Condividi tramite


How do I test the new out-of-date ActiveX controls feature?

On the previous blog "How to manage the new "blocking out-of-date ActiveX controls"  feature in IE?" we showed you the location and settings for the new out-of-date ActiveX controls feature and on this one, we are outlining the step by step instructions covered in article KB2991000 | Update to block out-of-date ActiveX controls in Internet Explorer  under the section "Testing the out-of-date ActiveX controls feature" to get your testing started and better prepare you for the upcoming changes.

Testing Guidance 

PLEASE NOTE THAT THESE TEST SHOULD BE PERFORM OUT OF YOUR TEST ENVIRONMENT AND ANY TAMPERING WITH THE XML FILE IS NOT SUPPORTED ON PRODUCTION ENVIRONMENTS!

 

PLEASE FOLLOW THE STEPS OUTLINED IN THE ARTCILE: https://support.microsoft.com/kb/2991000 under, Testing the out-of-date ActiveX controls feature

TIP: Make a backup of the original file, so you can restore it after you are done with testing!

 

 Turn on AuditMode 

  • Enabled the “Turn on ActiveX logging in Internet Explorer” GPO

 Registry Location: 
 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Ext]
"AuditModeEnabled"=dword:00000001

START TESTING

Restart Internet Explorer. You should see that websites that attempt to load out-of-date Java ActiveX controls will now display the out-of-date ActiveX control blocking notification.

 

 Example: https://javatester.org/version.html

To see the Audit Log, open the %LOCALAPPDATA%\Microsoft\Internet Explorer\AuditMode folder and review the VersionAuditLog.CSV file. You should see the Audit items listed.

If your organization needs more time to mitigate dependencies on out-of-date Java controls, you have the following two options:

  • Turn off the feature completely: Use the Turn off blocking of outdated ActiveX controls for Internet Explorer Group Policy setting (or corresponding registry key)
     Note  This is the less secure option.
  • Turn off the feature for a specific domain: Use the Turn off blocking of outdated ActiveX controls for Internet Explorer on specific domains Group Policy setting (or corresponding registry key). This setting allows you to turn off the feature on the specific domains on which your enterprise has an out-of-date Java dependency.

This blog has been provided to you by the IE Support team!

Comments

  • Anonymous
    August 25, 2014
    The comment has been removed
  • Anonymous
    August 28, 2014
    After applying the MS update 2976627, I'm still not seeing the directory %LOCALAPPDATA%MicrosoftInternet ExplorerVersionManager.  Do we have to manually create this, or should it get placed during the update?
  • Anonymous
    August 29, 2014
    @John Carnex    Please make sure you enable the GPO below:GPO NAME: Turn on ActiveX control logging in Internet ExplorerREGISTRY LOCATION: SOFTWAREMicrosoftWindowsCurrentVersionPoliciesExtVALUE: "AuditModeEnabled"=dword:00000001Check the clients registry and make sure it is present.
  • Anonymous
    September 01, 2014
    Hi,The audit log isn't in %LOCALAPPDATA%MicrosoftInternet ExplorerVersionManagerAuditMode as mentioned in your post.It's actually in "%localappdata%microsoftInternet ExplorerAuditMode"Other ref: technet.microsoft.com/.../dn761713.aspx
  • Anonymous
    September 02, 2014
    @Eminyou are correct!Fix it!The correct path for the VersionAuditLog.CSV is: %LOCALAPPDATA%MicrosoftInternet ExplorerAuditMode
  • Anonymous
    September 07, 2014
    I have (in the registry) enabled AuditModeEnabled per the instructions above and I am unable to locate the Audit log.
  • Anonymous
    September 08, 2014
    Can I please get an answer re: how long we have to roll out a new version before the versionlist.xml will be updated?
  • Anonymous
    September 09, 2014
    The comment has been removed
  • Anonymous
    September 11, 2014
    @AllTry to create the Folder "AuditMode" in %LOCALAPPDATA%MicrosoftInternet Explorer  manually
  • Anonymous
    September 11, 2014
    @127    You don't need to create that folder.You should wait until the versionlist.xml is created. The AuditMode can only be created if the versionlist.xml exist and you may have to wait 12 hours to see it.  
  • Anonymous
    September 16, 2014
    The comment has been removed
  • Anonymous
    September 18, 2014
    @127    I would suggest considering opening a ticket with Microsoft support to help you further look into this issue.  
  • Anonymous
    December 15, 2014
    The audit log will not create an entry for non-routable server IP (192.168..). Additionally, I have defined a specific non-routable IP in my local intranet and in PoliciesextDomain and still out of date Java is being blocked in IE 10: "Your security settings have blocked an application from running with an out-of-date or expired version of Java."