Using Microsoft Intune to safeguard Windows: Associate certain file types to open in Notepad

Introduction

In today’s digital landscape, safeguarding your organization’s IT infrastructure is more critical than ever. One effective strategy to enhance security is by configuring certain file types to open in Notepad, preventing potentially malicious code from executing.

In this blog post, we’ll walk you through the steps to use Microsoft Intune to associate specific file types with Notepad, ensuring that risky files are opened safely in plain text. This proactive measure can reduce the risk of malware infections and enhance your overall cybersecurity posture.

Note: While this approach can reduce the risk of malware infections, it’s important to consider the potential impact on users who may need to open these file types for legitimate purposes. Associating files like scripts or executables with Notepad might disrupt normal workflows for developers or IT professionals. Therefore, it’s crucial to evaluate the needs of different user groups within your organization and implement this strategy accordingly.

Default Associations XML

The initial step in implementing this approach is to generate the appropriate default associations configuration. This configuration is contained within an .xml file, which resembles the example provided below.

NOTE: To export the current default application associations, you can run following command:

  • Dism /Online /Export-DefaultAppAssociations:”F:\AppAssociations.xml”

Please note that this file can encompass a wide range of customizations for configuring various default file type and protocol associations. However, for the purpose of this task, I have restricted it to include only the file types that need to be associated with Notepad.

<?xml version="1.0" encoding="UTF-8"?>
<DefaultAssociations>
  <Association Identifier=".hta" ProgId="AppXkv2jqn1pq8ajm0p5dhgqde7aafykkrrn" ApplicationName="Notepad" />
  <Association Identifier=".htm" ProgId="AppXkv2jqn1pq8ajm0p5dhgqde7aafykkrrn" ApplicationName="Notepad" />
  <Association Identifier=".html" ProgId="AppXkv2jqn1pq8ajm0p5dhgqde7aafykkrrn" ApplicationName="Notepad" />
  <Association Identifier=".jse" ProgId="AppXkv2jqn1pq8ajm0p5dhgqde7aafykkrrn" ApplicationName="Notepad" />
  <Association Identifier=".js" ProgId="AppXkv2jqn1pq8ajm0p5dhgqde7aafykkrrn" ApplicationName="Notepad" />
  <Association Identifier=".wsf" ProgId="AppXkv2jqn1pq8ajm0p5dhgqde7aafykkrrn" ApplicationName="Notepad" />
  <Association Identifier=".jar" ProgId="AppXkv2jqn1pq8ajm0p5dhgqde7aafykkrrn" ApplicationName="Notepad" />
  <Association Identifier=".cmd" ProgId="AppXkv2jqn1pq8ajm0p5dhgqde7aafykkrrn" ApplicationName="Notepad" />
  <Association Identifier=".vb" ProgId="AppXkv2jqn1pq8ajm0p5dhgqde7aafykkrrn" ApplicationName="Notepad" />
  <Association Identifier=".vbs" ProgId="AppXkv2jqn1pq8ajm0p5dhgqde7aafykkrrn" ApplicationName="Notepad" />
  <Association Identifier=".ws" ProgId="AppXkv2jqn1pq8ajm0p5dhgqde7aafykkrrn" ApplicationName="Notepad" />
</DefaultAssociations>

Convert to Base64

To utilize this XML file with Microsoft Intune, it must be converted into Base64 format. You can achieve this using your preferred online converter. For instance, I used the following tool: Convert XML to Base64 – Online XML Tools

The output will be something similar to below:

PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPERlZmF1bHRBc3NvY2lhdGlv
bnM+CiAgPEFzc29jaWF0aW9uIElkZW50aWZpZXI9Ii5odGEiIFByb2dJZD0iQXBwWGt2MmpxbjFw
cThham0wcDVkaGdxZGU3YWFmeWtrcnJuIiBBcHBsaWNhdGlvbk5hbWU9Ik5vdGVwYWQiIC8+CiAg
PEFzc29jaWF0aW9uIElkZW50aWZpZXI9Ii5odG0iIFByb2dJZD0iQXBwWGt2MmpxbjFwcThham0w
cDVkaGdxZGU3YWFmeWtrcnJuIiBBcHBsaWNhdGlvbk5hbWU9Ik5vdGVwYWQiIC8+CiAgPEFzc29j
aWF0aW9uIElkZW50aWZpZXI9Ii5odG1sIiBQcm9nSWQ9IkFwcFhrdjJqcW4xcHE4YWptMHA1ZGhn
cWRlN2FhZnlra3JybiIgQXBwbGljYXRpb25OYW1lPSJOb3RlcGFkIiAvPgogIDxBc3NvY2lhdGlv
biBJZGVudGlmaWVyPSIuanNlIiBQcm9nSWQ9IkFwcFhrdjJqcW4xcHE4YWptMHA1ZGhncWRlN2Fh
Znlra3JybiIgQXBwbGljYXRpb25OYW1lPSJOb3RlcGFkIiAvPgogIDxBc3NvY2lhdGlvbiBJZGVu
dGlmaWVyPSIuanMiIFByb2dJZD0iQXBwWGt2MmpxbjFwcThham0wcDVkaGdxZGU3YWFmeWtrcnJu
IiBBcHBsaWNhdGlvbk5hbWU9Ik5vdGVwYWQiIC8+CiAgPEFzc29jaWF0aW9uIElkZW50aWZpZXI9
Ii53c2YiIFByb2dJZD0iQXBwWGt2MmpxbjFwcThham0wcDVkaGdxZGU3YWFmeWtrcnJuIiBBcHBs
aWNhdGlvbk5hbWU9Ik5vdGVwYWQiIC8+CiAgPEFzc29jaWF0aW9uIElkZW50aWZpZXI9Ii5qYXIi
IFByb2dJZD0iQXBwWGt2MmpxbjFwcThham0wcDVkaGdxZGU3YWFmeWtrcnJuIiBBcHBsaWNhdGlv
bk5hbWU9Ik5vdGVwYWQiIC8+CiAgPEFzc29jaWF0aW9uIElkZW50aWZpZXI9Ii5jbWQiIFByb2dJ
ZD0iQXBwWGt2MmpxbjFwcThham0wcDVkaGdxZGU3YWFmeWtrcnJuIiBBcHBsaWNhdGlvbk5hbWU9
Ik5vdGVwYWQiIC8+CiAgPEFzc29jaWF0aW9uIElkZW50aWZpZXI9Ii52YiIgUHJvZ0lkPSJBcHBY
a3YyanFuMXBxOGFqbTBwNWRoZ3FkZTdhYWZ5a2tycm4iIEFwcGxpY2F0aW9uTmFtZT0iTm90ZXBh
ZCIgLz4KICA8QXNzb2NpYXRpb24gSWRlbnRpZmllcj0iLnZicyIgUHJvZ0lkPSJBcHBYa3YyanFu
MXBxOGFqbTBwNWRoZ3FkZTdhYWZ5a2tycm4iIEFwcGxpY2F0aW9uTmFtZT0iTm90ZXBhZCIgLz4K
ICA8QXNzb2NpYXRpb24gSWRlbnRpZmllcj0iLndzIiBQcm9nSWQ9IkFwcFhrdjJqcW4xcHE4YWpt
MHA1ZGhncWRlN2FhZnlra3JybiIgQXBwbGljYXRpb25OYW1lPSJOb3RlcGFkIiAvPgo8L0RlZmF1
bHRBc3NvY2lhdGlvbnM+

Microsoft Intune

Create a new Configuration Profile in Microsoft Intune based off of the Settings catalog.

Find the highlighted setting and paste the Base64 formatted XML into the policy, as shown below:

End result

When a user opens a file that has been associated with Notepad, the content is displayed in plain text within Notepad rather than being executed by the original application. This approach mitigates the risk of inadvertently running malicious code.

Final note: Again, this configuration may not be suitable for all users, especially if some of these file types are used for legitimate purposes within your organization. It’s important to evaluate the needs of different user groups and implement this strategy accordingly to avoid disrupting normal workflows.

ENJOY 🙂

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.