G
Guest
I am one of three Desktop administrators in an environment consisting of
5000+ Windows XP Service Pack 1 desktops.
Our Helpdesk reports that by far the biggest call they are getting is to do
with Internet Explorer "hanging" when clicking on certain links (eg. "My
Ebay" link) or when trying to access the Media sidebar.
To date, the "usual" fixes are applied (clear TIF, clear History, Reboot,
Re-register DLLs, repair Internet Explorer), which fixes the problems as they
occur, however this is time-consuming and preventing the problem occurring in
the first place would potentially reduce calls to the Helpdesk by almost 5%.
Important factors:
- The desktop environment is VERY locked down. As mentioned, only 3 users
have Administrator rights, and there are no "Power Users". All users are just
"Users"
- The problem does not happen on all computers and can't easily be replicated
- Anecdotal evidence suggests that it happens after "about 3 weeks" but
there is no hard and fast data to back this up
- Moving to Service Pack 2 is NOT an option, due to the number of computers
involved and the massive cost to the business to test all applications (270+)
against the new SP2 features such as the Firewall and other security
"enhancements"
- All computers are completely up to date with all pre-SP2 hotfixes and
updates
- All computers are thoroughly checked for viruses, trojans and spy/adware
- The problem does not occur with users in the Administrators group
I *think* I have found a solution (see below), but would like further advice
before I proceed.
Investigation using the Regmon tool has revealed that, on computers that are
hanging, IE is trying to "crerate" the registry key
"HKLM\Software\Microsoft\CurrentVersion\Internet Settings\Connections", even
though that key already exists, and is returning an "Access Denied" error
message. Immediately after this occurs, the browser completely stops
responding.
If I change permissions on that registry key to allow Full Control for all
users, the problem goes away immediately, and I have confirmed that this
"fix" corrects the problem instantly on 5 different computers.
At this stage, I am considering using group policy to open this key up, but
I can't find any information regarding the possible implications, or reasons
for this.
Obviously the first question is "WHY is IE attempting to write to a section
of the registry to which users don't/shouldn't have access?" and the second
is "WHY is IE trying to create a key that already exists?"
Beyond that, any feedback would be appreciated.
Regards,
Stuart Travers
Department of Justice
Melbourne, Australia
5000+ Windows XP Service Pack 1 desktops.
Our Helpdesk reports that by far the biggest call they are getting is to do
with Internet Explorer "hanging" when clicking on certain links (eg. "My
Ebay" link) or when trying to access the Media sidebar.
To date, the "usual" fixes are applied (clear TIF, clear History, Reboot,
Re-register DLLs, repair Internet Explorer), which fixes the problems as they
occur, however this is time-consuming and preventing the problem occurring in
the first place would potentially reduce calls to the Helpdesk by almost 5%.
Important factors:
- The desktop environment is VERY locked down. As mentioned, only 3 users
have Administrator rights, and there are no "Power Users". All users are just
"Users"
- The problem does not happen on all computers and can't easily be replicated
- Anecdotal evidence suggests that it happens after "about 3 weeks" but
there is no hard and fast data to back this up
- Moving to Service Pack 2 is NOT an option, due to the number of computers
involved and the massive cost to the business to test all applications (270+)
against the new SP2 features such as the Firewall and other security
"enhancements"
- All computers are completely up to date with all pre-SP2 hotfixes and
updates
- All computers are thoroughly checked for viruses, trojans and spy/adware
- The problem does not occur with users in the Administrators group
I *think* I have found a solution (see below), but would like further advice
before I proceed.
Investigation using the Regmon tool has revealed that, on computers that are
hanging, IE is trying to "crerate" the registry key
"HKLM\Software\Microsoft\CurrentVersion\Internet Settings\Connections", even
though that key already exists, and is returning an "Access Denied" error
message. Immediately after this occurs, the browser completely stops
responding.
If I change permissions on that registry key to allow Full Control for all
users, the problem goes away immediately, and I have confirmed that this
"fix" corrects the problem instantly on 5 different computers.
At this stage, I am considering using group policy to open this key up, but
I can't find any information regarding the possible implications, or reasons
for this.
Obviously the first question is "WHY is IE attempting to write to a section
of the registry to which users don't/shouldn't have access?" and the second
is "WHY is IE trying to create a key that already exists?"
Beyond that, any feedback would be appreciated.
Regards,
Stuart Travers
Department of Justice
Melbourne, Australia