In Windows 10 there are built-in support for Flash in both Internet Explorer 11 and Microsoft Edge but that doesn’t mean that you should use it! Even if that makes updating the Flash plugin much easier as it is done using Microsoft Update/WSUS/Configuration Manager it is still very many 0-Day vulnerabilities and security issues in Flash. In most organisations there are no LOB application or other productivity tools that use Flash. So why are you using Flash in your organisation? to be able to consume commercial AD’s on the Internet? Play games?
I know there are users/system that need require it, but disabling it on those systems that doesn’t need it is a good idea! Found this picture on Twitter somewhere and i visualizes it well I think! 😉
So the next thing would be disabling Flash, for Internet Explorer it is easy there are a group policy that we can do it with a Group Policy as displayed below.
In Microsoft Edge on the other hand that is more of a challenge, there are no Group Policy to disable Flash with. We can solve this by using Group Policy Preferences.
1. Create a new Group Policy Preference setting in the User part of the GPO as it is a user setting in Edge.
2.The following key is the one that should be created:
3. Add a registry entry in the GPP, I did it using the “Update” action if a handy user enables it again it will be disabled when the GPP are applied the next time.
4. The result will look something like this.
So when you start designing/testing/piloting Windows 10 in your organisation, why not do it without Flash enabled?!
There are now better time to make a change like this as when you roll out a new Operating System, so your next big opportunity to do this will be with the release of… Wait that are no new Operating Systems versions coming only Windows 10!