Apply registry fix for MS ID 972890 to corporate using Group Policy or similar

We are trying to find a nice method of deploying the registry fix workaround from Microsoft for the latest 0-day exploit. ID 972890
http://www.microsoft.com/technet/security/advisory/972890.mspx
The Microsoft webpage says the following
"You can apply this .reg file to individual systems by double-clicking it. You can also apply it across domains by using Group Policy."
I pretty familiar with Group Policies but, how to deploy a .reg file using a group policy?
Also interested in solutions have other people used to deploy this workaround in a corporate environment?
LVL 2
DataBitzAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

deroodeSystems AdministratorCommented:
0
DonNetwork AdministratorCommented:

save below as activex.reg and save to a share
then add this line to a startup script .BAT file

regedit /s \\server\share\activex.reg
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{011B3619-FE63-4814-8A84-15A194CE9CE3}]
"Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0149EEDF-D08F-4142-8D73-D23903D21E90}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0369B4E5-45B6-11D3-B650-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0369B4E6-45B6-11D3-B650-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{055CB2D7-2969-45CD-914B-76890722F112}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0955AC62-BF2E-4CBA-A2B9-A63F772D46CF}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{15D6504A-5494-499C-886C-973C9E53B9F1}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1BE49F30-0E1B-11D3-9D8E-00C04F72D980}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1C15D484-911D-11D2-B632-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1DF7D126-4050-47F0-A7CF-4C4CA9241333}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2C63E4EB-4CEA-41B8-919C-E947EA19A77C}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{334125C0-77E5-11D3-B653-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{37B0353C-A4C8-11D2-B634-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{37B03543-A4C8-11D2-B634-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{37B03544-A4C8-11D2-B634-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{418008F3-CF67-4668-9628-10DC52BE1D08}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4A5869CF-929D-4040-AE03-FCAFC5B9CD42}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{577FAA18-4518-445E-8F70-1473F8CF4BA4}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{59DC47A8-116C-11D3-9D8E-00C04F72D980}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7F9CB14D-48E4-43B6-9346-1AEBC39C64D3}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{823535A0-0318-11D3-9D8E-00C04F72D980}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8872FF1B-98FA-4D7A-8D93-C9F1055F85BB}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8A674B4C-1F63-11D3-B64C-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8A674B4D-1F63-11D3-B64C-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9CD64701-BDF3-4D14-8E03-F12983D86664}]
"Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9E77AAC4-35E5-42A1-BDC2-8F3FF399847C}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A1A2B1C4-0E3A-11D3-9D8E-00C04F72D980}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A2E3074E-6C3D-11D3-B653-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A2E30750-6C3D-11D3-B653-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A8DCF3D5-0780-4EF4-8A83-2CFFAACB8ACE}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AD8E510D-217F-409B-8076-29C5E73B98E8}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B0EDF163-910A-11D2-B632-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B64016F3-C9A2-4066-96F0-BD9563314726}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BB530C63-D9DF-4B49-9439-63453962E598}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C531D9FD-9685-4028-8B68-6E1232079F1E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCC-9B79-11D3-B654-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCD-9B79-11D3-B654-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCE-9B79-11D3-B654-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCF-9B79-11D3-B654-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CD0-9B79-11D3-B654-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C6B14B32-76AA-4A86-A7AC-5C79AAF58DA7}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAAFDD83-CEFC-4E3D-BA03-175F17A24F91}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D02AAC50-027E-11D3-9D8E-00C04F72D980}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F9769A06-7ACA-4E39-9CFB-97BB35F0E77E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FA7C375B-66A7-4280-879D-FD459C84BB02}]
 "Compatibility Flags"=dword:00000400

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
youngslimCommented:
How would you undo this when the all clear is sounded?
0
Newly released Acronis True Image 2019

In announcing the release of the 15th Anniversary Edition of Acronis True Image 2019, the company revealed that its artificial intelligence-based anti-ransomware technology – stopped more than 200,000 ransomware attacks on 150,000 customers last year.

tmasters2876Commented:
Good question on the undo.  I'd freak out and have everyone go to the Fix It page Microsoft put out.  Otherwise someone else will come up with a .reg to undo, or if I were smart, I'd export the .reg I have in place now from a known working machine and use that to revert if needed.
0
youngslimCommented:
Do you happen to know of a legit site that uses the activex control - so you could test that it worked and test your "undo" worked?

0
DonNetwork AdministratorCommented:
From bottom of page under workarounds
http://www.microsoft.com/technet/security/advisory/972890.mspx
"Impact of Workaround: There is no impact as long as the object is not intended to be used in Internet Explorer."

From what I can tell, there shouldnt be no need to undo it
0
tmasters2876Commented:
That's what I read too, but made an undo, just in case.  I guess the best way to test the undo is to see about getting a copy of the source code for the vulnerability and let it go to town on one of my machines.  ;-)  Just kidding of course.
0
youngslimCommented:
how did you make the undo, did you just change the setting back to
Compatibility Flags"=dword:00000000
in your script
?
0
DataBitzAuthor Commented:
Thanks for everyones suggestions.
I've created a group policy template which will set the keys and values and can delete them again if we need to disable the policy.
dstewartjr, I wasn't sure if the startup script would work as our users do not have admin rights on their own computers.

; KB972890 Workaround (msvidctl) - Prevent Microsoft Video ActiveX Control in Internet Explorer - v1.2
; Created by DataBitz
;
 
CLASS MACHINE
CATEGORY "KB972890 Workaround (msvidctl) - Prevent Microsoft Video ActiveX Control in Internet Explorer"
KEYNAME ""
POLICY "Set Compatibility Flags KB972890"
EXPLAIN "Enabled will set the ActiveX Compatibility registry key to the value of 1024, as per workaround for Microsoft KB972890. Disabled deletes the Compatibility Flag value only, it does not delete the key"
	    	#if version >= 4
			SUPPORTED "Windows 2000, Windows XP, Windows Server 2003"
		#endif
ACTIONLISTON
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{011B3619-FE63-4814-8A84-15A194CE9CE3}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0149EEDF-D08F-4142-8D73-D23903D21E90}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0369B4E5-45B6-11D3-B650-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0369B4E6-45B6-11D3-B650-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{055CB2D7-2969-45CD-914B-76890722F112}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0955AC62-BF2E-4CBA-A2B9-A63F772D46CF}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{15D6504A-5494-499C-886C-973C9E53B9F1}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1BE49F30-0E1B-11D3-9D8E-00C04F72D980}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1C15D484-911D-11D2-B632-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1DF7D126-4050-47F0-A7CF-4C4CA9241333}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2C63E4EB-4CEA-41B8-919C-E947EA19A77C}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{334125C0-77E5-11D3-B653-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{37B0353C-A4C8-11D2-B634-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{37B03543-A4C8-11D2-B634-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{37B03544-A4C8-11D2-B634-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{418008F3-CF67-4668-9628-10DC52BE1D08}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4A5869CF-929D-4040-AE03-FCAFC5B9CD42}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{577FAA18-4518-445E-8F70-1473F8CF4BA4}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{59DC47A8-116C-11D3-9D8E-00C04F72D980}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7F9CB14D-48E4-43B6-9346-1AEBC39C64D3}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{823535A0-0318-11D3-9D8E-00C04F72D980}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8872FF1B-98FA-4D7A-8D93-C9F1055F85BB}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8A674B4C-1F63-11D3-B64C-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8A674B4D-1F63-11D3-B64C-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9CD64701-BDF3-4D14-8E03-F12983D86664}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9E77AAC4-35E5-42A1-BDC2-8F3FF399847C}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A1A2B1C4-0E3A-11D3-9D8E-00C04F72D980}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A2E3074E-6C3D-11D3-B653-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A2E30750-6C3D-11D3-B653-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A8DCF3D5-0780-4EF4-8A83-2CFFAACB8ACE}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AD8E510D-217F-409B-8076-29C5E73B98E8}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B0EDF163-910A-11D2-B632-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B64016F3-C9A2-4066-96F0-BD9563314726}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BB530C63-D9DF-4B49-9439-63453962E598}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C531D9FD-9685-4028-8B68-6E1232079F1E}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCC-9B79-11D3-B654-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCD-9B79-11D3-B654-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCE-9B79-11D3-B654-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCF-9B79-11D3-B654-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CD0-9B79-11D3-B654-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C6B14B32-76AA-4A86-A7AC-5C79AAF58DA7}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAAFDD83-CEFC-4E3D-BA03-175F17A24F91}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D02AAC50-027E-11D3-9D8E-00C04F72D980}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F9769A06-7ACA-4E39-9CFB-97BB35F0E77E}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FA7C375B-66A7-4280-879D-FD459C84BB02}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
END ACTIONLISTON
ACTIONLISTOFF
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{011B3619-FE63-4814-8A84-15A194CE9CE3}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0149EEDF-D08F-4142-8D73-D23903D21E90}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0369B4E5-45B6-11D3-B650-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0369B4E6-45B6-11D3-B650-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{055CB2D7-2969-45CD-914B-76890722F112}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0955AC62-BF2E-4CBA-A2B9-A63F772D46CF}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{15D6504A-5494-499C-886C-973C9E53B9F1}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1BE49F30-0E1B-11D3-9D8E-00C04F72D980}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1C15D484-911D-11D2-B632-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1DF7D126-4050-47F0-A7CF-4C4CA9241333}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2C63E4EB-4CEA-41B8-919C-E947EA19A77C}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{334125C0-77E5-11D3-B653-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{37B0353C-A4C8-11D2-B634-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{37B03543-A4C8-11D2-B634-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{37B03544-A4C8-11D2-B634-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{418008F3-CF67-4668-9628-10DC52BE1D08}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4A5869CF-929D-4040-AE03-FCAFC5B9CD42}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{577FAA18-4518-445E-8F70-1473F8CF4BA4}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{59DC47A8-116C-11D3-9D8E-00C04F72D980}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7F9CB14D-48E4-43B6-9346-1AEBC39C64D3}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{823535A0-0318-11D3-9D8E-00C04F72D980}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8872FF1B-98FA-4D7A-8D93-C9F1055F85BB}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8A674B4C-1F63-11D3-B64C-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8A674B4D-1F63-11D3-B64C-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9CD64701-BDF3-4D14-8E03-F12983D86664}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9E77AAC4-35E5-42A1-BDC2-8F3FF399847C}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A1A2B1C4-0E3A-11D3-9D8E-00C04F72D980}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A2E3074E-6C3D-11D3-B653-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A2E30750-6C3D-11D3-B653-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A8DCF3D5-0780-4EF4-8A83-2CFFAACB8ACE}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AD8E510D-217F-409B-8076-29C5E73B98E8}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B0EDF163-910A-11D2-B632-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B64016F3-C9A2-4066-96F0-BD9563314726}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BB530C63-D9DF-4B49-9439-63453962E598}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C531D9FD-9685-4028-8B68-6E1232079F1E}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCC-9B79-11D3-B654-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCD-9B79-11D3-B654-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCE-9B79-11D3-B654-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCF-9B79-11D3-B654-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CD0-9B79-11D3-B654-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C6B14B32-76AA-4A86-A7AC-5C79AAF58DA7}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAAFDD83-CEFC-4E3D-BA03-175F17A24F91}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D02AAC50-027E-11D3-9D8E-00C04F72D980}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F9769A06-7ACA-4E39-9CFB-97BB35F0E77E}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FA7C375B-66A7-4280-879D-FD459C84BB02}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
END ACTIONLISTOFF
END POLICY
END CATEGORY

Open in new window

0
DonNetwork AdministratorCommented:
actually a startup script runs with system privileges(because it runs before user logon) so there would be no issue with applying this. But your Adm should work just as good. ;^D
0
DataBitzAuthor Commented:
dstewartjr
Thanks will use the ADM this time. But have another quick question about the startup script. What permissions would need to be on the network location to allow it to be read, everyone/authenticated users/system?
0
DonNetwork AdministratorCommented:
"B" ????
0
tmasters2876Commented:
:-)  I'm glad I at least got a passing grade.  
0
chris_kochCommented:
Another helpful method to push this out is to use a simple script to connect to machines in the enterprise and run the registry modifications remotely. The code snippet below represents a successful at deploying the registry fixes for 972890 throughout the enterprise unattended.

The script uses FOR statements to parse through a text file that lists all the PC's in the enterprise. Each line in the text file has the computer name of a single machine. Microsoft's psexec utility is then used to connect from a network machine with network access to each target machine in the list and logged in with an account that can modify each target machines' registry. After this is done, a text file is dropped on the machine so the registry changes are not made again if the script is run repeated times. Before running this script in your organization just be sure to test it in your environment.

The psexec utility used in this script Microsoft's (formerly Sysinternal's) psexec.exe found at:
http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx

Additionally you will need a .reg file with the changes for 972890. The code snippet earlier in this solution will provide that information for you. Make sure to check the code snippet for the reg file you copy against the keys specified in the security advisory for 972890 found at this URL:
http://www.microsoft.com/technet/security/advisory/972890.mspx

Finally, the value "\\source\" in the code snippet I have provided stands for the UNC pathname to the .reg file and the .txt file specified in the code snippet. This script is not perfect, since it pauses several seconds each time it hits a PC in the specified text file that is offline, but it works and has been tested successfully a few times. Feel free to modify it to correct any deficiencies you may find. Hope this helps. Nice of Microsoft to drop this on us out of band.

:: 12:41 PM 7/7/2009 Script Author
:: This script copies a .reg file and then executes a silent update of the registry for 972890 based on a list of PC's.
FOR /F %%P IN (pclist.txt) DO IF NOT EXIST \\%%P\C$\windows\temp\972890.reg xcopy \\source\972890.reg \\%%P\c$\windows\temp
FOR /F %%P IN (pclist.txt) DO IF EXIST \\%%P\C$\windows\temp\972890.reg Echo "good to go"
FOR /F %%P IN (pclist.txt) DO IF NOT EXIST \\%%P\C$\windows\temp\972890done.txt c:\pstools\psexec \\%%P c:\windows\regedit.exe /s "c:\windows\temp\972890.reg"
FOR /F %%P IN (pclist.txt) DO IF NOT EXIST \\%%P\C$\windows\temp\972890done.txt xcopy \\source\972890done.txt \\%%P\C$\windows\temp
:: Cut and Paste activity log with pause statement
pause

Open in new window

0
DonNetwork AdministratorCommented:
Sure, if you want to do it the hard way. The startup script will do the job just fine. There's even a better way described here
 
http://community.spiceworks.com/topic/71312?page=1#entry-181505 
0
youngslimCommented:
Yes based on the same article - I just tried putting this text below in a startup script (using GP editor)) on several machines and it worked fine, with no user interaction required.

msiexec /i "\\yourserver\fix it msi\MicrosoftFixit50287.msi" /quiet


The first time it added many of the keys *example {FA7C375B-66A7-4280-879D-FD459C84BB02}
) referenced in http://www.microsoft.com/technet/security/advisory/972890.mspx

I even tested it by changing the dword value from 400 back to 000. When I rebooted the machine and it ran the startup script again, i was able to verify that script updated the registry.
0
chris_kochCommented:
Point taken. Unaware that Microsoft Fix it was .msi based. Makes it very easy then to push fix files out via Software Installation in Group Policy. Little vague trying to find full directory of these .msi Fix it files. Found what I believe is a global listing of these files at:
https://fixit.support.microsoft.com/reporting/?gssnb=1 
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Browsers

From novice to tech pro — start learning today.