Condividi tramite


Windows 8: Associate a file Type or protocol with a specific app using GPO (e.g:default mail client for MailTo protocol)

For my first post I have chosen a topic that I have seen lots of “buzz” out there but no clear information on how to implement it in win8
Its common knowledge that You can associate a file type or protocol with a specific program/app using the default programs < Control Panel\Programs\Default Programs>

 

However this is not practical if you want to establish the same settings for several machines.

In Pre-Win 8, apps could set the default handler for a file type/protocol by manipulating the registry, this means you could easily have a script or a group policy manipulating the registry.
For example for Mailto protocol you just needed to change the “default” value under HKEY_CLASSES_ROOT\mailto\shell\open\command

However In Win 8, the registry changes are verified by a hash (unique per user and app) that detects tampering by apps. In the absence of a valid hash, we ignore the default in the registry.
HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\URLAssociations\MAILTO\UserChoice

Solution:
Microsoft have introduced a new GP mechanism for declaring these defaults in Win 8 to accommodate this type of scenario. The basic idea is to have an xml file that maps programs to the file type/protocol that they should be the default for.
First you create your XML file or export it from a machine using DISM (https://technet.microsoft.com/en-us/library/hh825038.aspx):

Then you use the new Windows 8 group policy that enables you to set the association for file types and protocols:
Computer configuration\administrative templates Windows Components\File Explorer\ Set a default associations configuration file
<HKLM\Software\Policies\Microsoft\Windows\System!DefaultAssociationsConfiguration>
This policy specifies the path for the XML file that can be either stored locally or on a network location.

 
Note : using DISM to import the XML is not enough you still have to link it to the GPO.

Note2:Bear in mind that the machine needs to be domain-joined and the associations are applied at logon time!

FAQ:
Q:I've tried this to set the mailto protocol association to outlook. But DISM doesn't show the value in the export. Anybody know a fix for that?
A:if the Program/Extension/Protocol is not present in the XML export, then you  need to first manual enable the association  Before running DISM. 

Q:Does this process work without having to re image a machine?
A: Yes.

Comments

  • Anonymous
    January 01, 2003
    Hi Guys, I´m now back to the office and I was finally able to test it, and it works fine, just bear in mind that the machine needs to be domain joined otherwise the policy will not Work.

  • Anonymous
    January 01, 2003
    So to script something simple like a file type program association, there is seriously no easier way than having to do this?

  • Anonymous
    January 01, 2003
    786pill4pain.geodost.tv

    blogs.forbes.com/people/786pill4pain

    www.facebook.com/786pill4pain

  • Anonymous
    January 01, 2003
    Thank you, good to know that this is a possibility via group policy!

  • Anonymous
    January 01, 2003
    Hi guys, Sorry for not answering before but I have been AFK for the last 6 months and will only be able to do any further tests in February.

  • Anonymous
    January 01, 2003
    Asnwering a couple of questions:
    Q:I've tried this to set the mailto protocol association to outlook. But DISM doesn't show the value in the export. Anybody know a fix for that?
    A:if the Program/Extension/Protocol is not present in the XML export, then you need to first manual enable the association Before running DISM.

    Q:Does this process work without having to re image a machine?
    A: Yes.

  • Anonymous
    March 12, 2013
    Thank you very much!

  • Anonymous
    August 02, 2013
    The comment has been removed

  • Anonymous
    August 26, 2013
    The comment has been removed

  • Anonymous
    August 26, 2013
    BTW, I  enabled the appropriate  gpo entry and placed the test.xml in c:windowssystem32

  • Anonymous
    September 12, 2013
    I have noted in several articles that this/these processes only apply when imaging machines. Does this process work without having to re image a machine? In some cases this cannot be done due to multiple machine types, so not practical. I need to be able to set these defaults for all users on EXISTING Windows 8 machines, not fresh clean images that haven't gone on a machine.

  • Anonymous
    September 20, 2013
    I've tried this to set the mailto protocol association to outlook. But DISM doesn't show the value in the export. Anybody know a fix for that?

  • Anonymous
    November 12, 2013
    Well isn't this SO MUCH MORE DIFFICULT! This is not a "new" feature, this is a headache! Where has the granular control of individual file associations gone? This is a blanket approach and has no flexibility. This is the current workaround for GPP not working anymore with Windows 8. Thanks for REMOVING functionality, MS.

  • Anonymous
    November 28, 2013
    Just Thank you! Thank you so much. This is a hard one until you find your informations...!

  • Anonymous
    November 28, 2013
    Just one thing to add: Be sure not to run the export with some "runas /user:domainadmin dism ..."-type of command because that would export the file-associations for your domainadmin instead of the user you just set them. Might be logical to most of you but could also help some people like me who do it wrong the first time. (Make you user admin for the export).

  • Anonymous
    December 04, 2013
    Has anyone managed to get this to work yet? I tried it and while I found that the DefaultAssociationsConfiguration registry key did get updated with the path to my XML file, it had no impact on what is showing in Default Programs on my test Windows 8.1 computer. (Oh, and the corresponding "policy mode" in the registry key did somehow get set to "2", which I understand translates to "replace".)  Was this whole process supposed to result in changes showing in Default Programs, or are the file associations from my XML file now set elsewhere in the registry, thereby overriding what shows in Default Programs?  What was supposed to have happened as a result of applying this group policy?  I put a lot of work into compiling a comprehensive XML file so that our users will have a smooth transition to Windows 8.1, and while this appears to be an efficient method of controlling file associations, personally I've found it to be a lot of work and very frustrating.

  • Anonymous
    December 13, 2013
    Doesn't appear to work with 8.1 :-(  Have you noticed the same?  

  • Anonymous
    December 17, 2013
    This does not work with Windows 8.1 - is there anyone that may confirm it works using another method? Many thanks.

  • Anonymous
    December 17, 2013
    Pingback from how to programmatically reassign jpg file type? | Resellernews.com.au

  • Anonymous
    December 17, 2013
    Pingback from how to programmatically reassign jpg file type? | Resellernews.com.au

  • Anonymous
    December 17, 2013
    Pingback from how to programmatically reassign jpg file type? | Resellernews.com.au

  • Anonymous
    December 18, 2013
    It does work with Windows 8.1 Maybe you're doing something wrong?

  • Anonymous
    January 30, 2014
    It doesn't work With Win 8.1 (64 Bit). Assoc.xml - File looks fine, is stored locally, but Win still annoys with ignoring any changes. Even if the users choose file types manually, this isn't stored for the next session...

  • Anonymous
    February 19, 2014
    doesnt work here either, using windows 8.1

  • Anonymous
    March 04, 2014
    Just for your information - when I put the XML file in a network path it doesn't work. Now I've stored it in a local path of the client and then it works as described. (We're using it for VMware View virtual Desktops).

  • Anonymous
    March 12, 2014
    Great info, been looking for solution to apply to all users in domain environment. However, when setting .jpg file extension to open with Office 2010 picture manager in extensions .xml file that is exported it uses MS Paint when users have normal permissions. BUT, it user is included in local administrator group or domain administrator permissions it uses Office 2010 Picture Manager.

    Any idea / suggestions how I can apply these file extensions to users with standard permissions?

  • Anonymous
    May 23, 2014
    Let's say that the machine is not joined to a domain. Could I still run the export DISM command using an admin user? Currently, when we image a computer, it automatically logs into the built in Administrator account and runs a script on first boot to setup various things that Sysprep destroys during the OOBE sequence. Could we simply add the export DISM command to the setup script so that new users get the defaults? I mean, the export DISM does change the default profile, right? Or does it only change the current user?

  • Anonymous
    June 05, 2014
    We need to enable Mailto for Outlook, instead of the Mail-client in Windows 8.1. Got it working by following these four steps:
    1. Export settings with DISM
    2. Edited the .xml to remove all other file Associations beside the on for Outlook.
    3. Set the Policy in the local GPO
    4. Imported the settings with DISM.
    Now the only problem is to figure out how to do this domain wide for all our customers. Would you people first copy the .xml file with GPO and then set the location to point to that location?

  • Anonymous
    June 11, 2014
    The comment has been removed

  • Anonymous
    July 14, 2014
    http://technet.microsoft.com/en-us/library/hh825038.aspx may be the answer. I am looking for an answer to this myself, the article says app defaults can be set at build time. Yet to try this myself as we are also having intermittent issues with MailTo from a webpage opening the Windows Mail Client and not Outlook 2013.

  • Anonymous
    July 25, 2014
    Shouldn't we get the same behavior if we deploy preferences: PoliciesUser configurationPreferencesControl PanelFolder OptionsNew Item -> Open With ? Hasn't worked for me so far...but just a thought

  • Anonymous
    August 07, 2014
    What a PITA!

  • Anonymous
    August 07, 2014
    The comment has been removed

  • Anonymous
    August 10, 2014
    The comment has been removed

  • Anonymous
    August 10, 2014
    @steve: yes, that`s the question. We just quit the W8.1 project and revert to W7, there are a bunch of other reasosns, not only this problem. But this one is anoying to. W8.1 is dead.

  • Anonymous
    August 21, 2014
    The comment has been removed

  • Anonymous
    September 12, 2014
    The comment has been removed

  • Anonymous
    October 01, 2014
    I cannot get this to work. If I do a gpresult on the targeted machine I can see that my policy is being applied but for me PDF's still open in Reader rather than Acrobat. I saved the xml file into c:windowssystem32 on one of our domain controllers but does this need to be saved onto a network location that all devices can access?

  • Anonymous
    October 01, 2014
    BM~Merlin Yes, it has to accessible by the user and the user needs to be domain joined.

  • Anonymous
    December 19, 2014
    I agree, this is necessary, but this is a little bit ridiculous. Sometimes in the name of security things are made impossible.

  • Anonymous
    January 30, 2015
    Using mandatory profiles on Multipoint Server 2012 and this group policy fixed the persistent prompting for how to handle HTML files (Internet Explorer or Chrome).

    Thanks for writing it up.

  • Anonymous
    March 18, 2015
    Still can't get MailTo to work. I have changed a number of associations, including manually setting the mailto protocol.
    When i export the xml file, there is no mention of mail or outlook in it.
    All other associations work great, just not the mailto

  • Anonymous
    March 19, 2015
    Windows 8.1 - Log on as domain admin, set default app for .PDF to Adobe Acrobat. Test opening a PDF and it opens in Adobe Acrobat. Run Dism /Online /Export-DefaultAppAssociations:c:iconsAppAssoc.xml
    in an elevated command prompt. Open c:iconsAppAssoc.xml and I still see reader associated:

    Any help?

  • Anonymous
    March 24, 2015
    This way of protecting the registry is great....for home users. In a corporate/enterprise environment where 100's of machines are joined to a domain and I need to make a file association change (after users have their profiles built for some time) this is outright stupid. If the machines are joined to a domain shouldn't there be some sort of "security bypass" since the domain should be inherently trusted? This just made my task 10 times more difficult.

  • Anonymous
    April 10, 2015
    I cannot set Adobe Acrobat as the default PDF program. Any time Reader or Acrobat DC gets installed, it overrides the default setting, and NOTHING will unlock that unless I uninstall the program. I have gone through every permutation of control panel and default program setting that I can find, it it will not reverse. Acrobat shows up in control panel, but does NOT show up in the default programs dialog

  • Anonymous
    April 15, 2015
    This does work in windows 8.1 enterprise. I've just done it. However I noticed even though I set some file associations during the session and exported, not all of them actually exported and I had to dive into the xml file and add them manually. I put the XML file in a share accessible by users

  • Anonymous
    June 15, 2015
    Hi all,
    In my case, I only needed to use the right click on files and chose send to / email... option

    And exporting the xml from AccountA having Win Live Mail set as default with all features etc etc,
    then importing that xml on Acccount B using dism tool simply wasn't enough.

    It only and immediately worked for me after creating following key :

    Windows Registry Editor Version 5.00

    [HKEY_CURRENT_USERSoftwareClientsMail]
    @="Windows Live Mail"

    hope this help.
    Thanks.

  • Anonymous
    June 26, 2015
    I found the same thing as ukdubs. I manually change file associations and not of them export to the .xml. It gets better, if I set .rar to Adobe Acrobat it shows up in the .xml but if I set it to 7zip then it doesn't show up in the .xml. Microsoft please listen to us, we need to be able to set file and protocol associations on a per user basis in Group Policy. Not on a Machine Policy basis that doesn't even work correctly. Oh and by the way, the .xml file only applies to newly created profiles, existing profiles are SOL.

  • Anonymous
    July 17, 2015
    Well, I want to change just URL:mailto Protocol and I have to push all assosiations? Isn't this quite not really working for domain/terminal session environment? I am sorry, but this is epic fail - not the solution but the fact that GPO is worthless in this case and there is no simple way to do it.

  • Anonymous
    August 19, 2015
    If i take DISM out of the equation and just create the .xml and link that to GPO will the policy go through for already imaged devices on the associated Domain? Asking so i can do that now and do the DISM part at a later date... Thanks in advance.

  • Anonymous
    October 16, 2015
    The comment has been removed

  • Anonymous
    November 05, 2015
    The comment has been removed

  • Anonymous
    November 12, 2015
    The comment has been removed

  • Anonymous
    December 13, 2015
    My experience goes as follows. (Win 10 Education 1511)

    I was able to get this policy to work, however it only works after a reboot. This is caused by the fact explorer is started at the time that group policy takes effect. To get the change to occur without a reboot, you need to restart explorer. This however doesn't work in the University environment as the machines are Deep Frozen and a reboot will delete their profiles.

    So thanks to this "glitch" (it should apply at every logon before explorer is started so the file associations can be administered in a enterprise/work environment), I have to create a start-up script which replaces the OEMDefaultAssociations.xml file located in System32 which Windows uses to create default applications for each user. This doesn't then require a restart of explorer as Windows applies these associations before explorer starts.

    Keep in mind, doing it this way, any applications must be pre-installed on the system. If you are using Virtual Applications, keep reading.

    To perform file associations with Virtual Apps (not installed), we simply just need to tell the system where the virtual application will live. We do this through the use of Application Registration. I am unsure if a UNC path will work but I have tested it local and this works fine.

    https://msdn.microsoft.com/en-us/library/windows/desktop/ee872121(v=vs.85).aspx

    Just make sure you register the app under the Applications folder. Once registered, using firefox as an example, you could modify your AppAssoc to look like the following.
    From:

    To:

  • Anonymous
    December 13, 2015
    Thanks HTML Sanitisation

    From: ProgId="AppX4hxtad77fbk3jkkeerkrm0ze94wjf3s9" ApplicationName="Microsoft Edge"
    To: ProgId="Applicationsfirefox.exe" ApplicationName="FireFox"

  • Anonymous
    December 17, 2015
    Great stuff. Worked for us on Win 8.1 and 10. Many thanks. Agree with others - thanks for fixing what wasn't broken, MS!

  • Anonymous
    February 11, 2016
    The comment has been removed

  • Anonymous
    March 31, 2016
    This works for us Win 8, 8.1. & 10. I don't get why computer needs to be in a domain but for us is not a problem as they are. As for others I don't get why this is so hard to implement for a "normal user". Anyways thanks to Brenton for your post very helpful. Have you tried using tskill to reset explorer after login? I am going to have the same scenario with some kiosk machines.