Skip Navigation

New Windows driver blocks software from changing default web browser

www.bleepingcomputer.com New Windows driver blocks software from changing default web browser

Microsoft is now using a Windows driver to prevent users from changing the Windows 10 and Windows 11 default browser manually or through software.

New Windows driver blocks software from changing default web browser
135

You're viewing a single thread.

135 comments
  • To anyone saying "just use GPOs", here's a quote from the SetUserFTA page:

    Microsoft offers a solution with GPO, but it is Computer-based and not User-based – and rather complicated. this means, you can not associate your Users on the same Server/Client with different file types. for example:

    you have a PDF viewer and a PDF editing software on your XenApp server. Now you want that a certain group opens their PDF’s in the editor and the others only in the viewer (for licensing reasons for example). this is NOT possible anymore and Microsoft states “it is by design” and “this is a security measure”.

    Said solution:

    1. Set up a reference computer
    2. Install applications
    3. Go to Control Panel\All Control Panel Items\Default Programs and configure default apps associations.
    4. Export/import the custom default app association with dism.exe

    [...]

    As some recommended applications can manage more extensions with each new Windows 10 version available, it's a good practice to refresh your XML. For example, in Windows 10 1703, Microsoft Edge registers the epub extension. If you're using an XML file from Windows 10 1607, epub is missing. As a result, you will get an app reset notification for epub.

    [...]

    Configure a policy for your domain-joined computer: file association will be configured at each logon. User will be able to change file association, but at the next logon file association will be configured using XML file. This policy works only for domain-joined computer.

    This is just about the most convoluted, annoying way they could come up with for doing this, doesn't help people whose machines aren't part of AD and isn't scriptable. If they were mainly concerned about security they'd have an option for not allowing the user to change these preferences even temporarily on domain-joined machines.

You've viewed 135 comments.