How do I test the new out-of-date ActiveX controls feature?
On the previous blog "How to manage the new "blocking out-of-date ActiveX controls" feature in IE?" we showed you the location and settings for the new out-of-date ActiveX controls feature and on this one, we are outlining the step by step instructions covered in article KB2991000 | Update to block out-of-date ActiveX controls in Internet Explorer under the section "Testing the out-of-date ActiveX controls feature" to get your testing started and better prepare you for the upcoming changes.
Testing Guidance
PLEASE NOTE THAT THESE TEST SHOULD BE PERFORM OUT OF YOUR TEST ENVIRONMENT AND ANY TAMPERING WITH THE XML FILE IS NOT SUPPORTED ON PRODUCTION ENVIRONMENTS! |
PLEASE FOLLOW THE STEPS OUTLINED IN THE ARTCILE: https://support.microsoft.com/kb/2991000 under, Testing the out-of-date ActiveX controls feature
TIP: Make a backup of the original file, so you can restore it after you are done with testing!
Turn on AuditMode
- Enabled the “Turn on ActiveX logging in Internet Explorer” GPO
Registry Location:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Ext]
"AuditModeEnabled"=dword:00000001
START TESTING
Restart Internet Explorer. You should see that websites that attempt to load out-of-date Java ActiveX controls will now display the out-of-date ActiveX control blocking notification.
Example: https://javatester.org/version.html
To see the Audit Log, open the %LOCALAPPDATA%\Microsoft\Internet Explorer\AuditMode folder and review the VersionAuditLog.CSV file. You should see the Audit items listed.
If your organization needs more time to mitigate dependencies on out-of-date Java controls, you have the following two options:
- Turn off the feature completely: Use the Turn off blocking of outdated ActiveX controls for Internet Explorer Group Policy setting (or corresponding registry key)
Note This is the less secure option. - Turn off the feature for a specific domain: Use the Turn off blocking of outdated ActiveX controls for Internet Explorer on specific domains Group Policy setting (or corresponding registry key). This setting allows you to turn off the feature on the specific domains on which your enterprise has an out-of-date Java dependency.
RELATED ARTICLES:
- Internet Explorer begins blocking out-of-date ActiveX controls
- How to manage the new "blocking out-of-date ActiveX controls" feature in IE?
- Out-of-date ActiveX control blocking
This blog has been provided to you by the IE Support team!
Comments
- Anonymous
August 25, 2014
The comment has been removed - Anonymous
August 28, 2014
After applying the MS update 2976627, I'm still not seeing the directory %LOCALAPPDATA%MicrosoftInternet ExplorerVersionManager. Do we have to manually create this, or should it get placed during the update? - Anonymous
August 29, 2014
@John Carnex Please make sure you enable the GPO below:GPO NAME: Turn on ActiveX control logging in Internet ExplorerREGISTRY LOCATION: SOFTWAREMicrosoftWindowsCurrentVersionPoliciesExtVALUE: "AuditModeEnabled"=dword:00000001Check the clients registry and make sure it is present. - Anonymous
September 01, 2014
Hi,The audit log isn't in %LOCALAPPDATA%MicrosoftInternet ExplorerVersionManagerAuditMode as mentioned in your post.It's actually in "%localappdata%microsoftInternet ExplorerAuditMode"Other ref: technet.microsoft.com/.../dn761713.aspx - Anonymous
September 02, 2014
@Eminyou are correct!Fix it!The correct path for the VersionAuditLog.CSV is: %LOCALAPPDATA%MicrosoftInternet ExplorerAuditMode - Anonymous
September 07, 2014
I have (in the registry) enabled AuditModeEnabled per the instructions above and I am unable to locate the Audit log. - Anonymous
September 08, 2014
Can I please get an answer re: how long we have to roll out a new version before the versionlist.xml will be updated? - Anonymous
September 09, 2014
The comment has been removed - Anonymous
September 11, 2014
@AllTry to create the Folder "AuditMode" in %LOCALAPPDATA%MicrosoftInternet Explorer manually - Anonymous
September 11, 2014
@127 You don't need to create that folder.You should wait until the versionlist.xml is created. The AuditMode can only be created if the versionlist.xml exist and you may have to wait 12 hours to see it. - Anonymous
September 16, 2014
The comment has been removed - Anonymous
September 18, 2014
@127 I would suggest considering opening a ticket with Microsoft support to help you further look into this issue. - Anonymous
December 15, 2014
The audit log will not create an entry for non-routable server IP (192.168..). Additionally, I have defined a specific non-routable IP in my local intranet and in PoliciesextDomain and still out of date Java is being blocked in IE 10: "Your security settings have blocked an application from running with an out-of-date or expired version of Java."