Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Apply registry fix for MS ID 972890 to corporate using Group Policy or similar

Posted on 2009-07-07
18
Medium Priority
?
2,067 Views
Last Modified: 2013-12-08
We are trying to find a nice method of deploying the registry fix workaround from Microsoft for the latest 0-day exploit. ID 972890
http://www.microsoft.com/technet/security/advisory/972890.mspx
The Microsoft webpage says the following
"You can apply this .reg file to individual systems by double-clicking it. You can also apply it across domains by using Group Policy."
I pretty familiar with Group Policies but, how to deploy a .reg file using a group policy?
Also interested in solutions have other people used to deploy this workaround in a corporate environment?
0
Comment
Question by:DataBitz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 4
  • +3
18 Comments
 
LVL 19

Assisted Solution

by:deroode
deroode earned 150 total points
ID: 24792419
0
 
LVL 47

Accepted Solution

by:
Donald Stewart earned 300 total points
ID: 24796876

save below as activex.reg and save to a share
then add this line to a startup script .BAT file

regedit /s \\server\share\activex.reg
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{011B3619-FE63-4814-8A84-15A194CE9CE3}]
"Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0149EEDF-D08F-4142-8D73-D23903D21E90}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0369B4E5-45B6-11D3-B650-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0369B4E6-45B6-11D3-B650-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{055CB2D7-2969-45CD-914B-76890722F112}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0955AC62-BF2E-4CBA-A2B9-A63F772D46CF}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{15D6504A-5494-499C-886C-973C9E53B9F1}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1BE49F30-0E1B-11D3-9D8E-00C04F72D980}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1C15D484-911D-11D2-B632-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1DF7D126-4050-47F0-A7CF-4C4CA9241333}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2C63E4EB-4CEA-41B8-919C-E947EA19A77C}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{334125C0-77E5-11D3-B653-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{37B0353C-A4C8-11D2-B634-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{37B03543-A4C8-11D2-B634-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{37B03544-A4C8-11D2-B634-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{418008F3-CF67-4668-9628-10DC52BE1D08}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4A5869CF-929D-4040-AE03-FCAFC5B9CD42}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{577FAA18-4518-445E-8F70-1473F8CF4BA4}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{59DC47A8-116C-11D3-9D8E-00C04F72D980}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7F9CB14D-48E4-43B6-9346-1AEBC39C64D3}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{823535A0-0318-11D3-9D8E-00C04F72D980}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8872FF1B-98FA-4D7A-8D93-C9F1055F85BB}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8A674B4C-1F63-11D3-B64C-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8A674B4D-1F63-11D3-B64C-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9CD64701-BDF3-4D14-8E03-F12983D86664}]
"Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9E77AAC4-35E5-42A1-BDC2-8F3FF399847C}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A1A2B1C4-0E3A-11D3-9D8E-00C04F72D980}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A2E3074E-6C3D-11D3-B653-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A2E30750-6C3D-11D3-B653-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A8DCF3D5-0780-4EF4-8A83-2CFFAACB8ACE}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AD8E510D-217F-409B-8076-29C5E73B98E8}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B0EDF163-910A-11D2-B632-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B64016F3-C9A2-4066-96F0-BD9563314726}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BB530C63-D9DF-4B49-9439-63453962E598}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C531D9FD-9685-4028-8B68-6E1232079F1E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCC-9B79-11D3-B654-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCD-9B79-11D3-B654-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCE-9B79-11D3-B654-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCF-9B79-11D3-B654-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CD0-9B79-11D3-B654-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C6B14B32-76AA-4A86-A7AC-5C79AAF58DA7}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAAFDD83-CEFC-4E3D-BA03-175F17A24F91}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D02AAC50-027E-11D3-9D8E-00C04F72D980}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F9769A06-7ACA-4E39-9CFB-97BB35F0E77E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FA7C375B-66A7-4280-879D-FD459C84BB02}]
 "Compatibility Flags"=dword:00000400

Open in new window

0
 

Expert Comment

by:youngslim
ID: 24797858
How would you undo this when the all clear is sounded?
0
Learn Veeam advantages over legacy backup

Every day, more and more legacy backup customers switch to Veeam. Technologies designed for the client-server era cannot restore any IT service running in the hybrid cloud within seconds. Learn top Veeam advantages over legacy backup and get Veeam for the price of your renewal

 
LVL 4

Assisted Solution

by:tmasters2876
tmasters2876 earned 300 total points
ID: 24797859
0
 
LVL 4

Expert Comment

by:tmasters2876
ID: 24797935
Good question on the undo.  I'd freak out and have everyone go to the Fix It page Microsoft put out.  Otherwise someone else will come up with a .reg to undo, or if I were smart, I'd export the .reg I have in place now from a known working machine and use that to revert if needed.
0
 

Expert Comment

by:youngslim
ID: 24798682
Do you happen to know of a legit site that uses the activex control - so you could test that it worked and test your "undo" worked?

0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24798735
From bottom of page under workarounds
http://www.microsoft.com/technet/security/advisory/972890.mspx
"Impact of Workaround: There is no impact as long as the object is not intended to be used in Internet Explorer."

From what I can tell, there shouldnt be no need to undo it
0
 
LVL 4

Expert Comment

by:tmasters2876
ID: 24798846
That's what I read too, but made an undo, just in case.  I guess the best way to test the undo is to see about getting a copy of the source code for the vulnerability and let it go to town on one of my machines.  ;-)  Just kidding of course.
0
 

Expert Comment

by:youngslim
ID: 24798891
how did you make the undo, did you just change the setting back to
Compatibility Flags"=dword:00000000
in your script
?
0
 
LVL 2

Author Comment

by:DataBitz
ID: 24800553
Thanks for everyones suggestions.
I've created a group policy template which will set the keys and values and can delete them again if we need to disable the policy.
dstewartjr, I wasn't sure if the startup script would work as our users do not have admin rights on their own computers.

; KB972890 Workaround (msvidctl) - Prevent Microsoft Video ActiveX Control in Internet Explorer - v1.2
; Created by DataBitz
;
 
CLASS MACHINE
CATEGORY "KB972890 Workaround (msvidctl) - Prevent Microsoft Video ActiveX Control in Internet Explorer"
KEYNAME ""
POLICY "Set Compatibility Flags KB972890"
EXPLAIN "Enabled will set the ActiveX Compatibility registry key to the value of 1024, as per workaround for Microsoft KB972890. Disabled deletes the Compatibility Flag value only, it does not delete the key"
	    	#if version >= 4
			SUPPORTED "Windows 2000, Windows XP, Windows Server 2003"
		#endif
ACTIONLISTON
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{011B3619-FE63-4814-8A84-15A194CE9CE3}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0149EEDF-D08F-4142-8D73-D23903D21E90}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0369B4E5-45B6-11D3-B650-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0369B4E6-45B6-11D3-B650-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{055CB2D7-2969-45CD-914B-76890722F112}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0955AC62-BF2E-4CBA-A2B9-A63F772D46CF}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{15D6504A-5494-499C-886C-973C9E53B9F1}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1BE49F30-0E1B-11D3-9D8E-00C04F72D980}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1C15D484-911D-11D2-B632-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1DF7D126-4050-47F0-A7CF-4C4CA9241333}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2C63E4EB-4CEA-41B8-919C-E947EA19A77C}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{334125C0-77E5-11D3-B653-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{37B0353C-A4C8-11D2-B634-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{37B03543-A4C8-11D2-B634-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{37B03544-A4C8-11D2-B634-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{418008F3-CF67-4668-9628-10DC52BE1D08}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4A5869CF-929D-4040-AE03-FCAFC5B9CD42}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{577FAA18-4518-445E-8F70-1473F8CF4BA4}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{59DC47A8-116C-11D3-9D8E-00C04F72D980}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7F9CB14D-48E4-43B6-9346-1AEBC39C64D3}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{823535A0-0318-11D3-9D8E-00C04F72D980}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8872FF1B-98FA-4D7A-8D93-C9F1055F85BB}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8A674B4C-1F63-11D3-B64C-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8A674B4D-1F63-11D3-B64C-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9CD64701-BDF3-4D14-8E03-F12983D86664}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9E77AAC4-35E5-42A1-BDC2-8F3FF399847C}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A1A2B1C4-0E3A-11D3-9D8E-00C04F72D980}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A2E3074E-6C3D-11D3-B653-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A2E30750-6C3D-11D3-B653-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A8DCF3D5-0780-4EF4-8A83-2CFFAACB8ACE}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AD8E510D-217F-409B-8076-29C5E73B98E8}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B0EDF163-910A-11D2-B632-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B64016F3-C9A2-4066-96F0-BD9563314726}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BB530C63-D9DF-4B49-9439-63453962E598}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C531D9FD-9685-4028-8B68-6E1232079F1E}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCC-9B79-11D3-B654-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCD-9B79-11D3-B654-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCE-9B79-11D3-B654-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCF-9B79-11D3-B654-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CD0-9B79-11D3-B654-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C6B14B32-76AA-4A86-A7AC-5C79AAF58DA7}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAAFDD83-CEFC-4E3D-BA03-175F17A24F91}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D02AAC50-027E-11D3-9D8E-00C04F72D980}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F9769A06-7ACA-4E39-9CFB-97BB35F0E77E}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FA7C375B-66A7-4280-879D-FD459C84BB02}"
  VALUENAME "Compatibility Flags"
  VALUE NUMERIC 1024
END ACTIONLISTON
ACTIONLISTOFF
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{011B3619-FE63-4814-8A84-15A194CE9CE3}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0149EEDF-D08F-4142-8D73-D23903D21E90}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0369B4E5-45B6-11D3-B650-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0369B4E6-45B6-11D3-B650-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{055CB2D7-2969-45CD-914B-76890722F112}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0955AC62-BF2E-4CBA-A2B9-A63F772D46CF}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{15D6504A-5494-499C-886C-973C9E53B9F1}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1BE49F30-0E1B-11D3-9D8E-00C04F72D980}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1C15D484-911D-11D2-B632-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1DF7D126-4050-47F0-A7CF-4C4CA9241333}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2C63E4EB-4CEA-41B8-919C-E947EA19A77C}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{334125C0-77E5-11D3-B653-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{37B0353C-A4C8-11D2-B634-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{37B03543-A4C8-11D2-B634-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{37B03544-A4C8-11D2-B634-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{418008F3-CF67-4668-9628-10DC52BE1D08}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4A5869CF-929D-4040-AE03-FCAFC5B9CD42}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{577FAA18-4518-445E-8F70-1473F8CF4BA4}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{59DC47A8-116C-11D3-9D8E-00C04F72D980}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7F9CB14D-48E4-43B6-9346-1AEBC39C64D3}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{823535A0-0318-11D3-9D8E-00C04F72D980}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8872FF1B-98FA-4D7A-8D93-C9F1055F85BB}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8A674B4C-1F63-11D3-B64C-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8A674B4D-1F63-11D3-B64C-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9CD64701-BDF3-4D14-8E03-F12983D86664}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9E77AAC4-35E5-42A1-BDC2-8F3FF399847C}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A1A2B1C4-0E3A-11D3-9D8E-00C04F72D980}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A2E3074E-6C3D-11D3-B653-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A2E30750-6C3D-11D3-B653-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A8DCF3D5-0780-4EF4-8A83-2CFFAACB8ACE}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AD8E510D-217F-409B-8076-29C5E73B98E8}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B0EDF163-910A-11D2-B632-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B64016F3-C9A2-4066-96F0-BD9563314726}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BB530C63-D9DF-4B49-9439-63453962E598}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C531D9FD-9685-4028-8B68-6E1232079F1E}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCC-9B79-11D3-B654-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCD-9B79-11D3-B654-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCE-9B79-11D3-B654-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCF-9B79-11D3-B654-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CD0-9B79-11D3-B654-00C04F79498E}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C6B14B32-76AA-4A86-A7AC-5C79AAF58DA7}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAAFDD83-CEFC-4E3D-BA03-175F17A24F91}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D02AAC50-027E-11D3-9D8E-00C04F72D980}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F9769A06-7ACA-4E39-9CFB-97BB35F0E77E}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FA7C375B-66A7-4280-879D-FD459C84BB02}"
  VALUENAME "Compatibility Flags"
  VALUE DELETE
END ACTIONLISTOFF
END POLICY
END CATEGORY

Open in new window

0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24800591
actually a startup script runs with system privileges(because it runs before user logon) so there would be no issue with applying this. But your Adm should work just as good. ;^D
0
 
LVL 2

Author Comment

by:DataBitz
ID: 24801672
dstewartjr
Thanks will use the ADM this time. But have another quick question about the startup script. What permissions would need to be on the network location to allow it to be read, everyone/authenticated users/system?
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24803667
"B" ????
0
 
LVL 4

Expert Comment

by:tmasters2876
ID: 24803716
:-)  I'm glad I at least got a passing grade.  
0
 

Expert Comment

by:chris_koch
ID: 24804393
Another helpful method to push this out is to use a simple script to connect to machines in the enterprise and run the registry modifications remotely. The code snippet below represents a successful at deploying the registry fixes for 972890 throughout the enterprise unattended.

The script uses FOR statements to parse through a text file that lists all the PC's in the enterprise. Each line in the text file has the computer name of a single machine. Microsoft's psexec utility is then used to connect from a network machine with network access to each target machine in the list and logged in with an account that can modify each target machines' registry. After this is done, a text file is dropped on the machine so the registry changes are not made again if the script is run repeated times. Before running this script in your organization just be sure to test it in your environment.

The psexec utility used in this script Microsoft's (formerly Sysinternal's) psexec.exe found at:
http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx

Additionally you will need a .reg file with the changes for 972890. The code snippet earlier in this solution will provide that information for you. Make sure to check the code snippet for the reg file you copy against the keys specified in the security advisory for 972890 found at this URL:
http://www.microsoft.com/technet/security/advisory/972890.mspx

Finally, the value "\\source\" in the code snippet I have provided stands for the UNC pathname to the .reg file and the .txt file specified in the code snippet. This script is not perfect, since it pauses several seconds each time it hits a PC in the specified text file that is offline, but it works and has been tested successfully a few times. Feel free to modify it to correct any deficiencies you may find. Hope this helps. Nice of Microsoft to drop this on us out of band.

:: 12:41 PM 7/7/2009 Script Author
:: This script copies a .reg file and then executes a silent update of the registry for 972890 based on a list of PC's.
FOR /F %%P IN (pclist.txt) DO IF NOT EXIST \\%%P\C$\windows\temp\972890.reg xcopy \\source\972890.reg \\%%P\c$\windows\temp
FOR /F %%P IN (pclist.txt) DO IF EXIST \\%%P\C$\windows\temp\972890.reg Echo "good to go"
FOR /F %%P IN (pclist.txt) DO IF NOT EXIST \\%%P\C$\windows\temp\972890done.txt c:\pstools\psexec \\%%P c:\windows\regedit.exe /s "c:\windows\temp\972890.reg"
FOR /F %%P IN (pclist.txt) DO IF NOT EXIST \\%%P\C$\windows\temp\972890done.txt xcopy \\source\972890done.txt \\%%P\C$\windows\temp
:: Cut and Paste activity log with pause statement
pause

Open in new window

0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24804557
Sure, if you want to do it the hard way. The startup script will do the job just fine. There's even a better way described here
 
http://community.spiceworks.com/topic/71312?page=1#entry-181505 
0
 

Expert Comment

by:youngslim
ID: 24805922
Yes based on the same article - I just tried putting this text below in a startup script (using GP editor)) on several machines and it worked fine, with no user interaction required.

msiexec /i "\\yourserver\fix it msi\MicrosoftFixit50287.msi" /quiet


The first time it added many of the keys *example {FA7C375B-66A7-4280-879D-FD459C84BB02}
) referenced in http://www.microsoft.com/technet/security/advisory/972890.mspx

I even tested it by changing the dword value from 400 back to 000. When I rebooted the machine and it ran the startup script again, i was able to verify that script updated the registry.
0
 

Expert Comment

by:chris_koch
ID: 24806142
Point taken. Unaware that Microsoft Fix it was .msi based. Makes it very easy then to push fix files out via Software Installation in Group Policy. Little vague trying to find full directory of these .msi Fix it files. Found what I believe is a global listing of these files at:
https://fixit.support.microsoft.com/reporting/?gssnb=1 
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question