[log in to unmask]">

New ADMX files for use in AD will be available August 12th to administer the new block settings.

 

-              Joe

 

***********************************************************************************************

Out-of-date ActiveX control blocking for managed environments

Out-of-date ActiveX control blocking is turned off in the Local Intranet Zone and Trusted Sites Zone, to help ensure that intranet Web sites and trusted line-of-business apps can continue to use ActiveX controls without disruption. Some customers may want more granular control over how this feature works on managed systems. IT Pros may want to turn on ActiveX control logging, enforce blocking, allow select domains to use out-of-date ActiveX controls, or—although it is not recommended—disable the feature altogether.

To support these scenarios, Internet Explorer includes four new Group Policy settings that you can use to manage out-of-date ActiveX control blocking.

             Logging can tell you what ActiveX controls will be allowed or flagged for warning or blocking, and for what reason. Creating an inventory of ActiveX controls can also show which ActiveX controls are compatible with Enhanced Protected Mode, an Internet Explorer 11 security feature which provides additional protection against browser exploits—but not all ActiveX controls are compatible with EPM, so this feature can help assess your organization’s readiness for blocking out-of-date ActiveX controls and enabling EPM. This Group Policy is “Turn on ActiveX control logging in Internet Explorer,” and can be used separately or in conjunction with the other three policies.

             Enforced blocking prevents users from overriding the warning for out-of-control ActiveX controls. Users will not see the “Run this time” button. This Group Policy is “Remove Run this time button for outdated ActiveX controls in Internet Explorer.”

             Selected domains can be managed for which Internet Explorer will not block or warn about outdated ActiveX controls. This policy is “Turn off blocking of outdated ActiveX controls for Internet Explorer on specific domains” and includes a list of top level domains, host names, or files.

             This feature can be turned off by using the policy “Turn off blocking of outdated ActiveX controls for Internet Explorer.” This might be used temporarily in combination with logging, to assess ActiveX controls before re-enabling the feature. This can also be enabled, like all four policies, with a registry key—in this case, a REG_DWORD “HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\VersionCheckEnabled" with value of zero.

 

Please see the complete technical documentation here, pending publication on August 7. Starting on August 12, you can also download updated Internet Explorer administrative templates from:

             Windows Server 2003. Download the complete set of (English only) Internet Explorer administrative templates, which include the new settings, from here.

             Windows Server 2008 and up. Download the complete set of Internet Explorer administrative templates, which include the new settings, from here.

 

-----Original Message-----
From: David McFarlane [mailto:[log in to unmask]]
Sent: Thursday, August 07, 2014 10:34 AM
To: [log in to unmask]
Subject: Re: [MSUNAG] Microsoft to block outdated Java versions in Internet Explorer

 

Hmm, the Non-Credit Registration System (https://login.msu.edu/?App=D9912-NCRSAdmin ) still requires use of jre-1_6_0_16, thereby disallowing users to update their Java.  Wonder if that will cause any problems?

 

-- dkm

 

 

At 8/7/2014 08:01 AM Thursday, Stehouwer, Matt wrote:

>I wanted to share this is case you start getting calls after patch

>Tuesday that EBS does not work. Let's hope that everyone is keeping

>Java updated.

> 

> 

><http://www.zdnet.com/microsoft-to-block-outdated-java-versions-in-inte

>rnet-explorer-7000032395/>http://www.zdnet.com/microsoft-to-block-outda

>ted-java-versions-in-internet-explorer-7000032395/

> 

>According to Microsoft, the following Java versions will be on the

>block list initially:

>    * J2SE 1.4, everything below (but not including) update 43

>    * J2SE 5.0, everything below (but not including) update 71

>    * Java SE 6, everything below (but not including) update 81

>    * Java SE 7, everything below (but not including) update 65

>    * Java SE 8, everything below (but not including) update 11

> 

> 

>Matt Stehouwer

>Technology Manager

>Michigan State University

>College of Natural Science Deans Office

>288 Farm Lane RM 154

>East Lansing, MI 48824

>517 355-9003 | Email: <mailto:[log in to unmask]>[log in to unmask]

>Linked-In:

><http://www.linkedin.com/in/mattstehouwer/>www.linkedin.com/in/mattsteh

>ouwer/


This electronic transmission and any information that it contains is the property of MSU Federal Credit Union and is intended for the use of the intended recipient. If you are not the intended recipient, any disclosure, copying or other use of this information is strictly prohibited. If you acquired this transmission in error or feel that any of the information contained within it is offensive or inappropriate, please contact [log in to unmask].