There’s one thing that I don’t get sometimes about Microsoft’s advice.. for being so Enterprisey… they aren’t. Take the SRD blog advice…
we have a defense in depth patch that is two fold.. you must deploy it to your systems …but it’s not on WSUS … okay so they heard that feedback and it will be.
…and then you must set a registry key…. but… the advice they give for deploying and fixing when you find an issue is so single user centric….
While the impact of the above change seems to be low, a reader of this blog wrote in that he experienced a compatibility issue with the Outlook 2002 address book. If you experience issues such as this, they can be mitigated by setting a special policy for the affected binaries that overrides the default CWDIllegalInDllSearch. The following steps show how to do this for OUTLOOK.EXE:
- Log on to your computer as an administrator.
- Open Registry Editor.
- Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OUTLOOK.EXE
- If a key with the application binary name does not exist, then you will have to create one.
- Right-click OUTLOOK.EXE, point to New, and then click Dword Value.
- Type CWDIllegalInDllSearch,and then click Modify.
- In the Value data box, type 2, and then click OK.
The advice should be instead…
- Ensure you have deployed group policy preferences to all workstations
- Launch the GPMC
- Go into the preference section
- Set up a registry key to push out to all workstations
- Apply and sit back.
Yes I’ll blog an exact how to do all that… but still.. I’m just sayin’… I think their advice should be like that too.