Disable Automatic Delivery of Internet Explorer 9

Posted on 2011-03-31 in tools • 397 words • 2 minute read

Last updated on 2011-03-31

Tags: Administration, Deployment, Internet Explorer

With the recent release of Internet Explorer 9, Microsoft will be delivering it as important update through AU to help customers become more secure and up-to-date. Although security should be a key point on any policies portfolio, not all companies are ready to adopt last Microsoft’s browser version. I remember a company I worked for, that hadn’t had enough resources to modify code on their intranet tools sites to adapt them to Internet Explorer 6, so they were still running on version 4 when 8 was released.

Imagine what would happened if version 4 would be updated to 8 during the weekend and people would not be able to ran that critical tool on Monday morning… Let me be graphic, IT phones throwing fire!.

Fortunately, there is a trick to avoid new versions delivery through automatic updates. But you should have some considerations in mind when using it:

• Prevents the machine from receiving it as an important update via Automatic Updates on the Windows Update and Microsoft Update sites; it will be listed as an optional update.

• Will not prevent users from manually installing it as a Recommended update from the Windows Update or Microsoft Update sites, from the Microsoft Download Center, or from external media.

• Organizations do not need to deploy it in environments managed with an update management solution such as Windows Server Update Services or Systems Management Server. Organizations can use those products to fully manage deployment of updates released through Windows Update and Microsoft Update, within their environment.

• You need to use it for every version. There are different registry keys used to block or unblock automatic delivery of Internet Explorer on every version.

It consists on a registry key that sets the associated value to block or unblock automatic delivery of Internet Explorer:

Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Setup\_.0
Key value name: DoNotAllowIE_0

So the examples are:

Internet Explorer 7

Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Setup\7.0
Key value name: DoNotAllowIE70

Internet Explorer 8

_Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Setup\8.0
_Key value name: DoNotAllowIE80

Internet Explorer 9

_Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Setup\9.0
_Key value name: DoNotAllowIE90

To easy things, Microsoft released the Blocker Toolkit with every of these versions. It contains the administrative template to import it to a Group Policy Object and a script to set the registry key locally and remotely to any computer.

It can be downloaded here:

• Internet Explorer 7
• Internet Explorer 8
• Internet Explorer 9