this post was submitted on 07 Apr 2024
472 points (97.2% liked)

Technology

34830 readers
18 users here now

This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.

Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.

Rules:

1: All Lemmy rules apply

2: Do not post low effort posts

3: NEVER post naziped*gore stuff

4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.

5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)

6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist

7: crypto related posts, unless essential, are disallowed

founded 5 years ago
MODERATORS
[email protected]
472
New Windows driver blocks software from changing default web browser (www.bleepingcomputer.com)
submitted 7 months ago by [email protected] to c/[email protected]
135 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 6 points 7 months ago (1 children)

To anyone saying "just use GPOs", here's a quote from the SetUserFTA page:

Microsoft offers a solution with GPO, but it is Computer-based and not User-based – and rather complicated. this means, you can not associate your Users on the same Server/Client with different file types. for example:

you have a PDF viewer and a PDF editing software on your XenApp server. Now you want that a certain group opens their PDF’s in the editor and the others only in the viewer (for licensing reasons for example). this is NOT possible anymore and Microsoft states “it is by design” and “this is a security measure”.

Said solution:

  1. Set up a reference computer
  2. Install applications
  3. Go to Control Panel\All Control Panel Items\Default Programs and configure default apps associations.
  4. Export/import the custom default app association with dism.exe

[...]

As some recommended applications can manage more extensions with each new Windows 10 version available, it's a good practice to refresh your XML. For example, in Windows 10 1703, Microsoft Edge registers the epub extension. If you're using an XML file from Windows 10 1607, epub is missing. As a result, you will get an app reset notification for epub.

[...]

Configure a policy for your domain-joined computer: file association will be configured at each logon. User will be able to change file association, but at the next logon file association will be configured using XML file. This policy works only for domain-joined computer.

This is just about the most convoluted, annoying way they could come up with for doing this, doesn't help people whose machines aren't part of AD and isn't scriptable. If they were mainly concerned about security they'd have an option for not allowing the user to change these preferences even temporarily on domain-joined machines.

[–] [email protected] 1 points 7 months ago

That's on purpose.