File Association Web Service and Resulting Internet Communication in Windows Server 2008

Applies To: Windows Server 2008

In This Section

Benefits and Purposes of the File Association Web Service

Overview: Using the File Association Web Service in a Managed Environment

How the File Association Web Service Communicates with Sites on the Internet

Controlling the File Association Web Service to Limit the Flow of Information to and from the Internet

Procedures for Limiting Internet Communication Generated by the File Association Web Service

Benefits and Purposes of the File Association Web Service

The file association Web service in Windows Server 2008 extends the scope of information stored locally by the operating system about file name extensions and the applications or operating system features to use when opening a particular file. Both the locally stored information and the file association Web service are intended to provide you with the ability to open a file (by double-clicking) without having to specify which application or feature to open it with. The operating system associates the file name extension (for example, .txt or .jpg) with the application or feature to use when opening that type of file. For example, file name extensions .htm and .html can be associated with a Web browser that can open them.

The operating system first checks for the file association information locally. If no local information is available about the file name extension, the operating system offers you the option of looking for more information on a Microsoft Web site. For details about the URL for this Web site, see How the File Association Web Service Communicates with Sites on the Internet, later in this section.

Overview: Using the File Association Web Service in a Managed Environment

To limit the flow of information from the file association Web service to the Internet, you have a variety of options. Some of these options are:

  • Use firewall settings.

  • Disable the file association Web service using Group Policy.

  • Train those who work on servers so that they understand how to specify an association between a filename extension and the application or operating system feature to be used for opening that type of file.

  • Use scripts to limit the types of files that can be stored, viewed, or used on computers in your organization, which will limit the likelihood that anyone will need to obtain information about those types of files.

How the File Association Web Service Communicates with Sites on the Internet

The file association Web service communicates with sites on the Internet as follows:

  • Specific information sent or received: If the operating system does not find local information about a file name extension, it offers you the option of sending a query to look for more information on a Microsoft Web site. The site is language-specific. The file name extension that you double-click is appended to the query. The query takes the following form:

    *https://shell.windows.com/fileassoc/***nnnn***/xml/redir.asp?Ext=***AAA

    where nnnn is a hexadecimal value used in Windows Server 2008 to map to a language identifier (an RFC1766 identifier), and AAA is the file name extension for which information is needed. An example of a hexadecimal value and its corresponding language identifier is 0409 for en-us, English (United States). The string represented by AAA is the extension only, not the file name.

Note

For more information about these hexadecimal values, see information about the multiple language (MLang) registry settings on the MSDN Web site at:

<https://go.microsoft.com/fwlink/?linkid=29165>  
  
To search for information about MLang registry settings or the Microsoft Internet Explorer Multiple Language application programming interface (MLang API), use the Search tool on the MSDN Web site at:  
  
[https://go.microsoft.com/fwlink/?LinkID=140](https://go.microsoft.com/fwlink/?linkid=140)  
  
  • Default setting and ability to disable: The service is enabled by default. It can be disabled by using Group Policy, as described in "Disabling the file association Web service," later in this section.

  • Trigger and user notification: When you try to open a file (for example, by double-clicking the file), and there is no local information about the correct application or operating system feature to use when opening the file, the operating system offers the option either to "Use the Web service to find the correct program" or to "Select a program from a list of installed programs."

  • Logging: No events are logged by the file association Web service.

  • Encryption, storage, and privacy: The file name extension sent in a query to the Internet is not encrypted. If the local computer’s browser is configured to store information about recently visited Internet sites, the browser will store the query containing the file name extension. Otherwise, the query containing the file name extension is not stored anywhere.

  • Transmission protocol and port: The transmission protocol is HTTP and the port is 80.

Controlling the File Association Web Service to Limit the Flow of Information to and from the Internet

If you want to limit the flow of information from the file association Web service to the Internet, you can use one or more of the following methods:

  • Use your firewall to block access to any Web site that contains the following string:

    https://shell.windows.com/fileassoc/

  • Disable the file association Web service by using Group Policy, as described in "Disabling the File Association Web Service," later in this section.

  • Train those who work on servers to work with file associations as follows:

    • Instruct them that the local operating system stores an association between a file name extension and the application or feature that is used to open that type of file.

    • Provide those who work on servers with information about the file name extensions for the files they need to work with most often and the application that should be used to open those files.

    • Instruct those who work on servers to always click Select a program from a list of installed programs if they see a message box offering the two options: Use the Web service to find the correct program or Select a program from a list of installed programs. Also instruct them that after they initially click Select a program from a list of installed programs, they can select the check box for Always use the selected program to open this kind of file. This associates that file name extension with the program with which the person wants to open files of that type.

  • Use scripts to scan your organization’s computers for the types of files that you do not want to be stored, viewed, or used. Take actions to ensure that these files do not remain on individual computers’ hard disks. If unwanted types of files do not exist on the hard disks, it decreases the need for anyone to obtain information about the application to use for that file name extension.

Procedures for Limiting Internet Communication Generated by the File Association Web Service

This section contains the following information:

  • A procedure for disabling the file association Web service by using Group Policy.

  • A procedure that can be used as a basis for training those who work on servers about file name extensions and the application or operating system feature to be used for opening a specific type of file.

Disabling the File Association Web Service

The following procedure explains how to disable the file association Web service by using Group Policy.

To Disable the File Association Web Service by Using Group Policy

  1. As needed, see Appendix B: Resources for Learning About Group Policy for Windows Server 2008, and then edit an appropriate Group Policy object (GPO).

  2. If you want the policy setting to apply to all users of a computer and to come into effect when the computer starts or when Group Policy is refreshed, expand Computer Configuration. If you want the policy setting to apply to users and to come into effect when users log on or when Group Policy is refreshed, expand User Configuration.

  3. Expand Policies (if present), expand Administrative Templates, expand System, expand Internet Communication Management, and then click Internet Communication settings.

  4. In the details pane, double-click Turn off Internet File Association service, and then click Enabled.

Important

You can also restrict Internet access for this and a number of other features by applying the Restrict Internet communication policy setting. This setting is located in either Computer Configuration or User Configuration, under Policies (if present), in Administrative Templates\System\Internet Communication Management. For more information about this Group Policy and the policies that it controls, see Appendix C: Group Policy Settings Listed Under the Internet Communication Management Category in Windows Server 2008.

Specifying Associations Between File Name Extensions and Applications or Features

You can use the following procedure as a basis for training those who work on servers about file name extensions and the application or operating system feature to be used when opening a specific type of file.

To Associate a File Name Extension with a Program

  1. In Windows Explorer or on the desktop, right-click a file that has the file name extension that you want to associate with a program.

  2. Click an option, depending on what is available:

    • If Open With is available, point to Open With and then click Choose Default Program.

    • If Open With is not available, click Open, click Select a program from a list of installed programs, and then click OK.

  3. Choose a program from the list, or use the Browse button to find and choose a program.

  4. Select the check box for Always use the selected program to open this kind of file.