Windows Media Player
(Note: This topic describes not just Windows XP Professional with Service Pack 2, but also Windows XP Professional with Service Pack 3.)
On This Page
Benefits and Purposes of Windows Media Player
Overview: Using Windows Media Player in a Managed Environment
How Windows Media Player Communicates with Sites on the Internet
Controlling Windows Media Player to Limit the Flow of Information to and from the Internet
Procedures for Configuration of Windows Media Player
This section describes Windows Media Player 9 Series, the version of Windows Media Player that is included with Windows XP Professional with SP2. Other versions of Windows Media Player might differ from the version described in this section. For more information, see the Windows Media Web site at:
https://www.microsoft.com/Windows/WindowsMedia/
Benefits and Purposes of Windows Media Player
Microsoft Windows Media Player (also called the Player) enables users to play and organize digital media files on their computers and on the Internet. Users can listen to radio stations, search for and organize digital media files, and (with the necessary hardware) play CDs and DVDs, create custom CDs, and copy files to a portable device.
With the latest version of Windows Media Player and the Group Policy settings in the associated Administrative template (Wmplayer.adm) in Windows XP with SP2, you can configure the Player to control access to certain consumer features. The management and deployment features enable you to bring customized media functionality to your organization’s employees to enhance productivity.
It is beyond the scope of this white paper to describe all aspects of maintaining appropriate levels of security in an organization where users connect to sites on the Internet or download items from the Internet. This section, however, provides information about Windows Media Player that can help you to balance your organization’s requirements for communication across the Internet with your organization’s requirements for protection of networked assets.
For more information about deploying and managing Windows Media Player in an enterprise environment, see links on the Windows Media Web site at:
https://www.microsoft.com/Windows/WindowsMedia/
The Enterprise Deployment Pack (EDP) for Windows Media Player 9 Series is a downloadable packaging tool that you can use to centrally configure, deploy, and manage Windows Media Player 9 Series in your organization. To download the EDP, or to download a white paper that is part of the EDP, see the Windows Media Web site at:
https://go.microsoft.com/fwlink/?LinkId=29521
Overview: Using Windows Media Player in a Managed Environment
Windows Media Player is an integral component of Windows XP. Windows Media Player is not an optional Windows component and cannot be uninstalled. You can, however, use an answer file to hide entry points to the user interface. You can also customize the Player to make certain aspects of it either available, for limited use, or unavailable to the user in accordance with policies in your organization.
There are a variety of options available to you when considering how you want your users to interact with Windows Media Player. To help you assess what level of control to apply to your organization, the following table summarizes some of the configuration options.
Options for Controlling Communication with the Internet Through Windows Media Player
Options |
Degree of Control |
|---|---|
No access to Windows Media Player: Control users’ ability to see Windows Media Player icons and start Wmplayer.exe. For more information, see "Procedures for Configuration of Windows Media Player," later in this section. |
Least access to media content (and no access to the Internet through Windows Media Player), but least flexible. With this option, users can be prevented from starting the Player. |
Allow access only to specific Internet sites: Allow users to use Windows Media Player, but with access to only those Internet sites that are approved for access by an organization’s policies. Use an inclusion list (through the firewall or proxy or both). |
Restricted access to Internet, but requires knowledge of which external sites are trustworthy. |
Allow Internet access only to selected users: By restricting Internet access to selected users, restrict communication between Windows Media Player and Internet sites. For example, place most users on a network with a firewall that blocks Internet access. |
Access to Internet only available to users who need it most. Implies that training is provided to selected users, who are held accountable. |
Limit the Windows Media Player features that can be used: Allow users to use Windows Media Player, but with access to only certain features. Use Group Policy settings to configure Windows Media Player on clients. To do this, you must update the appropriate Administrative template, Wmplayer.adm, to a version that contains the new settings for Windows XP with SP2. For more information, see "Controlling Windows Media Player to Limit the Flow of Information to and from the Internet" and "Procedures for Configuration of Windows Media Player," later in this section. Also, see Appendix B, “Learning About Group Policy and Updating Administrative Templates.” |
Moderate control and moderate flexibility. With this option, the user has access to the Player, but you maintain control over which options they are able to use. |
Free access: Allow free access for all. |
Highest access to the Internet and media content. |
The following subsections describe how Windows Media Player 9 Series communicates with the Internet and how to control the flow of information to and from the Internet. It also gives procedures for using Group Policy to control the user interface, playback, and networking for Windows Media Player.
How Windows Media Player Communicates with Sites on the Internet
The Windows Media Player interface opens locally when the user navigates through Start\Programs or Start\All Programs, or else clicks the shortcut on the desktop. When the user selects either Media Guide, Radio Tuner, Premium Services, or Skin Chooser/More Skins from the Player taskbar, Windows Media Player connects to www.WindowsMedia.com through either a local area network (LAN) or a modem connection.
Communication with the WindowsMedia.com Site
When a connection is made with the Internet, WindowsMedia.com provides the following key features.
Metadata retrieval
Metadata submission
Media guide
Radio tuner
Premium services
Codec download
Player update
Newsletter signup
Downloadable skins
Downloadable visualizations
Downloadable plug-ins
Downloadable device service providers (SPs)
Customer experience improvement program
Windows Media digital rights management (DRM) Internet access
Communication with Other Sites
WindowsMedia.com is a Web site operated by Microsoft and is tightly integrated into Windows Media Player. Media Guide and Radio Tuner are Web pages provided by WindowsMedia.com. All of the CD audio data, DVD data, radio presets, and information in the Info Center View pane of the Now Playing feature also come directly from WindowsMedia.com. Other services provided by WindowsMedia.com include the Player updates and download support for codecs, skins, and visualizations. (A codec—compressor/decompressor—is software that compresses or decompresses audio or video data.)
To support the playback of secure content, Windows Media Player will also contact:
Non-Microsoft DRM license servers
Microsoft DRM upgrade service
The other common Internet connections that Windows Media Player makes are to media servers that are run by content providers.
Data Exchanged During Communication with the Internet
The following subsections describe various aspects of the data that is sent to and from the Internet through Windows Media Player, and how the exchange of information takes place:
Information Sent or Received When Specific Features Are Used
Default Settings and Triggers
Logging, Encryption, Identification of User, and Privacy
Transmission Protocols and Ports
Enabling and Disabling Features
Important Group Policy settings such as Prevent CD and DVD Media Information Retrieval affect the way that Windows Media Player communicates with the Internet. For more information, see "Controlling Windows Media Player to Limit the Flow of Information to and from the Internet," later in this section.
Information Sent or Received When Specific Features Are Used
When a user uses one of the features of the Player listed previously, information is sent to or from the Internet as follows:
Non-Microsoft digital rights management (DRM) license servers. When users try to play back content protected with Microsoft DRM technology, the Player will try to acquire a license for the content from a license server. The license acquisition process might also update the user's DRM revocation and exclusion lists. These lists are used to block compromised applications from accessing secure content.
Microsoft DRM upgrade service. The upgrade service provides users with the option to upgrade their DRM components in case the secure content that they want to play requires an upgraded component that supports the higher level of security.
Media servers run by content providers. To provide streaming media, it is necessary for Windows Media Player to communicate directly with a media server. These servers are typically operated by non-Microsoft content providers, and are not under Microsoft control.
Metadata retrieval. When the user triggers a metadata request (see the bulleted item, "Triggers and user notifications" in “Default Settings and Triggers,” later in this section), a CD table of contents or DVD identification is sent from the user's computer, and then metadata is retrieved. The metadata can include album art, track names, lyrics, and even artist biographical information. The metadata is stored in the user's media library for offline use.
Metadata submission. This is a service that enables users to submit corrections to the WindowsMedia.com metadata database. A cookie on the client is accessed by WindowsMedia.com (unless the cookie is blocked). The CD table of contents or DVD identification and the user's corrected metadata are sent to WindowsMedia.com.
Media guide. Media Guide is a set of Web pages, hosted within the Windows Media Player interface, that focuses on streaming media. A cookie on the client is accessed by WindowsMedia.com (unless the cookie is blocked) and WindowsMedia.com sends the Media Guide Web page.
Radio tuner. Radio Tuner is a set of Web pages, hosted within the Windows Media Player interface, that focuses on Internet radio stations. A cookie on the client is accessed by WindowsMedia.com (unless the cookie is blocked) and WindowsMedia.com sends the Radio Tuner Web page, with presets (if the cookie is not blocked).
Premium services. Premium Services is a set of Web pages, hosted within the Windows Media Player interface, that enables users to visit and subscribe to premium content service providers. A cookie on the client is accessed by WindowsMedia.com (unless the cookie is blocked) and WindowsMedia.com sends the Premium Services Web page, which displays a list of media content that can be played in the Player.
Codec download. This service enables users to acquire certain codecs during playback if they are not resident on the user's system. A codec identifier is sent to codecs.microsoft.com. A codec is downloaded and installed if available.
Player update. This service enables a user to learn about and acquire updated Windows Media Player components, but only if the user is logged on as an administrator. The version number and the language of the installed Player (for example, English) are sent to autoupdate.windowsmedia.com. Information about available updates is returned and the user can accept or decline the updates.
Newsletter signup. The Media Guide provides a link to the Microsoft Network (MSN) newsletter service so that users can sign up for MSN Entertainment newsletters. A cookie on the client is accessed by the Microsoft Web site (unless the cookie is blocked). Any sign-up for MSN Entertainment newletters is done through newsletters.msn.com.
Downloadable skins. In the Tools menu, under Download, Skins links to a Web page that contains extra downloadable skins. A cookie on the client is accessed by WindowsMedia.com (unless the cookie is blocked) and the Skins Web page is sent back in Internet Explorer.
Downloadable visualizations. In the Tools menu, under Download, Visualizations links to a Web page that contains extra downloadable visualizations. A cookie on the client is accessed by WindowsMedia.com (unless the cookie is blocked) and the Downloadable Visualizations Web page is sent back in Internet Explorer.
Media library. Media Library lists the user’s collection of audio and video files, as well as links to sources for audio and video. This information can be accessed by other software on the user’s computer and on the Internet.
Downloadable plug-ins. In the Tools menu, under Download, Plug-ins links to a Web page that contains new features that can be added to Windows Media Player. A cookie on the client is accessed by the Microsoft Web site (unless the cookie is blocked) and the Plug-ins Web page is sent back in Internet Explorer.
Downloadable device service providers (SPs). In the Tools menu, under Download, Portable Device SPs links to the Cool Devices Web page, one of the Windows Media 9 Series Web pages on the Microsoft Web site. This Web page offers users information about a variety of portable media devices and gives users the option of purchasing these devices online. Users can also download media drivers for those devices. A cookie on the client is accessed by the Microsoft Web site (unless the cookie is blocked) and the Cool Devices Web page is sent back in Internet Explorer.
Customer experience improvement program. This option, which is available through Tools\Options\Privacy, specifies whether to send anonymous Windows Media Player usage information to Microsoft. The anonymous information obtained from the user is used to improve the Player and related services.
Cookies. Windows Media Player uses the Internet as a networking and information source. When accessing the Internet, cookies may be downloaded to the user’s computer or uploaded to a media service.
Site logs. Servers that provide media content create two types of logs as follows:
Raw IIS log. On servers that provide media content, a standard Internet Information Services (IIS) log records all requests to the server. This log includes the IP address of the client and a cookie. It is not encrypted.
Tracking log. Servers that provide media content also have a tracking log that records all requests. It includes the IP address of the client and a cookie. The log is neither encrypted nor correlated with personally identifiable information.
The Player also generates a streaming media log and sends it to any media servers that exist on your network. For more information, see "Logging, Encryption, Identification of User, and Privacy," later in this section.
Default Settings and Triggers
The following list describes default settings in Windows Media Player as well as the triggers that might initiate communication between Windows Media Player and the Internet.
Important Group Policy settings such as Prevent CD and DVD Media Information Retrieval affect the way that Windows Media Player communicates with the Internet. For more information, see "Controlling Windows Media Player to Limit the Flow of Information to and from the Internet," later in this section.
Default settings: Some of the Windows Media Player features and options are enabled by default. One option not enabled by default is the globally unique identifier (GUID) that uniquely identifies the Player. Another option that is not enabled by default is metadata that is downloaded for files.
Triggers and user notifications: The features that can initiate communication with the Internet are triggered individually by various user interactions as listed below. With some features, the user is presented with a Web page that is both a notification and a trigger, providing items for the user to click in order to complete a download. With other features, the user may or may not be notified at the time of the trigger, as described in this list.
Metadata retrieval
Notification. The user is not notified.
Trigger. When the user first inserts a CD or DVD, or when the user requests detailed information (for example, by using the Media Details button), information is retrieved automatically from WindowsMedia.com.
Metadata submission
Notification. The user is notified.
Trigger. When the user submits corrected metadata for files, CDs, and DVDs, information is sent to WindowsMedia.com.
Media guide
Notification. The user is not notified.
Trigger. The media guide is triggered automatically if the user selects the Start Player in Media Guide check box on the Player tab in the Options dialog box, or when the user selects Media Guide from the taskbar.
Radio tuner
Trigger and notification. When the user selects Radio Tuner from the taskbar, the Radio Station Selection Web page is triggered, and the user can select from the page.
Premium services
Trigger and notification. When the user selects Premium Services from the taskbar, the Premium Services Web page is triggered, and the user can select from the page.
Codec download
Notification. There is no Windows Media Player pop-up message. If the site from which a codec is being downloaded is not a trusted site, a security dialog box will pop up. The Windows Media Player status bar will indicate that a codec is being downloaded.
Trigger. The trigger occurs when a user tries to play media content requiring a codec that is not on the user's computer.
Player update
Notifications. The user is notified. The user is prompted to download, but can decline to do so.
Trigger. At a set frequency (for example, weekly), if the user is online and is logged on as an administrator, a check is made for updated Windows Media Player components. This can be disabled through Group Policy.
Newsletter signup
Trigger and notification. The user selects Subscribe to the Newsletter on the Media Guide. If a user fills in the Web page offering newsletter options and then clicks Subscribe, the user is signed up.
Downloadable skins
Trigger and notification. Users select More skins from the Skin Chooser menu, which brings up the Skins Web page. When users select a skin from this screen, they are prompted to accept or reject the download. If they accept, the skin is downloaded.
Downloadable visualizations
Trigger and notification. The user selects Download Visualizations from Tools\Download\ Visualizations, which brings up the Downloadable Visualization Web page. When the user selects a visualization from this page, they are prompted to accept or reject the download. If the user accepts, the visualization is downloaded.
Downloadable plug-ins
Trigger and notification. Users select Download Plug-ins from Tools\Download\Plug-ins or from View\Plug-ins, or they select Look for Plug-ins on the Internet in Tools\Options\Plug-ins, which brings up the Plug-ins Web page. When users select a plug-in from this screen, they are prompted to accept or reject the download. If they accept, the plug-in is downloaded.
Downloadable device SPs
Trigger and notification. Users select Tools\Download\Portable Device SPs, or they select Supported portable devices and drivers from the Items on the Device drop-down list in the Copy to CD or Device window. When the user purchases a portable device or driver, the device or driver is downloaded.
Customer experience improvement program
Trigger and notification. Users select the following check box in Tools\Options\Privacy: I want to help make Microsoft software and services even better by sending the Player usage data to Microsoft. If they accept, Microsoft will collect anonymous information about their hardware configuration and how they use the software and services so that Microsoft can identify trends and usage patterns. If the user accepts, there is no notification at the time information is transferred.
Media library
Trigger and notification. The trigger occurs when the user adds purchased media to the library from WindowsMedia.com or another media vendor. Access can be turned off through the Media Library tab in Tools\Options.
Cookies
Notification. The way that Windows Media Player handles cookies sent from a Web site depends on privacy settings that affect Internet Explorer, Outlook Express, Windows Media Player, and any other programs that rely on these settings. These settings control whether cookies are allowed, cookies are blocked, or the user is prompted before a cookie is allowed. The settings are controlled through the Internet Explorer component, although you can also configure these settings through the Player. To do this, in the Player, on the Tools menu, click Options, click the Privacy tab, and then click the Cookies button.
Trigger. The trigger occurs automatically when a Web site is accessed.
Logging, Encryption, Identification of User, and Privacy
The following list describes the way the Player sends logging information to a streaming media server, the encryption options available for the Player, the fact that the Player does not uniquely identify the user, and the privacy statements related to the Player.
Logging: Logging occurs when information is sent from the Player to a streaming media server. Logging can also occur when information is sent from the Player to a program on a Web server, if the program is designed to create log entries. For more information about logging, refer to the white paper, "Logging Model for Windows Media Services 9 Series," on the Microsoft Web site at:
https://go.microsoft.com/fwlink/?LinkId=29867
Logging informs the server of various pieces of information so that services can be improved. The information includes such details as connection time and the Internet protocol (IP) address of the computer that is connected to the server—typically a Network Address Translation (NAT) or proxy server. This information also includes the version, identification number (ID), date, and protocol of Windows Media Player. Most information is neither unique nor traceable to the user’s computer. For more detailed information about the exchange of information in Windows Media Player, see the following bulleted item, "Privacy.”
Encryption: Windows audio media can be encrypted using the Secure Audio Path feature in digital rights management (DRM). The Secure Audio Path feature maintains audio encryption beyond the Player application. Secure Audio Path is a feature of Microsoft Windows that maintains the security and protection of digital music that has been encrypted by using DRM technology. Secure Audio Path provides an infrastructure for maintaining copy protection on music.
The client can also progressively download content from a Web server using HTTPS. A client and server may also use Internet Protocol security (IPSec) to encrypt packets that traverse the network.
Uniquely identify user: Windows Media Player at no time requests any personally identifiable information (such as name, address, or phone number).
Privacy: Windows Media Player and WindowsMedia.com both have published privacy statements that detail their data collection and use practices. These documents are available to users at the following locations:
The Windows Media Player 9 Series privacy statement at:
The WindowsMedia.com privacy statement at:
Transmission Protocols and Ports
The following list describes the transmission protocols and ports used by the Player.
Transmission protocol: With Windows Media Player, you can specify that selected protocols are used while receiving streaming media from a media server using either Microsoft Media Server (MMS) or Real-Time Streaming Protocol (RTSP) protocols as follows.
Windows Media Player interprets the media stream coming from the media server and tries User Datagram Protocol (UDP). If the stream is from a server running Windows Media Player 9 Series, the Player will try RTSP/UDP. If the media stream is coming from a server running a previous version of the Player, the Player will try MMS/UDP. If the Player is unable to connect through UDP (for example, if the Player is behind a firewall that does not allow UDP), the Player tries the Transmission Control Protocol (TCP). If the Player is unable to connect through TCP on the desired port, the Player tries HTTP. This protocol rollover takes place by moving from the most efficient protocol (UDP) to the least efficient protocol (HTTP), because not all firewalls have the necessary ports open to play Windows Media streams.
Multicast. Routers will not pass multicast streams across an intranet unless specifically configured to do so.
UDP. UDP is used with port selection if required due to firewall or proxy issues. If the UDP check box is selected and the UDP ports box is blank, the Player uses default ports when playing content from an MMS URL. If the UDP check box is not selected, the information in the UDP ports box is ignored. If using a network address translator (NAT), UDP will fail unless the NAT supports dynamic opening of ports through UPnP™.
TCP. TCP means either MMS over TCP or RTSP over TCP.
HTTP. When the HTTP protocol is selected, the HTTP protocol is used to receive streaming media from an MMS or RTSP URL.
If none of the protocols is selected, content from an MMS or RTSP URL cannot be played.
Port: The Windows Media Player client communicates across random ports as designated by the operating system. The server port is a "well-known port" as follows:
Transmission protocol and port: The transmission protocol is HTTP and the port is 80.
Real Time Streaming Protocol (RTSP) UDP or TCP: The port number is 554.
Microsoft Media Server (MMS) UDP or TCP: The port number is 1755.
In a TCP connection, there is only one socket created. (A socket is an identifier for a particular service on a particular node on a network.) You therefore need only one port number on the client and one on the server. Commands (such as play, pause, and fast forward) and data (audio and video) are sent across the same socket connection. In UDP connections, however, the client makes a TCP connection to the server and sends commands over it. The server then opens a UDP socket to the client. It is over this second socket that the audio and video data is sent, and it is this second socket that firewalls and proxies typically block.
The version of HTTP in use before July 1999 was HTTP/1.0, and the version in use since then is HTTP/1.1. In an HTTP streaming connection using HTTP/1.0, there is only one socket opened at a time. With HTTP/1.0, for each play, pause, stop, fast forward, or rewind operation, the original socket is closed, another socket is opened, and this second socket will more than likely use a different port number on the client. (There are other operations that use more than one socket.)
If the enterprise network implements a firewall that prevents users from receiving streams that use the UDP or TCP protocols, Windows Media Player can be configured to work with firewalls as described in the next bulleted item.
Windows Media and Firewalls
Windows Media normally streams through UDP/IP on a wide range of ports (these port numbers are provided later in this list). Aware of the possible security issues that a range this size can cause, Microsoft has also enabled Windows Media to stream with TCP/IP through port 1755 or with RTSP through port 554. For those sites where opening a port that is not "well known" is a problem, Windows Media can also stream through HTTP on port 80. HTTP streaming from Windows Media Services is disabled by default. Some firewalls have a preconfigured NetShow Player (the former name for Windows Media Technologies) setting, which may work for Windows Media.
There are five primary scenarios to consider when you set up a firewall to accommodate Windows Media:
Using Windows Media Player behind a firewall to access content outside the firewall
Using Windows Media Player outside a firewall to access content on a media server behind the firewall
Using Windows Media Encoder outside a firewall to communicate with a media server behind the firewall, or to communicate between two servers across a firewall
Using Windows Media Administrator outside a firewall to manage a media server behind a firewall
IP multicast
This section of the white paper describes only the first and last scenarios—that is, the case of the client behind the firewall and the case of IP multicast. In the examples below, the in port is the port that the server uses to get past the firewall. The out port is the port that Microsoft Windows Media Player or other clients use to communicate with the server.
Client configuration behind a firewall
A firewall configuration that enables users with Windows Media Player behind a firewall to access media servers outside the firewall is as follows:
Streaming ASF with UDP
Out: TCP on port 1755
Out: UDP on ports 1755 and 5005
In: UDP between ports 1024 and 5000 (As a security measure, estimate the number of ports that you will need by determining how many clients you expect, and open only that number of ports.)
In: RTSP on port 554Streaming ASF with TCP
In and out: TCP on port 1755
In and out: RTSP on port 554Streaming ASF with HTTP
In and out: TCP on port 80IP multicast
Choosing to allow Windows Media streaming through IP multicast is simply a choice to allow traffic that is addressed to the standard Class D IP addresses (224.0.0.0 through 239.255.255.255). As of this writing, most routers have IP multicast disabled. Router companies made a decision to have their equipment default to disable IP multicast at a time when a typical video stream took up 30 percent of a 10BaseT network. (10BaseT is the Ethernet standard for baseband local area networks.)
Microsoft is working with major router vendors to reverse this situation, now that media streams are compressed and standards are in place that eliminate unwanted multicast traffic. The Internet Group Management Protocol (IGMP) supported by Windows Media assures that multicast traffic passes through the network only when a client has requested it. Windows Media streams are highly compressed, usually only taking up the bandwidth of a single modem connection.
The following firewall configuration enables IP multicasting:
Streaming ASF with multicast
IP multicast address range: 224.0.0.1 through 239.255.255.255
To enable IP multicasting, you must allow packets sent to this standard IP multicast address range to come through the firewall. This IP multicast address range must be enabled on both client and server sides, as well as on every router in between.
For more information about firewall settings for Windows Media, search for the latest information on the Windows Media Web site at:
https://www.microsoft.com/Windows/WindowsMedia/
Information about firewall settings can also be found on the Windows Media Web site at:
https://go.microsoft.com/fwlink/?LinkId=29862
Enabling and Disabling Features
All key features in Windows Media Player are enabled by default. However, each can be disabled through Tools\Options in Windows Media Player, through the use of Group Policy, or through an answer file during unattended installation. For more information, see "Settings That Can Be Controlled Through Group Policy" and "Procedures for Configuration of Windows Media Player," later in this section.
Controlling Windows Media Player to Limit the Flow of Information to and from the Internet
If the Player is not widely used in your organization, you can remove all visible entry points to it by using the procedure described in the subsections that follow.
If Windows Media Player is being used in your organization, you can control individual features of the Player either through Tools\Options or through Group Policy. The recommended method for controlling the features in a managed environment is through Group Policy. To use this method, you must first update the appropriate Administrative template, Wmplayer.adm, to a version that contains the new Group Policy settings for Windows XP with SP2. For more information, see Appendix B, “Learning About Group Policy and Updating Administrative Templates.”
A white paper in the Enterprise Deployment Pack (EDP) for Windows Media Player 9 Series provides detailed information about Group Policy settings that you can use with Windows Media Player 9 Series. To download the white paper or the entire EDP, see the Windows Media Web site at:
https://go.microsoft.com/fwlink/?LinkId=29521
Note that there are several relevant Group Policy settings for Windows XP with SP2 that are not described in a version of the EDP white paper, specifically, the version for Windows XP with SP1. These Group Policy settings are as follows:
Prevent Radio Station Preset Retrieval: This setting is located in User Configuration\Administrative Templates\Windows Components\Windows Media Player.
Prevent Windows Media DRM Internet Access: This setting is located in Computer Configuration\Administrative Templates\Windows Components\Windows Media Digital Rights Management.
For more information about these settings, first ensure that you have updated to the latest Administrative template files as described in Appendix B, "Learning About Group Policy and Updating Administrative Templates." Then navigate to a setting, double-click it, and read the explanatory text.
The following sections describe options for controlling Windows Media Player using Group Policy and other methods. For information about viewing or configuring these options, see "Procedures for Configuration of Windows Media Player," later in this section.
Controlling Windows Media Player Through the User Interface
When users interact with Windows Media Player through the user interface, they can limit the flow of information to and from the Internet by following this list of practices.
Metadata retrieval. Avoid inserting a CD or DVD. After clicking Tools\Options, on either the Media Library or Privacy tab, clear the check box labeled Update my music files (WMA and MP3 files) by retrieving missing media information from the Internet. On the Privacy tab, clear the check box labeled Retrieve media information for CDs and DVDs from the Internet.
Metadata submission. Avoid submitting metadata.
Media guide. After clicking Tools\Options, on the Player tab, clear the Start Player in Media Guide check box.
Radio tuner. Use a custom skin with no Radio Tuner access. In addition, see the previous subsection for a note describing a Group Policy that prevents radio station preset retrieval.
Codec download. After clicking Tools\Options, on the Player tab, clear the Download codecs automatically check box.
Newsletter signup. Use a custom skin with no Media Guide access. Eliminating access to Media Guide eliminates access to the newsletter signup.
Downloadable skins. Use a custom skin that does not display downloadable skins.
Downloadable visualizations. Use a custom skin that does not display downloadable visualizations.
Download plug-ins. Avoid selecting the Download Plug-ins options from any of the trigger locations mentioned previously.
Download Device SPs. Avoid selecting the Download Device SPs options from any of the trigger locations mentioned previously.
Customer experience improvement program. Avoid selecting the option.
As an administrator, you can use Group Policy settings to prevent users from selecting the option. Enable Hide Privacy Tab to keep users from selecting the option in that tab. Enable the Do Not Show First Use Dialog Boxes policy setting to keep users from selecting the option in those dialog boxes.
Connect to the Internet. After clicking Tools\Options, on the Player tab, clear the check box labeled Connect to the Internet (overrides other commands).
Licenses. After clicking Tools\Options, on the Privacy tab, clear the Acquire licenses automatically for protected content check box.
Settings That Can Be Controlled Through Group Policy
A wide variety of configuration settings for Windows Media Player can be controlled through Group Policy. A white paper in the Enterprise Deployment Pack (EDP) for Windows Media Player 9 Series provides detailed information about these settings. To download the white paper or the entire EDP, see the Windows Media Web site at:
https://go.microsoft.com/fwlink/?LinkId=29521
Note that there are several relevant Group Policy settings for Windows XP with SP2 that are not described in a version of the EDP white paper, specifically, the version for Windows XP with SP1. These Group Policy settings are as follows:
Prevent Radio Station Preset Retrieval: This setting is located in User Configuration\Administrative Templates\Windows Components\Windows Media Player.
Prevent Windows Media DRM Internet Access: This setting is located in Computer Configuration\Administrative Templates\Windows Components\Windows Media Digital Rights Management.
For more information about these settings, first ensure that you have updated to the latest Administrative template files as described in Appendix B, "Learning About Group Policy and Updating Administrative Templates." Then navigate to a setting, double-click it, and read the explanatory text.
Other Ways to Control Windows Media Player
You can control several aspects of Windows Media Player by using methods other than the user interface or the individual Group Policy settings for Windows Media Player. These methods for controlling the Player include the following:
Prevent users from starting Windows Media Player through Group Policy by adding Wmplayer.exe to a list of Windows applications that cannot be run. This will prevent users from opening the Player by double-clicking media files or through other indirect methods. For more information, see "To Prevent Users from Starting Windows Media Player by Using Group Policy," later in this section.
Use Set Program Access and Defaults, which is available from the Start menu, to remove visible entry points to Windows Media Player. With this dialog box, the administrator of a computer running Windows XP Professional with SP2 can specify which media player is shown on the Start menu, desktop, and other locations.
Use the firewall or proxy or both to block access to the WindowsMedia.com Web site.
Create custom player skins that contain only those features that you want users to use. For information about creating custom skins, see these MSDN Web sites:
Windows Media Player Skins at https://go.microsoft.com/fwlink/?LinkId=29864
Introducing the Windows Media Player SDK at https://go.microsoft.com/fwlink/?LinkId=29863
Procedures for Configuration of Windows Media Player
Windows Media Player can be configured in several ways, as described previously. This subsection provides procedures for the following:
Locating Group Policy settings for configuring Windows Media Player
Accessing the Network tab on the user interface in Windows Media Player (to set streaming media protocols)
Preventing users from starting Windows Media Player by using Group Policy
Removing visible entry points to Windows Media Player on a computer running Windows XP with SP2
Removing visible entry points to Windows Media Player during unattended installation by using an answer file
Important To prevent users from manually updating Windows Media Player, we recommend that those users are not set up with administrative credentials on their computers.
To Locate Group Policy Settings for Configuring Windows Media Player
See Appendix B, "Learning About Group Policy and Updating Administrative Templates,” for information about using Group Policy. Ensure that your Administrative templates have been updated, and then edit an appropriate GPO.
In Group Policy, click User Configuration, click Administrative Templates, click Windows Components, and then click Windows Media Player.
View the Group Policy settings that are available.
Click Computer Configuration, click Administrative Templates, click Windows Components, and then click Windows Media Player.
View the Group Policy settings that are available. For more information about these settings, see the white paper described in "Settings That Can Be Controlled Through Group Policy," earlier in this section.
Setting Streaming Media Protocols
There are two methods for setting streaming media protocols. One method, described in the following procedure, is to use the Network tab to both configure the protocols and proxy settings that you want Windows Media Player to use when receiving streaming media files, and to then hide the Network tab through the use of Group Policy in Windows Media Player. The second method is to use Group Policy directly. For more information about using Group Policy, see "To Locate Group Policy Settings for Configuring Windows Media Player" and "Settings That Can Be Controlled Through Group Policy," earlier in this section.
To Access the Network Tab on the User Interface in Windows Media Player
On the Tools menu, click Options, and then click Network.
The following options are listed on the Network tab:
Protocols. Specifies the protocols that Windows Media Player can use to receive a stream. Select one or more of the following:
Multicast
UDP
TCP
HTTP
By default, all protocols are selected, which means that the Player tries to use each protocol in turn until it finds one that succeeds. Because the Player can receive files using a variety of protocols, we recommend that you select all protocols.
Use ports. Specifies a particular port—or port range if UDP is the protocol used—through which to receive streaming content. This option is useful if your network or firewall administrator has established a specific port that enables streaming content to pass through. Unless otherwise instructed, Windows Media streams attempt to pass through firewalls on port 1755.
Streaming proxy settings. Select one of the following:
HTTP
MMS
RTSP
Proxy settings specify how each protocol operates with a proxy server. Proxy servers are used when networks are protected by firewalls. If your network is behind a firewall, and you do not know how to configure your settings, refer to "Windows Media and Firewalls" in the list under "How Windows Media Player Communicates with Sites on the Internet,” earlier in this section.
Configure button. Click this button to change the proxy settings of the selected protocol. The following table lists the options for configuring a protocol to work with a proxy server.
Options for Configuring a Protocol to Work with a Proxy Server
This Option
Specifies That
Autodetect proxy settings
The Player discovers the ports that are open and uses them to receive streaming content.
Use proxy settings of the Web browser
The Player uses the same HTTP configuration as your browser to access network communication.
Do not use a proxy server
The Player does not attempt to communicate with a proxy server. Typically, this means that the Player does not receive streaming content from the Internet.
Use the following proxy server
The Player uses the proxy server and port that you specify. Select Bypass proxy server for local addresses if you do not want the Player to use the proxy server when streams are from local servers.
To Prevent Users from Starting Windows Media Player by Using Group Policy
As needed, see Appendix B, "Learning About Group Policy and Updating Administrative Templates," and then edit an appropriate GPO.
In Group Policy, click User Configuration, click Administrative Templates, and then click System.
In the details pane, double-click Don’t run specified Windows applications.
Select Enabled, click Show, click Add, and then type the executable name:
Wmplayer.exe
To Remove Visible Entry Points to Windows Media Player on a Computer Running Windows XP with SP2
Click Start and then click Set Program Access and Defaults.
Click the Custom button.
Note Alternatively, you can click the Non-Microsoft button, which will not only remove visible entry points to Windows Media Player, but also to Internet Explorer, Outlook Express, and Windows Messenger. If you do this, skip the remaining steps of this procedure.
To disable access to Windows Media Player on this computer, to the right of Windows Media Player, clear the check box for Enable access to this program.
If you want a different default media player to be available to users of this computer, select the media player from the options available.
Note For the last step, if your program does not appear by name, contact the vendor of that program for information about how to configure it as the default. Also, for related information about registry entries that are used to designate that a program is a browser, e-mail, media playback, or instant messaging program, see Registering Programs with Client Types on the MSDN Web site at:
For more information about Set Program Access and Defaults, see article 328326, “How to Use the Set Program Access and Defaults Feature in Windows XP Service Pack 1,” in the Microsoft Knowledge Base at:
https://go.microsoft.com/fwlink/?LinkId=29309
To Remove Visible Entry Points to Windows Media Player During Unattended Installation by Using an Answer File
Using the methods you prefer for unattended installation or remote installation, create an answer file. For more information about unattended and remote installation, see Appendix A, "Resources for Learning About Automated Installation and Deployment."
In the [Components] section of the answer file, include the following entry:
WMPOCM = Off
For complete details about how the WMPOCM entry works, see the resources listed in Appendix A, "Resources for Learning About Automated Installation and Deployment." Be sure to review the information in the Deploy.chm file (whose location is provided in that appendix).