 GMT

What's really strange is that even though I added my OWA server to the Trusted Sites zone, it's still affected by the "open file based on content, not extension" setting from the Internet zone... Something is not right here.

Killer Outlook tips from horse's mouth

Jarrett House North — Fri, 02 Apr 2004 03:06:00 GMT

Another Microsoft blogger that I should have known about before: K.C.

Configure the pop-up blocker in XP SP2 RC2

KC on Exchange and Outlook — Tue, 22 Jun 2004 07:29:00 GMT

How NOT to install ActiveX stuff...

Chris Hota — Thu, 01 Jul 2004 20:46:00 GMT

This is for Vermyndax (I emailed personally, but thought I'd share for posterity's sake):

The way that I have found to block ActiveX installs on networked computers is to take the certificate that the program is signed with (for instance, Gator Inc) and put it as a "Restricted" certificate in my GPOs, under "Policy / Computer / Windows / Security / Software Restriction Policies." You have to right-click the SRP folder and click "Create New Policies" and then two folders will appear underneath. Under the "Additional Rules" heading, right click, choose "New Certificate Rule..." and fill in the dialog (setting "Security level" to "Disallowed"). Hit OK, propogate the policy, and you're done. Whenever someone tries to run a piece of software (installer exe, cab, vbs -- any "executable" that can be signed) with this certificate, it will inform them that it has been disallowed by an Administrator.

It's worth noting that the Gator cert is on a short-list of certs that I put into my disk images in the local computer policy; that way, even if the computer is not connected to the domain, it still disallowes the install.

Configure the pop-up blocker in XP SP2 RC2

KC on Exchange and Outlook — Sat, 31 Jul 2004 01:39:00 GMT