Tuesday, November 12, 2013

IE 11 Realse Breaks Oracle BIS.. Kinda

Every new release of IE brings with it disastrous repercussions to the business environment. I, like many internet security savvy individuals, understand and appreciate the value of keeping browsers up to date and secure. I would love nothing more than to keep our IT environment hacker, virus, and and exploit free by enforcing some form of update policy on all the browsers used on our computers. However, business needs and 3rd party requirements often trump an administrator's ability to do this. One of the biggest culprits is Oracle Business Intelligence Suite.

Today the hellfire began with a user who had followed the prompt, like a good user should, to update IE to the latest version. After doing so, of course, doing anything that utilizes Oracle Forms fails miserably. My experience with the IE 10 upgrades taught me better than to even try getting IE 11 to work with Oracle for at least a few months. So, let's just roll this back to IE 10 or 9 and "make good fix".

...Wait, IE 11? What the hell is that? How, in all my keeping up with windows related updates and such, did I manage to even miss that IE 11 was even on the horizon let alone being released. I remember vaguely hearing about its beta a few months ago but I guess I somehow completely missed this. Oh well.

Anyway, I did what any lazy domain admin would do: I downloaded the Internet Explorer 11 Blocker Toolkit. I added a GPO to block the update (following closely to these instructions for IE 10), linked it to the domain root, set it to enforce, then did a quick reboot on my workstation to ensure it was effective.

This is all well and good for any computer that will be re-logged or rebooted in the next day or so. But, what do we do about all the ones online now to keep them from updating in the next few hours? Laziness is the true mother of invention; I have no desire to keep uninstalling this update over and over. The IE 11 blocker toolkit includes IE11_Blocker.cmd which allows you to apply the block immediately to remote computers. Alas, it only takes a single computer as an argument.

Batch scripting is funny and still foreign to me after almost 2 decades of windows administration (I was really big into VBS because I was also working in web hosting where VB ASP was still hip) but I didn't feel like figuring this out in powershell.  I exported a newline-sperated list of computers from our sites OU to a file called comps.txt and now I need a batch script to go through it and run the IE blocker for each one. After some digging around on Google for for-loops and ping tests I finally came up with this:

@echo off
setlocal enableDelayedExpansion


for /F %%x in ('type comps.txt') do (
    ping %%x -n 1 -w 1000 | find "Reply from "
    IF NOT ERRORLEVEL 1 IE11_Blocker.cmd %%x /B
)

It's not beautiful, but it gets the job done. Now, how to get this deployed to our remote users who are very rarely connected to the domain network?
Posted by at No comments:
Labels: , , , , , ,
Subscribe to: Posts (Atom)