Making all other blogs seem exciting!
RSS icon Home icon
  • Lockdown Firefox updates on Microsoft Terminal Server

    Posted on March 2nd, 2009 ashinn No comments

    I had an interesting dilemma today.

    Due to the way some of our internal applications and certain brands of network gear function, our NOC requires Mozilla Firefox on the terminal servers. Over the weekend an update must’ve come out for Firefox, and a user clicked OK.

    The update crapped out halfway through since they didn’t have administrative rights. Firefox doesn’t appear to roll back in this situation, leaving you with a broken install. So broken that you can’t even uninstall it without getting the dreaded: “Your computer must be restarted to complete a previous upgrade of Firefox. Do you want to reboot now?” which is also what it says when a user tries to open it.

    Sure would be nice if the developers of Firefox threw in a privileges sanity check.

    We need a two phased approach to fix this fiasco.

    Fix #1: Get rid of that obnoxious error.

    Lucky for me, a co-worker of mine has ran into this before and has the fix documented on his blog here:

    http://blog.acrile.com/2008/12/your-computer-must-be-restarted-to.html

    Long story short: delete the *.moz-upgrade and *.moz-delete files from Firefox folder. Now that the error is gone, I went ahead and uninstalled/reinstalled Firefox just to make sure nothing dirty was left behind.

    Fix #2: Disable the auto-update feature in Firefox.

    I accomplished this by first creating a file called mozilla.cfg in the C:Program FilesMozilla Firefox directory with the following contents:

    // Disable Auto Updates
    lockPref(”app.update.enabled”, false);
    lockPref(”extensions.update.enabled”, false);

    Those instruct Firefox to disable the auto update for the browser itself AND any add-in extensions.

    Also you must edit C:Program FilesMozilla Firefoxgreprefs edit the file all.js and add this to the bottom:

    // Process mozilla.cfg in FireFox root directory.
    pref(”general.config.obscure_value”, 0);
    pref(”general.config.filename”, “mozilla.cfg”);

    Without that last piece, Firefox won’t process the mozilla.cfg you created.

    No reboot needed, and hopefully you’ll never run into this again.

    Later on I found a nice website that lists many other features an administrator might want to enforce in a terminal server environment. Check them out here:

    http://www.pcc-services.com/kixtart/firefox-lockdown.html

    Till next time…

  • Adobe Flash Player on Microsoft Terminal Server

    Posted on February 19th, 2009 ashinn No comments

    Adobe Flash can be a systems administrator’s nemesis on a Microsoft Terminal Server.

    After installing the Adobe Flash ActiveX widget, you might notice that non-administrative users aren’t able to browse sites utilizing flash. They’ll be presented with a rather ambiguous message.

    The error: “Hello, you either have JavaScript turned off or an old version of Adobe’s Flash Player. Get the latest Flash player. ”

    I must admit that I do like polite error messages, butbutbutbutbut I already have the latest Flash Player!

    This only happens in IE, Firefox is just fine. I’d tell my users to just browse in Firefox, but of course we have some applications (IE: SharePoint, CRM and others) where IE is pretty much required.

    So, what’s the fix?

    Open regedit and find these two keys:

    HKEY_CLASSES_ROOT\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}
    HKEY_CLASSES_ROOT\CLSID\{D27CDB6B-AE6D-11CF-96B8-444553540000}

    Right click -> Permissions -> Click Everyone -> Check the “Read” box -> No reboot needed. Now, with any luck, your users can get Flash goodness. I tend to test the fix out by going to YouTube and rewarding myself with a video.

    Till next time…