Internet Explorer 5.0 Administrator's Kit

INTERNET EXPLORER 5.x (IE5) - (KB# Q244655)

Installation: (KB# Q218624)

Minimum Requirements

• 486/25: Windows 3.1x, Windows NT 3.51

• 486/66: Windows 95/98/NT4

• Pentium 90: if using NetMeeting or Windows Media Player on 95/98/NT4

• Windows 95/98: 16 MB RAM

• Windows NT 4: 32 MB RAM (must have SP3 or later installed)

• 45 MB disk space to install, 27 MB to run (Browser only)

• 70 MB disk space to install, 55 MB to run (Typical install)

• 111 MB disk space to install, 80 MB to run (Full install)

Important files during installation

• IE5SETUP.EXE - installs IE5

• IE5WZD.EXE - connects to MS-related Web site to download rest of IE install package

• IE5SITES.DAT - contains download site information

• IEXPRESS.EXE - used to make a *.CAB file from custom components

• IE SETUP LOG.TXT - used to troubleshoot IE5 setup issues and indicate where install failed. (KB# Q218634)

• ACTIVE SETUP LOG.TXT - advanced troubleshooting; logs all changes made to machine's registry and file system in detail.

• IEBATCH.TXT - specifies the batch script file to use (KB# Q200007)

Windows Desktop Update (KB# Q165695)

• WDU is not a part of IE5, but corporate administrators can include it with a customized distribution using the IEAK. (KB# Q254919)

• If WDU was installed as part of IE4, it cannot be uninstalled without first uninstalling IE5 (KB# Q217344).

• The Quick Launch Toolbar (QLT) from IE4 is a WDU component. Use the IEAK to add WDU to your custom distribution and import desktop toolbar settings (from a machine with the QLT) if you want to keep this feature in IE5.

• WDU is an integral part of Windows 98 and cannot be uninstalled from that operating system.

• WDU must be configured with the same language and locale as the system it is targeted for. If there is a mismatch, the browser will install, but the WDU shell enhancements will not. Either change the language and locale of the target system or redeploy IE with correct language settings. (KB# Q167318)

Miscellaneous

• Administrator rights are required to install IE5 on Windows NT4 (IE5 installation requires a reboot and that entries in RunOnce section of registry are processed. User will need Administrator rights after reboot to complete installation. If using SMS, see KB articles Q223371 and Q223372.)

• Any user can install IE5 on Windows 95/98.

• Installation details are logged to \$WINDIR$\LOG.TXT, which is renamed for successive reinstalls as \$WINDIR$\LOG.BAK

• Profile Assistant is used to store personal information for interaction with Web sites requesting the information (KB# Q220017)

• Temporary Internet folder and History folder cannot be deleted. To recover disk space adjust the size of the Temporary Internet folder on the settings option of the general tab in the Internet Options window. Through settings you can also move the Temporary Internet Folder to a different drive, even a network share if needed.

• MS Wallet is being removed from IE 5.01 and Windows 2000, but is a component of previous versions of IE4 (typical and full install), the original version of IE5 (full install) and Windows 98. If IE 5.01 is installed over an older version of IE with MS Wallet installed, settings will be preserved. MS Wallet is used to store name, address, credit card info. It supports both SSL and SET standards. (KB# Q243524)

• Autocompletion feature requires the History folder. Clearing History folder disables the option of Autocompletion in the URL address bar.

• Authenticode 2.0 supports time stamping and verifies that a certificate is not revoked and is still valid for a particular site. Renew the certificate from Publishers and upgrade to Authenticode 2.0 (From 1.0) in order to avoid warnings from a trusted site.

New features in Internet Explorer 5.0 (KB# Q221787)

• Web page, archive & Web page, complete saving features

• New language encoding support

• Improved History Explorer Bar (KB# Q196192)

• Improved Search Explorer bar (KB# Q198685)

• Improved Favorites Menu (integration of channel subscription feature from IE4, see KB# Q196646)

• Expanded Auto Complete (KB# Q217148)

• Windows Radio Toolbar (requires Windows Media Player - KB# Q224786)

• IE5 Repair Tool (KB# Q194177)

• FTP and Web folders (KB# Q217888 and  Q195851)

• Compatibility Mode allows users to run IE4 and IE5 side by side without needing to configure their system as dual-boot (KB# Q197311)

• Microsoft Web Accessories (KB# Q198045)

• Install On Demand (Automatic Install) for components. This feature is not available on multiple-floppy-disk installations. (KB# Q222639)

Files

• SHDOCVW.DLL - enables the browser to navigate the web, view HTML pages and link to favorites

• WININET.DLL - processes ActiveX controls

• MSHTML.DLL - this is the engine that renders HTML.

• URLMON.DLL - processes URLs to provide HTTP connectivity

Migration

Migrating from Internet Explorer 3.x

• Migration from IE 3.x will install IE5 files in the same folder as 3.x regardless of installation directory specified.. IE 3.x and 5.x cannot exist within the same computer and O/S due to conflicting registry settings.

• Migration from IE 3.x will automatically import proxy settings, favorites, and cookies, but not plug-ins. Security settings are not imported.

Migrating from Internet Explorer 4.x

• Migration from IE 4.x will install IE5 files in the same folder as 4.x regardless of installation directory specified. IE 4.x and 5.x can co-exist on the same computer and O/S if Compatibility Mode is specified during installation (KB# Q197311).

• Migration from IE 4.x will import all proxy settings, favorites, cookies, and security settings from IE 4.x. Some plug-ins may have to be re-installed.

• Channels from 4.x are moved into a Channels folder under Favorites in IE5.

Migrating from Netscape 3.x

• Migration from NN 3.x will import proxy settings, bookmarks and cookies, but not plug-ins.

• Netscape Navigator can co-exist on same computer and O/S as IE5

Migrating from Netscape 4.x

• Migration from Netscape Communicator 4.x will import proxy seetings, bookmarks and cookies, but not plug-ins.

• Netscape Communicator can co-exist on same computer and O/S as IE5.

Channels and Offline Viewing (KB# Q196646)

• Channels and Webcasting have virtually disappeared from the objectives for exam 70-080 although they played a prominent role in exam 70-079

• Channels can be preconfigured individually or in categories in Stage 4 of the IEAK. Administrator 'can delete existing channels', if present and 'Turn on desktop Channel Bar by default'.

• There are no 'partial' and 'full' subscriptions to Web sites in IE5 as was the case in IE4. The feature is now referred to as 'Offline Viewing'. (KB# Q228243)

• IE5 still uses software distribution channels as defined by the IEAK to push out new components and changes to the browser configuration through a feature called "Offline Browsing Pack".

• Administrator can import current channel settings from his/her computer into IEAK.

• Channels from IE4 are moved into a folder called Channels inside the Favorites folder.

• Sites are made available for offline viewing by adding them to the Favorites menu and selecting 'Make available offline'. Click the 'advanced' button to set scheduling and specify how many links deep (3 is maximum allowed) will be stored on your hard drive. Content can be pulled down automatically at a predetermined time or manually by using the 'Synchronize' command from under IE5's Tools menu. (KB# Q255079)

• Using the 'Synchronize..' command from IE5's Tools menu allows you to fine-tune properties for your subscriptions. You can choose between synchronizing items when your computer is first logged on, when it is idle, using a schedule, and with which connection. Selecting "Ask me before synchronzing the items" will force IE to prompt you for permission before synchronization begins at logon. When scheduling synchronization, you can have the computer wake from suspend mode and connect if needed.

• When IE5 is installed, "Check for newer version of stored pages" option is set to Automatic, regardless of previous settings. This can be accessed through Tools > Internet Options > Temporary Internet Files Settings Button. Options are "Every visit to the page", "Every time you start Internet Explorer", "Automatically" (over time, IE determines whether or not images on a page are static, even if page content is refreshed daily and adjusts image fetching accordingly), and "never". (KB# Q221538)

• To view offline content, select the "Work offline" option under IE5's File menu. This will allow you to surf content that has been pre-fetched to your hard drive. You will be prompted to reconnect (go back online) if a needed item does not exist on your hard drive. (related: KB# Q195730)

• When you are using roaming profiles and you want to keep temporary internet files from being copied to the server when the user logs off, check the "Delete saved pages when browser closed" under the Advanced tab of Internet Options. (KB# Q185255)

Security (KB# Q182569)

Zones Default Setting Add Sites Trusted Sites Low Yes Local Intranet Medium Yes Internet Medium No Restricted High Yes

Zone Permissions, default values for each zone

Low

• Download signed ActiveX controls [enabled]

• Download unsigned ActiveX controls [prompt]

• Initialize and script ActiveX controls not marked as safe [prompt]

• Run ActiveX controls and plug-ins [enabled]

• Script ActiveX controls marked safe for scripting [enabled]

• File download [enabled]

• User Authentication/Logon [Auto login w/current username and password]

Medium

• Download signed ActiveX controls [prompt]

• Download unsigned ActiveX controls [disabled]

• Initialize and script ActiveX controls not marked as safe [disabled]

• Run ActiveX controls and plug-ins [enabled]

• Script ActiveX controls marked safe for scripting [enabled]

• File download [enabled]

• User Authentication/Logon [Auto login only in Intranet zone]

High

• Download signed ActiveX controls [disabled]

• Download unsigned ActiveX controls [disabled]

• Initialize and script ActiveX controls not marked as safe [disabled]

• Run ActiveX controls and plug-ins [disabled]

• Script ActiveX controls marked safe for scripting [enabled]

• File download [disabled]

• User Authentication/Logon [Prompt for user name and password]

By default Active scripting is enabled in all security zones

In order of precedence, User profile > Group profile > Default User profile. Multiple groups are applied in order of group priority specified.

The Internet Zone contains sites that are not located in any other zone.

There is a fifth zone called the My Computer zone. It includes everything on the client computer, which is typically the hard disk and removable media drive contents but excludes cached Java classes in the Temporary Internet Files folder. You cannot configure the My Computer zone through the security zone settings in Internet Explorer. However, you can configure My Computer zone settings by using the IEAK..

Valid examples of using Wildcards when adding sites to Zones: (KB# Q184456)

• *://www.esiksha.com

• http://*.esiksha.com

• *://*.esiksha.com

Content Advisor and Content Ratings (KB# Q171985)

Based on Recreational Software Advisory Council on the Internet (RSACi) system implementation of Platform for Internet Content Selection (PICS). A specific set of HTML meta tags embedded into each page rate the content of Web sites. (Note: IIS4 does this for Virtual Web Servers by using custom HTTP headers if selected through MMC).

Content Advisor can be accessed from IE using Tools > Internet Options or from Internet Options in the Windows Control Panel, under the Content tab.

Slider used to adjust levels from 0 (least restrictive) to 4 (most restrictive). By default, rating levels for all four areas are set to 0.

Sites added to "Approved Sites" list will always be viewable regardless of rating.

Unrated sites are blocked by default, but can be viewed if "Users can see sites that have no rating" option is checked. Selecting "Supervisor can type a password to allow users to view restricted content" allows supevisors to temporarily or permanently grant access to blocked sites as needed.

These settings can be imported from the Administrator's desktop settings with IEAK and fine tuned in the IEAK Wizard.

Uninstalling Internet Explorer 5 (KB# Q217344)

• Use the ADD/REMOVE Programs applet in Windows Control Panel, select Microsoft Internet Explorer 5 and Internet Tools, click Add/Remove button. Previous configuration will be restored from the Ie5Bak.dat, Ie5Bak.ini and Ie4regun files in the \Program Files\Internet Explorer directory. (KB# Q217344)

• IE5 should be uninstalled before installing Windows 98, or you will be unable to uninstall IE5 later without having to go into the Windows Registry. (KB# Q222564)

• The "IEREMOVE.EXE" utility is not part of IE5. If it is left on your computer from IE4, do not attempt to use it to remove IE5 or "there will be... trouble."* (KB# Q243678)

• To remove IE Components, go to ADD/REMOVE Programs applet in Windows Control Panel, highlight the component you want to remove (e.g. Microsoft NetMeeting), then click Add/Remove button. Note: You must have Administrative rights to uninstall components on NT 4 machines. (KB# Q171229)

Outlook Express 5

• Now integrated with Hotmail, Microsoft's free Web-based e-mail service

• Supports SMTP (port 25) POP3 (port 110) , IMAP4 (port 143), and HTTP (port 80) mail servers. Supports NNTP (port 119) for news. Compliant with LDAP directory services (port 389).

• Can import address books from Eudora Lite and Pro thru v3.x, Netscape Address Book v2.x or v3.x, Netscape Communicator Address Book v4.x, .CSV (Comma Separated Values) text file, Microsoft Exchange Personal Address book, LDIF - LDAP Interchange format and MS Internet Mail for Win 3.1/MS Internet Mail (32-bit version).

• Can import messages from Microsoft Exchange, MS Internet Mail (32-bit version), MS Internet Mail for Win 3.1, MS Outlook, MS Outlook Express 4, Microsoft Windows Messaging, Netscape Communicator v4.x, Netscape Mail v2.x or v3.x., Eudora Light and Eudora Pro.

• Using the IEAK Wizard, you can add a standard signature to all e-mail and news messages in Stage 4, Outlook Express Compose Settings or in the IEAK Profile Manager under Wizard Settings, Outlook Express Compose Settings (Corporate Administrators ONLY)

NetMeeting

Requirements (KB# Q241159)

• Pentium 90 or higher

• Windows 95/98: 16 MB RAM

• Windows NT 4: 24 MB RAM (SP3 or higher needed also)

• MSIE 4.01 or higher

• 14 MB disk space to install, 4 MB to run

• Sound card & mic needed for audio conferencing

• Video capture card/device needed to transmit video

Ports (KB# Q158623)

This port	Is used for
389	Internet Locator Server (TCP)
522	User Location Service (TCP)
1503	T.120 (TCP) - Application Sharing
1720	H.323 call setup (TCP)
1731	Audio call control (TCP)
Dynamic	H.323 call control (TCP)
Dynamic	H.323 streaming (Real Time Protocol over User Datagram Protocol)

Miscellaneous

• Applications may be shared with other computers that do not have the applications loaded on them.

• A NetMeeting call can be started using a computer's network address, a computer name, an e-mail address, or a modem telephone number but NOT using a user name.

• NetMeeting 3 now runs only on TCP/IP. Support for IPX/SPX has been dropped.

• To restrict a user from receiving video, use NetMeeting Settings in IEAK Profile Manager.

• System policies and restrictions in the IEAK Wizard (Stage 5) using CONF.ADM can be used to remove the video tab in the NetMeeting tools menu, Options. Remove manually through IEAK Profile Manager under Policies and Restrictions, Microsoft Netmeeting, NetMeeting Settings, Restrict the use of options dialog, "Disable the 'Video' options page"

• Remote Desktop Sharing feature can be used by corporate helpdesks to lower total cost of ownership for Windows by simplifying troubleshooting via an organization's network. (KB# Q233175)

• NetMeeting 3 features a new whiteboard which is T.126 compliant, but also includes the NetMeeting 2.1 whiteboard for backwards compatibility with meeting participants using NetMeeting 2.1.

• When hosting meetings with NetMeeting 3, secure meetings are limited to data only (no audio or video). All data is encrypted in secure meetings using the default Personal Privacy digital certificate or one that has been specified by the user/administrator.

Windows Media Player

• Plays the Advanced Streaming Format (ASF) content streamed with Windows Media Services (NetShow Services, Microsoft Theatre Server), as well as most local media file types, including MPEG, WAV, AVI, MP3.

• RTP Live Audio and RTP Wav Audio formats used for streaming audio.

• Must be installed for Windows Radio Toolbar to function.

• Used to receive one way Net streamed audio and video. Do not confuse with audio and video conferencing in NetMeeting which allows collaboration.

• Does not use well-known ports so administrators will have to open ports in firewall for Windows Media Player traffic with one exception - HTTP streaming over port 80 is a popular option with Windows Media Services.

INTERNET EXPLORER ADMIN KIT 5 (IEAK)

Files

The following files must be digitally signed before distribution

• BRANDING.CAB

• DESKTOP.CAB

• IECIF.CAB

• IE5SETUP.EXE

• FOLDER.CAB

• CHL.CAB

Notes about signing files (KB# 195724)

• You need to sign any custom programs, in either .EXE or .CAB format, that you include in your browser package.

• If you expect to use Auto Install over the Internet, you must sign the .CAB files and specify in the security settings that the server hosting the .CAB files is a trusted server, or for an intranet site, set the security level to Low.

• For digital signitures, make sure you have Company Name on Certificate, .SPC file, .PVK file and URL for more information.

Major differences between roles

Mode	Customization Level
Corporate Admin	Desktop customization, security settings, proxy settings including proxy auto config, silent installation, roaming profiles, ability to manage and update browser settings/and all policies from a central server by using IEAK Profile Manager. No floppy based package distribution. Can include and completely preconfigure Outlook Express.
Internet Service Provider	Additional programs and scripts, all distribution methods, dial-in settings and server based packages. ISP can include proxy settings, but not proxy auto config settings. Cannot append signatures to messages in Outlook Express.
Internet Content Provider	Additional programs and scripts, all distribution methods but single floppy, cannot configure e-mail or proxy settings. Most restricted role.

ISP license codes are a 10-digit code that enable the creation of the single floppy distribution, which allow customers to connect to the distribution server and download software. When creating a single floppy distribution

• Users require TCP/IP and RAS to connect to ISP's Server modem

• A single .ISP file is used to direct the user to the sign-up server

• A unique .INS file is created dynamically for each user

• The ISP's 10-digit license code is used as the licensing code when connecting via the Internet

Stages

Stage 1(continued)-Feature Selection	Content Provider	Service Provider	Corporate Administrator
Corporate install features	No	No	Yes
Setup customization	No(4)	Yes	Yes
Automatic digital signing	Yes	Yes	Yes
Connection Manager	No	Yes	Yes
Browser customizations	Yes	Yes	Yes
URL customizations	Yes	Yes	Yes
Desktop customization	No	No	Yes
Favorites and Links	Yes	Yes	Yes
Channels	Yes	Yes	Yes
User Agent String	Yes	Yes	Yes
Connections customization	No	Yes	Yes
Sign-up settings	No	Yes	No
Certificate Customization	No	Yes	Yes
Security Zones and Content Ratings	No	No	Yes
Programs Customization	Yes	Yes	Yes
MS Outlook Customization	No	Yes	Yes
Policies and Restrictions	Yes	Yes	Yes

Stage 2-Specifying Setup Parameters	Content Provider	Service Provider	Corporate Administrator
Select MS Download Site	Yes	Yes	Yes
Automatic Version Synchronization	Yes	Yes	Yes
Add Custom Components	Yes(4)	Yes(4)	Yes(4)

Stage 3-Customizing Setup	Content Provider	Service Provider	Corporate Administrator
CD Autorun Customizations	Yes	Yes	Yes
More CD Options	Yes	Yes	Yes
Customize Setup	Yes	Yes	Yes
Silent Install	No	No	Yes
Installation Options	Yes(4)	Yes(4)	Yes(4)
Component Download	Yes	Yes	Yes
Installation Directory	No	No	Yes
Corporate Install Options	No	No	Yes
Connection Manager Customization	No	Yes	Yes
Windows Desktop Update	No	No	Yes
Advanced Installation Options	Yes(6)	Yes(6)	No
Components on Media	Yes	Yes	Yes
Digital Signatures	Yes	Yes	Yes

Stage 4-Customizing the Browser	Content Provider	Service Provider	Corporate Administrator
Enter Browser Title Bar/toolbar bitmap path	Yes	Yes	Yes
Browser Toolbar Buttons	Yes(7)	Yes(7)	Yes
Animated Logo	Yes	Yes	Yes
Static Logo	Yes	Yes	Yes
Important URLs	Yes	Yes	Yes
Favorites and Links	Yes	Yes	Yes(8)
Channels	Yes(9)	Yes(9)	Yes(10)
Welcome Page	Yes	Yes	Yes
Active Desktop	No	No	Yes
Desktop Toolbars	No	No	Yes
Folder Webviews	No	No	Yes
User Agent String	Yes	Yes	Yes
Connection Settings	No	Yes	Yes
Security	No	No	Yes
Security Settings	No	No	Yes
Add a Root Certificate	No	Yes	No
Sign-up Method	No	Yes	No
Sign-up Files	No	Yes	No
Sign-up Server Information	No	Yes	No
Internet Connection Wizard	No	Yes	No

Stage 5-Customizing the Browser	Content Provider	Service Provider	Corporate Administrator
Import Program Settings	Yes	Yes	Yes
Outlook Express Accounts	No	Yes	Yes
Outlook Express Custom Content	No	Yes	Yes
Outlook Express Custom Settings	No	Yes	Yes
Outlook Express View Settings	No	Yes	Yes
Outlook Express Compose Settings	No	No	Yes
Address Book Directory Service	No	Yes	Yes
System Policies and Restrictions	Yes(11)	Yes(12)	Yes(10)

1. Windows 9x and NT 4.0. Windows 3.x/WFW/NT 3.51. UNIX option not available

2. All distribution methods except single floppy disk

3. All distribution methods except single floppy disk and multiple floppy disks

4. Up to 10

5. All distribution methods

6. 'Optimize for Web Download' greyed out

7. 'Delete existing toolbar buttons, if present' greyed out

8. Only CA can delete existing favorites and links

9. 'Delete existing channels, if present' and 'Turn on desktop Channel Bar by default' options greyed out

10. Complete customization

11. Can modify Internet Settings and MS Windows Media Player only

12. Can modify above plus Microsoft Netmeeting and Identity Manager

Packages

• Download site URL is the http:// address where the software is installed from (e.g. http://www.cramsession.com/ie5) where the local path to this directory is c:\inetpub\wwwroot\ie5\. Copying the download folder from the c:\builds\<build_number>\ folder to your c:\inetpub\wwwroot\ie5\ directory will put the INSTALL.INS and IE5SITES.DAT files where they should be on the Web server.

• For CD builds, everything from the c:\builds\<build_number>\CD subdirectory onto the root of the CD (the CD subdirectory itself is not copied). The root of the CD will contain the Win32 subdirectory, AUTORUN.INF and a setup file.

• Flat Distribution stores all files in a single folder suitable for network shares, simplifying LAN installations.

• Single disk branding allows for corporate identity to be applied to systems that already have IE4 or IE5 installed. This option is available to all three roles.

• A single custom-built package can contain up to 10 separate configurations and up to 10 download sites, but only for a single language

• Only one download site can be specified when using Silent Install

• When using Silent Install, after installation the package must reboot the user's system using the /Q:U, /Q:A (silent install) and /R:A (always reboot after installation) switches. These switches can be added as part of your batch file. Use the IExpress Wizard (IEXPRESS.EXE) to pass switches to IE5SETUP. For a silent hands free installation with forced reboot use the following:
  ie5setup.exe /Q:A /C:"ie5wzd /S:""#e"" /Q /R:A"

.INF, .INS and Batch Files

.INF File Notes
(http://www.microsoft.com/TechNet/IE/reskit/ie5/part3/ch18post.asp?a=frame)

• These files contain the system policies and restrictions that the O/S uses to update the system configuration on users' computers. You can specify these settings in the Policies and Restrictions section of the IEAK Profile Manager.

• Scripts based on .INF files take advantage of the setup engine built into Windows. The advantage of using the built-in setup engine is its smaller size. Functions like copying files, adding registry entries, and creating shortcuts are already part of the Windows O/S. You need to ship only the .INF file and the program files you want to install. A separate script is required for each component that you want to install or uninstall.

• Each .INF file also contains version information. When you change configuration settings, the IEAK Profile Manager updates the affected .INF files and their version information and repackages the companion .CAB files.

.INF Install Sections
(http://www.microsoft.com/TechNet/IE/reskit/ie5/part6/appxhinf.asp)

• CopyFiles=file-list-section[,file-list-section]

• RenFiles=file-list-section[,file-list-section]

• DelFiles=file-list-section[,file-list-section]

• UpdateInis=update-ini-section[,update-ini-section]

• UpdateIniFields=update-inifields-section[,update-inifields-section]

• AddReg=add-registry-section[,add-registry-section]

• DelReg=del-registry-section[,del-registry-section]

• Ini2Reg=ini-to-registry-section[,ini-to-registry-section]

• UpdateCfgSys=update-config-section

• UpdateAutoBat=update-autoexec-section

INSTALL.INS
(http://www.microsoft.com/TechNet/IE/technote/deploy5/manage.asp)

• This file contains the browser and component settings that Internet Explorer uses to update the browser configuration on users' computers. You can specify these settings in the Wizard Settings section of the IEAK Profile Manager. Can be used to change the configuration of IE5 after installation.

• Sets of Policies and Restrictions are saved as an .ins file. These .ins files are created into two places for each package during the Internet Explorer Administration Kit Customization wizard. The first location is in the INS subdirectory, for instance, "c:\builds\<build_number>\INS\Win32\En\Install.ins." The other location is the CD subdirectory.

• IEAK Profile manager is used to open, edit, and create new .INS files to be distributed with the login script (or placed on a distribution server as configured in the IEAK) in order to centrally manage and update the user browser settings whenever users login. The auto proxy files (.JS, .JVS, .PAC) can also be distributed in this way.

• The Internet Explorer Administration Kit Wizard lets administrators pre-configure browsers with the URL of an .ins file, but this file is not created during the Internet Explorer Administration Kit Wizard process. A default install.ins file is created in the path c:\builds\<build_number>, but this file should be edited and renamed before distribution.

Switches used during IE install and in Batch Files (KB# Q200007)

• /B:iebatch.txt—Specifies the batch file to use.

• /Q—Specifies a quiet "hands-free" mode. The user is prompted for information that isn't specified.

• /Q:A—Specifies a quiet mode with no user prompts.

• /Q:C—Specifies a quiet mode with the Cancel button not displayed, so the user cannot cancel the setup program. The Internet Explorer Customization wizard uses this switch if you select the Install package silently option when you are installing as a corporate administrator.

• /M:[0|1|2|3...]—Specifies the installation mode. For customized IEAK packages, 0 refers to the first installation choice, 1 refers to the second choice, and so on (for example, 0=minimal, 1=typical (default), 2=full).

• /E:ComponentID,ComponentID—Specifies extra components to be installed regardless of the installation mode. Use this switch to specify components that aren't a part of the installation type you specified in the Customization wizard. This switch also overrides settings in the batch file, if used. The ComponentID is a string that uniquely identifies a component; you can find the corresponding string in the component sections of the IESetup.cif file.

• /S:""#e""—Designates the source path of IE5Setup.exe. The ""#e"" refers to the full path and name of the executable (.exe) file. Note that the path must be surrounded by two pairs of double quotation marks.

• /R:N—Suppresses restarting the computer after installation. If you suppress restarting, your program should take care of restarting the computer. Internet Explorer is not configured correctly until the computer is restarted.

• /D—Specifies that you want to download only the files for the current operating system.

• /D:1—Specifies that you want to download files for Microsoft Windows and Windows NT operating systems.

• /G:—Runs specified installation sections in IESetup.inf. Separate sections with commas.

• /F -(Fix)—Reinstalls all items on the user's computer that are the same version or newer. Using the /F switch ensures that no component is replaced with an earlier version.

Using IEAK 5 Policy Templates

The following policy template (.ADM) files can be found in the \Program Files\IEAK\policies\EN directory:

.ADM files can be imported into the IEAK Wizard at System Policies and Restrictions screen or imported into the IEAK Profile Manager.

The same .ADM files can be imported into the Windows Policy Editor and used to generate new system policies that can be placed in a user's logon directory on your NT domain. (CONFIG.POL for Win95/98 and NTCONFIG.POL for NT). This is the suggested method for managing Internet Explorer system policies when browsers have not been deployed using the Automatic Configuration URL. (KB#s Q161334, Q185587, Q185588, Q185589, Q185590, Q185591).

Using a text editor such as Notepad, you can modify current templates or create your own custom policy templates. (KB# Q225087)

Active and Software Distribution Channels
(http://www.microsoft.com/TechNet/IE/reskit/ie5/part5/ch22upd.asp)

• Channels are set up using a .CDF (Channel Definition File) - a mapping file containing Web site contents.

• .CDF files allow Webmasters to convert their Web site into a channel, which allows information to be pushed to the subscriber.

• Updates cannot take place more frequently than by the hour.

• A single channel can be configured to update from multiple Web sites.

• A preconfigured software distribution channel can be used to "push" out new components and configuration changes to browsers. Information is specified for this channel in the Open Software Distribution section of the .CDF file.

• Setting AUTOINSTALL="YES" causes the application to automatically be downloaded and installed.

• Personalized channels can also be created using .ASP scripts on a Microsoft Web server. (KB# Q174687)

• If IE5 is installed on a machine that IE4 has never been installed on and you want channels, add Offline Browsing Pack to your installation (it is part of IE4 but separate in IE5). To guarantee that channels work, if you have let users customize their setup choices, specify that this option (Offline Browsing Pack) won't appear as a custom installation choice. To do this, on the Advanced Installation Options wizard page, clear the Offline Browsing check box; Force Install will appear in the right-hand column. If it is not part of the installation options, you can force adding it using the /E: switch during batch mode setup. Component ID name to use is MobilePk.  

Configuration for Proxy Servers

Valid examples of using Wildcards for Bypass List in Proxy Exceptions area:

• To bypass servers, enter a wildcard at the beginning of an Internet address, IP address, or domain name with a common ending. For example, use *.cramsession.com to bypass any entries ending in .cramsession.com (such as some.cramsession.com and www.cramsession.com).

• To bypass servers, enter a wildcard in the middle of an Internet address, IP address, or domain name with a common beginning and ending. For example, the entry www.*.com matches any entry that starts with www and ends with com.

• To bypass servers, enter a wildcard at the ending of an Internet address, IP address, or domain name with a common beginning. For example, use www.cramsession.* to bypass any entries that begin with www.cramsession. (such as www.cramsession.com, www.cramsession.org).

• To bypass IP addresses with similar patterns, use multiple wildcards. For example, use 123.1*.66.* to bypass addresses such as 123.144.66.12, 123.133.66.15, and 123.187.66.13.

Automatic Detection of Browser Settings using DHCP: (KB# Q252898)

• Web Proxy Autodiscovery (WPAD) functionality is only available for Windows 2000-based Dynamic Host Configuration Protocol (DHCP) clients using Internet Explorer 5.0 or later. The DHCP server must be a Windows 2000-based server.

• To set up automatic detection of browser settings on a DHCP server, you need to create a new option type with a code number of 252. Your DHCP server must support the DHCPINFORM message. This new option must contain a text string pointing to your configuration file's URL (.PAC, .JVS, .JS, .INS).

• In the DNS database file on your DNS server, enter a host record named wpad that points to the IP address of the Web server that contains the .PAC, .JVS, .JS, or .INS automatic configuration file. -or-

• Enter a CNAME alias named wpad that points to the name (the resolved name, not the IP address) of the server that contains the .PAC, .JVS, .JS, or .INS automatic configuration file.

• After the record is added and the database file is propagated to the server, the DNS name wpad.domain.com should resolve to the same computer name as the server that contains the automatic configuration file. When using DNS, Internet Explorer constructs a default URL template based on the host name wpad—for example: http://wpad.brainbuzz.com/wpad.dat -- therefore, on the Web server wpad, you must set up a file or redirection point named WPAD.DAT, which delivers the contents of your automatic configuration file.

Miscellaneous

• Auto-proxy URL is entered in Stage 4 of the IEAK Wizard (CA only) or can be changed in the Wizard Settings > Automatic Browser Configuration area of the IEAK Profile Manager.

• If your network is configured to use DHCP and your DHCP and DNS servers have been setup as stated above, check the "Automatic Detection of Browser Settings" box in Stage 4.

• When "Do not use proxy server for local addresses" is checked, proxy server will be bypassed for NetBIOS names like "http://SERVER" but a FQDN like "http://www.server.com" or IP address like "http://192.139.36.121" would be passed to the proxy unless it appears in the Exceptions Bypass List.

Troubleshooting installation issues
(http://www.microsoft.com/TechNet/IE/reskit/ie5/part6/appxbtrb.asp?a=frame)

HResult Error Codes - identify phases when errors occur:

HResult error code	Download phase
0	Initializing (making a Temp folder, checking disk space)
1	Dependency (checking for all dependencies)
2	Downloading (server to download folder)
3	Copying (download folder to Temp installation folder)
4	Retrying (restarting download due to timeout or some other download error)
5	Checking trust
6	Extracting
7	Running (.inf or .exe)
8	Finished (installation complete)
9	Download finished (downloading complete)

Other common error codes when installing IE5

• 80100003—During install, one or more files are missing from the download folder.

• 800bxxxx—Any error starting with 800b indicates a trust failure.

• 800Cxxxx—Any error starting with 800C indicates a Urlmon failure (for example, 800C005—file or server not found, or 800C00B—connection timeout).

• 8004004—The user canceled setup.

Things to check for: (KB# Q218624)

• Use the IE Setup Log.txt file to troubleshoot where installation failed.

• Use the Active Setup Log.txt file to troubleshoot failed registry entries, file version problems, etc.

• Does the language in your customized browser match the language settings on the target machines? If mismatched, browser will install properly but WDU will not.

• When you create a new .INS file, make sure the newly repackaged .CAB files are copied to the distribution media/servers.

• Have the .CAB files been copied to the correct URL/shared directory?

• NT4 installations require at least 4 MB of free registry space if upgrading from IE2 or IE3 and 2.5 MB free space if upgrading from IE4.

Using Kiosk Mode with Internet Explorer 5: (KB# Q154780)

• Running "iexplore -k <page/URL>" (without quotes) runs IE5 in kiosk (full screen) mode

• Kiosk mode disables the toolbar, all ALT key commands and ability to toggle back and forth between full-screen and window view (F11).

• Can be used by ISPs to force display of their sign-up screens in full screen mode. (Stage 4, Sign-up Method, "Server-based sign-up using full-screen kiosk mode")

• Often used for information kiosks in conjunction with restrictive system policies such as "Disable closing of browser", "Hide all desktop icons", "Disable open menu option", etc.

• Can be set under the IEAK Profile Manager, Policies and Restrictions, Corporate Restrictions, Advanced Settings, Launch browser in full screen mode.

Connection Manager Administration Kit (CMAK)
(http://www.microsoft.com/TechNet/IE/reskit/ie5/part3/ch14conn.asp?a=frame)

Files created by CMAK based on filename entered into CMAK Wizard:

• .EXE - self extracting executable

• .CMS - configuration data for Connection Manager features like phone book and connection methods

• .CMP - stores user specified information such as the name of the .CMS file to be used.

• .INF - used for setup and installation of Connection Manager

• .SED - specifies the contents of the .CAB file and how to compress the files when the service profile is built.

Miscellaneous

• Used to create Service profiles for both Intel and Alpha systems. You must run the CMAK on it's respective O/S to create a service profile for that O/S.

• When creating profiles for another language, use the version of the O/S and the CMAK Wizard that are appropriate for that language.

• When editing profiles created with previous version of Connection Manager, CMAK Wizard auto upgrades profiles to Connection Manager 1.2.

• When changing a file name, also make sure to change the service name. Two installed profiles with same service name but different file names will not work correctly.

• Multiple service profiles can be merged into one profile.

• Realm Names are used for network routing and authentication

• Allows creation of custom Dial-up Networking Entries each having unique network authentication or routing requirements (invaluable for staff with laptops who telecommute).

• Administrators can specify which profiles use Virtual Private Networking (VPN) to establish secure communications via Point to Point Tunneling Protocoal (PPTP) with your dial-in server. Users can dial a local Point Of Presence (POP) number and still have secure access via the public Internet.

• Pre-connect actions run immediately after the user selects "connect," but before any connection is established.

• Post connect actions run after the dial-up networking connection is established. (Updating phone book information and using MCIS logon are selected here)

• Disconnect actions are run after the user chooses to disconnect, but before the connection is terminated.

• Auto-Applications are run after the connection is established, and for a VPN connection, after establishing the tunnel. Applications are run whenever a user connects to your service regardless of whether connections are dial-up or direct.

• Phone Book is used in conjunction with Connection Point Services (CPS). CPS must be installed on an NT 4 server with SP3 running at least IIS 3.0.

• To use a Connection Manager 1.2 profile, users must install Connection Manager 1.2. If users do not already have it installed, include the software in the service profile and it will be installed along with the profile. If the user has a previous version of Connection Manager, it will be automatically upgraded.

• Additional files/scripts can be added into the profile (e.g. custom scripts needed when performing connect actions).

• When CMAK is run from within IEAK Wizard (Stage 3), CMAK files are automatically bundled in with customized browser package. If CMAK is run separately, files will have to be manually added to IE distribution.

TCP/IP Troubleshooting: (KB# Q141698 and Q169790)

• Ping 'localhost' or '127.0.0.1' in order to confirm that TCP/IP is properly installed on a given system.

• If it is possible to ping an IP address but not the Fully Qualified Domain Name (FQDN), check the DNS configuration and DNS servers for possible problems.

• The NSLOOKUP diagnostic utility can be used to troubleshoot TCP/IP address/Host name resolution problems

• To view TCP/IP config info use WINIPCFG on Windows 95 and IPCONFIG/ALL on Windows NT

• Use TRACERT to determine whether the problem stems from a routing issue.

• Use PING to verify that a given server, router or gateway is functioning.

• Network monitor can be used to view TCP/IP protocol statistics for a server from a workstation and also to capture and decode TCP/IP packets.

Miscellaneous

• IEAK can be used to create 32-bit packages for Windows 95/98 and NT 4 with SP3 or higher, 16-bit packages for Windows 3.x, Windows NT 3.51, and UNIX distributions for Solaris 2.5 or greater and HP-UX 10.2 or greater.

• To build distributions of IE for the Mac you will need to use the Macintosh version of the IEAK (which only can be run on a Mac).

• The IEAK license agreement requires that distribution methods are reported quarterly.

• After the IEAK installation, and before running the Profile Manager, reboot the system.

• Advanced Version Synchronization Screen

• Red - component is missing

• Yellow - disconnected from Internet, AVS is disabled, or component is not current

• Green - component is installed and current

• Use the Synchronize button in the AVS screen to download the non-current components from the MS Web site.

• Multicasting allows bandwidth saving by sending only one copy to all users.

• Unicasting sends individual copies of a single message to all the destined users.

• New feature in IEAK 5 allows Administrators to use batch files to deploy IE5.

• In Stage 3 of the IEAK Wizard, Components on Media, the components listed have been downloaded to your computer but have not been included in a Setup Option. The components you select can be made available for auto install if users attempt to use a feature that requires these components (e.g. Macromedia Flash™ animation). This feature is called Automatic Install or Install On Demand.

• When roaming profiles are enabled and you don't want a user's Temporary Internet files stored on the server, you can use the "Delete saved pages when browser closed" option in Internet Explorer to delete all cached Internet files when a user quits Internet Explorer (Tools > Internet Options > Advanced tab). (KB# Q185255)