博客
关于我
强烈建议你试试无所不能的chatGPT,快点击我
Group Policy Settings with Silverlight
阅读量:5295 次
发布时间:2019-06-14

本文共 17079 字,大约阅读时间需要 56 分钟。

 

Group Policy Settings

Below are descriptions of Silverlight configuration options which can be implemented via administrative templates and enforced in group policy. Learn about the configurable options:

  •  — enable or disable playback of DRM enabled content
  •  — disable the automatic update mechanism which is separate from Microsoft Update
  •  — allows users to install out-of-browser applications via the Install dialog
  •  — allows webpages and applications to access the microphone and webcam
  •  — allows webpages and applications to do UDP multicast networking
  •  – allows applications to enable a local storage repository

Or go straight to the section to implement the  in your environment.

Here are some additional resources on Group policy and Administrative templates if you are not already familiar:

 

Digital Rights Management

By default on a new install of Silverlight version 2 or later using any method, Silverlight will play content which is protected by digital rights management (DRM). It may be desired to disable the playback of DRM-enabled content for Silverlight. When the Disable DRM Content setting is implemented, it will set the user's account to not play DRM protected content.

This setting is available in the custom ADM or ADMX file you create using the text provided at the bottom of this page. The registry setting that the administrative template files contain is:

Key path: HKEY_CURRENT_USER\Software\Microsoft\Silverlight

Value Name: DRMEnabled
Value Type: REG_DWORD
Valid Values:
    Disable DRM Content — 0x00000000
    Enable DRM Content — 0x00000001

You can locate this setting in the following policy path for your GPOs:

Category Description
User Configuration\Administrative Templates\Silverlight Contains settings to enable or disable playback of DRM protected content in Silverlight.
 

Silverlight Automatic Update Mechanism

Silverlight's automatic update mechanism is independent of both the Windows Update and Microsoft Update mechanisms. When this built-in self-update mechanism is enabled, every week Silverlight connects externally to a Microsoft Web site and compares itself against the most current Silverlight version that is available for download. If the version on the Web is newer than the version on users' computers then Silverlight will automatically update itself. The Silverlight automatic update mechanism will only function when Silverlight content is viewed by a user logged in with administrative rights. Thus it will never check for updates if users do not have administrative rights and it will check for updates less than every week if Silverlight is not used regularly.

Important Silverlight's Automatic Update registry setting can be implemented per-user and per-machine. Even though entries get automatically written to the user key (HKCU) upon install, the ADMX templates only support writing to the machine key (HKLM) because these settings cannot be overridden by using the Silverlight user interface or by modifying the per-user update mode registry key.

Silverlight can be configured to use one of three automatic update modes:

  1. Auto Updates — Automatically detects, downloads, and installs updates. This is the default setting after an install. The client will attempt to request files from Microsoft at most one time per week to detect if there is a newer version of the Silverlight client. If there is a newer version, it will automatically download and install the update without any user intervention required.
  2. Prompted Updates — Detects when an update is available and prompts if you would like to download and install the update. This uses the same detection location and schedule as the Auto Updates option.
  3. No Updates — Does not check for or automatically download updates using Silverlight's built-in update mechanism, which is separate from Microsoft Update. This option should be used in most corporate environments where users have administrative rights and you wish to control the distribution of Silverlight updates to these users

The No Updates setting is available in the custom ADM or ADMX file you create using the text provided at the bottom of this page. The registry setting that the administrative template files contain is:

Key path: HKEY_LOCAL_MACHINE\Software\Microsoft\Silverlight\

Value Name: UpdateMode
Value Type: DWORD
Valid Values:
    Auto Update — 0x00000000
    Prompted Updates — 0x00000001
    No Updates — 0x00000002

Note If Auto Updates (00) or Prompted Updates (01) is chosen, this setting will have the capability of being overridden by the user. No Updates (02) is effectively the only setting which makes sense to implement due to the lack of enforceability with the other two settings. The other two settings are listed for your reference.

You can locate this setting in the following policy path for your GPOs:

Category Description
Computer Configuration\Administrative Templates\Silverlight Contains settings to enable or disable standard Silverlight configurations for machines. 
 

Silverlight Trusted Applications

Silverlight allows users to install out of browser applications via the Install dialog. Silverlight supports two kinds of out of browser applications, sandboxed applications which run with the same security restrictions as in browser, and trusted applications which run with additional permissions. Trusted applications are only available in Silverlight 4 and later. A trusted application can read and write user data, run other programs, and run without cross domain networking restrictions. Much like running a .exe, trusted apps should only be installed if it's from a website you trust.

Silverlight provides settings to disable support for trusted applications, which is particularly useful for locked down environments. To provide additional control, Silverlight provides two different settings, one to control the installation of trusted applications, and the second to control the running of trusted apps that were previously installed. Neither setting affects sandboxed out of browser applications.

Both of these settings are available in the custom ADM or ADMX file you create using the text provided at the bottom of this page. The registry setting for trusted application installation that the administrative template files contain is:

Key path: HKEY_LOCAL_MACHINE\Software\Microsoft\Silverlight\

Value Name: AllowInstallOfElevatedTrustApps
Value Type: DWORD
Valid Values:
    Disabled — 0x00000000
    Enabled — 0x00000001

The registry setting for running trusted applications that the administrative template files contain is:

Key path: HKEY_LOCAL_MACHINE\Software\Microsoft\Silverlight\

Value Name: AllowLaunchOfElevatedTrustApps
Value Type: DWORD
Valid Values:
    Disabled — 0x00000000
    Enabled — 0x00000001

You can locate this setting in the following policy path for your GPOs:

Category Description
Computer Configuration\Administrative Templates\Silverlight Contains settings to enable or disable installation of Silverlight trusted applications.
 

Webcam and Microphone

Silverlight allows webpages and applications to access the microphone and webcam. For webpages and sandboxed out of browser applications, Silverlight will display a dialog asking the user's permission to use the microphone/WebCam before allowing the application access to the device. For trusted applications, Silverlight does not display a dialog (however, the application may choose to display its own message).

Silverlight provides settings to disable the use of webcam and microphone. When this setting is disabled, no Silverlight application may access the webcam or microphone, and the dialog asking the user for permission is not shown. This setting is available in the custom ADM or ADMX file you create using the text provided at the bottom of this page. The registry setting for disabling webcam and microphone that the administrative template files contain is:

Key path: HKEY_LOCAL_MACHINE\Software\Microsoft\Silverlight\

Value Name: AllowWebcam
Value Type: DWORD
Valid Values:
    Disabled — 0x00000000
    Enabled — 0x00000001

You can locate this setting in the following policy path for your GPOs:

Category Description
Computer Configuration\Administrative Templates\Silverlight Contains settings to enable or disable use of webcam and microphone by Silverlight applications.
 

UDP Multicast Networking

Silverlight allows webpages and applications to do UDP multicast networking. Before a Silverlight application may join a multicast group and send messages to/receive messages from that group, another (non-Silverlight) application that's already a member of the group must allow the Silverlight application to join.

Silverlight provides settings to disable access to UDP multicast networking. When this setting is disabled, applications will not be able to use the UDP multicast networking APIs, appearing as if the network they are on does not support multicast. This setting does not affect the Silverlight MediaElement, which can use multicast if the media server and network support it. Unlike the UDP multicast APIs, the MediaElement doesn't allow the application to see the multicast data that's being sent and received.

This setting is available in the custom ADM or ADMX file you create using the text provided at the bottom of this page. The registry setting for disabling UDP multicast networking that the administrative template files contain is:

Key path: HKEY_LOCAL_MACHINE\Software\Microsoft\Silverlight\

Value Name: AllowUdpMulticastClientApi
Value Type: DWORD
Valid Values:
    Disabled — 0x00000000
    Enabled — 0x00000001

You can locate this setting in the following policy path for your GPOs:

Category Description
Computer Configuration\Administrative Templates\Silverlight Contains settings to enable or disable use of UDP multicast networking by Silverlight applications.
 

Isolated Storage

Silverlight web and out of browser applications are allocated a default amount of isolated storage space. If an application requires more space it can prompt a dialog to the user to approve the requested increase.

Silverlight provides a setting for machine admins to increase the isolated storage to the maximum allowed amount thereby avoiding the prompt.

This setting is available in the custom ADM or ADMX file you create using the text provided at the bottom of this page. The registry setting for enabling maximum isolated storage that the administrative template files contain is:

Key path: HKEY_LOCAL_MACHINE\Software\Microsoft\Silverlight\

Value Name: AllowMaximumIsolatedStorage
Value Type: DWORD
Valid Values:
    Enabled — 0x00000001

You can locate this setting in the following policy path for your GPOs:

Category Description
Computer Configuration\Administrative Templates\Silverlight Contains settings to enable maximum isolated storage allocation for Silverlight applications.
 

Silverlight ADMX/L Files

ADMX file

Make sure the following ADMX file is saved as Silverlight.admx under the directory:

    %systemroot%\PolicyDefinitions

ADML file

Make sure the following ADML file is saved as Silverlight.adml under the directory:

    %systemroot%\PolicyDefinitions\en-US

Silverlight Settings
Configuration settings for Microsoft Silverlight.
At least Microsoft Windows 2000 Service Pack 4, Microsoft Windows XP Service Pack 2 or Microsoft Windows Server 2003 family
Silverlight
These are the settings to configure Silverlight.
Disable Silverlight Control's Automatic Update
When this policy is enabled, it will prevent the Silverlight control from automatically checking for updates. If the policy is set to not configured or disabled, it will not change the default behavior and the control will automatically check for new updates over the internet. The Silverlight control's automatic update mechanism is independent of both the Windows Update and Microsoft Update mechanisms. This option does not need to be used when Silverlight is deployed using a Microsoft Update method, such as WSUS, because this method automatically disables Silverlight's automatic update control.
Disable DRM content playback
By default on a new install of Silverlight version 2 or later using any method, Silverlight will play content which is protected by digital rights management (DRM). When this policy is enabled, it will enforce Silverlight to never play DRM protected content. When this policy is disabled or not configured, Silverlight will play DRM content.
Allow access to webcam and microphone
By default, a website may access the webcam and microphone after showing a dialog asking if the user wishes to allow the site access to the webcam/microphone. When this policy is disabled, websites may never use the webcam/microphone via Silverlight and no dialog will be shown.
Allow user to install trusted apps written in Silverlight
By default, users are allowed to install Silverlight trusted apps. If this policy is disabled, users may not install trusted applications, and the trusted application install dialog is not shown. Sandboxed out of browser applications may still be installed. A Silverlight trusted app runs with elevated permissions and can access user data much like a .exe can, and should be installed only from web sites which are trusted.
Allow user to run trusted apps written in Silverlight
By default, users are allowed to run Silverlight trusted apps that have been previously installed. If this policy is disabled, users may not run Silverlight trusted applications, even if they were previously installed. Sandboxed out of browser applications are not affected. Most people that disable this policy will also want to disable installation of Silverlight trusted apps. A Silverlight trusted app runs with elevated permissions and can access user data much like a .exe can, and should be installed only from web sites which are trusted.
Allow Silverlight applications to use UDP multicast
By default, a Silverlight application may use UDP multicast networking APIs. If this policy is disabled, the application can't directly use multicast. This setting does not affect the Silverlight MediaElement, which can use multicast if the media server and network support it. Unlike the UDP multicast API, the MediaElement doesn't allow the application to see the multicast data that's being sent and received.
Allow Silverlight applications to be allocated the maxmimum amount of isolated storage
By default, a Silverlight application is allocated a predetermined amount of isolated storage based on if it is an in browser or out of browser application. If this policy is enabled the application will be allocated the maximum amount.
 
 

转载于:https://www.cnblogs.com/Areas/archive/2011/11/17/2252092.html

你可能感兴趣的文章
code-代码平台服务器路径
查看>>
离线安装 Visual Studio Express 而不下载整个镜像文件的方法(转载)
查看>>
2014年国际数学家大会台历
查看>>
[数分提高]2014-2015-2第3教学周第1次课
查看>>
2017-2018-2偏微分方程复习题解析10
查看>>
Java抽象类和接口的比较
查看>>
web技术工具帖
查看>>
SpringBoot项目中常见的注解
查看>>
一次性搞明白 service和factory区别
查看>>
select下拉二级联动
查看>>
iOS UI控件5-UIPickerView
查看>>
深入Java虚拟机读书笔记第三章安全
查看>>
IO流 总结一
查看>>
素数筛选法
查看>>
php连接postgresql数据库
查看>>
Visual studio之C# 调用系统软键盘(外部"osk.exe")
查看>>
hdu 4506(数学,循环节+快速幂)
查看>>
Spring mvc 教程
查看>>
CentOS DesktopEntry
查看>>
基于python语言的自动化邮件发送总结
查看>>