A couple of graduate students have written an article in The Register reporting that the IE7 critical update is causing headaches for managed environments.
If these really are managed environments how is it that patches are being deployed without the I.T. departments knowledge? Why wasn’t the IE7 blocker deployed? It was available a long time before IE7 was released to Windows
The authors make a weird comment:
“For those organizations wishing to hold back a little further until these potential issues are sorted out by a later IE service pack (we are already on SP2) “
So in their world we’re running IE7 SP2? That’s kind of strange. Further the authors imply that Microsoft released the IE7 automatic updates blocker as a result of this problem. In reality they released it in July.
The problem they are reporting is that the home page can be changed by the user, it isn’t locked down. Because the article is poorly written we don’t know how the home page was originally locked. So we really don’t know if there is actually a problem. Again, in a managed environment, you deploy the blocker (which admittedly only prevents accidental installs) or you don’t provide your users with local administrator rights. Either way, you would have tested this desired functionality (preferably in the year long beta of IE7) so you’re not surprised.
I wonder what method they used to try to lock the IE home page? Did they lock it with the IEAK for IE6, and then they are surprised it doesn’t work with IE7? Or did they attempt to lock it with Group Policy and it doesn’t work. I’m kind of curious.
I haven’t seen this myself. In our environment we’re just beginning to work with the internal application administrators to verify that IE7 will work with our HR, Finance and Payroll websites.
In a managed environment, you should deploy the Toolkit to disable automatic delivery which oh by the way was released in July, and use the Internet Explorer Administrators Toolkit 7 to deploy with the correct settings.