On July 10, 2012, Microsoft released Security Advisory #2719662 for Windows Sidebar (Windows Vista) and Windows Gadgets (Windows 7). The ‘Gadgets’ are software widgets written in Javascript, CSS, and HTML and can be susceptible to exploit. Due to these security concerns, Microsoft has taken the step of removing the Desktop Gadget Gallery and is recommending that customers concerned about malicious Gadgets run the Fix It tool found in the Knowledge Base Article to disable this functionality. The functionality in the Fix It tool can also be replicated in Group Policy without having to deploy the MSI to your computers. This will also ensure that future computers added to Active Directory have this functionality disabled without needing the Fix It tool run on them. Here’s how to do it:
In the Group Policy Management Console on Windows 7/Windows Server 2008 R2, go to: Computer Configuration > Policies > Administrative Templates > Windows Components > Desktop Gadgets > Turn off Desktop Gadgets. Set the option to Enabled and click OK. Please note: If the user has any Windows Desktop Gadgets (Windows 7) or the Windows Sidebar (Windows Vista) enabled, the user’s session will have to be ended before this policy will take effect. This can be accomplished by the user logging out and back in or by rebooting the computer.
Normally, a user would right click on the Desktop and select Gadgets to add Gadgets to the Desktop.
Once this policy has been applied to the client, the user should get this error when trying to access Gadgets:
Update (July 25, 2012): Updated to reflect that a logoff or reboot is necessary if this policy is applied to a user that has Desktop Gadgets enabled before policy is enforced.
Pingback: Disable Windows Gadgets With Group Policy