Google has recently released an add on for Internet Explorer named Chrome Frame which alters the functionality of the Microsoft browser, ostensibly to allow specific applications, notably Google’s new Wave web application, to function for users of Internet Explorer.
Organizations that are reluctant to allow add-ons to be installed in Windows Internet Explorer can block these add-ons through the Add-On Management policy node of Group Policy. This node is located under the Administrative Templates\Internet Explorer\Security Features node of both the Computer Configuration and User Configuration group policy areas. These policies function as follows:
- Add-on List. This policy allows you to specify which add-ons are allowed or denied by Internet Explorer. This policy can be used in conjunction with the Deny All add-ons unless … policy so that only specifically authorized add-ons can be used with Internet Explorer.
- Deny All Add-Ons Unless Specifically Allowed In The Add-On List. If you enable this policy, add-ons cannot be used unless specifically allowed in the Add-On list policy. If you do not enable this policy, the block and allow rules in the Add-On list policy will apply, however add-ons not covered by the list will be able to be used.
To block the use of Chrome Frame, you can specifically block the add-on using the Add-On list. You need to know the CLSID of Chrome Frame (which you can locate using a search engine) and set the value in the Add-On list to 0, as shown in the exhibit. Setting the value to zero blocks the use of the add-on. A better approach is to know the CLSIDs of all authorized add-ons and to have these listed in the policy, blocking anything that you have not explicitly authorized.