Internet Explorer 7 is on track to be released by the end of 2006. When the final release of IE7 is launched, the upgrade will be a hight priority update. Users who have local amdinistrator rights and Automatic Updates will be prompted to install the new version.

Since many applications today use IE as a rendering engine, updating to version 7 upon release has the potential to affect business applications. If you have vendors which rely upon IE to deliver applications, IE7 support may not be available upon the IE 7 release. Before updating any software, it is a good idea to test lab the update and verify it is secure in your particular environment and does not introduce changes which affect your business software.

As with many versions or service pack updates which Microsoft releases (such as Windowx XP SP2), Microsoft allows organizations to prevent the automatic installation of such software for a time. For Internet Explorer 7, Microsoft has produced the Internet Explorer 7 Blocker Toolkit., which is available for download now. This toolkit contains two components to block the auto install of IE7:

  • Blocker Script. Creates a registry key that blocks automatic deployment of IE7 to an individual machine. The key can later be set to unblock automatic delivery.
  • Group Policy Administrative Template. Administrators can use the Group Policy Administrative Template (.ADM) to block the deployment of IE7 through Group Policies, and allow the deployment by easily modifying the policy.

Unfortunately the toolkit does not prevent users from installing IE7 manually. In order to enforce the policy which prevents installing IE7, you can do one of the following:

  • Ensure that no user has local administrator rights.
  • Use a patch management systems, in which administrators must approve updates for installation, such as Windows Server Update Services (WSUS). Then allow clients to obtain updates only from the internal patch servers.