File Association Web Service and Resulting Internet Communication in Windows 7 and Windows Server 2008 R2

Applies To: Windows 7, Windows Server 2008 R2

In this section

Benefits and purposes of the file association Web service

Overview: Using the file association Web service in a managed environment

How the file association Web service communicates with Internet sites

Controlling the file association Web service to limit the flow of information to and from the Internet

Procedures for limiting Internet communication generated by the file association Web service

This section describes how the file association Web service in Windows® 7 and Windows Server® 2008 R2 communicates across the Internet, and it explains steps to take to limit, control, or prevent that communication in an organization with many users.

Benefits and purposes of the file association Web service

The file association Web service in Windows Server 2008 R2 and Windows 7 extends the scope of information that is stored locally by the operating system. The locally stored information and the file association Web service provide users with the ability to open a file (by double-clicking) without having to specify which application or feature to open it with. The operating system associates the file name extension (for example, .txt or .jpg) with the application or feature to use when opening that file type. For example, file name extensions .htm and .html can be associated with a Web browser that can open them.

The operating system first checks for the file association information locally. If no local information is available about the file name extension, the operating system offers you the option of looking for more information on a Microsoft® Web site. For details about this Web site, see How the file association Web service communicates with Internet sites later in this section.

Overview: Using the file association Web service in a managed environment

You can limit the flow of information from the file association Web service to the Internet in a number of ways. Some of these options are:

  • Use firewall settings.

  • Use Group Policy to disable the file association Web service.

  • Train people who work on servers to manage the association between file name extensions and the applications or operating system features to be used to open that file type.

  • Use scripts to limit the types of files that can be stored, viewed, or used on computers in your organization.

How the file association Web service communicates with Internet sites

The file association Web service communicates with sites on the Internet as follows:

  • Specific information sent or received: If the operating system does not find local information about a file name extension, it offers the user the option of sending a query to look for more information on a Microsoft Web site. The site is language-specific. The file name extension that you double-click is appended to the query. The query takes the following form:

    https://shell.windows.com/fileassoc/*nnnn*/xml/redir.asp?Ext=*AAA*

    where nnnn is a hexadecimal value used in Windows 7 and Windows Server 2008 R2 to map to a language identifier (an RFC1766 identifier), and AAA is the file name extension for which information is needed. An example of a hexadecimal value and its corresponding language identifier is 0409 for en-us (English - United States). The string represented by AAA is the extension only, not the file name.

Note

For more information about these hexadecimal values, see Internet Explorer Multiple-Language API Registry Settingshttps://go.microsoft.com/fwlink/?linkid=29165 on the MSDN® Web site.

To search for information about MLang registry settings or the Microsoft Internet Explorer® Multiple Language application programming interface (MLang API), use the Search tool on the [Microsoft Developer Network](https://go.microsoft.com/fwlink/?linkid=140).  
  
  • Default setting and ability to disable: The service is enabled by default. It can be disabled by using Group Policy, as described in Disabling the file association Web service later in this section.

  • Trigger and user notification: When you try to open a file (for example, by double-clicking the file), and there is no local information about the correct application or operating system feature to use when opening the file, the operating system offers the options to "Use the Web service to find the correct program" or "Select a program from a list of installed programs."

  • Logging: No events are logged by the file association Web service.

  • Encryption, storage, and privacy: The file name extension sent in a query to the Internet is not encrypted. If the local computer’s browser is configured to store information about recently visited Internet sites, the browser stores the query containing the file name extension. Otherwise, the query that contains the file name extension is not stored anywhere.

  • Transmission protocol and port: The transmission protocol is HTTP and the port is 80.

Controlling the file association Web service to limit the flow of information to and from the Internet

If you want to limit the flow of information from the file association Web service to the Internet, you can use one or more of the following methods:

  • Use your firewall to block access to any Web site that contains the following string:

    https://shell.windows.com/fileassoc/

  • Disable the file association Web service by using Group Policy, as described in Disabling the file association Web service later in this section.

  • Train users to work with file associations as follows:

    • Instruct them that the local operating system stores an association between a file name extension and the application or feature that is used to open that file type.

    • Provide them with information about the file name extensions for the files they need to work with most often and the application that should be used to open those files.

    • Instruct them to always click Select a program from a list of installed programs if they see a message box offering the following two options:

      • Use the Web service to find the correct program

      • Select a program from a list of installed programs

    • Instruct them that after they initially click Select a program from a list of installed programs, they can select the check box for Always use the selected program to open this kind of file. This associates that file name extension with the program that the user wants to open that file type.

  • Use scripts to scan your organization’s computers for the types of files that you do not want to store, view, or use. Take actions to ensure that these files do not remain on individual computers’ hard disk drives. If unwanted file types do not exist on the hard disk drives, it decreases the need for users to obtain information about which application to use for that file name extension.

Procedures for limiting Internet communication generated by the file association Web service

This section contains the following procedures:

  • Disable the file association Web service by using Group Policy.

  • Train users about file name extensions and the application or operating system feature to be used to open a specific file type.

Disabling the file association Web service

The following procedure explains how to disable the file association Web service by using Group Policy.

To disable the file association Web service by using Group Policy

  1. As needed, see Appendix B: Resources for Learning About Group Policy for Windows 7 and Windows Server 2008 R2, and then edit an appropriate Group Policy object (GPO).

  2. If you want the Group Policy setting to apply to all users of a computer and to come into effect when the computer starts or when Group Policy is refreshed, expand Computer Configuration. If you want the policy setting to apply to users and to come into effect when users log on or when Group Policy is refreshed, expand User Configuration.

  3. Expand Policies (if present), expand Administrative Templates, expand System, expand Internet Communication Management, and then click Internet Communication settings.

  4. In the details pane, double-click Turn off Internet File Association service, and then click Enabled.

Important

You can also restrict Internet access for this and a number of other features by applying the Restrict Internet communication Group Policy setting. To locate this setting, click Computer Configuration or User Configuration, expand Policies (if present), expand Administrative Templates, expand System, expand Internet Communication Management, and then click Restrict Internet communication. For more information about this Group Policy setting and the policies that it controls, see Appendix C: Group Policy Settings Listed Under the Internet Communication Management Category in Windows 7 and Windows Server 2008 R2.

Specifying associations between file name extensions and applications or features

You can use the following procedure as a basis for training users about file name extensions and the application or operating system feature to be used to open a specific file type.

To associate a file name extension with a program

  1. In Windows Explorer or on the desktop, right-click a file that has the file name extension that you want to associate with a program.

  2. Choose one of the following options, depending on what is available:

    • If Open With is available, point to Open With and then click Choose Default Program.

    • If Open With is not available, click Open, click Select a program from a list of installed programs, and then click OK.

  3. Choose a program from the list, or click Browse to find and choose a program.

  4. Select the check box for Always use the selected program to open this kind of file.