Feb 222011

[This is a followup to my 2008 post on Flash performance over RDP.]

Windows Server 2008 R2 Service Pack 1 is being released to the masses today, and the graphics improvements Microsoft picked up when they bought Calista are now released as RemoteFX.  This RDP 7.1 update should provide better display performance for those forced by a cruel and uncaring universe to make Adobe Flash available over RDP over broadband.  One hopes.

The most effective course of action remains to block Flash advertisements at the proxy server (squid + adzapper, or Privoxy), and require the user to enable Flash when needed.  If the Flash file (.swf, say) is blocked, multiply all your performance hits by 0 — there’s nothing to transfer or optimize.  Block all the junk you don’t need.


IE7Pro has worked well on 2003, but it doesn’t work properly on 2008R2, and development is closed (and stagnated?).  It shouldn’t be so difficult….

Globally Disable and Enable Flash

Toggle Flash is an IE plug-in that toggles Flash (clear enough).

Changing a registry entry is all that’s required to enable and disable Flash. (see below)

Possibly, on terminal server login, disable Flash.  User must explicitly re-enable it.

Powershell (scripting out loud….)

<# flashwatch.ps1
Enable flash.  Hang around a while and after 15 minutes or so, keep an eye on Internet Explorer.  
If IE isn't running, disable Flash again.todo: make sure only one copy of this script is running
per user.#>

function flash-disable {
 $RegKey ="HKCU:\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D27CDB6E-AE6D-11CF-96B8-444553540000}"
 Set-ItemProperty -path $RegKey -name Flags -value 1

function flash-enable {
 $RegKey ="HKCU:\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D27CDB6E-AE6D-11CF-96B8-444553540000}"
 Set-ItemProperty -path $RegKey -name Flags -value 0

sleep -s 900

$keeprunning = $true
while ($keeprunning) {
 if ((Get-Process "iexplore" -ea SilentlyContinue) -eq $Null){ 
   $keeprunning = $false
 else {
   sleep -s 60

A timestamp would be better.  Enable -> write timestamp.  Have periodic job check if time is expired (New-Timespan), and disable Flash after. Powershell is awkward.  It’s odd when Perl is easier….

Limit Flash to Specific Domains

IE 8 – per-site ActiveX Control

Per-Site ActiveX Controls

How to Disable Adobe Flash Animations for All but White-Listed Sites in Internet Explorer 8

regedit /s flash_allow.reg

Windows Registry Editor Version 5.00

The user can just say “run on all sites” so you may have to regularly remove

Problems with Per-Site ActiveX Controls

  • Annoying information bar which is IMPOSSIBLE TO SHUT UP.
  • User can just add all sites.
  • Setting is per-user setting, so it’s a PIA to restrict to specific machines (GP loopback).

IE 9 – ActiveX Filtering

IE 9 (currently at RC) is set to include ActiveX Filtering, enabling you to restrict ActiveX controls to certain domains.  But it’s apparently global. You can restrict or allow all ActiveX controls on certain sites, but you can’t restrict individual controls.  It would be desirable to be able to restrict the Flash plug-in to youtube.com, or to restrict AlternaTIFF to designated sites.  Being able to specify these per machine would be better yet.  This looks passably adequate.

About ActiveX Filtering

“Sites you have not approved cannot run these controls, and the browser will not show prominent notifications prompting you to install or enable them.”  Hallelujah, Brother.

How To Manage Your Internet Explorer 9 ActiveX Filtering Exceptions

Sorry, the comment form is closed at this time.