File Association Web Service and Resulting Internet Communication in Windows Vista

In This Section

Benefits and Purposes of the File Association Web Service

Overview: Using the File Association Web Service in a Managed Environment

How the File Association Web Service Communicates with Sites on the Internet

Controlling the File Association Web Service to Limit the Flow of Information to and from the Internet

Procedures that Limit Internet Communication Generated by the File Association Web Service

Benefits and Purposes of the File Association Web Service

The file association Web service in Windows Vista extends the scope of information stored locally by the operating system about file name extensions and the applications or operating system features to use when opening a particular file. Both the locally stored information and the file association Web service are intended to provide the user with the ability to open a file (by double-clicking) without having to specify which application or feature to open it with. The operating system associates the file name extension (for example, .txt or .jpg) with the application or feature to use when opening that type of file. For example, file name extensions .htm and .html can be associated with a Web browser that can open them.

The operating system first checks for the file association information locally. If no local information is available about the file name extension, the operating system offers the user the option of looking for more information on a Microsoft Web site. For details about the URL for this Web site, see "How the File Association Web Service Communicates with Sites on the Internet," later in this section.

Overview: Using the File Association Web Service in a Managed Environment

To limit the flow of information from the file association Web service to the Internet, you have a variety of options. You can:

  • Use firewall settings.

  • Disable the file association Web service using Group Policy.

  • Configure automatic server-based software installation through Group Policy.

  • Train users so that they understand how to specify an association between a filename extension and the application or operating system feature to be used for opening that type of file.

  • Use scripts to limit the types of files that users can store, view, or use, which will limit the likelihood that users will need to obtain information about those types of files.

How the File Association Web Service Communicates with Sites on the Internet

The file association Web service communicates with sites on the Internet as follows:

  • Specific information sent or received: If the operating system does not find local information about a file name extension, it offers the user the option of sending a query to look for more information on a Microsoft Web site. The site is language-specific. The file name extension that the user double-clicks is appended to the query. The query takes the following form:

    *http://shell.windows.com/fileassoc/***nnnn***/xml/redir.asp?Ext=***AAA

    where nnnn is a hexadecimal value used in Windows Vista to map to a language identifier (an RFC1766 identifier), and AAA is the file name extension for which information is needed. An example of a hexadecimal value and its corresponding language identifier is 0409 for en-us, English (United States).

Note

For more information about these hexadecimal values, see information about the multiple language (MLang) registry settings on the MSDN Web site at:

<https://go.microsoft.com/fwlink/?linkid=29165>  
  
To search for information about MLang registry settings or the Microsoft Internet Explorer Multiple Language application programming interface (MLang API), use the Search tool on the MSDN Web site at:  
  
<https://msdn.microsoft.com/>  
  
  • Default setting and ability to disable: The service is enabled by default. It can be disabled by using Group Policy, as described in "Disabling the file association Web service," later in this section.

    There are ways of reducing the likelihood that a person will trigger the file association Web service. One basic way is to configure automatic, server-based software installation based on Group Policy settings. For more information, see Microsoft Knowledge Base article 816102, “How to: Use Group Policy to Remotely Install Software in Windows Server 2003,” at:

    https://go.microsoft.com/fwlink/?linkid=29166

  • Trigger and user notification: When the user tries to open a file (for example, by double-clicking the file), and there is no local information about the correct application or operating system feature to use when opening the file, the operating system offers the user the option either to "Use the Web service to find the correct program" or to "Select a program from a list of installed programs."

  • Logging: No events are logged by the file association Web service.

  • Encryption, storage, and privacy: The file name extension sent in a query to the Internet is not encrypted. If the local computer’s browser is configured to store information about recently visited Internet sites, the browser will store the query containing the file name extension. Otherwise, the query containing the file name extension is not stored anywhere.

  • Transmission protocol and port: The transmission protocol is HTTP and the port is 80.

Controlling the File Association Web Service to Limit the Flow of Information to and from the Internet

If you want to limit the flow of information from the file association Web service to the Internet, you can use one or more of the following methods:

  • Use your firewall to block access to any Web site that contains the following string:

    http://shell.windows.com/fileassoc/

  • Disable the file association Web service by using Group Policy, as described in "Disabling the File Association Web Service," later in this section.

  • Configure automatic, server-based software installation. To do this, configure one or more servers with the Software Installation extension of Group Policy in Windows Server 2003. When you do this, if a user tries to open a file for which the corresponding application is not installed locally, a copy of the application (stored on a server) is installed automatically. In this situation, the file association Web service will not be triggered. For more information, see article Microsoft Knowledge Base 816102, “How to: Use Group Policy to Remotely Install Software in Windows Server 2003,” at:

    https://go.microsoft.com/fwlink/?linkid=29166

  • Train users to work with file associations as follows:

    • Instruct users that the local operating system stores an association between a file name extension and the application or feature that is used to open that type of file.

    • Provide users with information about the file name extensions for the files they need to work with most often and the application that should be used to open those files.

    • Instruct users to always click Select a program from a list of installed programs if they see a message box offering the two options: Use the Web service to find the correct program or Select a program from a list of installed programs. Also instruct users that after they initially click Select a program from a list of installed programs, they can select the check box for Always use the selected program to open this kind of file. This associates that file name extension with the program with which the user wants to open files of that type.

  • Use scripts to scan your organization’s computers for the types of files that you do not want users to store, view, or use. Take actions to ensure that these files do not remain on individual computers’ hard disks. If unwanted types of files do not exist on the hard disks, it decreases the need for the user to obtain information about the application to use for that file name extension.

How Using a Firewall to Block Access to the File Association Web Site Can Affect Users

If you use your firewall to keep users from gaining access to http://shell.windows.com/fileassoc/, users will require other sources of information to work with unfamiliar types of files. For example, if users in the normal course of work are sent a file with an unfamiliar file name extension, and the operating system does not have locally stored information about that file name extension and the application or feature to use when opening the file, users will need other sources of information to work with the file, such as a document posted on your organization’s intranet.

Procedures that Limit Internet Communication Generated by the File Association Web Service

This section contains the following information:

  • A procedure for disabling the file association Web service by using Group Policy.

  • Procedures that can be used as a basis for training users about file name extensions and the application or operating system feature to be used for opening a specific type of file.

Disabling the File Association Web Service

The following procedure explains how to disable the file association Web service by using Group Policy.

To Disable the File Association Web Service by Using Group Policy

  1. As needed, see Appendix B: Resources for Learning About Group Policy for Windows Vista, and then edit an appropriate Group Policy object (GPO).

  2. If you want the policy setting to apply to all users of a computer and to come into effect when the computer starts or when Group Policy is refreshed, expand Computer Configuration. If you want the policy setting to apply to users and to come into effect when users log on or when Group Policy is refreshed, expand User Configuration.

  3. Expand Administrative Templates, expand System, expand Internet Communication Management, and then click Internet Communication settings.

  4. In the details pane, double-click Turn off Internet File Association service, and then click Enabled.

Important

You can also restrict Internet access for this and a number of other features by applying the Restrict Internet communication policy setting, which is located in Computer Configuration\Administrative Templates\System\Internet Communication Management or in User Configuration\Administrative Templates\System\Internet Communication Management. For more information about this Group Policy and the policies that it controls, see Appendix C: Group Policy Settings Listed Under the Internet Communication Management Category in Windows Vista.

Specifying Associations Between File Name Extensions and Applications or Features

You can use the following procedure as a basis for training users about file name extensions and the application or operating system feature to be used when opening a specific type of file.

To Associate a File Name Extension with a Program

  1. In Windows Explorer or on the desktop, right-click a file that has the file name extension that you want to associate with a program.

  2. Click an option, depending on what is available:

    • If Open With is available, point to Open With and then click Choose Default Program.

    • If Open With is not available, click Open, click Select a program from a list of installed programs, and then click OK.

  3. Choose a program from the list, or use the Browse button to find and choose a program.

  4. Select the check box for Always use the selected program to open this kind of file.

Additional References

For more information about automatic server-based software installation based on Group Policy settings, see the Microsoft Knowledge Base article 816102, “How to: Use Group Policy to Remotely Install Software in Windows Server 2003,” at:

https://go.microsoft.com/fwlink/?linkid=29166