1 / 21

Internet Explorer 7

Internet Explorer 7. Updated Advice for the NHS 04 February 2008 Version 1.3. Agenda. Summary Advice for the NHS IE7 Update February 2008 – WSUS IE7 And Windows XP Service Pack 3 IE7 Upgrade Process Options IE7 Security Features. Summary Advice for the NHS.

michon
Download Presentation

Internet Explorer 7

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Internet Explorer 7 Updated Advice for the NHS 04 February 2008 Version 1.3

  2. Agenda • Summary Advice for the NHS • IE7 Update February 2008 – WSUS • IE7 And Windows XP Service Pack 3 • IE7 Upgrade Process Options • IE7 Security Features

  3. Summary Advice for the NHS If you use Windows Server Update Services (WSUS) • Follow the advice below. • Then follow the advice on the next page (IE7 Update February 2008). If you use NPfIT applications provided by an LSP or NASP • Don’t install IE7 yet • Install the Blocker to prevent Windows Update (WU) automatically upgrading systems to IE7 • Follow the advice to prevent automatic update if you are using Windows Server Update Services (WSUS) • Test all your own critical applications with the latest version of IE7 available • Wait until your LSP confirms that all NCRS/NPfIT applications you use are compatible If you don’t yet use NPfIT applications provided by an LSP or NASP • Don’t install IE7 yet • Install the Blocker to prevent WU automatically upgrading systems to IE7 • Follow the advice to prevent automatic update if you are using Windows Server Update Services (WSUS) • Test all critical applications with the latest version of IE7 available

  4. IE7 Update February 2008

  5. WSUS IE7 Update Windows Server Update Services (WSUS) • Windows Internet Explorer 7 will be distributed via Windows Server Update Services (WSUS) from 12 February 2008 and may require administrator action to prevent the rollout. • If you have auto-approve enabled within WSUS, then IE 7 will be distributed to your desktops without further approval. • The blocker toolkit referred to in this document does not block IE7 from being installed through WSUS. • To prevent the installation of IE7 using WSUS, you need to ensure that you have not enabled the automatic approval of Update Rollups before 12th February. • It is Best Practice not to enable automatic approval of updates. • Please review this knowledge article for further information: KB 946202 at http://support.microsoft.com/default.aspx?scid=kb;EN-US;946202 • The original advice for blocking Windows Update is included in this document.

  6. IE7 And Windows XP Service Pack 3

  7. IE7 And Windows XP SP3 Windows XP Service Pack 3 • Windows XP Service Pack 3 will be released during 1H/2008. • Microsoft have confirmed the following details on IE7 and Windows XP SP 3: • Service Pack 3 will not force the installation of IE7. • If IE6 is installed, then Service Pack 3 will update IE6 but will not force an upgrade to IE7. • If IE7 is installed, then Service Pack 3 will update IE7. • Windows XP SP3 includes updates to both IE6 and IE7, and will update whichever version is installed on the computer.

  8. IE7 Upgrade Process Options

  9. New Features Tabbed browser RSS Page zoom More Manageable Group Policy settings Enhanced Security Only available on Windows XP SP2 Windows Server 2003 SP1 IE7 Beta known to break some NCRS applications Upgrade to IE7? Minus Plus

  10. Other Windows Versions All versions of Windows prior to XP SP2 should continue to run IE6

  11. IE7 Automatic Upgrade Microsoft treating IE7 as a “Hot Fix” to IE6 When released IE7 will be a High Priority Update on Windows Update (WU) It will be automatically installed on clients using Windows Server Update Services (WSUS) if auto-approve is enabled Some NCRS/NPfIT applications are known not to work with IE7 How do we prevent the automatic install of IE7?

  12. Preventing the Upgrade If using WSUS, SUS or SMS to deploy updates Do not auto approve the IE7 update Refer to the section above “IE7 Update February 2008” If manually using Windows Update (from Start menu) Tools available to prevent the IE7 update being applied Download from Microsoft Web site as a toolkit from http://go.microsoft.com/fwlink/?linkid=65788 Where users have Local Administrator rights Either remove those rights (unlikely) or provide advice & guidance

  13. Disabling Delivery of IE7 Will prevent machines receiving IE7 as a high-priority update via Automatic Updates and the “Express” install option on the Windows Update and Microsoft Update sites. The Blocker Toolkit will not expire Will NOT prevent manual installations of IE7 as a Recommended Update from the Windows Update or Microsoft Update sites, from the Microsoft Download Center (sic), or from external media. Erroneous IE7 installations can be uninstalled using Add/Remove Programs Will NOT prevent update of IE7 through WSUS. See the “IE7 Update February 2008” slide above.

  14. How the Toolkit works Blocker script sets a registry setting on a computer Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Setup\7.0 Key value name: DoNotAllowIE70 Value set to 1 to block install Script run asIE70Blocker.cmd [<machine name>] [/B] [/U] [/H] Group Policy template ADM file also supplied

  15. New Features of IE 7

  16. IE7 Security Features Protect the machine Protect the user against misleading downloads and websites

  17. Protect the Machine Unified URL parsing URLs passed as strings may be parsed inconsistently through the stack Special characters complicate URL parsing http://www.good.com@bad.com Cross-domain security enhancements Limit scripts on web pages from interacting with content from other domains or windows Code quality improvements to reduce buffer overruns

  18. Protect the Machine ActiveX Opt-in IE6 blocked signed ActiveX controls with the Information bar,but pre-installed controls would run silently IE7 blocks pre-installed ActiveX controls with the Information bar on first run (or via Add-on Manager) Protected Mode (Microsoft Windows Vista only) IE7 runs in isolation from other applications Cannot write beyond Temporary Internet Files without user consent

  19. Protect the User Download scanning with Windows Defender Phishing Filter High-assurance SSL and address bar Address bar shown in all windows Colour of address bar indicates potential threat

  20. Protect the User Dangerous settings notification "Fix My Settings" feature – warns when your Internet settings may be unsafe and resets them Secure defaults for IDN (International Domain Names) Warns when visually similar characters in URL are not in same language Parental controls (Windows Vista only) Can restrict access Logs sites browsed

  21. http://www.microsoft.com/windows/ie/ie7/about/features/default.mspxhttp://www.microsoft.com/windows/ie/ie7/about/features/default.mspx http://blogs.msdn.com/ie Toolkit to block upgrade to IE7 via Windows Update http://go.microsoft.com/fwlink/?linkid=65788 How to block upgrade with WSUS http://support.microsoft.com/default.aspx?scid=kb;EN-US;946202 Resources & further information

More Related