Internet Explorer 7 installs while blocked

Does anyone know why Internet Explorer 7 is suddenly being forced to install
on computers this week and more importantly how to block it? We have some
web-based applications which do not work with IE7 and need to remain at IE6.

We have several hundred computers running Windows XP either SP 2 or 3 with a
WSUS server that has denied the IE7 updated and a group policy to point
updates to the WSUS.

It was working fine until this week, all of a sudden we have 70 computers
that installed IE 7 and when we uninstall SP3 so we can uninstall IE7 and
then uninstall IE7, it gets re-installed automatically again.

Any ideas on this would be a huge help.

"Angela" <Angela@discussions.microsoft.com> wrote in message
news:9F8D74E3-95D4-4592-A932-01F8D5AA484A@microsoft.com...
> Does anyone know why Internet Explorer 7 is suddenly being forced to
> install
> on computers this week and more importantly how to block it? We have some
> web-based applications which do not work with IE7 and need to remain at
> IE6.

I dont think its forced to install but rather that the machines are set to
automatically download and install available updates.

The computers are set by group policy to download and install updates from
the WSUS server which is set to block IE7. And it has been working for over
a year now, no changes on our end this week.

"Sorken" wrote:

> I dont think its forced to install but rather that the machines are set to
> automatically download and install available updates.

[Forwarded to WSUS newsgroup via crosspost]

Angela wrote:
> The computers are set by group policy to download and install updates from
> the WSUS server which is set to block IE7. And it has been working for
> over
> a year now, no changes on our end this week.
>
>> I dont think its forced to install but rather that the machines are set
>> to
>> automatically download and install available updates.
<paste>
> Does anyone know why Internet Explorer 7 is suddenly being forced to
> install
> on computers this week and more importantly how to block it? We have some
> web-based applications which do not work with IE7 and need to remain at
> IE6.
>
> We have several hundred computers running Windows XP either SP 2 or 3 with
> a
> WSUS server that has denied the IE7 updated and a group policy to point
> updates to the WSUS.
>
> It was working fine until this week, all of a sudden we have 70 computers
> that installed IE 7 and when we uninstall SP3 so we can uninstall IE7 and
> then uninstall IE7, it gets re-installed automatically again.
>
> Any ideas on this would be a huge help.

Angela wrote:

>> The computers are set by group policy to download and install updates
>> from
>> the WSUS server which is set to block IE7.

Why is IE7 marked as *APPROVED* on the WSUS Server if you do not wish it to
be installed?

>> And it has been working for over
>> a year now, no changes on our end this week.

My guess would be the block has expired, or been removed/overridden -- even
though it was supposed to be non-expiring. Or perhaps a conflicting policy
has been applied that reverts the setting of the registry value.

The notes for the blocker pointed out that the blocker was not needed in a
WSUS environment; the recommended procedure was simply to not approve the
update for installation.

Of course, this doesn't mean that IE7 wasn't installed by somebody browsing
to WU/MU, or downloading the installer directly, or overriding the blocker
(if the user happens to have access to, and know how to remove the
registry-based blocker setting).

Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Setup\7.0
Key value name: DoNotAllowIE70

When the key value name is not defined, distribution is not blocked.
When the key value name is set to 0, distribution is not blocked.
When the key value name is set to 1, distribution is blocked.


Can you provide a WindowsUpdate.log showing the
detection/download/installation of Internet Explorer 7? This would be the
best place to start finding the answer to the question: Why was it
installed?

Also, an actual export of HKLM\Software\Microsoft\Internet
Explorere\Setup\7.0 would be good to have.




--
Lawrence Garvin, M.S., MCITP(x2), MCTS(x5), MCP(x7), MCBMSP
Principal/CTO, Onsite Technology Solutions, Houston, Texas
Microsoft MVP - Software Distribution (2005-2009)

MS WSUS Website: http://www.microsoft.com/wsus
My Websites: http://www.onsitechsolutions.com;
http://wsusinfo.onsitechsolutions.com
My MVP Profile: http://mvp.support.microsoft.com/pro...awrence.Garvin