The irony of having to block the EU browser choice screen – and how to do it
i·ro·ny n. Incongruity between what might be expected and what actually occurs.
Example: championing the freedom to choose, then forcing people to make a choice even if they don’t want to. Specifically, this.
It’s annoying. If you’re in the EU and you’re a home user, a small business, or even a medium or large business that isn’t using Windows Server Update Services, it’s difficult to escape your computers (and those you manage on behalf of your users) from presenting this stupid box. The worst part is that Microsoft have made it intrusive intentionally, even though they almost certainly never wanted to do it in the first place. The EU’s army of legal drones clearly lack the self-awareness to realise the hypocrisy of what they’ve done. It’s one thing to force Microsoft to offer a choice. To force users to take that offer, without so much as a ‘Cancel’ button as an escape route, is missing the point somewhat, and has annoyed far more people than will ever be pleased by it.
According to Rob Wier, who knows more about randomisation algorithms than I do, it’s also flawed and does not present the choices in a random order as it is supposed to.
OK, rant over. Here’s how to block the blighter.
It’s important to note that you may not need to worry; if you have WSUS, you can decline the update when it’s published. Also, if your users do not have admin rights on the computer, the browser choice screen will not run for them even if it installs. If they do have admin rights, but you don’t want them changing things… well, now’s the perfect opportunity to reconsider why on earth you gave them admin rights if you didn’t want them changing things. After that, you’ll be wanting to read on.
Via Group Policy Preferences (or a startup script if you’re not using GPP).
There are two registry methods you can use depending on yours circumstances. Both registry methods are (in my view) easiest to implement using Group Policy Preferences. I ranted about them on Monday, but this is exactly the sort of thing they’re awesome for.
If your machines are Volume Licence installs, you can follow KB2019411.
If not, create a Computer preference to delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce, value name KB976002-v5
This should prevent the bowser choice from being triggered.
Via Software Restriction Policies.
The joy of this one is you can use it even if you don’t have Group Policy: just find the Local Security Policy shortcut under Administrative Tools on the Control Panel. For the benefit of those who haven’t touched Group Policy before, here’s the step-by-step:
After opening Local Security Policy, right click on the Software Restriction Policies item and select New Software Restriction Policies.
Right-click Additional Rules and select New Path Rule.
Fill in as below so to create a rule to Disallow
Click OK, and you’re done.
Update: The Broswer Choice update was finally published to WSUS in late April, and appears in its own category in the WSUS products list:
If you don’t check it, the update won’t sync to WSUS at all. If it does, just decline it form the management console.