Why Does the SVM Admin Console Require Internet Explorer with ActiveX?

Moderator Moderator
Moderator
5 0 263

Most of our customers use Edge, Chrome, Firefox, and other popular browsers. The requirement for the SVM console is only for certain functionality in the admin console; specifically managing WSUS and creating/publishing patches. The new patch automation process does not require ActiveX, but individual patch creation does.

The SVM console simply does things browsers are not normally authorized to do. It talks directly to WSUS, it writes to the file system to create patches, etc. The need for ActiveX (and therefore Internet Explorer) is not a matter of browser support as much as a dependency to do things security otherwise restricts.

The difference in options provided when not running IE with our ActiveX control is illustrated below:

Patching Menu with IE and ActiveX

bkelly_0-1599838121123.png

Patching Menu Without

bkelly_1-1599838121125.png

It is common practice to restrict Internet Explorer our console web address alone in order to eliminate the risk of it being used to browse potentially malicious websites.

Because the console needs to perform actions not possible without ActiveX, it will remain a dependency of the web console. However, as an alternative, we are introducing utilities that may be leveraged to perform restricted functions offline. We introduced a tool for managing WSUS in the community and plan to offer another that will facilitate Patch Creation and Publishing tool by the end of 2020. If you would like early access to an alpha version of the Patch Creation and Publishing tool, please private message me here in the community.

Director, Product Management Charlotte, NC