File Association Web Service and Internet Communication
Applies To: Windows Server 2003 with SP1
This section provides information about:
The benefits of the file association Web service
How the file association Web service communicates with sites on the Internet
How to control the file association Web service to limit the flow of information to and from the Internet
Benefits and Purposes of the File Association Web Service
The file association Web service in Microsoft Windows Server 2003 extends the scope of information stored locally by the operating system about file name extensions, file types, and the applications or components to use when opening a particular file type. Both the locally stored information and the file association Web service are intended to provide you with the ability to open (double-click) a file without having to specify which application or component to open it with. The operating system associates the file name extension (for example, .txt or .jpg) with a file type, and it opens each file type with the application or component specified for that file type. For example, file name extensions .htm and .html are both "HTML Document" file types.
The operating system first checks for the file association information locally. If no local information is available about the file name extension and its associated file type, the operating system offers you the option of looking for more information on a Microsoft Web site. For details about the URL for this Web site, see "How the File Association Web Service Communicates with Sites on the Internet," later in this section.
Overview: Using the File Association Web Service in a Managed Environment
To limit the flow of information from the file association Web service to the Internet, you have several options. You can use firewall settings, you can disable the file association Web service using Group Policy, you can configure automatic server-based software installation through Group Policy, and you can train those who work on servers so that they understand how to specify an association between a file type and the application or component that is used to open that file type. You can also use scripts to limit the file types that can be stored, viewed, or used on computers in your organization, which will limit the likelihood that anyone will need to obtain information about those file types.
How the File Association Web Service Communicates with Sites on the Internet
The file association Web service communicates with sites on the Internet as follows:
Specific information sent or received: If the operating system does not find local information about a file name extension, it offers you the option of sending a query to look for more information on a Microsoft Web site. The site is language-specific. The file name extension that you double-click is appended to the query. The query takes the following form:
*https://shell.windows.com/fileassoc/***nnnn***/xml/redir.asp?Ext=***AAA
where nnnn is a hexadecimal value used in Windows Server 2003 to map to a language identifier (that is, to an RFC1766 identifier), and AAA is the file name extension for which information is needed. An example of a hexadecimal value and its corresponding language identifier is 0409 for en-us, English (United States).
For more information about these hexadecimal values, see information about the multiple language (MLang) registry settings on the MSDN Web site at:
https://go.microsoft.com/fwlink/?linkid=29165
To search for information about MLang registry settings or the Microsoft Internet Explorer Multiple Language application programming interface (MLang API), use the Search tool on the MSDN Web site at:
Default setting and ability to disable: The service is enabled by default. It can be disabled by using Group Policy, as described in "Disabling the File Association Web Service," later in this section.
There are ways of reducing the likelihood that a person will trigger the file association Web service. One basic way is to configure automatic, server-based software installation based on Group Policy settings. For more information, see article 816102, “HOW TO: Use Group Policy to Remotely Install Software in Windows Server 2003,” in the Microsoft Knowledge Base at:
Trigger and user notification: When you try to open a file (for example, by double-clicking the file), and there is no local information about the correct application or component to use when opening the file, the operating system offers the option either to "Use the Web service to find the appropriate program" or to "Select the program from a list."
Logging: No events are logged by the file association Web service.
Encryption, storage, and privacy: The file name extension sent in a query to the Internet is not encrypted. Nothing in the query identifies the person who triggered the query. If the local computer’s browser is configured to store information about recently visited Internet sites, the browser will store the query containing the file name extension. Otherwise, the query containing the file name extension is not stored anywhere.
Transmission protocol and port: The transmission protocol is HTTP and the port is 80.
Controlling the File Association Web Service to Limit the Flow of Information to and from the Internet
If you want to limit the flow of information from the file association Web service to the Internet, you can use one or more of the following methods:
Use your firewall to block access to any Web site that contains the following string:
Disable the file association Web service by using Group Policy, as described in "Disabling the File Association Web Service," later in this section.
Configure automatic, server-based software installation. To do this, configure one or more servers with the Software Installation extension of Group Policy in Windows Server 2003. When you do this, if someone tries to open a file for which the corresponding application is not installed locally, a copy of the application (stored on a server) is installed automatically. In this situation, the file association Web service will not be triggered. For more information, see article 816102, “HOW TO: Use Group Policy to Remotely Install Software in Windows Server 2003,” in the Microsoft Knowledge Base at:
Train those who work on servers to work with file associations as follows:
Instruct them that an association exists (stored by the local operating system) between a file name extension, a file type, and the application or component that is used to open that file type.
Provide those who work on servers with information about the file name extensions for the files they need to work with most often, the file type for each extension, and the application that should be used to open each file type. For example, file name extensions .htm and .html are both "HTML Document" file types.
Show those who work on servers how to use Control Panel, Folder Options, and the File Type tab in Folder Options to associate a file name extension with a file type, and a file type with an application. Explain to them that the operating system stores this information on the local computer.
Instruct those who work on servers to always click Select the program from a list if they see a message box offering the two options, Use the Web service to find the appropriate program or Select the program from a list.
Use scripts to scan your organization’s computers for file types that you do not want to be stored, viewed, or used. Take actions to ensure that these files do not remain on individual computers’ hard disks. If unwanted file types do not exist on the hard disks, it decreases the need for anyone to obtain information about the file name extension used for that file type.
Procedures that Limit Internet Communication Initiated by the File Association Web Service
This section contains the following information:
A procedure for disabling the file association Web service by using Group Policy.
Procedures that can be used as a basis for training those who work on servers about file name extensions, file types, and the application or component that the operating system uses when opening a specific file type.
Disabling the File Association Web Service
The following procedure explains how to disable the file association Web service by using Group Policy.
To Disable the File Association Web Service by Using Group Policy
See Appendix B: Resources for Learning About Group Policy, for information about using Group Policy. Ensure that your Administrative templates have been updated, and then edit an appropriate GPO.
If you want the policy setting to apply to all users of a computer and to come into effect when the computer starts or when Group Policy is refreshed, click Computer Configuration. If you want the policy setting to apply to users and to come into effect when users log on or when Group Policy is refreshed, click User Configuration.
Click Administrative Templates, click System, click Internet Communication Management, and then click Internet Communication settings.
In the details pane, double-click Turn off Internet File Association service, and then click Enabled.
Important
You can also restrict Internet access for this and a number of other components by applying the Restrict Internet communication policy setting, which is located in Computer Configuration/Administrative Templates/System/Internet Communication Management or in User Configuration/Administrative Templates/System/Internet Communication Management. For more information about this Group Policy and the policies that it controls, see Appendix C: Group Policy Settings Listed Under the Internet Communication Management Key.
Specifying Associations Between File Name Extensions, File Types, and Applications or Components
You can use the following procedures as a basis for training those who work on servers about file name extensions, file types, and the application or component that the operating system uses when opening a specific file type.
To Associate a File Name Extension with a File Type
Click Start, and then either click Control Panel, or point to Settings and then click Control Panel.
Double-click Folder Options, and then click the File Types tab.
Click New.
Type a new or existing file name extension, and then click Advanced.
In Associated File Type, do one of the following:
Type or select New to create a file type to associate with the file name extension.
Type or select a different file type to associate with the extension.
Note
When you type a file name extension in the Create New Extension dialog box, the Associated File Type list displays the file type that is associated with that extension. To select New, scroll to the top of the list.
To Associate a File Name Extension with an Application
Click Start, and then either click Control Panel, or point to Settings and then click Control Panel.
Double-click Folder Options, and then click the File Types tab.
Under Registered file types, click a file type.
Click Change, and then choose the application you want to use to open this file.
Related Links
For more information about automatic server-based software installation based on Group Policy settings, see article 816102, “HOW TO: Use Group Policy to Remotely Install Software in Windows Server 2003,” in the Microsoft Knowledge Base at: