?
Solved

Apply registry fix for MS ID 972890 to corporate using Group Policy or similar

Posted on 2009-07-07
18
Medium Priority
?
2,063 Views
Last Modified: 2013-12-08
We are trying to find a nice method of deploying the registry fix workaround from Microsoft for the latest 0-day exploit. ID 972890
http://www.microsoft.com/technet/security/advisory/972890.mspx
The Microsoft webpage says the following
"You can apply this .reg file to individual systems by double-clicking it. You can also apply it across domains by using Group Policy."
I pretty familiar with Group Policies but, how to deploy a .reg file using a group policy?
Also interested in solutions have other people used to deploy this workaround in a corporate environment?
0
Comment
Question by:DataBitz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 4
  • +3
18 Comments
 
LVL 19

Assisted Solution

by:deroode
deroode earned 150 total points
ID: 24792419
0
 
LVL 47

Accepted Solution

by:
Donald Stewart earned 300 total points
ID: 24796876

save below as activex.reg and save to a share
then add this line to a startup script .BAT file

regedit /s \\server\share\activex.reg
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{011B3619-FE63-4814-8A84-15A194CE9CE3}]
"Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0149EEDF-D08F-4142-8D73-D23903D21E90}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0369B4E5-45B6-11D3-B650-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0369B4E6-45B6-11D3-B650-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{055CB2D7-2969-45CD-914B-76890722F112}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0955AC62-BF2E-4CBA-A2B9-A63F772D46CF}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{15D6504A-5494-499C-886C-973C9E53B9F1}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1BE49F30-0E1B-11D3-9D8E-00C04F72D980}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1C15D484-911D-11D2-B632-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1DF7D126-4050-47F0-A7CF-4C4CA9241333}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2C63E4EB-4CEA-41B8-919C-E947EA19A77C}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{334125C0-77E5-11D3-B653-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{37B0353C-A4C8-11D2-B634-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{37B03543-A4C8-11D2-B634-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{37B03544-A4C8-11D2-B634-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{418008F3-CF67-4668-9628-10DC52BE1D08}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4A5869CF-929D-4040-AE03-FCAFC5B9CD42}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{577FAA18-4518-445E-8F70-1473F8CF4BA4}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{59DC47A8-116C-11D3-9D8E-00C04F72D980}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7F9CB14D-48E4-43B6-9346-1AEBC39C64D3}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{823535A0-0318-11D3-9D8E-00C04F72D980}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8872FF1B-98FA-4D7A-8D93-C9F1055F85BB}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8A674B4C-1F63-11D3-B64C-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8A674B4D-1F63-11D3-B64C-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9CD64701-BDF3-4D14-8E03-F12983D86664}]
"Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9E77AAC4-35E5-42A1-BDC2-8F3FF399847C}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A1A2B1C4-0E3A-11D3-9D8E-00C04F72D980}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A2E3074E-6C3D-11D3-B653-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A2E30750-6C3D-11D3-B653-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A8DCF3D5-0780-4EF4-8A83-2CFFAACB8ACE}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AD8E510D-217F-409B-8076-29C5E73B98E8}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B0EDF163-910A-11D2-B632-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B64016F3-C9A2-4066-96F0-BD9563314726}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BB530C63-D9DF-4B49-9439-63453962E598}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C531D9FD-9685-4028-8B68-6E1232079F1E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCC-9B79-11D3-B654-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCD-9B79-11D3-B654-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCE-9B79-11D3-B654-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCF-9B79-11D3-B654-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CD0-9B79-11D3-B654-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C6B14B32-76AA-4A86-A7AC-5C79AAF58DA7}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAAFDD83-CEFC-4E3D-BA03-175F17A24F91}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D02AAC50-027E-11D3-9D8E-00C04F72D980}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F9769A06-7ACA-4E39-9CFB-97BB35F0E77E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FA7C375B-66A7-4280-879D-FD459C84BB02}]
 "Compatibility Flags"=dword:00000400

Open in new window

0
 

Expert Comment

by:youngslim
ID: 24797858
How would you undo this when the all clear is sounded?
0
 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

 
LVL 4

Assisted Solution

by:tmasters2876
tmasters2876 earned 300 total points
ID: 24797859
0
 
LVL 4

Expert Comment

by:tmasters2876
ID: 24797935
Good question on the undo.  I'd freak out and have everyone go to the Fix It page Microsoft put out.  Otherwise someone else will come up with a .reg to undo, or if I were smart, I'd export the .reg I have in place now from a known working machine and use that to revert if needed.
0
 

Expert Comment

by:youngslim
ID: 24798682
Do you happen to know of a legit site that uses the activex control - so you could test that it worked and test your "undo" worked?

0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24798735
From bottom of page under workarounds
http://www.microsoft.com/technet/security/advisory/972890.mspx
"Impact of Workaround: There is no impact as long as the object is not intended to be used in Internet Explorer."

From what I can tell, there shouldnt be no need to undo it
0
 
LVL 4

Expert Comment

by:tmasters2876
ID: 24798846
That's what I read too, but made an undo, just in case.  I guess the best way to test the undo is to see about getting a copy of the source code for the vulnerability and let it go to town on one of my machines.  ;-)  Just kidding of course.
0
 

Expert Comment

by:youngslim
ID: 24798891
how did you make the undo, did you just change the setting back to
Compatibility Flags"=dword:00000000
in your script
?
0
 
LVL 2

Author Comment

by:DataBitz
ID: 24800553
Thanks for everyones suggestions.
I've created a group policy template which will set the keys and values and can delete them again if we need to disable the policy.
dstewartjr, I wasn't sure if the startup script would work as our users do not have admin rights on their own computers.

; KB972890 Workaround (msvidctl) - Prevent Microsoft Video ActiveX Control in Internet Explorer - v1.2
; Created by DataBitz
;
 
CLASS MACHINE
CATEGORY "KB972890 Workaround (msvidctl) - Prevent Microsoft Video ActiveX Control in Internet Explorer"
KEYNAME ""
POLICY "Set Compatibility Flags KB972890"
EXPLAIN "Enabled will set the ActiveX Compatibility registry key to the value of 1024, as per workaround for Microsoft KB972890. Disabled deletes the Compatibility Flag value only, it does not delete the key"
	    	#if version >= 4
			SUPPORTED "Windows 2000, Windows XP, Windows Server 2003"
		#endif
ACTIONLISTON
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{011B3619-FE63-4814-8A84-15A194CE9CE3}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0149EEDF-D08F-4142-8D73-D23903D21E90}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0369B4E5-45B6-11D3-B650-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0369B4E6-45B6-11D3-B650-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{055CB2D7-2969-45CD-914B-76890722F112}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0955AC62-BF2E-4CBA-A2B9-A63F772D46CF}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{15D6504A-5494-499C-886C-973C9E53B9F1}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1BE49F30-0E1B-11D3-9D8E-00C04F72D980}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1C15D484-911D-11D2-B632-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1DF7D126-4050-47F0-A7CF-4C4CA9241333}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2C63E4EB-4CEA-41B8-919C-E947EA19A77C}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{334125C0-77E5-11D3-B653-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{37B0353C-A4C8-11D2-B634-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{37B03543-A4C8-11D2-B634-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{37B03544-A4C8-11D2-B634-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{418008F3-CF67-4668-9628-10DC52BE1D08}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4A5869CF-929D-4040-AE03-FCAFC5B9CD42}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{577FAA18-4518-445E-8F70-1473F8CF4BA4}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{59DC47A8-116C-11D3-9D8E-00C04F72D980}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7F9CB14D-48E4-43B6-9346-1AEBC39C64D3}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{823535A0-0318-11D3-9D8E-00C04F72D980}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8872FF1B-98FA-4D7A-8D93-C9F1055F85BB}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8A674B4C-1F63-11D3-B64C-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8A674B4D-1F63-11D3-B64C-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9CD64701-BDF3-4D14-8E03-F12983D86664}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9E77AAC4-35E5-42A1-BDC2-8F3FF399847C}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A1A2B1C4-0E3A-11D3-9D8E-00C04F72D980}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A2E3074E-6C3D-11D3-B653-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A2E30750-6C3D-11D3-B653-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A8DCF3D5-0780-4EF4-8A83-2CFFAACB8ACE}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AD8E510D-217F-409B-8076-29C5E73B98E8}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B0EDF163-910A-11D2-B632-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B64016F3-C9A2-4066-96F0-BD9563314726}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BB530C63-D9DF-4B49-9439-63453962E598}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C531D9FD-9685-4028-8B68-6E1232079F1E}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCC-9B79-11D3-B654-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCD-9B79-11D3-B654-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCE-9B79-11D3-B654-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCF-9B79-11D3-B654-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CD0-9B79-11D3-B654-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C6B14B32-76AA-4A86-A7AC-5C79AAF58DA7}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAAFDD83-CEFC-4E3D-BA03-175F17A24F91}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D02AAC50-027E-11D3-9D8E-00C04F72D980}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F9769A06-7ACA-4E39-9CFB-97BB35F0E77E}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FA7C375B-66A7-4280-879D-FD459C84BB02}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
END ACTIONLISTON
ACTIONLISTOFF
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{011B3619-FE63-4814-8A84-15A194CE9CE3}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0149EEDF-D08F-4142-8D73-D23903D21E90}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0369B4E5-45B6-11D3-B650-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0369B4E6-45B6-11D3-B650-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{055CB2D7-2969-45CD-914B-76890722F112}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0955AC62-BF2E-4CBA-A2B9-A63F772D46CF}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{15D6504A-5494-499C-886C-973C9E53B9F1}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1BE49F30-0E1B-11D3-9D8E-00C04F72D980}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1C15D484-911D-11D2-B632-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1DF7D126-4050-47F0-A7CF-4C4CA9241333}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2C63E4EB-4CEA-41B8-919C-E947EA19A77C}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{334125C0-77E5-11D3-B653-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{37B0353C-A4C8-11D2-B634-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{37B03543-A4C8-11D2-B634-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{37B03544-A4C8-11D2-B634-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{418008F3-CF67-4668-9628-10DC52BE1D08}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4A5869CF-929D-4040-AE03-FCAFC5B9CD42}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{577FAA18-4518-445E-8F70-1473F8CF4BA4}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{59DC47A8-116C-11D3-9D8E-00C04F72D980}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7F9CB14D-48E4-43B6-9346-1AEBC39C64D3}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{823535A0-0318-11D3-9D8E-00C04F72D980}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8872FF1B-98FA-4D7A-8D93-C9F1055F85BB}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8A674B4C-1F63-11D3-B64C-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8A674B4D-1F63-11D3-B64C-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9CD64701-BDF3-4D14-8E03-F12983D86664}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9E77AAC4-35E5-42A1-BDC2-8F3FF399847C}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A1A2B1C4-0E3A-11D3-9D8E-00C04F72D980}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A2E3074E-6C3D-11D3-B653-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A2E30750-6C3D-11D3-B653-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A8DCF3D5-0780-4EF4-8A83-2CFFAACB8ACE}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AD8E510D-217F-409B-8076-29C5E73B98E8}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B0EDF163-910A-11D2-B632-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B64016F3-C9A2-4066-96F0-BD9563314726}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BB530C63-D9DF-4B49-9439-63453962E598}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C531D9FD-9685-4028-8B68-6E1232079F1E}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCC-9B79-11D3-B654-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCD-9B79-11D3-B654-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCE-9B79-11D3-B654-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCF-9B79-11D3-B654-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CD0-9B79-11D3-B654-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C6B14B32-76AA-4A86-A7AC-5C79AAF58DA7}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAAFDD83-CEFC-4E3D-BA03-175F17A24F91}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D02AAC50-027E-11D3-9D8E-00C04F72D980}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F9769A06-7ACA-4E39-9CFB-97BB35F0E77E}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FA7C375B-66A7-4280-879D-FD459C84BB02}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
END ACTIONLISTOFF
END POLICY
END CATEGORY

Open in new window

0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24800591
actually a startup script runs with system privileges(because it runs before user logon) so there would be no issue with applying this. But your Adm should work just as good. ;^D
0
 
LVL 2

Author Comment

by:DataBitz
ID: 24801672
dstewartjr
Thanks will use the ADM this time. But have another quick question about the startup script. What permissions would need to be on the network location to allow it to be read, everyone/authenticated users/system?
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24803667
"B" ????
0
 
LVL 4

Expert Comment

by:tmasters2876
ID: 24803716
:-)  I'm glad I at least got a passing grade.  
0
 

Expert Comment

by:chris_koch
ID: 24804393
Another helpful method to push this out is to use a simple script to connect to machines in the enterprise and run the registry modifications remotely. The code snippet below represents a successful at deploying the registry fixes for 972890 throughout the enterprise unattended.

The script uses FOR statements to parse through a text file that lists all the PC's in the enterprise. Each line in the text file has the computer name of a single machine. Microsoft's psexec utility is then used to connect from a network machine with network access to each target machine in the list and logged in with an account that can modify each target machines' registry. After this is done, a text file is dropped on the machine so the registry changes are not made again if the script is run repeated times. Before running this script in your organization just be sure to test it in your environment.

The psexec utility used in this script Microsoft's (formerly Sysinternal's) psexec.exe found at:
http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx

Additionally you will need a .reg file with the changes for 972890. The code snippet earlier in this solution will provide that information for you. Make sure to check the code snippet for the reg file you copy against the keys specified in the security advisory for 972890 found at this URL:
http://www.microsoft.com/technet/security/advisory/972890.mspx

Finally, the value "\\source\" in the code snippet I have provided stands for the UNC pathname to the .reg file and the .txt file specified in the code snippet. This script is not perfect, since it pauses several seconds each time it hits a PC in the specified text file that is offline, but it works and has been tested successfully a few times. Feel free to modify it to correct any deficiencies you may find. Hope this helps. Nice of Microsoft to drop this on us out of band.

:: 12:41 PM 7/7/2009 Script Author
:: This script copies a .reg file and then executes a silent update of the registry for 972890 based on a list of PC's.
FOR /F %%P IN (pclist.txt) DO IF NOT EXIST \\%%P\C$\windows\temp\972890.reg xcopy \\source\972890.reg \\%%P\c$\windows\temp
FOR /F %%P IN (pclist.txt) DO IF EXIST \\%%P\C$\windows\temp\972890.reg Echo "good to go"
FOR /F %%P IN (pclist.txt) DO IF NOT EXIST \\%%P\C$\windows\temp\972890done.txt c:\pstools\psexec \\%%P c:\windows\regedit.exe /s "c:\windows\temp\972890.reg"
FOR /F %%P IN (pclist.txt) DO IF NOT EXIST \\%%P\C$\windows\temp\972890done.txt xcopy \\source\972890done.txt \\%%P\C$\windows\temp
:: Cut and Paste activity log with pause statement
pause

Open in new window

0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24804557
Sure, if you want to do it the hard way. The startup script will do the job just fine. There's even a better way described here
 
http://community.spiceworks.com/topic/71312?page=1#entry-181505 
0
 

Expert Comment

by:youngslim
ID: 24805922
Yes based on the same article - I just tried putting this text below in a startup script (using GP editor)) on several machines and it worked fine, with no user interaction required.

msiexec /i "\\yourserver\fix it msi\MicrosoftFixit50287.msi" /quiet


The first time it added many of the keys *example {FA7C375B-66A7-4280-879D-FD459C84BB02}
) referenced in http://www.microsoft.com/technet/security/advisory/972890.mspx

I even tested it by changing the dword value from 400 back to 000. When I rebooted the machine and it ran the startup script again, i was able to verify that script updated the registry.
0
 

Expert Comment

by:chris_koch
ID: 24806142
Point taken. Unaware that Microsoft Fix it was .msi based. Makes it very easy then to push fix files out via Software Installation in Group Policy. Little vague trying to find full directory of these .msi Fix it files. Found what I believe is a global listing of these files at:
https://fixit.support.microsoft.com/reporting/?gssnb=1 
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's recap what we learned from yesterday's Skyport Systems webinar.
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question