Moving IE 5.5 to its Own Directory
Novell Cool Solutions: Trench
By Harry Abraham
Digg This -
Posted: 24 Jul 2001
Current Version: ZENworks for Desktops 3
Our environment (Department of Human Services/City of Philadelphia, PA) is NT 4.0, SP 5 or 6a, Novell 4.11, client 4.71. Most of our 1500 users are denied access to their "C" drives through NT Permissions enforced by ZEN WinNT packages.
The most difficult problem to resolve was discovering that CACLS doesn't work where there are permissions to change where extended characters live. This is an NT problem first discovered in 3.51 (see Technet Q142661) and promised for resolution in every NT Service pack including W2K, SP2. Yet, mysteriously, it has never been fixed. Since it isn't fixed and IE has always lived in C:\PROGRAM FILES\PLUS!\MICROSOFT EXPLORER, it becomes difficult for NAL to resolve the directory structure.
It seemed obvious to me (but only after two days of hacking at CACLS) that the solution to that problem was to move IE to its own directory. Thus was born C:\IE55. (Strangely after snAppShotting an install and running the NAL object, I had the correct IE icon but it launched IE version 2.)
The further solution involved hacking at the registry to edit all references C:\PROGRAM FILES\PLUS!\MICROSOFT EXPLORER to read C:\IE55. There are about 15 such references.
Step-by-step, here are the gory details:
Start snAppShot and at the point where it completed the "before" picture of the system:
- Grant USERS full permission for the C:\PROGRAM FILES\PLUS! directory and subdirectories.
- Using REGEDIT, find all references to C:\PROGRAM FILES\PLUS!\MICROSOFT EXPLORER. Change each to read C:\IE55 (which didn't yet exist).
- Also in REGEDIT, delete the key: HKEY_LOCAL_MACHINE\SOFTWARE\ MICROSOFT\INTERNET EXPLORER (contains the version number).
- Delete the directory C:\PROGRAM FILES\PLUS!\MICROSOFT EXPLORER and
- After login, snAppShot asks if you want to continue the previous session. Of course, the answer is yes.
- Install IE (Choose custom and change the default directory to C:\IE55.
Install everything but the three messaging options).
- After Login IE Install runs the WINDOWS UPDATE which takes about two minutes.
- Because we lock our C: drive using permissions, I gave the USERS full permission to C:\IE55 knowing it's going to write to any number of directories within.
- Right-click the IE icon and click Properties.
- Set your home page to that of your choice.
- Make your other individual changes, proxy, certificates, security, etc.
- LAST, change the directory for TEMP files. By default IE wants to write cache and temp to C:\WINNT\PROFILES\%USER NAME% which, if you are running Roaming Profiles can add (using the defaults) over 100 Mb to a profile that should not be 1Mb. When you make this change, IE forces another reboot.
- After login, launch IE. Regardless of your selected home page, IE will attempt to connect to an MS site. Click STOP and then click HOME.
- I added full USER permission to C:\WINNT\JAVA and its subdirectories. (Again because of our permission set up and I'd already learned this is another "hot" directory.)
- Now complete snAppShot.
- One additional thing: Some users had the icon connect to the internet, and when they double- clicked they got a message saying they didn't have permission. I found that in the NDS APPLICATION OBJECT created from the snAppShot, I could delete that shortcut on the icon/properties page. Test users today have not gotten that icon. That becomes step 13.
That was easy wasn't it?
I have the Application Object set to force a reboot without prompt. When the user logs back in he or she gets only the 10 second customization of IE settings (the WINDOWS UPDATE that can take minute or so - is in the object). When the user launches IE, it goes straight to the home page without attempting to get to the Microsoft site.
Life is good when you are a consultant with a boss that gives you the time and opportunity to be creative.
If you have any questions you may contact Harry at email@example.com
DHS, LAN Group
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com