News Categories
Announcement (9) Amy Babinchak (64) Tips (1) SBS 2011 (6) Windows Essentials 2012 (4) Edwin Sarmiento (28) SQL Server (22) SQL Server 2012 (6) SQL Server Clustering (3) SQL Server Disaster Recovery (6) Windows Server 2008 Clustering (1) log shipping (1) Brian Higgins (3) Uncategorized (42) Hyper-V (67) Virtualization (13) Windows 8 (13) Cisco VPN Client (1) Windows Server 2012 (24) Friend of TT (4) Hangout (2) Office365 (4) DNS (8) Jeremy (7) Cliff Galiher (3) Active Directory (12) ClearOS (4) Linux (4) presentations (2) SQL PASS (6) Chris Matthews (4) Printers (2) SharePoint (8) SQL Server Administration (7) Windows PowerShell (3) recovery model (1) sql server databases (1) Dave Shackelford (7) SMB Nation (1) Steve (1) Boon Tee (5) Kevin Royalty (3) Lee Wilbur (2) Philip Elder (10) SMBKitchen Crew (31) Susan Bradley (15) AlwaysOn (1) AlwaysOn Availability Groups (4) readable secondaries (1) row versioning (1) undocumented (1) The Project (2) Webinar (3) Enterprise for SMB Project (9) Security (25) Remote Desktop Connection for Mac (1) Remote Desktop Services (8) Windows Server 2008 (1) Exchange (15) Powershell (6) Microsoft (15) Performance (7) data types (1) Server 2012 (1) monitoring (1) DevTeach (1) SQL Server High Availability and Disaster Recovery (5) Clusters (44) Hyper-V Server 2012 (2) Business Principles (26) Cost of Doing Business (13) DHCP (7) sbs (15) Windows Server (30) SMBKitchen (26) Windows Server 2008 R2 (4) StorageCraft (1) P2V (1) ShadowProtect (6) StorageCraft ShadowProtect (1) VHDs (1) Intel RAID (2) Intel Server System R2208GZ (1) Intel Server Systems (17) RAID (2) SAS (2) SATA (2) Server Hardware (12) Microsoft Licensing (2) OEM (2) System Builder Tips (4) Intel (5) Intel Channel Partner Program (4) Intel Product Support (10) Intel Server Boards (2) Intel Server Manager (2) Cloud (26) IT Solutions (2) On-Premises (20) SMB (9) WIndows Azure (2) StorageSpaces (1) Error (47) Error Fix (35) Intel Desktop Boards (2) Intel SSDs (2) SSD (2) Business Opportunity (17) Data Security (11) Identity Security (7) Information Security (14) Privacy (2) Intel Modular Server (6) Promise (2) Storage Systems (9) Live ID (2) Microsoft ID (4) User Profiles (2) Articles (2) Building Client Relationships (6) DBCC IND (2) DBCC PAGE (2) filtered indexes (2) SQL Server Index Internals (2) training (11) Adobe (3) Internet Street Smart (8) Intel Storage Systems (2) LSI Corp (2) LSI SAS6160 Switch (2) Storage Spaces (7) Firmware Update (2) Product Support (7) Hybrid Cloud Solutions (3) Server Core (2) MAXDOP (1) SharePoint 2013 (1) SharePoint best practices (1) SQL Server Authentication (1) Family (5) Alternatives (1) SBS 2011 Standard (4) Microsoft Small Business Specialist Community (2) Microsoft Surface (2) SBSC (2) Networking (4) Availability Groups (3) CANITPro (1) HA/DR (1) Step-By-Step: Creating a SQL Server 2012 AlwaysOn Availability Group (1) webcast (1) VMWare (2) Conferences (2) Client Focus (2) Disaster Recovery (6) Error Workaround (8) Troubleshooting (4) Logitech (2) Product Review (7) Windows Features (4) XBox Music (2) SBS 2008 All Editions (4) MDOP (2) Microsoft Desktop Optimization Pack (2) Software Assurance (2) W2012E (6) Windows Server 2012 Essentials (6) Internet Explorer (3) USB 3.0 (2) USB Hard Drive (2) Bug Report (2) Microsoft Office 365 (5) sharepoint online (2) BitLocker (2) Windows (2) Microsoft Update (3) Swing Migration (2) Windows Update (4) Outlook (2) Group Policy (9) WS2012e (2) WSUS (3) Office (3) Microsoft Downloads (5) Microsoft Office (3) DRP (3) Virtual Machines (2) Virtual Server Hardware (2) online course (1) SQL Server learning (7) 2 Factor Authentication (2) 2FA (2) PASS Summit 2013 (4) SQLPASS (5) Contest (1) e-learning (1) Udemy (1) smbtechfest (1) backups (2) PASS Summit First Timers (3) IIS (2) RD Gateway (4) RD RemoteApp (2) RDWeb (4) Remote Desktop Connection (2) Remote Web Access (2) Remote Web Workplace (2) Cryptolocker (6) Backup (4) Restore (2) CryptoLocker (1) AuthAnvil (1) SBS 2003 (1) SBS Migration (1) Windows Server 2012 R2 (9) Documentation (1) IE 11 (4) testimonials (11) SQL Server 2008 (1) Best Practices (1) Support (1) Intel Xeon Processor (1) RemoteApp (1) Android (1) iOS (1) Hyper-V Replica (2) PowerShell (2) SBS (3) Break (1) Business Intelligence (1) Excel 2013 (1) Power Map (1) Power Query (1) PowerBI (1) MultiPoint (2) Surface (1) Net Neutrality (1) Opinion (2) ASP (9) HP (2) Scale-Out File Server (8) SOFS (10) Windows Phone (1) Updates (1) Intel NUC (1) Intuit (1) QuickBooks (1) Office364 (1) Intel Server Systems;Hyper-V (1) Firewall (1) Patching (1) Mobile (1) Mobility (1) sharepoint (1) Microsoft Security (1) Beta (1) Storage Replication (1) outlook (1) Hyper-V Setup (3) JBOD (1) Azure (1) PCI (1) PCI DSS (1) PII (1) POS (1) MicroStaff (2) Catherine Barr (2) Third Tier (1) BeTheCloud (1) BrainExplosion (1) LookAWhale (1) Manuel (1) Rayanne (3) SuperSecretNews (1) TechYourBooks (3) Managed Services (1) Training (1) E-mail (1)
RSS Feed
SMBKitchen Archives: Blocking IE 11
Posted by Third Tier on 22 January 2015 02:46 PM

It’s been more than a year since this article was published to the SMBKItchen, so we’re now sharing it with the general public.


Not a Third Tier customer yet? Let me introduce:  We’re Third Tier. We provide advanced Third Tier support for IT Professionals and MicroStaffing for IT consulting firms. Come on over, create an account (no charge) and follow our social media locations.

Third Tier Get Support BlogFeed Blog Twitter Twitter Facebook Facebook LinkedIn LinkedIN

Patch Management TiPS

Internet Explorer 11

Here we go again, but this time we need to decide when we want IE 11 to be installed on our systems.

Once again you will need to test and ensure compatibility with line of business applications and key business websites before approving the update on your customer’s machines.

At the present time IE11 is offered up but unchecked on Windows 7 machines.


Soon it will be pushed out to unmanaged machines.

There will be no release of IE11 on Windows 8 machines. You are expected to upgrade those machined to Windows 8.1 to obtain IE11. There will be no IE11 on Server 2012 machines.

Here is guidance on how to stop Internet Explorer 11 from being installed on your customer’s Windows 7 sp1 machines:

Blocking IE 11 in Managed Networks

If you use Microsoft’s server patch management tool called Windows Server Update Services to manage updates in your customer’s networks (natively installed on SBS 2003 R2, SBS 2008 and SBS 2011 standard), you need to do nothing at all in order to stop the deployment of IE 11. By default, as long as WSUS is controlling the updates in the network, the category of IE11 update rollups will not be approved and will not deploy automatically.

If you use another patch management tool, or you have an unmanaged environment you may wish to block the deployment of IE 11.

First some facts of the upgrade process to IE 11

1. Internet Explorer 11 can always be uninstalled. To uninstall it, go to the control panel, then to programs and features, click on View Installed Updates and remove IE11.

2. IE11 will only be offer to those who have local administrator rights on their Windows 7 computers. If your customers have been deployed with non-administrator rights they will not see this update automatically deployed

3. IE11 will be available as an “Important” update through automatic updates soon after it releases to the web. The timing of this “RTW” is not known at this time, but given that we already see it offered up but unchecked, they will begin to push it out soon.

4. If a machine has automatic updates enabled and has Service pack 1 for Windows 7, they will get an automatic upgrade to IE 11.

5. Microsoft tends to “throttle” large patches and monitors for any issues. IE 11 may be announced as being released, but you may not see it on your customer’s workstations for a few days or a few weeks afterwards.

6. Even if you previously used the IE blocker toolkit for IE8, IE9 or IE10, you will need to use this specific kit for IE11 as the specific registry key has changed.

Blocking IE 11 using the toolkit

If your clients are in an unmanaged deployment you may wish to use the IE11 blocking toolkit available from the Microsoft download site ( ) in order to block IE 11. This tool kit does not expire, but be aware that your unmanaged customer can manually go to Windows or Microsoft update and scan for updates and be offered up IE 11. It does not block the “offering” of IE 11 to a Windows 7 sp1 machine. It will block the automatic deployment via Windows update to an unmanaged machine.

Instructions for standalone deployments


If you merely need to block IE11 from a few machines, installing this blocker script by hand during your normal review of the machine may be your choice. It may not be the most efficient way to block IE 11 however.

Patching is often most disruptive to unmanaged customers. Internet Explorer 11 is default on Windows 8.1

IE11 for Windows 7 includes many, but not all, of the same features that are in the Windows 8.1 version. Here’s what’s different:

•In the Windows 7 version of IE11, the URL bar remains at the top of the browser (like it is with IE10 on Windows 7). IE11 for Windows 8.1 puts the URL bar at the bottom.

•The new tab view in Windows 8.1 isn’t part of the IE11 for Windows 7 release.

•IE11 on Windows 7 won’t support for premium video extensions like the 8.1 version does. “There are many solutions available for Windows 7 customers to stream and view protected content online, those methods will continue to function for customers,” a spokesperson confirmed. (Read: Silverlight and Flash.)

•No support for Google’s SPDY protocol (the precursor to HTTP 2.0) in IE11 on Windows 7. IE11 on Windows 8.1 does support SPDY.

•IE11 on Windows 7 will not support Enhanced Protected Mode browser security enhancements. (IE10 on Windows 7 didn’t, either.)

Beyond this, IE11 for Windows 7 and IE 11 for Windows 8.1 are largely the same, according to Microsoft officials.

Like IE11 on Windows 8.1, IE11 on Windows 7 includes support for WebGL. It will natively decode JPG images in real-time on the GPU so that pages load faster, use less memory and help improve battery life and support HTML5 link prefetching and pre-rendering, officials said. IE11 on Windows 7 also it incorporates the same changes to the “Chakra” JavaScript engine, including changes to garbage collection and just-in-time (JIT) compilation as IE11 for Windows 8.1 does, they said.

(source: )

Download the blocker toolkit from

1. Click on the link to download the package and select ‘Run’ or ‘Open’. You will be asked to accept the end-user license agreement (EULA) before you gain access to the package contents. The package contains 4 different files.

2. Ignore the fact that the download warning says IE11 release preview


Figure 1 – ignore the warning and click to continue


Figure 2 – Accept the EULA

3. Pick a location where you would like to place the 3 files above by clicking on ‘Browse’. Once you have specified the location to place the extracted files, click ‘OK’. If the folder location does not previously exist you will be prompted to make the location to store the three files.


Figure 3 – Insert location of extraction

4. Launch an elevated Command Prompt by navigating to Start -> All Programs -> Accessories -> and then right click on “Command Prompt” and select “Run as Administrator”.


Figure 4 – Right mouse click on Command Prompt

5. Type “CD” followed by the path to where you have extracted the 4 files in step 2 above.


Figure 5 – Moving to the extract location

6. In the Command Prompt, type “ie11_blocker.cmd /B” and hit Enter to set the blocker on the machine.


Figure 6 – enter in the command to block IE 11

7. You will see confirmation in the Command Prompt: “Blocking deployment of Internet Explorer 11 on the local machine. The operation completed successfully.” You can now close the Command Prompt window.


Figure 7 – IE 11 is now blocked

8. To confirm, click on start, in the run box, type in regedit and hit enter. Navigate to the HKEY_LOCAL_MACHINE key, then to SOFTWARE, then to Microsoft, then to Internet Explorer, then to Setup, then to 10.0


Figure 8 – Ensuring that the block registry key is set

9. You will see a registry key there blocking the deployment of IE11


Figure 9 – Reviewing the registry key

Instructions for using your own deployment tool

Using a Remote management tool that allows for scripting, merely push out a registry key as follows:

Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Setup\11.0

Key value name: DoNotAllowIE11

Deploy a DWORD (32-bit) value with a Hexadecimal value of 1 as shown below to block IE 11.


Figure 10 – Registry key values

The registry key will block the automatic deployment of IE11.

Alternatively you can script the command included in this download by specifying the machine name. The syntax to use is IE11_Blocker.cmd [<machine name>] /B. The command switch of /U will unblock the distribution of IE11 and the switch of /H will showcase the help file. If the remote registry can’t be accessed due to security permissions or the remote machine can’t be found, an error message is returned from the REG command.


Figure 11 – Switches used in the command

Instructions for using group policy

Included in the toolkit is a Group policy ADM file. It allows administrators to import the new group policy settings to block or unblock automatic deliver of IE11. Users running Windows 7 (SP1) or Windows Server 2008 R2 (SP1) will see the policy under Computer Configuration / Administrative Templates / Classic Administrative Templates / Windows Components / Windows Update / Automatic Updates Blockers v3. This setting is available only as a Computer setting; there is no Per-User setting.

Note: This registry setting is not stored in a policies key and is thus considered a preference. Therefore if the Group Policy Object that implements the setting is ever removed or the policy is set to Not Configured, the setting will remain. To unblock distribution of Internet Explorer 11 by using Group Policy, set the policy to Disabled.


Not a Third Tier customer yet? Let me introduce:  We’re Third Tier. We provide advanced Third Tier support for IT Professionals and MicroStaffing for IT consulting firms. Come on over, create an account (no charge) and follow our social media locations.

Third Tier Get Support BlogFeed Blog Twitter Twitter Facebook Facebook LinkedIn LinkedIN

Comments (0)
Post a new comment
Full Name:
CAPTCHA Verification 
Please enter the text you see in the image into the textbox below. This is required to prevent automated registrations and form submissions.

Help Desk Software by Kayako Fusion