Running the Customization Wizard
The Customization wizard is a step-by-step process organized into five stages:
- Stage 1: Gathering Information
- Stage 2: Specifying Setup Parameters
- Stage 3: Customizing Setup
- Stage 4: Customizing the Browser
- Stage 5: Customizing Components
The following sections provide summaries for the five wizard stages. They cover key information about each stage. You can obtain information about wizard options by clicking Help on each screen of the wizard.
Before running the wizard, you should consider reviewing Appendix D, "Checklists for Preparing to Use the IEAK." The checklist specifies the information and files you need to supply depending on your role.
Stage 1: Gathering Information
The Stage 1 options are as follows:
- Company Name and Customization Code - First, enter your customization code, provided to you by Microsoft, and your company name. You also need to select your role in this step. The roles - based on your license agreement - are corporate administrator, ISP, or ICP/developer. If you are an independent software vendor (ISV), choose the ICP/developer role.
- Platform Options - Determine the platforms that you need to support. All IEAK users can build browser packages for Windows 32-bit and 16-bit versions of Internet Explorer. Corporate administrators can also build UNIX browser packages. For more platform-specific information, see Chapter 4, "Working with Different Platforms."
- File Locations - Select the destination folder. You can build a custom package on the computer where you are running the Internet Explorer Customization wizard, and then move the files to servers where users will download them. Another option is to build the files on a network server on your local area network (LAN) or on a Web server, such as Microsoft Internet Information Server (IIS).
When you build a custom package, folders for each media type are created in your build folder. For flat (network) and download (Web) packages, you can build at the location from which the files will be downloaded.
If your build computer is also set up as a Web server, you can build in a folder from which your users can download the files. For example, if you use IIS, the Web server structure on your local hard disk could be: C:\Inetpub\Wwwroot\Build1. If you build your custom packages in that folder and add a Web page that links to the IE5Setup.exe file in the \Download\platform\language folder, users can download and install the setup program from your Web server.
To see more options, click the Advanced Options button, which will display the Advanced Options dialog box, as shown in the following illustration.
In the Advanced Options dialog box, you'll find the following settings:
- Check for latest components via Automatic Version Synchronization - Select this check box to indicate that the Customization wizard should check on the Internet for the latest versions of components when you create your custom package. By default, this setting is selected. In most cases, this default is the recommended setting. If you have downloaded the IEAK from the Internet, you must run the Customization wizard with Automatic Version Synchronization (AVS) at least once, so that the wizard can check for updated versions of components. For more information about AVS, see Chapter 16, "Customizing Setup."
- Path of .INS file to import settings from - To use an existing .ins file as the starting point for a new custom package, enter the full path to the .ins file. You can save time by importing settings from an .ins file if the settings needed for the new package are similar to those of an existing package. After the settings have been imported, you can use the Customization wizard to refine them to fit your needs.
- Component Download folder - Use this box to specify the location for the components and setup files that you'll download. If you change this location, the AVS feature will not be able to determine whether you have the latest components available. You should change this folder only if you plan to retain the files that you downloaded the last time you ran the wizard for archiving, and you want to download a new set of components.
- Language Selection - Specify a target language so that your build can be placed in a localized subfolder for the appropriate platform and media type. You must run the Customization wizard for each language version that you plan to deploy. For strategies for doing this efficiently, see Chapter 17, "Time-Saving Strategies That Address Diverse User Needs."
Note You can install a language version of Internet Explorer that doesn't match your operating system, provided that you are not installing the Windows Desktop Update. If users attempt to install the browser with the Windows Desktop Update in a language different from that of the operating system, only the browser will be installed.
In addition, if you are a corporate administrator, and you import your security zones from a different language version of Internet Explorer, there may be some unrecognizable characters in the users' Security Zones user interface.
- Media Selection - Select the distribution methods you plan to use: download (for Internet or intranet download), compact disc, flat (for network download), multiple floppy disks (ISPs and ICPs only), single floppy disk (ISPs only), or single-disk branding. You will need additional disk space for each type of media that you select.
You can use single-disk branding to customize the browser on computers where Internet Explorer 4.01 Service Pack 1 or higher is already installed. Single-disk branding enables you to customize Internet Explorer features, including Internet sign-up (if you're an ISP), without reinstalling Internet Explorer. This option, however, does not enable you to package and install custom components. It creates a Setup.exe file in the \BrndOnly folder of your build folder, which you can distribute on any media or on a server.
- Feature Selection - On this screen, select the features that you want to customize or clear the features that you don't want to see.
Stage 2: Specifying Setup Parameters
Windows Update Setup for Internet Explorer 5 and Internet Tools is a small, Web-based setup package that lets users install the latest Internet Explorer components directly from a Web site. When Windows Update Setup downloads Internet Explorer 5, it breaks it up into several small segments. This makes it possible, in the event of a failure or dropped connection, to restart an installation from where it was interrupted, instead of having to start over from the beginning.
The Stage 2 options are as follows:
- Download Locations - Select the Microsoft site from which you will download the browser and other Internet components you plan to deploy. It's recommended that you choose a location close to your region.
- Automatic Version Synchronization - Download or update Microsoft components used to build the package. You must download Internet Explorer to proceed with the wizard. You should also download any component that you plan to install or make available to users using Automatic Install. For more information about Automatic Install, see Chapter 16, "Customizing Setup."
- Add Custom Components - Enter information about the optional custom components that you want to include. This option can be helpful if you have custom programs or scripts that you want to distribute with Internet Explorer. For more information about creating custom components, see Chapter 12, "Preparing for the IEAK."
Stage 3: Customizing Setup
You can customize the setup program in several different ways. In addition to specifying screen options in the wizard, you can also use a setup batch file or command-line switches. For more information, see Chapter 16, "Customizing Setup."
The Stage 3 options are as follows:
- CD-ROM Autorun Customizations - If you are creating a CD-ROM package, specify an optional custom CD-ROM Autorun screen. The Autorun screen is a graphical interface that appears when users insert the CD-ROM for 32-bit versions of Internet Explorer. To create the screen, you'll need to provide a path to a bitmap and specify other graphical options. For more information about graphics requirements, see Chapter 12, "Preparing for the IEAK," and Appendix D, "Checklists for Preparing to Use the IEAK."
- More CD Options - For more information, provide a text file - such as a readme file - that appears as a link from the Autorun screen. Another option is to specify an HTML page that opens in the user's browser in Kiosk mode, without the toolbar showing.
Note To customize the CD Autorun screens, you must create a CD build of Internet Explorer. If you do not see the CD-ROM Autorun Customizations or the More CD Options screens, and you want to set CD-ROM custom options, click Back until you see the Media Selection screen. Then, select the CD-ROM option, and click Next until you see the CD-ROM screens.
- Customize Setup - Use this option to customize how the setup program appears to your users. You can change the title bar and the graphic that appears when users run the Windows Update Setup wizard. If you provide a group of customized components, you can assign a name to them. For more information about customizing the appearance of the setup program, see Chapter 12, "Preparing for the IEAK," Chapter 16, "Customizing Setup," and Appendix D, "Checklists for Preparing to Use the IEAK."
- Silent Install (corporate administrators only) - Depending on how you plan to install your custom packages, decide whether to provide your users with an interactive installation, a hands-free installation with prompts if errors occur, or an installation with no prompts.
Note In a silent install, you can specify only one installation option and one download site for your users.
The following settings determine how much interaction occurs between the setup program and the user:
- If you want to provide an interactive installation for your users, in which they make installation decisions, click Interactive install.
- If you want to provide a hands-free installation, in which users aren't prompted to make decisions, but are informed of the installation progress and errors, click Hands-free install.
- If you want your users to install the custom browser without receiving prompts, click Completely silent install. You should select this option when you want to control all setup options and suppress feedback to the user. If installation does not finish successfully, users will not see an error message.
- Installation Options - Specify up to 10 unique installation options. You can also determine which components are included with each option.
Installation options can be helpful if your users have different needs. For example, if you're an ISP, you might want to create a setup option for customers who subscribe to a specific set of services. If you're a corporate administrator, you might want to specify setup options for different divisions of your company.
Note If you are installing Internet Explorer 5 on a computer that has never run Internet Explorer 4.0, and you want your users to have channels, add the Offline Browsing Pack to your installation.
- Download Sites - Specify at least one download site, using an HTTP or FTP server, from which your users can download your package. You can, however, specify up to 10 sites for downloads. You must place all the Microsoft components and custom components at each URL you specify.
- Component Information - Decide whether you'll have your users download additional components from Microsoft, or install components from your original media or download servers by using a custom add-on component page. The component page appears when users click the Tools menu, and then click Windows Update or click the Add/Remove Programs icon in Control Panel. For more information about setting up a custom component page, see Chapter 12, "Preparing for the IEAK."
- Installation Directory - Decide how to handle the installation directory. You can allow the user to choose the location for installing Internet Explorer, or you can specify the location. You can specify a folder in the Windows folder, the Program Files folder, or enter a complete custom path. If Internet Explorer is already installed on the user's computer, the new version is installed over the existing version. The customized browser, in that case, is not installed in the custom location you specify.
- Corporate Install Options (corporate administrators only) - Decide to what extent users can customize the setup program. You can specify whether they can run a custom installation to add or remove specific components, or select the Internet Explorer compatibility mode. You can also specify whether the uninstall information is saved or whether Internet Explorer is set as the default browser.
Note Less disk space is needed if the uninstall information is not saved on the user's hard disk. However, in that case, the user will not be able to remove Internet Explorer 5 by clicking the Add/Remove Programs icon in Control Panel, and some troubleshooting steps may be more difficult. For more information, see Chapter 11, "Setting Up and Administering a Pilot Program."
- Advanced Installation Options - Further customize the setup program by having it detect whether a component already exists on the user's computer and by fine-tuning which components users can add if they customize the setup process.
If you want the setup program to detect whether the same version of a component is already installed on the user's computer, select the Optimize for Web download check box. If a version of the same component is already installed, and it will work with Internet Explorer 5, the setup program does not download it. This can save download time.
If your users can customize their installations, but you don't want them to customize specific components, clear the check boxes for the components that you do not want the users to be able to customize. Force Install appears in the right column beside the components that will be installed automatically with the browser.
- Connection Manager Customization (ISPs and corporate administrators only) - Use the Connection Manager Administration Kit (CMAK) to customize and manage how users connect to the Internet. With the CMAK, you can change the appearance and settings of the Connection Manager dialer. For more information about the Connection Manager Administration Kit, see Chapter 14, "Customizing Connection Management and Settings."
- Windows Desktop Update (corporate administrators only) - Decide whether to include the Windows Desktop Update. The Windows Desktop Update makes the desktop and folders look and work more like the Web. Although the Windows Desktop Update is not a part of Internet Explorer 5, you can include it with your custom package. If your users are running Windows 98, they already have the desktop features.
If you choose to install the Windows Desktop Update, you can customize its settings in Stage 4 of the wizard if your build computer is running one of the following configurations:
- Internet Explorer 5 upgraded from Internet Explorer 4.0 with the Windows Desktop Update installed
- Internet Explorer 5 and Windows 98, which includes the new desktop
This option can be helpful in configuring a corporate standard desktop.
- Digital Signatures - Determine whether to digitally sign files. If you have a publisher certificate from a certification authority or from Microsoft Certificate Server, you can have the Customization wizard sign your custom package. Digital signatures show where programs come from and verify that they haven't been altered. Signing custom files can be critical if users are downloading Internet Explorer from the Internet or an intranet that isn't specially configured, since security settings in the user's browser can prevent unsigned controls and programs from being downloaded.
To prepare certificates for use by the IEAK, you can import them to your computer by using the Certificate Manager Import wizard. Then, in the Customization wizard, specify the paths to the software publishing certificates (.spc) and private key (.pvk) files, or click Browse to locate them. For more information about importing certificates, see Chapter 12, "Preparing for the IEAK."
Stage 4: Customizing the Browser
In this stage, you can customize the appearance and functionality of the browser. ISPs can also specify settings for Internet sign-up.
The Stage 4 options are as follows:
- Browser Title - Use this option to customize the text that appears in the title bar of the Internet Explorer Web browser and Outlook Express, if you include Outlook Express in your package. Type the string that you want to appear. It will be added after the text "Microsoft Internet Explorer Provided by" or "Outlook Express Provided by."
- Browser Toolbar Buttons - Use this option to customize the toolbar buttons in the user's browser. You can specify the script or program that the buttons launch, as well as their appearance. For more information about designing custom programs, see the MSDN Online Web site. For more information about designing toolbar icons, see Chapter 12, "Preparing for the IEAK."
- Internet Explorer Logos - Determine whether you want to customize the logo. The Internet Explorer logo in the upper-right corner of the browser appears in two states: animated when the browser is in use and static when no action is taking place. You can replace the logo bitmap with your own animated or static bitmap. For more information about preparing the logo files, see Chapter 12, "Preparing for the IEAK," and Appendix D, "Checklists for Preparing to Use the IEAK."
If you use an animated bitmap, the first frame appears static when no action is taking place in the browser, and the remaining frames appear animated when the browser is in use. To use your own animated logo, you must provide two animated bitmaps; one should be 22-by-22 pixels and the other 38-by-38 pixels.
If you use a static bitmap, it will appear static whether or not any action is taking place in the browser. To use your own static logo, you must provide two bitmaps; one should be 22-by-22 pixels and the other 38-by-38 pixels. Type the paths of the small and large custom static bitmaps in the boxes on this page.
- Important URLs - Determine whether you want to specify URLs for the home, search, and online support pages.
The home page, sometimes known as a start page, appears when the user clicks the Home button. Internet Explorer can show a default home page, or you can specify a URL for your own page.
The Search bar appears in the Explorer bar on the left side of the screen. This bar enables a user to see the search query and search results at the same time. The Search bar comes with the Search Assistant and multiple search engines. You can overwrite this page if you want.
In Internet Explorer, support information is available by clicking Help, and then clicking Online Support. It's recommended that you develop a support page and make it available to your users.
- Favorites and Links - Customize the Favorites folder and Links bar by adding links. For example, you might want to add links related to your organization or services. You can add links to the default folders or add new folders. When a user clicks Favorites, the Favorites list appears on the left side of the window. The Links bar appears by default at the top of the user's screen, and it comes with a set of default links.
You can move Favorites to the top of the users' Favorites list, so they are easier for the user to find. If you are a corporate administrator, you can also delete items on the users' Favorites and Links lists. It is recommended that you use this setting with caution, however, because it removes the links and favorites that the users have set up for their own use.
To add a folder to the Favorites list or Links bar
- Click Favorites, Links, or a folder within Favorites or Links, and then click Add Folder.
- Type the name of your folder in the Name box. This can be a friendly name that helps the user recognize what types of links are in the folder.
Note You can import a folder containing links by clicking Import, or you can click an existing folder to create a new subfolder.
To add a Web page to the Favorites list or Links bar
- Click Favorites, Links, or a folder within Favorites or Links, and then click Add URL.
- Type a name for this Web page in the Name box. This can be a friendly name that helps the user recognize what the link refers to.
- Type the path of your link in the URL box.
- To specify a 16-by-16-pixel custom icon, type the name of the file in the Icon box.
- To make this page available to users when they aren't connected to the Internet, select the Make available offline check box. This option is often helpful for users with laptop computers.
Note Do not use semicolons and slashes in the titles of Links or Links folders.
- Channels - Add a custom channel or channel category (folder), or import the channel settings from your computer. When you import channels, you can further customize them. For example, you could import your channel settings, but delete one of the channels you import.
To add channels, you should already have information about your channel or channel category, such as the path to the images and the titles you want to use. You should also have a Channel Definition Format (.cdf) file for each channel.
If you are a corporate administrator, you can delete existing channels on the user's computer. You can also set up the Channel bar on the user's desktop if you are setting up the Windows Desktop Update or installing Internet Explorer 5 on Windows 98 computers.
For more information about channels and dimensions for these files, see Chapter 12, "Preparing for the IEAK," and Appendix D, "Checklists for Preparing to Use the IEAK."
- Welcome page - Determine whether to customize the welcome page, which Internet Explorer displays when the browser is first started. You can display the default Internet Explorer welcome page, or you can specify your own custom welcome page. The welcome page can be different than the home page, which is the page that opens when the user starts the browser after the first time or clicks the Home button.
- Folder Webviews (corporate administrators only) - Use this option to customize how My Computer and Control Panel appear on your company's computers by customizing the files that serve as templates for them. Then, if the user installs the Windows Desktop Update, My Computer and Control Panel can appear as Web pages. One reason to customize these folders is to provide instructions, a company logo, or links to support or corporate sites. To customize Folder Webviews, specify the path to the custom Mycomp.htt file for My Computer and Controlp.htt for Control Panel. For more information about preparing these files, see Chapter 12, "Preparing for the IEAK."
- User Agent String - Some companies track site statistics, such as how many times Web content is accessed and by which types of Web browsers. User agent strings help identify the browser type when compiling those statistics.
You can append a custom string to the user-agent string for Internet Explorer. You do not need to customize the user-agent string, unless you want to track the usage of your custom browser and you gather browser statistics from other Internet sites.
Your customized string will appear in any statistics that include the user-agent string. Because other companies that track statistics will see your customized string, avoid using a string that you don't want others to see.
The following syntax shows a user-agent string to which a customized string has been added:
Mozilla/4.0(compatible; MSIE 5.0; WindowsNT; YourCustomString)
- Automatic Configuration (corporate administrators only) - Assign URLs to files that will automatically configure the customized browsers. This feature is helpful if you want to control the settings of several users from one central location. For more information about automatic configuration, see Chapter 21, "Using Automatic Configuration and Automatic Proxy."
You can configure options by using .ins files, which you can edit with the IEAK Profile Manager. You can include standard proxy settings in the .ins file. For 32-bit and 16-bit versions of the browser, you can also specify script files in JScript (.js), JavaScript (.jvs), or proxy automatic configuration (.pac) format that enable you to configure and maintain advanced proxy settings.
If you specify URLs for both automatic configuration and automatic proxy, the automatic proxy URL will be incorporated into the .ins file. The correct form for the URL is http://share/test.ins.
Network servers using Domain Name System (DNS) and Dynamic Host Configuration Protocol (DHCP) can automatically detect and configure a browser's proxy settings using proxy configuration keys.
You can specify the interval in minutes for the automatic configuration feature. If you enter zero or don't enter a value, automatic configuration happens only when the user's computer is restarted.
- Connection Settings - Preset connection settings for your users by importing the connection settings from your computer. To import the settings on your computer, click Import the current connection settings. If the settings displayed are not the settings you want to use, you can change them. If you are a corporate administrator, you can clear the existing settings on your users' computers by clicking Delete existing connection settings, if present. For more information about connection settings, see Chapter 14, "Customizing Connection Management and Settings."
- Desktop Toolbars (Corporate administrators only) - Determine whether to support desktop toolbars. If users have the new desktop, they can add toolbars to the Windows taskbar. These toolbars make it easier for them to get to programs, files, folders, subscriptions, and favorite Web pages. They can also position toolbars on any part of your desktop and resize them. To specify desktop toolbars, you must include the Windows Desktop Update in your browser package, and run the desktop on your build computer. You can import your current settings by clicking Import the current Desktop Toolbar settings.
- Active Desktop - Determine whether to provide the Active Desktop. The Active Desktop enables users to put Web content, such as weather maps that update on a regular schedule, on their desktops. You can import the settings on your desktop as the corporate standard so that all users have the same desktop. In the next stage of the wizard, you can determine whether users can change those settings. You must include the Windows Desktop Update in your browser package and be running the desktop on your build computer. To use your current settings as the standard desktop for your company, click Import the current Active Desktop components.
- Add a Root Certificate - Add a root certificate to your custom package by typing the URL into the New root certificate path box. The root certificate provides a level of trust that certificates lower in the hierarchy can inherit. Each certificate is inspected for a parent certificate until it reaches the root certificate.
- Sign-up Method (ISPs only) - If you are an ISP, use this option to specify how users sign up with your service and connect to the Internet. You can create server solutions that exchange information with the screens of the Internet Connection wizard or with the browser in Kiosk mode, without toolbar buttons showing. You can also select a serverless sign-up method. This method doesn't require a sign-up server; it works locally on the user's computer instead. The server-based solutions provide a more dynamic way to interact with users and update information, but serverless sign-up enables you to sign users up for Internet services without a sign-up server. For more information about Internet sign-up, see Chapter 13, "Setting up Servers," and Chapter 20, "Implementing the Sign-up Process."
- Sign-up Files (ISPs only) - Use this option to include sign-up files. The Customization wizard checks for copies of the Internet sign-up files and prompts you to copy them to the build folder. After you copy them, you can modify the Internet sign-up (.isp) and Internet settings(.ins) files. If you choose to modify these files, additional screens of the wizard will be displayed so that you can change their settings.
If you have entered these settings manually in the past, you may find the graphical method more intuitive. If you prefer to enter these settings manually, however, you can have the wizard check for these files and then copy them to the build folder.
- Sign-up Server Information and Internet Settings Files (ISPs only) - Use these options to specify sign-up options. On the Sign-up Server Information screen, you can configure your users' dial-up connections, so they can make a connection to your Internet server. On the Internet Settings Files screen, you provide settings that the Customization wizard uses to generate an .ins file. The .ins file can be posted on your server or incorporated into the custom package you are creating for serverless sign-up. For more information about Internet sign-up, see Chapter 13, "Setting up Servers," and Chapter 20, "Implementing the Sign-up Process." Note that some options may not be displayed, depending on the type of sign-up solution you are preparing.
Enter the dialing and connection information, and then click Advanced Options to configure the following:
- Use static DNS address - To ensure that all DNS servers will be searched in an attempt to map name and IP addresses, select this check box and type a primary and alternate address. DNS is a set of protocols and services for Transmission Control Protocol/Internet Protocol (TCP/IP) networks. DNS enables you to use "friendly names," such as www.microsoft.com, instead of numeric addresses.
- Requires Logon - Set this if you need to ensure that the client computer has Windows logon authentication turned on. Providing a Windows password enables access to the Windows password cache, where the ISP password is stored. This option is particularly useful if you assign long random strings as passwords. This option is valid for Windows 95 and Windows 98 clients only.
- Negotiate TCP/IP - Specifies whether to enable TCP/IP negotiation in establishing an Internet connection.
- Disable LCP - Indicates whether to use the Link Control Protocol (LCP) extensions in establishing a Point-to-Point protocol link. If the sign-up server cannot handle LCP extensions, then you should disable LCP on the client computer that will be connecting to your server. This value is valid for Windows NT 4.0 clients only.
- Dial number as shown - Use this option to prevent a default area code from being set. You might want to set this option if, for example, some users might be calling from an area code different from the default. If users aren't aware that the default area code differs from their current area code, they could unexpectedly incur long-distance charges.
- Encrypt passwords - Use to specify that only encrypted passwords can be sent to, or accepted by, your computer. This option is useful if you need additional security for a connection. The computer you are connecting to must support encrypted passwords for this option to take effect.
- Use software compression - Use to specify whether incoming or outgoing information is compressed before it is sent. This option is useful to speed up the transfer of information. Compression occurs only if both computers are using compatible compression.
- Use IP header compression - Determine whether to use TCP/IP header compression. This compression is designed to improve the efficiency of bandwidth use over low-speed serial links. It typically optimizes data transfer between computers. By reconstructing a smaller header that identifies the connection and indicates the fields that changed, fewer bytes can be transmitted. For compression to work, packets must arrive in order.
Compression may not always be desirable. For example, if you are using older equipment, you may not be able to use compression. For the sake of interoperability, serial-line IP drivers that allow header compression should include some sort of user-configurable flag to disable compression.
- Use default remote gateway - Use to specify whether IP traffic is routed to the wide area network (WAN) connection by default. A gateway is a connection or interchange point that connects two networks that otherwise would be incompatible.
- Branding file information - You can specify whether to apply branding information to or modify branding information in the Internet sign-up or Internet settings file that you create by using the Customization wizard.
- Internet Connection wizard (ISPs only) - You can specify the Internet Connection wizard (ICW) as the tool that customers use to sign up for Internet services. You can create server solutions that exchange information with the screens of the ICW. This feature is not available for the serverless sign-up method. For more information about Internet sign-up, see Chapter 13, "Setting up Servers," and Chapter 20, "Implementing the Sign-up Process." For more information about preparing graphics files for ICW sign-up, see Chapter 12, "Preparing for the IEAK," and Appendix D, "Checklists for Preparing to Use the IEAK."
You will need to include the Dynamic HTML Data Binding component with your browser package to ensure that the Internet Connection wizard can interact with your server. Data binding allows the wizard page to display the list of .isp files in Signup.txt. You can specify that this option does not appear as a custom installation choice, so that users cannot choose not to install it. To do this, on the Advanced Installation Options screen, clear the Dynamic HTML Data Binding check box; Force Install will appear in the right-hand column.
- Security (corporate administrators only) - Use certification authorities and Authenticode technology to help manage security. You can use certification authorities to control the sites where users can download certain content, such as ActiveX controls. Site authorities are a form of digital certificate for an Internet site.
Authenticode technology is used to show where programs come from and verify that they haven't been altered. You can import these settings from your computer. If you want to modify the settings that you will apply to your users' computers, click Import current certification authorities, and then click Modify Settings. You can then use Certificate Manager to view and manage your certification authorities information. Certificates can apply to network server authentication, network client authentication, secure e-mail authentication, and software publishing.
You can use Authenticode technology to designate software publishers and credentials agencies as trustworthy. You can also import these settings from your computer. If you want to modify the settings that you will apply to your users' computers, click Import current Authenticode security information, and then click Modify Settings.
- Security Settings (corporate administrators only) - Use this option to manage security zones and content ratings for your company. You can customize the settings for each security zone. Through content ratings, you can also prevent users from viewing content that may be considered offensive. If you want to modify the settings that will be installed on your users' computers, click Import the current security zone settings setting, and then click Modify Settings. In Stage 5, you can also specify whether users will be able to change their security settings.
Note that the following settings do not apply to UNIX and 16-bit versions of the browser:
Settings not available for
UNIX versions of the browser |
16-bit versions of the browser |
ActiveX controls and plugins |
Active scripting |
Font download |
Font download |
Software channel permissions |
Software channel permissions |
Launching applications and files |
Launching applications and files from an IFRAME element |
Installation of desktop items |
Installation of desktop items |
|
User authentication |
Internet Explorer 5 helps you control the types of content that your users' computers can access on the Internet. You can adjust the settings to reflect what you think is appropriate content in four areas: language, nudity, sex, and violence. If you want to modify the ratings that you will apply to your users' computers, click Import the current content ratings settings, and then click Modify Settings. You can then modify your settings by using Content Advisor.
Note Content Advisor uses very cautious ratings standards when you first enable it. You can adjust these settings to match your own preferences. Not all Internet content is rated. If you choose to allow others to view unrated sites, some of those sites could contain inappropriate material.
Stage 5: Customizing Components
In this stage, ISPs and corporate administrators can customize Outlook Express and Windows Address Book settings, if these components are included with their Internet Explorer package. For more information about Outlook Express, see Chapter 2, "Microsoft Internet Explorer 5 Components."
Corporate administrators who are distributing UNIX packages can also specify UNIX-specific file associations and default programs.
Corporate administrators, ISPs, and ICPs/developers can specify Internet settings. To see the current settings, click the Tools menu in Internet Explorer, and then click Internet Options. Corporate administrators can also determine whether users can change their settings.
The Stage 5 options are as follows:
- Servers and Accounts - Specify the e-mail and news servers and indicate whether you will require users to log on using Secure Password Authentication (SPA) to access a server. You can use also "lock down," or control, account settings for your users. When users set up their accounts, such as e-mail and news, those accounts will be configured using the restrictions you specify.
You can specify the following server and account information:
- Choose mail server type - Select the protocol that your e-mail servers are running. You can choose Post Office Protocol 3 (POP3), used by most Internet subscribers for e-mail, or Internet Mail Access protocol (IMAP), used mainly by corporate users who want to read their e-mail from a remote location. POP3 servers allow access to a single inbox, while IMAP servers provide access to multiple server-side folders.
- Incoming mail server - Type the fully qualified server address in the text box - for example, pop01.microsoft.com. Then, click Log on using SPA (Secure Password Authentication) if your POP3 or IMAP server requires authentication from a Security Support Provider Interface (SSPI) provider such as NT LAN Manager (NTLM).
- Outgoing mail (SMTP) server - Specify the SMTP server for outgoing e-mail. In some cases, the SMTP server may have the same name as your POP3 server - for example, smtp.microsoft.com. Type the fully qualified SMTP server address in the text box. Then, click Log on using SPA (Secure Password Authentication) if your SMTP server requires authentication from an SSPI provider such as NTLM.
- Internet news server - Specify the Internet news server by typing in an Network News Transfer Protocol (NNTP) address. NNTP is the protocol used to distribute network news messages to NNTP servers and to NNTP clients (news readers) on the Internet. Type the NNTP address in the text box - for example, nntp.microsoft.com. Then, click Log on using SPA (Secure Password Authentication) if your NNTP server requires authentication from an SSPI provider such as NTLM.
- Make all preconfigured accounts read-only - Select this option to create account settings that can be viewed, but not modified, by users.
- Prevent deletion of all preconfigured accounts - Select this option to prevent users from deleting accounts that you have preconfigured for them.
- Prevent configuration of additional accounts for users with preconfigured accounts - Select this option to prevent users from creating accounts in addition to the preconfigured accounts created for them. This option is recommended for corporate administrators only.
- Outlook Express IMAP Settings - Create default IMAP settings for your users. These settings are preconfigured for users when they create their IMAP accounts. The root folder path is the mailbox that contains all of the users' folders on the IMAP server. For Cyrus servers, all users' folders must be contained in the Inbox folder. For UNIX-based IMAP servers, e-mail is usually stored in its own folder in the user's home folder - for example, ~username/Mail. Do not end the root folder path with a hierarchy character. For example, ~username/Mail is a valid root folder path, but ~username/Mail/ is not. Some IMAP servers, such as Microsoft Exchange Server, do not require a root folder path.
To specify that folders for the users' sent messages and in-progress messages should be created on the IMAP server, select Store special folders on IMAP server. You can also specify the path for the Sent Items folder and Draft folder. These paths will be used by all users who create IMAP accounts.
To automatically poll all of an IMAP user's subscribed folders for changes in the number of messages, select Check for new messages under the Check for new messages in subscribed folders area. This polling happens when the user starts Outlook Express as well as at the user's regular e-mail-polling interval. If this option is not selected, Outlook Express checks for new messages only in the Inbox.
- Outlook Express Custom Content - Give Outlook Express a custom look and welcome new users with an e-mail message by using this option. The Outlook Express InfoPane is an area for content providers to place helpful information and links. You can customize this pane with support numbers, frequently asked questions (FAQs), and information about your company. This can be a URL to a file on a server or a local file.
The InfoPane appears as a 50-pixel high panel at the bottom of the Outlook Express main window. You can customize the InfoPane with an HTML file that is either a local file or an Internet address (URL). If you specify a local file, that file will be copied into your custom package and subsequently copied onto the user's computer during installation.
Note The InfoPane does not appear as part of the Outlook Express user interface, unless a URL or file is specified in the Customization wizard.
You can also provide a welcome message as the first item in each user's Inbox. The welcome message is an HTML file. You must also provide the sender's friendly name - for example, your company or organization name - and the recipient's e-mail address. The Customization wizard does not provide a way to add an image to the welcome message. However, if you edit the welcome message outside of the IEAK, you can add a link to an image from the Web.
- Outlook Express Custom Settings - Use this option to specify Outlook Express settings that will apply to all of your users. These include setting a default e-mail and news client. Also, you can provide information that users need to obtain additional e-mail accounts. Finally, you can provide a default message rules file for your users.
If you want Outlook Express to start whenever a user clicks an e-mail link in Internet Explorer, select the Make Outlook Express the default mail program check box. If you want Outlook Express to start whenever a user clicks a news link in Internet Explorer, select the Make Outlook Express the default news program check box. The default e-mail client setting is also used by many programs when a user sends documents by e-mail. Note that this replaces any current default e-mail client that the user has specified.
You can specify one or more newsgroups that you want your users to be subscribed to automatically. For example, your ISP or organization may have several newsgroups that provide assistance and information beneficial to your users.
You can add a menu item that users can click to get an additional e-mail account from your ISP. This entry is added to the New Account From menu in Outlook Express. Type the name of your ISP in the Service Name box. Then, type a URL in the Service URL box. When the user chooses this service name from the menu, the Web page is opened. An account number, which can be specified in the .ins file, and a unique identifier for the user will be sent to the ISP when the Web page is opened.
- Outlook Express View Settings - Customize views that determine which elements of Outlook Express are displayed and how they are displayed.
You can use the following basic settings to determine which elements of the Outlook Express interface are included in the default view for new users.
- To include the Folder bar as a default for users, select the Folder bar check box.
- To include a list of e-mail and news folders in the left column, select the Folder list check box.
- To display a tip every time Outlook Express is started, select the Tip of the Day check box.
- To display the status bar, which appears at the bottom of the Outlook Express window, select Status Bar.
- To display the Outlook Bar, a horizontal bar that displays certain folders, such as the Inbox, select Outlook Bar.
You can choose whether you want users to see the toolbar and whether you want to include text on it. The toolbar appears at the top of the Outlook Express window. It contains buttons that correspond to common commands and can be configured by the user.
You have the option of including a message preview pane for your users' default view of e-mail and news messages. The preview pane can either be a horizontal pane located below the list of messages, or a vertical pane located beside and to the right of the list of messages. The preview pane includes a preview pane header area that can be used to display message header information, including the From, To, Cc, and Subject lines of the message.
- Outlook Express Compose Settings - Use this setting to include a default signature, such as a corporate disclaimer, that will appear in Outlook Express newsgroup or e-mail messages. A disclaimer is often used to show that messages submitted by employees over the Internet do not represent official company policies. The maximum size of the signature is 1 KB. You can append signatures only to newsgroup messages, only to e-mail messages, or to both types of messages.
By default, e-mail messages are composed in HTML, and news postings are composed in plain text. You can choose to override these settings with the HTML vs. plain text for mail and news messages setting. For example, in an environment where bandwidth is limited or many users have simple e-mail programs that cannot understand HTML, changing the default to plain text might make sense.
- Windows Address Book Directory Service - Specify additional directory service options for the Windows Address Book. Directory services are powerful search tools that help your users find people and businesses around the world. The Windows Address Book supports LDAP (Lightweight Directory Access Protocol) for accessing directory services, and it comes with built-in access to several popular directory services.
You can specify the following Address Book Directory Service settings:
- Service Name - Type the friendly name of your LDAP service. This is the name that will be displayed to your users.
- Server Name - Type the name of the directory service you want to add, such as ldap.AcmeISP.com or ldap.switchboard.com. If you require authentication for an SSPI package, such as NTLM, for users who access these services, click the Logon using SPA check box. Basic authentication using a user name and password combination can be configured by using .ins files.
- Service Web Site - Use this setting to specify the service Web site. This is the directory service's home page that appears if the user clicks the Start button, points to Find, clicks People, and then clicks Web Site.
- Search base - Identify the search base, which is sometimes known as the root or scope. The search base, which is the hierarchical level that a given LDAP server uses to search, can be a country, organization, or other type of grouping. The Outlook Express default for the search base when none is specified is "c=us." To specify no search base, type NULL.
- Service bitmap - Specify a custom 134-by-38-pixel, 16-color .bmp file to identify the directory service. To ensure consistent color mapping, it is highly recommended that you use only the Windows 16-bit color palette when composing the bitmap. To locate the .bmp file on your computer, click Browse.
- Search timeout - Specify how long your users will wait before the browser times out a search request by using the slider to set a time value between 30 seconds and 5 minutes.
- Maximum number of matches to return - Control the maximum number of results that can be returned to your users by typing the number in this box.
- Name resolution - To have Outlook Express resolve names against the server when a user sends a message, select Check names against this server when sending mail. This setting instructs Outlook Express to look up e-mail addresses for names typed on the To, Cc, and Bcc lines of an e-mail message.
- UNIX Mappings (corporate administrators only) - If you are deploying a UNIX package, specify options for associating extensions and MIME (Multipurpose Internet Mail Extensions) types with a program so that the appropriate program starts when a user clicks a link. To create a new association, click New. To remove an association, click Delete.
Type the associations, description, extensions, and the MIME type to associate with each program. A MIME type enables a browser to differentiate between different file types using a type designation rather than a file extension.
Type the command line or program that you want to execute when a file is opened or a link of this type is clicked. If a script is placed into the bin folder of the installation directory, you do not need to include path information. You should include the program name, followed by a space, and %1 as shown in the following example:
component %1
- UNIX Programs - Use these settings to specify which programs will run when the user performs tasks related to e-mail, newsgroups, or printing, or when the user views the HTML source of a page.
Type the name of the program to use as a default e-mail client, or select the Use Outlook Express as default e-mail client check box. Type the name of the program to use for reading and posting (sending) newsgroup messages, the name of the program to use for printing tasks, and the name of the program to use when the user views the HTML source of Web pages.
Type the name of the folder that contains additional font caches you would like to install with this browser package. A font cache is a summary listing the characteristics of fonts that are available on a display. A font cache is used by Internet Explorer for UNIX to efficiently determine the best match for the fonts requested by each page of content. There is a different font cache for each combination of server release and font path. A number of prebuilt font caches are supplied with the product. They are installed into the following folder and listed in the readme file located there: /path/Common/Fontcache.
When Internet Explorer starts for the first time, the program checks the /path/Common/Fontcache folder for the appropriate font cache file. If Internet Explorer is started with an X server or font path that is not represented in the preinstalled set, the program creates a new font cache for that configuration.
The first time the user runs Internet Explorer, the browser starts more slowly if a prebuilt font cache is not available. After Internet Explorer is started again with the same configuration, it uses the same font cache. To reduce initial startup time, you can create font caches in advance for your most common configurations and add them to your custom package using the Customization wizard.
If you would like to add additional font caches to your browser package, carry out the following procedure.
To add a prebuilt UNIX font cache
- Install and run the browser using the configurations for which you want to create font caches.
- For each configuration, identify the newest files in the Fontcache folder of the Common subfolder. This is the font cache that was built automatically for your current configuration.
- After you create caches for your common configurations, move the caches to a place accessible from the Windows computer where you will be running the Internet Explorer Customization wizard.
- On the UNIX Programs screen in the Customization wizard, type the location of the appropriate font caches in the Font Directory box. These font caches will then be built into your custom package and installed in the Fontcache folder during the setup process.
Note To add font caches to existing installations, you can copy them into the Fontcache folders.
- System Policies and Restrictions - Use these settings to make desktop, shell, and security options consistent across your organization. Corporate administrators, ISPs, and ICPs/developers can specify default settings for their users.
Corporate administrators can customize and restrict numerous settings, ranging from whether users can delete printers to whether they can add items to their desktops. For more information, see Appendix E, "Setting System Policies and Restrictions."
The settings displayed in the wizard are contained in administration (.adm) files that come with the IEAK. If you are familiar with .adm files, you can use the wizard to import the policies and restrictions you have set up in your own .adm files by clicking Import.
To set system policies and restrictions
- Double-click each category to display the options.
- Select or clear the check boxes you want.
User settings that are stored in a central location can follow users as they log on from computer to computer. This feature can, for example, benefit users who need low security settings, but who use a computer that is typically operated by someone whose security settings are very restrictive.