Blocking outdated ActiveX Controls

We’re going to be blocking outdated ActiveX controls in IE later today. Currently, folks will get the following dialog when a page tries to trigger an outdated (known vulnerable) ActiveX control:


After the change, users will not be offered the ‘Run this time’ choice. Users who need to run an old ActiveX control for some reason (e.g. a FDA app that only works with Java 7) can work around the restriction by adding the page to the Trusted Sites zone, or the Local intranet zone (both zones bypass the block by design).

Adding a site to Trusted Sites or Local intranet can be done through the Internet Options control panel:


If you are unable to add sites to zones (all the controls are greyed out), it means that their site assignment is centrally managed – we’ll need to update the GPO to square those folks away.

As part of this change, we’re also making a couple minor adjustments:

  • The “Internet Explorer – Compatibility Mode Auto Off for Intranet” GPO is being renamed to “Internet Explorer – Managed Settings” to indicate that it impacts more than one setting
  • We’re enabling ActiveX Control logging (off by default) so that we’ve got something to work with for troubleshooting, or so that the security office has something to work with if they have to investigate a PII compromise. Logs are located @ %LOCALAPPDATA%\Microsoft\Internet Explorer\AuditMode\VersionAuditLog.csv

Office 2016 Upgrades Begin May 9

The following information related to the Office 2016 upgrades was sent out today to all CN customers via email. It provides some initial timeline information for the upgrades so I am posting it here as well as a project update.

Information Services completed their testing of Office 2016 for Windows and, starting May 9, we’ll begin upgrading supported computers. The upgrades will be completed in waves. The first wave will be comprised of computers currently running Office 2010, with groups running Office 2013 beginning several weeks later.

Process overview:

  1. A targeted notification will be sent out early next week, informing the first group to expect the upgrade on May 9, and providing additional details.
  2. Another targeted notification will be sent out late next week, informing the second group to expect the upgrade on May 12, and providing additional details.
  3. A reminder message will be sent to each group the day of their upgrade.
  4. The upgrades will be completed overnight and Office 2016 will be available the next morning.
  5. This process will be repeated each week until the upgrades from Office 2010 are completed.

While waiting for your upgrade, you can learn about the new features and get some basic training on Office 2016:

If you have questions or concerns, please contact Todd Soli, the project lead: