To help our customers become more secure and up-to-date, Microsoft will distribute Internet Explorer 11 as a high-priority update through Automatic Updates for Windows 7 Service Pack 1 (SP1) x86 and x64, and Windows Server 2008 R2 SP1 x64. This Blocker Toolkit is intended for organizations that would like to block automatic delivery of Internet Explorer 11 to machines in environments where Automatic Updates is enabled. The Blocker Toolkit will not expire.
This toolkit contains two components:
Windows 7 Service Pack 1 (SP1) x86 and x64 and Windows Server 2008 R2 SP1 x64
The script creates a registry key and sets the associated value to block or unblock (depending on the command-line option used) automatic delivery of Internet Explorer 11 on either the local machine or a remote target machine.
Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Setup\11.0
Key value name: DoNotAllowIE11
|
Value |
Result |
|
Key is not defined |
Distribution is not blocked. |
|
0 |
Distribution is not blocked. |
|
1 |
Distribution is blocked. |
The script has the following command-line syntax:
IE11_Blocker.cmd
[<machine name>] [/B] [/U] [/H]
The <machine name> parameter is optional. If not specified, the action is performed on the local machine. Otherwise, the remote machine is accessed through the remote registry capabilities of the REG command. If the remote registry can't be accessed due to security permissions or the remote machine can't be found, an error message is returned from the REG command.
Switches used by the script are mutually exclusive and only the first valid switch from a given command is acted on. The script can be run multiple times on the same machine.
|
Switch |
Description |
|
/B |
Blocks distribution |
|
/U |
Unblocks distribution |
|
/H (or /?) |
Displays the following summary help: This tool can be used to remotely block or unblock the delivery of Internet Explorer 11 through Automatic Updates.
------------------------------------------------------------ Usage: IE11_Blocker.cmd [<machine name>]
[/B][/U][/H] B
= Block Internet Explorer 11 deployment U
= Allow Internet Explorer 11 deployment H
= Help Examples: IE11_Blocker.cmd
mymachine /B (blocks delivery on machine "mymachine") IE11_Blocker.cmd /U (unblocks delivery on the local machine) ------------------------------------------------------------ |
The Group Policy Administrative Template (.ADM file) allows administrators to import the new Group Policy settings to block or unblock automatic delivery of Internet Explorer 11 into their Group Policy environment, and use Group Policy to centrally execute the action across systems in their environment.
Users running Windows 7 (SP1) or Windows Server 2008 R2 (SP1) will see the policy under Computer Configuration / Administrative Templates / Classic Administrative Templates / Windows Components / Windows Update / Automatic Updates Blockers v3. This setting is available only as a Computer setting; there is no Per-User setting.
Note: This registry setting is not stored in a policies key and is thus considered a preference. Therefore if the Group Policy Object that implements the setting is ever removed or the policy is set to Not Configured, the setting will remain. To unblock distribution of Internet Explorer 11 by using Group Policy, set the policy to Disabled.
� Internet Explorer 11 Blocker Toolkit: Frequently Asked Questions
� Internet Explorer 11 Delivery through Automatic Updates
� Toolkit to Disable Automatic Delivery of Internet Explorer 11
� Internet Explorer 11 Product page