Windows Gadgets and Windows Sidebar to Go

windows_7_gadgetsThe Microsoft marketing department has decided to label a few of the incredible Windows features in Windows 7 and Windows 8 as ‘To Go’. Prime examples, of course, are ‘BitLocker-To-Go’ (encryption of removable drives) and ‘Windows-To-Go’ (running Windows from a removable drive).

This week, I’m labeling the Windows Sidebar (Windows Vista) and Windows Desktop Gadgets (Windows 7) features as ‘To-Go’, after seeing the announcement for the ‘We have you by the gadgets’ presentation by Mickey Shkatov and Toby Kohlenberg at Black Hat 2012 (due July 26) and the proactive reaction by Microsoft, resulting in KnowledgeBase article 2719662.

Of course, both Gadget and Sidebar technology have been little to no use for businesses. Microsoft has already made the brave decision to leave out this functionality in Windows 8, so even if you’re extremely loyal towards Microsoft you can now tell your colleagues and customers they were right when they advised you to disable these features.

Windows Server 2008 and Windows Server 2008 R2 can be used as Terminal Servers. On these platforms both the Windows Sidebar and Windows Desktop Gadgets are unavailable, even with the Desktop Experience feature enabled. You could hack this functionality in your platform with the instructions on Win2008R2Workstation.com, but you haven’t walked that road, right?

Luckily, you can even help them out by disabling this, apparently very security-prone, technology in your current Windows deployments.

 

Active Directory, what else?

I feel Active Directory is the easiest way to disable the Windows Sidebar (Windows Vista) and Windows Desktop Gadgets (Windows 7) functionality, using Group Policy. But alternatively you can edit the registry (using your favorite centralized management tool) or use the Fix-it buttons in the Microsoft KnowledgeBase article.

Disabling the Windows Sidebar (Windows Vista)

To disable the Windows Sidebar in Group Policy, follow these steps:

  1. Log in to a Windows Vista-based administrative workstation, a Windows Server 2008-based management server or a Windows Server 2008-based Domain Controller with an account that has sufficient rights to manage Group Policies.
  2. Open the Group Policy Management Console (GPMC) or Advanced Group Policy Management (AGPM) console and create a new Group Policy object (GPO). Give it a meaningful name, that adheres to the Group Policy Naming Convention within your company.

Tip!
If you’re not using the Group Policy Management Console yet, download it for free and deploy it.

  1. Right-click the newly group policy object and choose to edit it. This will open the Group Policy Editor (gpedit.msc)
  2. Under Computer Configuration double click Administrative Templates, double click Windows Components, and then double click Windows Sidebar.
  3. Change the value of the Turn off Windows Sidebar setting to Enabled:
  4. Right click on Turn off Windows Sidebar.
  5. Select Properties from the menu.
  6. Select the Enabled radio button.
  7. Close the Group Policy Editor.
  8. Apply the newly configured Group Policy object to an Organizational Unit (OU) with the computers where you want to disable the Windows Sidebar. Use WMI filtering if you want to scope down the effect of this policy (for instance: you want to exclude Windows XP, windows 7 and Windows 8 clients).

Tip!
It is a best practice to first deploy a freshly created Group Policy object to a test Organizational Unit (OU), before deploying it to your production environment.

Disabling Windows Gadgets (Windows 7)

To disable Windows Gadgets in Group Policy, follow these steps:

  1. Log in to an Widnows 7-based administrative workstation, a Windows Server 2008 R2-based management server or a Windows Server 2008 R2-based Domain Controller with an account that has sufficient rights to manage Group Policies.
  2. Open the Group Policy Management Console (GPMC) or Advanced Group Policy Management (AGPM) console and create a new Group Policy object (GPO). Give it a meaningful name, that adheres to the Group Policy Naming Convention within your company.
  3. Right-click the newly group policy object and choose to edit it. This will open the Group Policy Editor (gpedit.msc)
  4. Under Computer Configuration double click Administrative Templates, double click Windows Components, and then double click Desktop Gadgets.

Turn Off Desktop Gadgets in GPO (click for original screenshot)

  1. Change the value of the Turn off Desktop Gadgets setting to Enabled:
  2. Right click on Turn off Desktop Gadgets.
  3. Select Properties from the menu.
  4. Select the Enabled radio button.
  5. Close the Group Policy Editor.
  6. Apply the newly configured Group Policy object to an Organizational Unit (OU) with the computers where you want to disable the Windows Gadgets. Use WMI filtering if you want to scope down the effect of this policy.

Tip!
It is a best practice to first deploy a freshly created Group Policy object to a test Organizational Unit (OU), before deploying it to your production environment.

After the targeted computers restart, or after the Group Policy background refresh interval (by default this is 90 to 120 minutes) the Windows Sidebar and Windows Desktop Gadgets will be disabled on it.

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.