Monday, March 28, 2005

Using Active Directory Group Policy to Protect Against Adware/ Spyware Tracking Cookies

Continuing my journey to fully utilize Active Directory to streamline computer management, I found that we could use Group Policy to block adware and spyware tracking cookies.

More police powers for spyware

Here is how:
  • Start Group Policy Editor.
  • Under User Configuration | Windows Settings | Internet Explorer Maintenance | Security,
  • Right-click on Security Zones and Content Ratings.
  • Under Security Zones and Privacy, choose Import the current security zones and privacy settings.
  • Note: Before you click on Modify Settings
    It will import the Internet Explorer Security Zones and Privacy settings of the machine where you are running the Group Policy Editor. Be careful! Since Windows 2003 disables a lot of IE settings by default, you may not want to run the editor on a Windows 2003 machine and define a IE group policy for Windows XP machines.
  • Click Modify Settings.
  • Go to Privacy tab. Click Sites.
  • Add the advertisement sites/ domains that you want to block their tracking cookies.
  • Click OKs to finish.
This approach only works for Internet Explorer. Of course, it doesn't compare with a real adware/ spyware checking software, since they can do other checks, like file system, registry. I call this a poor man's version. It doesn't cost you anything, other than the time it takes to configure the group policy, and then link it to the right Organization Unit (OU) for deployment.

No comments: