GPO for IE8
If you’re using Active Directory and Group Policies to administer computers on customer networks, suggest they adopt Internet Explorer 8 to get more than 100 new Group Policies that you can use to maintain a stable configuration.
This brings the total Internet Explorer Group Policies to 1,300. Some of the more important settings that can be controlled are the security enhancements, such as SmartScreen Filter (which differentiates between real and fake websites), and encryption support. You can find the full list of settings at www.microsoft.com/downloads/details.aspx?familyid=AB4655F2-0A3C-42EB-974D-24B2790BF592&displaylang=en
You can set the policies in several ways, depending on the tools you use for other Group Policy management. The Windows Server Group Policy page on TechNet (http://technet.microsoft.com/en-us/windowsserver/grouppolicy/default.aspx) has useful suggestions, including downloading the Group Policy Management Console (GPMC). You can also control the settings using GPEdit at a local level. GPEdit can be launched by running GPEDIT.MSC, or by editing a GP object from the GPMC.
If you think IE8 is a step too far for your customers at the moment, you can block the automatic download of IE8 from customer sites using Microsoft’s Internet Explorer 8 Blocker Toolkit (www.microsoft.com/downloads/details.aspx?FamilyID=21687628-5806-4ba6-9e4e-8e224ec6dd8c&displaylang=en), and there’s no time-out on the toolkit so you can keep IE8 at bay for as long as you want.