Learn What IT Pros Need to Know About Windows 11 - August 24th at 1 PM ET! Learn What IT Pros Need to Know About Windows 11 - August 24th at 1 PM ET!
Active Directory|Windows 10

How to Block Adobe Flash Player Using Active Directory Group Policy

It has been a long time coming. And we have known since 2017 that Adobe was planning to discontinue support for its once-popular Flash Player browser extension. Flash provided a way to add animation and interactive elements to web pages. But with the arrival of open standards, like HTML5 and WebGL, developers moved away from Flash.

Flash Player is a plug-in for browsers that is installed and maintained separately. Although it came bundled with some browsers. Not only that, but it was responsible for some scary security vulnerabilities over the years. So, developers and IT admins alike were glad to see the back of it.

Flash Player reached end of life on December 31st 2020. And now Adobe recommends uninstalling it from systems. Microsoft has an optional update (KB4577586) that removes Flash Player. It was made available in October 2020 in the Microsoft Update Catalog. Microsoft said that it would be made available for Windows Update and Windows Server Update Services (WSUS) in early 2021. And KB4577586 would be changed to ‘recommended’ a few months later.

Regardless of the availability of this update, Microsoft disabled Adobe Flash Player by default at the beginning of 2021. And all versions older than KB4561600, released in June 2020, will be blocked. But if you want to be sure, you can use the Group Policy settings below.

Sponsored Content

Read the Best Personal and Business Tech without Ads

Staying updated on what is happening in the technology sector is important to your career and your personal life but ads can make reading news, distracting. With Thurrott Premium, you can enjoy the best coverage in tech without the annoying ads.

Block Adobe Flash Player using Group Policy

By summer 2021, KB4577586 will be included in the monthly cumulative updates and monthly rollups for Windows. This will result in Flash being automatically removed from systems. In the meantime, you can use Group Policy to block Flash completely. Although, in Microsoft’s browsers, you should find that Flash is now blocked without any manual intervention. But the following settings might be useful for devices that haven’t or can’t be updated for whatever reason.

If you want to apply Group Policy settings to more than one device, you will need to create a central Group Policy store. Check out How to Create a Group Policy Central Store on Petri for more information. And for more information on setting up a Group Policy Object (GPO), read How to Create and Link a Group Policy Object in Active Directory on Petri.

Google Chrome and Microsoft Edge

If you want to block Flash in either Chrome or Edge, you’ll need to download the respective Group Policy templates. You get the policy files for Edge here. And for Google Chrome here. Once you have the Group Policy template installed, you will find the settings for Chrome and Edge under Computer or User Configuration > Policies > Administrative Templates. Here, set the Default Adobe Flash setting to Enabled and then select Block the Adobe Flash plugin from the dropdown menu. If you still need to allow Flash to work on some sites, alternatively you can use the Allow the Flash plugin on these sites setting and create a whitelist of sites where Flash can run.

Image #1 Expand
Block Adobe Flash Player Using Active Directory Group Policy (Image Credit: Russell Smith)

Legacy Microsoft Edge

To disable Flash in legacy Microsoft Edge, set Allow Adobe Flash to Disabled under Computer or User Configuration > Policies > Administrative Templates > Windows Components > Microsoft Edge.

Internet Explorer

To disable Flash in Internet Explorer, set Turn off Adobe Flash in Internet Explorer and prevents applications from using Internet Explorer technology to instantiate Flash objects to Enabled under Computer or User Configuration > Policies > Administrative Templates > Windows Components > Internet Explorer > Security Features > Add-on Management.

Related Topics:

BECOME A PETRI MEMBER:

Don't have a login but want to join the conversation? Sign up for a Petri Account

Register
Comments (0)

Leave a Reply

IT consultant, Contributing Editor @PetriFeed, and trainer @Pluralsight. All about Microsoft, Office 365, Azure, and Windows Server.

Register for Advanced Microsoft 365 Day!

GET-IT: Advanced Microsoft 365 1-Day Virtual Conference - Live August 24th!

Join us on Tuesday, August 24th and hear from Microsoft MVPs and industry experts about how to take advantage of Microsoft 365 at a technical level and dive deep into the features and functionality that will make your environment more secure and compliant.

RSVP Now

Sponsored By