Monday, October 15, 2007

Die Phishing Filter!

Every time I set up a new XP workstation, I give it all the appropriate updates which includes Internet Explorer 7. I have to imagine that users who are not familiar with IE7 (damn near everybody) gets a little confused and perhaps even concerned when they start seeing "check this site for phishing" dialog boxes. This feature, while it's intentions may be good, does nothing but causes me additional phone calls.

This morning I looked into how I might get rid of this feature once and for all - everywhere on my network. It turned out to be quite involved, and I didn't find many good resources on this topic. So here are some helpful tips for anyone else out there that would like to disable the phishing filter using group policy.

1) Install the additional IE 7 Group Policy Templates. You may all ready have this template if you are running Vista. If you are running Windows XP, you can download them here.

2) If you had to download and install the template (XP users) you will need to perform this step. Otherwise, go to the next one. Open up your Group Policy Editor and expand Computer Configuration. Now right click Administrative Templates, and then choose "Add/Remove". You can then click "Add" and browse out to the Template that you installed in step 1. It should be called "inetres" (it will have an invisible .inf extension).

3) Now, expand Administrative Templates, Windows Components, and select Internet Explorer. Check the details on the right. You should see "Turn off managing phishing filter". Read the text in the explanation box to ensure that you understand what is happening here. If you really want to be done with this forever, you should set this to "Disabled".

Now allow me to step on my soapbox for a moment here. If you are going to deploy a change like this through Group Policy, you should create a new policy to do it. Don't use the Default Domain Policy. When you create that new policy, name it something sensible such as "IE7 Disable Phishing Filter" or just "IE7 Settings". You never know when some other poor uneducated administrator may have to take over your job and figure out what the heck you did to their network.

You can find more good information on this topic from this Microsoft Technet article.