I need the best way to ensure that IE 9 and IE 10 cannot be installed via KACE patching to specific groups of machines. What kind of SQL can I add to my queries to exclude IE 9 and 10 from exisiting queries? Is there a way to stop the machine from accepting/installing IE 9 and 10 altogether?

By now you're thinking: "Why in the world does he want to block a newer, and presumably more secure browser from being installed in his environment?"Well, our app team built an app that only runs on IE8, and if 9 and 10 are let loose then we are halting business...

Any thoughts would be appreciated.

Answer Summary:
IE9 & IE10 will only be installed if you have the "Software Installers" option checked in your patch subscription. Updates will be applied if the machine happens to have it, but will not be automatically added via KACE. Also, if it's a concern you can use the "Toolkit to Disable Automatic Delivery of Internet Explorer 9/10" using the following links: http://www.microsoft.com/en-us/download/details.aspx?id=179 http://www.microsoft.com/en-us/download/details.aspx?id=36512
0 Comments   [ + ] Show Comments


Please log in to comment



IE 9 & 10 should both be software installers. Do you have those settings checking in your subscription settings?


Also take a look at these.



Answered 09/11/2013 by: dugullett
Red Belt

  • I don't have Software Installers selected. That's the only way they are on the Patch Listing?
    • Yes. You may have some users that have gotten it from other means if they are admins. If that's the case Kace will patch those. That may be what you are seeing. If it detects 10 it will patch 10 depending on your labels.
      • You can do a search for Internet Explorer 10 in your patch listing. See if it's active.
      • There are things like "Internet Explorer 10 for Windows 7 Service Pack 1' but that's just an update to IE 10 if it's installed, right?
      • Yes. If it detects it has IE 10 and needs that patch it will run.
      • The ID should say IE10 for the actual software installer.
  • We also run into this issue with windows automatic updates and have configured a ie 9 and ie 10 gpo blocker as ie 9/10 is incompatible with some information systems we use.
  • If it helps

    Offline k-scripts offer a GUI logical flow builder and run at machine time as a local system account and don't require a amp connection.

    Online k-scripts run on Kbox time, require a amp connection, run as any user, GUI builder
    Online shell scripts is a straight up scripting window
  • Have you looked into browser compatibility?

    Most websites break in higher IE versions not because the code is actually an issue. It's just developers forgot to put in their pageheaders the required browser mode.

    You could test that with an install for IE10 and play around with the settings in the F12 developre mode and play around with the Browser Mode settings.
    Once you find a working setting you can push these out to your clients through policy making sure they render your legacy page in the correct format on a modern browser.

  • On 9/10/2013:
    Internet Explorer 10 for Windows 7 Service Pack 1 (KB2870699)
    Internet Explorer 10 for Windows 7 Service Pack 1 x64 (KB2870699)
    appeared in our Patch Listing as part of the latest Patch Tuesday. I make it a habit to review the new list everytime and set to Inactive. Our enviornment is also set that we have Automatic Windows Updates completely disabled and rely on Kace to completely manage all patching.

    We also have a bunch of online apps which dont play well with 10. 9 is a little more hit and miss.
    • Aren't those files just updates for the existing installation of IE10? I can't find anything in those updates that show that it will install IE10. I hope they don't, but I can't see how they would.
  • My thinking was that everything else came over and "Update for" and these didnt. Just made me a little nervous.
Please log in to comment
Answer this question or Comment on this question for clarity