Solved

Apply registry fix for MS ID 972890 to corporate using Group Policy or similar

Posted on 2009-07-07
18
2,034 Views
Last Modified: 2013-12-08
We are trying to find a nice method of deploying the registry fix workaround from Microsoft for the latest 0-day exploit. ID 972890
http://www.microsoft.com/technet/security/advisory/972890.mspx
The Microsoft webpage says the following
"You can apply this .reg file to individual systems by double-clicking it. You can also apply it across domains by using Group Policy."
I pretty familiar with Group Policies but, how to deploy a .reg file using a group policy?
Also interested in solutions have other people used to deploy this workaround in a corporate environment?
0
Comment
Question by:DataBitz
  • 5
  • 4
  • 4
  • +3
18 Comments
 
LVL 19

Assisted Solution

by:deroode
deroode earned 50 total points
Comment Utility
0
 
LVL 47

Accepted Solution

by:
dstewartjr earned 100 total points
Comment Utility

save below as activex.reg and save to a share
then add this line to a startup script .BAT file

regedit /s \\server\share\activex.reg
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{011B3619-FE63-4814-8A84-15A194CE9CE3}]

"Compatibility Flags"=dword:00000400

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0149EEDF-D08F-4142-8D73-D23903D21E90}]

 "Compatibility Flags"=dword:00000400

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0369B4E5-45B6-11D3-B650-00C04F79498E}]

 "Compatibility Flags"=dword:00000400

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0369B4E6-45B6-11D3-B650-00C04F79498E}]

 "Compatibility Flags"=dword:00000400

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{055CB2D7-2969-45CD-914B-76890722F112}]

 "Compatibility Flags"=dword:00000400

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0955AC62-BF2E-4CBA-A2B9-A63F772D46CF}]

 "Compatibility Flags"=dword:00000400

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{15D6504A-5494-499C-886C-973C9E53B9F1}]

 "Compatibility Flags"=dword:00000400

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1BE49F30-0E1B-11D3-9D8E-00C04F72D980}]

 "Compatibility Flags"=dword:00000400

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1C15D484-911D-11D2-B632-00C04F79498E}]

 "Compatibility Flags"=dword:00000400

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1DF7D126-4050-47F0-A7CF-4C4CA9241333}]

 "Compatibility Flags"=dword:00000400

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2C63E4EB-4CEA-41B8-919C-E947EA19A77C}]

 "Compatibility Flags"=dword:00000400

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{334125C0-77E5-11D3-B653-00C04F79498E}]

 "Compatibility Flags"=dword:00000400

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{37B0353C-A4C8-11D2-B634-00C04F79498E}]

 "Compatibility Flags"=dword:00000400

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{37B03543-A4C8-11D2-B634-00C04F79498E}]

 "Compatibility Flags"=dword:00000400

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{37B03544-A4C8-11D2-B634-00C04F79498E}]

 "Compatibility Flags"=dword:00000400

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{418008F3-CF67-4668-9628-10DC52BE1D08}]

 "Compatibility Flags"=dword:00000400

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4A5869CF-929D-4040-AE03-FCAFC5B9CD42}]

 "Compatibility Flags"=dword:00000400

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{577FAA18-4518-445E-8F70-1473F8CF4BA4}]

 "Compatibility Flags"=dword:00000400

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{59DC47A8-116C-11D3-9D8E-00C04F72D980}]

 "Compatibility Flags"=dword:00000400

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7F9CB14D-48E4-43B6-9346-1AEBC39C64D3}]

 "Compatibility Flags"=dword:00000400

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{823535A0-0318-11D3-9D8E-00C04F72D980}]

 "Compatibility Flags"=dword:00000400

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8872FF1B-98FA-4D7A-8D93-C9F1055F85BB}]

 "Compatibility Flags"=dword:00000400

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8A674B4C-1F63-11D3-B64C-00C04F79498E}]

 "Compatibility Flags"=dword:00000400

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8A674B4D-1F63-11D3-B64C-00C04F79498E}]

 "Compatibility Flags"=dword:00000400

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9CD64701-BDF3-4D14-8E03-F12983D86664}]

"Compatibility Flags"=dword:00000400

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9E77AAC4-35E5-42A1-BDC2-8F3FF399847C}]

 "Compatibility Flags"=dword:00000400

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A1A2B1C4-0E3A-11D3-9D8E-00C04F72D980}]

 "Compatibility Flags"=dword:00000400

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A2E3074E-6C3D-11D3-B653-00C04F79498E}]

 "Compatibility Flags"=dword:00000400

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A2E30750-6C3D-11D3-B653-00C04F79498E}]

 "Compatibility Flags"=dword:00000400

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A8DCF3D5-0780-4EF4-8A83-2CFFAACB8ACE}]

 "Compatibility Flags"=dword:00000400

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AD8E510D-217F-409B-8076-29C5E73B98E8}]

 "Compatibility Flags"=dword:00000400

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B0EDF163-910A-11D2-B632-00C04F79498E}]

 "Compatibility Flags"=dword:00000400

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B64016F3-C9A2-4066-96F0-BD9563314726}]

 "Compatibility Flags"=dword:00000400

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BB530C63-D9DF-4B49-9439-63453962E598}]

 "Compatibility Flags"=dword:00000400

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C531D9FD-9685-4028-8B68-6E1232079F1E}]

 "Compatibility Flags"=dword:00000400

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCC-9B79-11D3-B654-00C04F79498E}]

 "Compatibility Flags"=dword:00000400

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCD-9B79-11D3-B654-00C04F79498E}]

 "Compatibility Flags"=dword:00000400

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCE-9B79-11D3-B654-00C04F79498E}]

 "Compatibility Flags"=dword:00000400

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCF-9B79-11D3-B654-00C04F79498E}]

 "Compatibility Flags"=dword:00000400

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CD0-9B79-11D3-B654-00C04F79498E}]

 "Compatibility Flags"=dword:00000400

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C6B14B32-76AA-4A86-A7AC-5C79AAF58DA7}]

 "Compatibility Flags"=dword:00000400

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAAFDD83-CEFC-4E3D-BA03-175F17A24F91}]

 "Compatibility Flags"=dword:00000400

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D02AAC50-027E-11D3-9D8E-00C04F72D980}]

 "Compatibility Flags"=dword:00000400

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F9769A06-7ACA-4E39-9CFB-97BB35F0E77E}]

 "Compatibility Flags"=dword:00000400

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FA7C375B-66A7-4280-879D-FD459C84BB02}]

 "Compatibility Flags"=dword:00000400

Open in new window

0
 

Expert Comment

by:youngslim
Comment Utility
How would you undo this when the all clear is sounded?
0
 
LVL 4

Assisted Solution

by:tmasters2876
tmasters2876 earned 100 total points
Comment Utility
0
 
LVL 4

Expert Comment

by:tmasters2876
Comment Utility
Good question on the undo.  I'd freak out and have everyone go to the Fix It page Microsoft put out.  Otherwise someone else will come up with a .reg to undo, or if I were smart, I'd export the .reg I have in place now from a known working machine and use that to revert if needed.
0
 

Expert Comment

by:youngslim
Comment Utility
Do you happen to know of a legit site that uses the activex control - so you could test that it worked and test your "undo" worked?

0
 
LVL 47

Expert Comment

by:dstewartjr
Comment Utility
From bottom of page under workarounds
http://www.microsoft.com/technet/security/advisory/972890.mspx
"Impact of Workaround: There is no impact as long as the object is not intended to be used in Internet Explorer."

From what I can tell, there shouldnt be no need to undo it
0
 
LVL 4

Expert Comment

by:tmasters2876
Comment Utility
That's what I read too, but made an undo, just in case.  I guess the best way to test the undo is to see about getting a copy of the source code for the vulnerability and let it go to town on one of my machines.  ;-)  Just kidding of course.
0
 

Expert Comment

by:youngslim
Comment Utility
how did you make the undo, did you just change the setting back to
Compatibility Flags"=dword:00000000
in your script
?
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 2

Author Comment

by:DataBitz
Comment Utility
Thanks for everyones suggestions.
I've created a group policy template which will set the keys and values and can delete them again if we need to disable the policy.
dstewartjr, I wasn't sure if the startup script would work as our users do not have admin rights on their own computers.

; KB972890 Workaround (msvidctl) - Prevent Microsoft Video ActiveX Control in Internet Explorer - v1.2

; Created by DataBitz

;
 

CLASS MACHINE

CATEGORY "KB972890 Workaround (msvidctl) - Prevent Microsoft Video ActiveX Control in Internet Explorer"

KEYNAME ""

POLICY "Set Compatibility Flags KB972890"

EXPLAIN "Enabled will set the ActiveX Compatibility registry key to the value of 1024, as per workaround for Microsoft KB972890. Disabled deletes the Compatibility Flag value only, it does not delete the key"

	    	#if version >= 4

			SUPPORTED "Windows 2000, Windows XP, Windows Server 2003"

		#endif

ACTIONLISTON

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{011B3619-FE63-4814-8A84-15A194CE9CE3}"

  VALUENAME "Compatibility Flags"

  VALUE NUMERIC 1024

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0149EEDF-D08F-4142-8D73-D23903D21E90}"

  VALUENAME "Compatibility Flags"

  VALUE NUMERIC 1024

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0369B4E5-45B6-11D3-B650-00C04F79498E}"

  VALUENAME "Compatibility Flags"

  VALUE NUMERIC 1024

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0369B4E6-45B6-11D3-B650-00C04F79498E}"

  VALUENAME "Compatibility Flags"

  VALUE NUMERIC 1024

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{055CB2D7-2969-45CD-914B-76890722F112}"

  VALUENAME "Compatibility Flags"

  VALUE NUMERIC 1024

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0955AC62-BF2E-4CBA-A2B9-A63F772D46CF}"

  VALUENAME "Compatibility Flags"

  VALUE NUMERIC 1024

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{15D6504A-5494-499C-886C-973C9E53B9F1}"

  VALUENAME "Compatibility Flags"

  VALUE NUMERIC 1024

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1BE49F30-0E1B-11D3-9D8E-00C04F72D980}"

  VALUENAME "Compatibility Flags"

  VALUE NUMERIC 1024

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1C15D484-911D-11D2-B632-00C04F79498E}"

  VALUENAME "Compatibility Flags"

  VALUE NUMERIC 1024

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1DF7D126-4050-47F0-A7CF-4C4CA9241333}"

  VALUENAME "Compatibility Flags"

  VALUE NUMERIC 1024

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2C63E4EB-4CEA-41B8-919C-E947EA19A77C}"

  VALUENAME "Compatibility Flags"

  VALUE NUMERIC 1024

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{334125C0-77E5-11D3-B653-00C04F79498E}"

  VALUENAME "Compatibility Flags"

  VALUE NUMERIC 1024

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{37B0353C-A4C8-11D2-B634-00C04F79498E}"

  VALUENAME "Compatibility Flags"

  VALUE NUMERIC 1024

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{37B03543-A4C8-11D2-B634-00C04F79498E}"

  VALUENAME "Compatibility Flags"

  VALUE NUMERIC 1024

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{37B03544-A4C8-11D2-B634-00C04F79498E}"

  VALUENAME "Compatibility Flags"

  VALUE NUMERIC 1024

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{418008F3-CF67-4668-9628-10DC52BE1D08}"

  VALUENAME "Compatibility Flags"

  VALUE NUMERIC 1024

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4A5869CF-929D-4040-AE03-FCAFC5B9CD42}"

  VALUENAME "Compatibility Flags"

  VALUE NUMERIC 1024

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{577FAA18-4518-445E-8F70-1473F8CF4BA4}"

  VALUENAME "Compatibility Flags"

  VALUE NUMERIC 1024

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{59DC47A8-116C-11D3-9D8E-00C04F72D980}"

  VALUENAME "Compatibility Flags"

  VALUE NUMERIC 1024

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7F9CB14D-48E4-43B6-9346-1AEBC39C64D3}"

  VALUENAME "Compatibility Flags"

  VALUE NUMERIC 1024

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{823535A0-0318-11D3-9D8E-00C04F72D980}"

  VALUENAME "Compatibility Flags"

  VALUE NUMERIC 1024

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8872FF1B-98FA-4D7A-8D93-C9F1055F85BB}"

  VALUENAME "Compatibility Flags"

  VALUE NUMERIC 1024

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8A674B4C-1F63-11D3-B64C-00C04F79498E}"

  VALUENAME "Compatibility Flags"

  VALUE NUMERIC 1024

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8A674B4D-1F63-11D3-B64C-00C04F79498E}"

  VALUENAME "Compatibility Flags"

  VALUE NUMERIC 1024

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9CD64701-BDF3-4D14-8E03-F12983D86664}"

  VALUENAME "Compatibility Flags"

  VALUE NUMERIC 1024

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9E77AAC4-35E5-42A1-BDC2-8F3FF399847C}"

  VALUENAME "Compatibility Flags"

  VALUE NUMERIC 1024

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A1A2B1C4-0E3A-11D3-9D8E-00C04F72D980}"

  VALUENAME "Compatibility Flags"

  VALUE NUMERIC 1024

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A2E3074E-6C3D-11D3-B653-00C04F79498E}"

  VALUENAME "Compatibility Flags"

  VALUE NUMERIC 1024

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A2E30750-6C3D-11D3-B653-00C04F79498E}"

  VALUENAME "Compatibility Flags"

  VALUE NUMERIC 1024

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A8DCF3D5-0780-4EF4-8A83-2CFFAACB8ACE}"

  VALUENAME "Compatibility Flags"

  VALUE NUMERIC 1024

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AD8E510D-217F-409B-8076-29C5E73B98E8}"

  VALUENAME "Compatibility Flags"

  VALUE NUMERIC 1024

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B0EDF163-910A-11D2-B632-00C04F79498E}"

  VALUENAME "Compatibility Flags"

  VALUE NUMERIC 1024

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B64016F3-C9A2-4066-96F0-BD9563314726}"

  VALUENAME "Compatibility Flags"

  VALUE NUMERIC 1024

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BB530C63-D9DF-4B49-9439-63453962E598}"

  VALUENAME "Compatibility Flags"

  VALUE NUMERIC 1024

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C531D9FD-9685-4028-8B68-6E1232079F1E}"

  VALUENAME "Compatibility Flags"

  VALUE NUMERIC 1024

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCC-9B79-11D3-B654-00C04F79498E}"

  VALUENAME "Compatibility Flags"

  VALUE NUMERIC 1024

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCD-9B79-11D3-B654-00C04F79498E}"

  VALUENAME "Compatibility Flags"

  VALUE NUMERIC 1024

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCE-9B79-11D3-B654-00C04F79498E}"

  VALUENAME "Compatibility Flags"

  VALUE NUMERIC 1024

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCF-9B79-11D3-B654-00C04F79498E}"

  VALUENAME "Compatibility Flags"

  VALUE NUMERIC 1024

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CD0-9B79-11D3-B654-00C04F79498E}"

  VALUENAME "Compatibility Flags"

  VALUE NUMERIC 1024

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C6B14B32-76AA-4A86-A7AC-5C79AAF58DA7}"

  VALUENAME "Compatibility Flags"

  VALUE NUMERIC 1024

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAAFDD83-CEFC-4E3D-BA03-175F17A24F91}"

  VALUENAME "Compatibility Flags"

  VALUE NUMERIC 1024

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D02AAC50-027E-11D3-9D8E-00C04F72D980}"

  VALUENAME "Compatibility Flags"

  VALUE NUMERIC 1024

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F9769A06-7ACA-4E39-9CFB-97BB35F0E77E}"

  VALUENAME "Compatibility Flags"

  VALUE NUMERIC 1024

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FA7C375B-66A7-4280-879D-FD459C84BB02}"

  VALUENAME "Compatibility Flags"

  VALUE NUMERIC 1024

END ACTIONLISTON

ACTIONLISTOFF

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{011B3619-FE63-4814-8A84-15A194CE9CE3}"

  VALUENAME "Compatibility Flags"

  VALUE DELETE

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0149EEDF-D08F-4142-8D73-D23903D21E90}"

  VALUENAME "Compatibility Flags"

  VALUE DELETE

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0369B4E5-45B6-11D3-B650-00C04F79498E}"

  VALUENAME "Compatibility Flags"

  VALUE DELETE

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0369B4E6-45B6-11D3-B650-00C04F79498E}"

  VALUENAME "Compatibility Flags"

  VALUE DELETE

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{055CB2D7-2969-45CD-914B-76890722F112}"

  VALUENAME "Compatibility Flags"

  VALUE DELETE

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0955AC62-BF2E-4CBA-A2B9-A63F772D46CF}"

  VALUENAME "Compatibility Flags"

  VALUE DELETE

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{15D6504A-5494-499C-886C-973C9E53B9F1}"

  VALUENAME "Compatibility Flags"

  VALUE DELETE

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1BE49F30-0E1B-11D3-9D8E-00C04F72D980}"

  VALUENAME "Compatibility Flags"

  VALUE DELETE

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1C15D484-911D-11D2-B632-00C04F79498E}"

  VALUENAME "Compatibility Flags"

  VALUE DELETE

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1DF7D126-4050-47F0-A7CF-4C4CA9241333}"

  VALUENAME "Compatibility Flags"

  VALUE DELETE

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2C63E4EB-4CEA-41B8-919C-E947EA19A77C}"

  VALUENAME "Compatibility Flags"

  VALUE DELETE

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{334125C0-77E5-11D3-B653-00C04F79498E}"

  VALUENAME "Compatibility Flags"

  VALUE DELETE

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{37B0353C-A4C8-11D2-B634-00C04F79498E}"

  VALUENAME "Compatibility Flags"

  VALUE DELETE

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{37B03543-A4C8-11D2-B634-00C04F79498E}"

  VALUENAME "Compatibility Flags"

  VALUE DELETE

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{37B03544-A4C8-11D2-B634-00C04F79498E}"

  VALUENAME "Compatibility Flags"

  VALUE DELETE

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{418008F3-CF67-4668-9628-10DC52BE1D08}"

  VALUENAME "Compatibility Flags"

  VALUE DELETE

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4A5869CF-929D-4040-AE03-FCAFC5B9CD42}"

  VALUENAME "Compatibility Flags"

  VALUE DELETE

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{577FAA18-4518-445E-8F70-1473F8CF4BA4}"

  VALUENAME "Compatibility Flags"

  VALUE DELETE

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{59DC47A8-116C-11D3-9D8E-00C04F72D980}"

  VALUENAME "Compatibility Flags"

  VALUE DELETE

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7F9CB14D-48E4-43B6-9346-1AEBC39C64D3}"

  VALUENAME "Compatibility Flags"

  VALUE DELETE

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{823535A0-0318-11D3-9D8E-00C04F72D980}"

  VALUENAME "Compatibility Flags"

  VALUE DELETE

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8872FF1B-98FA-4D7A-8D93-C9F1055F85BB}"

  VALUENAME "Compatibility Flags"

  VALUE DELETE

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8A674B4C-1F63-11D3-B64C-00C04F79498E}"

  VALUENAME "Compatibility Flags"

  VALUE DELETE

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8A674B4D-1F63-11D3-B64C-00C04F79498E}"

  VALUENAME "Compatibility Flags"

  VALUE DELETE

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9CD64701-BDF3-4D14-8E03-F12983D86664}"

  VALUENAME "Compatibility Flags"

  VALUE DELETE

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9E77AAC4-35E5-42A1-BDC2-8F3FF399847C}"

  VALUENAME "Compatibility Flags"

  VALUE DELETE

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A1A2B1C4-0E3A-11D3-9D8E-00C04F72D980}"

  VALUENAME "Compatibility Flags"

  VALUE DELETE

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A2E3074E-6C3D-11D3-B653-00C04F79498E}"

  VALUENAME "Compatibility Flags"

  VALUE DELETE

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A2E30750-6C3D-11D3-B653-00C04F79498E}"

  VALUENAME "Compatibility Flags"

  VALUE DELETE

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A8DCF3D5-0780-4EF4-8A83-2CFFAACB8ACE}"

  VALUENAME "Compatibility Flags"

  VALUE DELETE

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AD8E510D-217F-409B-8076-29C5E73B98E8}"

  VALUENAME "Compatibility Flags"

  VALUE DELETE

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B0EDF163-910A-11D2-B632-00C04F79498E}"

  VALUENAME "Compatibility Flags"

  VALUE DELETE

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B64016F3-C9A2-4066-96F0-BD9563314726}"

  VALUENAME "Compatibility Flags"

  VALUE DELETE

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BB530C63-D9DF-4B49-9439-63453962E598}"

  VALUENAME "Compatibility Flags"

  VALUE DELETE

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C531D9FD-9685-4028-8B68-6E1232079F1E}"

  VALUENAME "Compatibility Flags"

  VALUE DELETE

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCC-9B79-11D3-B654-00C04F79498E}"

  VALUENAME "Compatibility Flags"

  VALUE DELETE

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCD-9B79-11D3-B654-00C04F79498E}"

  VALUENAME "Compatibility Flags"

  VALUE DELETE

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCE-9B79-11D3-B654-00C04F79498E}"

  VALUENAME "Compatibility Flags"

  VALUE DELETE

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCF-9B79-11D3-B654-00C04F79498E}"

  VALUENAME "Compatibility Flags"

  VALUE DELETE

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CD0-9B79-11D3-B654-00C04F79498E}"

  VALUENAME "Compatibility Flags"

  VALUE DELETE

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C6B14B32-76AA-4A86-A7AC-5C79AAF58DA7}"

  VALUENAME "Compatibility Flags"

  VALUE DELETE

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAAFDD83-CEFC-4E3D-BA03-175F17A24F91}"

  VALUENAME "Compatibility Flags"

  VALUE DELETE

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D02AAC50-027E-11D3-9D8E-00C04F72D980}"

  VALUENAME "Compatibility Flags"

  VALUE DELETE

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F9769A06-7ACA-4E39-9CFB-97BB35F0E77E}"

  VALUENAME "Compatibility Flags"

  VALUE DELETE

KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FA7C375B-66A7-4280-879D-FD459C84BB02}"

  VALUENAME "Compatibility Flags"

  VALUE DELETE

END ACTIONLISTOFF

END POLICY

END CATEGORY

Open in new window

0
 
LVL 47

Expert Comment

by:dstewartjr
Comment Utility
actually a startup script runs with system privileges(because it runs before user logon) so there would be no issue with applying this. But your Adm should work just as good. ;^D
0
 
LVL 2

Author Comment

by:DataBitz
Comment Utility
dstewartjr
Thanks will use the ADM this time. But have another quick question about the startup script. What permissions would need to be on the network location to allow it to be read, everyone/authenticated users/system?
0
 
LVL 47

Expert Comment

by:dstewartjr
Comment Utility
"B" ????
0
 
LVL 4

Expert Comment

by:tmasters2876
Comment Utility
:-)  I'm glad I at least got a passing grade.  
0
 

Expert Comment

by:chris_koch
Comment Utility
Another helpful method to push this out is to use a simple script to connect to machines in the enterprise and run the registry modifications remotely. The code snippet below represents a successful at deploying the registry fixes for 972890 throughout the enterprise unattended.

The script uses FOR statements to parse through a text file that lists all the PC's in the enterprise. Each line in the text file has the computer name of a single machine. Microsoft's psexec utility is then used to connect from a network machine with network access to each target machine in the list and logged in with an account that can modify each target machines' registry. After this is done, a text file is dropped on the machine so the registry changes are not made again if the script is run repeated times. Before running this script in your organization just be sure to test it in your environment.

The psexec utility used in this script Microsoft's (formerly Sysinternal's) psexec.exe found at:
http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx

Additionally you will need a .reg file with the changes for 972890. The code snippet earlier in this solution will provide that information for you. Make sure to check the code snippet for the reg file you copy against the keys specified in the security advisory for 972890 found at this URL:
http://www.microsoft.com/technet/security/advisory/972890.mspx

Finally, the value "\\source\" in the code snippet I have provided stands for the UNC pathname to the .reg file and the .txt file specified in the code snippet. This script is not perfect, since it pauses several seconds each time it hits a PC in the specified text file that is offline, but it works and has been tested successfully a few times. Feel free to modify it to correct any deficiencies you may find. Hope this helps. Nice of Microsoft to drop this on us out of band.

:: 12:41 PM 7/7/2009 Script Author

:: This script copies a .reg file and then executes a silent update of the registry for 972890 based on a list of PC's.

FOR /F %%P IN (pclist.txt) DO IF NOT EXIST \\%%P\C$\windows\temp\972890.reg xcopy \\source\972890.reg \\%%P\c$\windows\temp

FOR /F %%P IN (pclist.txt) DO IF EXIST \\%%P\C$\windows\temp\972890.reg Echo "good to go"

FOR /F %%P IN (pclist.txt) DO IF NOT EXIST \\%%P\C$\windows\temp\972890done.txt c:\pstools\psexec \\%%P c:\windows\regedit.exe /s "c:\windows\temp\972890.reg"

FOR /F %%P IN (pclist.txt) DO IF NOT EXIST \\%%P\C$\windows\temp\972890done.txt xcopy \\source\972890done.txt \\%%P\C$\windows\temp

:: Cut and Paste activity log with pause statement

pause

Open in new window

0
 
LVL 47

Expert Comment

by:dstewartjr
Comment Utility
Sure, if you want to do it the hard way. The startup script will do the job just fine. There's even a better way described here
 
http://community.spiceworks.com/topic/71312?page=1#entry-181505
0
 

Expert Comment

by:youngslim
Comment Utility
Yes based on the same article - I just tried putting this text below in a startup script (using GP editor)) on several machines and it worked fine, with no user interaction required.

msiexec /i "\\yourserver\fix it msi\MicrosoftFixit50287.msi" /quiet


The first time it added many of the keys *example {FA7C375B-66A7-4280-879D-FD459C84BB02}
) referenced in http://www.microsoft.com/technet/security/advisory/972890.mspx

I even tested it by changing the dword value from 400 back to 000. When I rebooted the machine and it ran the startup script again, i was able to verify that script updated the registry.
0
 

Expert Comment

by:chris_koch
Comment Utility
Point taken. Unaware that Microsoft Fix it was .msi based. Makes it very easy then to push fix files out via Software Installation in Group Policy. Little vague trying to find full directory of these .msi Fix it files. Found what I believe is a global listing of these files at:
https://fixit.support.microsoft.com/reporting/?gssnb=1
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This Micro Tutorial will demonstrate how to add subdomains to your content reports. This can be very importing in having a site with multiple subdomains.
How to create a custom search shortcut to site-search Experts Exchange using Google in the Firefox browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch your Bookmark Menu: Press 'Ctrl +…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now