How to control the installation of Add-Ons in Internet Explorer.

For many organizations, controlling what can be added to clients help to reduce the Total Cost of Ownership (TCO) of a network. Controlling what extensions can be added to Internet Explorer is part of the TCO reduction effort by preventing the IT staff from support issues caused me non-approved Add-ons.

The first thing we need to do is to discover the GUID of an Add-On that we want to prevent from being installed. For this reason, you fist need to install it on a test client.

Once installed, open Internet Explorer.

Click Tools / Manage Add-ons.

Browser to the Add-on that you want to prevent the installation of.

Right mouse click the Add-on and select More Information.

Record the GUID ( curly braces as well ) and the Name.

Close the window.

Open a Group Policy that is scoped to the computers that your want to prevent add-ons from being installed.

Browse to Computer Configuration / Policies / Administrative Templates / Windows Components / Internet Explorer / Security Features / Add-on Management.

Enable the policy for Add-on List.

Click Show and enter the Name in the Value Name field and the Class ID/GUID in the Value field. Click OK when done.

Click OK again.

Enable the policy for Deny all add-ons unless specifically allowed in the Add-on List.

Now, only the Add-on that you listed can be installed once this GPO is applied to your clients.

Comments

Adding a Comment to a GPO with PowerShell

As I'm writing this article, I'm also writing a customization for a PowerShell course I'm teaching next week in Phoenix. This customization deals with Group Policy and PowerShell. For those of you who attend my classes may already know this, but I sit their and try to ask the questions to myself that others may ask as I present the material. I finished up my customization a few hours ago and then I realized that I did not add in how to put a comment on a GPO. This is a feature that many Group Policy Administrators may not be aware of. This past summer I attended a presentation at TechEd on Group Policy. One organization in the crowd had over 5,000 Group Policies. In an environment like that, the comment section can be priceless. I always like to write in the comment section why I created the policy so I know its purpose next week after I've completed 50 other tasks and can't remember what I did 5 minutes ago. In the Group Policy module for PowerShell V3, th

Return duplicate values from a collection with PowerShell

If you have a collection of objects and you want to remove any duplicate items, it is fairly simple. # Create a collection with duplicate values $Set1 = 1 , 1 , 2 , 2 , 3 , 4 , 5 , 6 , 7 , 1 , 2 # Remove the duplicate values. $Set1 | Select-Object -Unique 1 2 3 4 5 6 7 What if you want only the duplicate values and nothing else? # Create a collection with duplicate values $Set1 = 1 , 1 , 2 , 2 , 3 , 4 , 5 , 6 , 7 , 1 , 2 #Create a second collection with duplicate values removed. $Set2 = $Set1 | Select-Object -Unique # Return only the duplicate values. ( Compare-Object -ReferenceObject $Set2 -DifferenceObject $Set1 ) . InputObject | Select-Object – Unique 1 2 This works with objects as well as numbers. The first command creates a collection with 2 duplicates of both 1 and 2. The second command creates another collection with the duplicates filtered out. The Compare-Object cmdlet will first find items that are diffe

How to list all the AD LDS instances on a server

AD LDS allows you to provide directory services to applications that are free of the confines of Active Directory. To list all the AD LDS instances on a server, follow this procedure: Log into the server in question Open a command prompt. Type dsdbutil and press Enter Type List Instances and press Enter . You will receive a list of the instance name, both the LDAP and SSL port numbers, the location of the database, and its status.

Jason Yoder, MCT

Search This Blog