>> The computers are set by group policy to download and install updates
>> the WSUS server which is set to block IE7.
Why is IE7 marked as *APPROVED* on the WSUS Server if you do not wish it to
>> And it has been working for over
>> a year now, no changes on our end this week.
My guess would be the block has expired, or been removed/overridden -- even
though it was supposed to be non-expiring. Or perhaps a conflicting policy
has been applied that reverts the setting of the registry value.
The notes for the blocker pointed out that the blocker was not needed in a
WSUS environment; the recommended procedure was simply to not approve the
update for installation.
Of course, this doesn't mean that IE7 wasn't installed by somebody browsing
to WU/MU, or downloading the installer directly, or overriding the blocker
(if the user happens to have access to, and know how to remove the
registry-based blocker setting).
Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Key value name: DoNotAllowIE70
When the key value name is not defined, distribution is not blocked.
When the key value name is set to 0, distribution is not blocked.
When the key value name is set to 1, distribution is blocked.
Can you provide a WindowsUpdate.log showing the
detection/download/installation of Internet Explorer 7? This would be the
best place to start finding the answer to the question: Why was it
Also, an actual export of HKLM\Software\Microsoft\Internet
Explorere\Setup\7.0 would be good to have.
Lawrence Garvin, M.S., MCITP(x2), MCTS(x5), MCP(x7), MCBMSP
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2009)
MS WSUS Website: http://www.microsoft.com/wsus
My Websites: http://www.onsitechsolutions.com;
My MVP Profile: http://mvp.support.microsoft.com/pro...awrence.Garvin