Look, I’m not gonna hide it, I love IE8. It’s a strange feeling actually because generally I’ve avoided IE for the past two years or so. I did most of my work in Firefox and that was mainly because of the vast amount of plugins available for that browser. However, since version 3 came out, I felt it became slower (especially on start-up) and I started to use IE and Chrome together with Firefox. I can’t give which browser I use for which occassions but I use them all, when I feel like it or when something doesn’t work like it should in one of them.
But now, IE8 … what forbidden substance did they consume in Redmond ? It stands like a house. Compatibility view is genius (and it works !!). I really like how they incorporated ‘default secure’ in their UI. A good example is when you browse to a website that is served over https but some components or parts of the website are served over http (ads, iframes, …). In the past, IE would ask you if you wanted to see the insecure content. Now, in IE8, that’s different. IE will prompt, asking you if it is ok to only show you the secure content. If you click yes without reading the message … you’re still secure. It sounds stupid, but I love them for that alone.
Ok, on to the main topic of the blogpost. Deploying it in a corporate environment.
Don’t just approve the update through WSUS or allow your users to get the update through Windows Update.
The main issue here is InPrivate surfing. This is a function, new in IE8, that allows users to browse websites without leaving traces on the local computer. That is great when you’re using IE8 at home (you don’t want $spouse to find out you’ve been looking at miniature train websites all night again …) but it’s not something I want my users to use. It will ruin my chain of evidence since whatever I find on my proxy or packet trace can never be tied to the workstation (and subsequently the user).
a) check out the IEAK (Internet Explorer Administration Kit). This tool will allow you to create an installer package that installs IE8 just as you want it.
b) Use these recommendations to block InPrivate surfing.
c) Update the inetres.adm files (these contain group policy settings for IE8) in Active Directory.
d) If you decided that you don’t want to roll out IE8, use the blocker toolkit.
That’s it folks. Can I recommend IE8 ? Yes I can and I will to anybody that asks me. But be wise and don’t take this as a behind the curtains update. This is a brand new application with a whole set of nifty features.
Have a great weekend !
Previous 
Next 
Categories
Tag Cloud
Blog RSS
Comments RSS
Last 50 Posts
Back
Void 
Life 
Earth 
Wind 
Water 
Fire
[...] The Security Kitchen » Deploying IE8 in your corporate environment. Deploying it in a corporate environment. Don’t just approve the update through WSUS or allow your users to get the update through Windows Update. The main issue here is InPrivate surfing. This is a function, new in IE8, that allows users to browse websites without leaving traces on the local computer. That is great when you’re using IE8 at home but it’s not something I want my users to use. It will ruin my chain of evidence since whatever I find on my proxy or packet trace can never be tied to the workstation (and subsequently the user). [...]
Like or Dislike:
0 
0
[...] Good stuff and I definitely agree with the author regarding disabling private browsing. The Security Kitchen >> Deploying IE8 in your corporate environment. Tags: ( ie8 [...]
Like or Dislike:
0 
0