Introduction
In today’s digital landscape, safeguarding your organization’s IT infrastructure is more critical than ever. One effective strategy to enhance security is by configuring certain file types to open in Notepad, preventing potentially malicious code from executing.
In this blog post, we’ll walk you through the steps to use Microsoft Intune to associate specific file types with Notepad, ensuring that risky files are opened safely in plain text. This proactive measure can reduce the risk of malware infections and enhance your overall cybersecurity posture.
Note: While this approach can reduce the risk of malware infections, it’s important to consider the potential impact on users who may need to open these file types for legitimate purposes. Associating files like scripts or executables with Notepad might disrupt normal workflows for developers or IT professionals. Therefore, it’s crucial to evaluate the needs of different user groups within your organization and implement this strategy accordingly.
Default Associations XML
The initial step in implementing this approach is to generate the appropriate default associations configuration. This configuration is contained within an .xml file, which resembles the example provided below.
NOTE: To export the current default application associations, you can run following command:
- Dism /Online /Export-DefaultAppAssociations:”F:\AppAssociations.xml”
Please note that this file can encompass a wide range of customizations for configuring various default file type and protocol associations. However, for the purpose of this task, I have restricted it to include only the file types that need to be associated with Notepad.
<?xml version="1.0" encoding="UTF-8"?> <DefaultAssociations> <Association Identifier=".hta" ProgId="AppXkv2jqn1pq8ajm0p5dhgqde7aafykkrrn" ApplicationName="Notepad" /> <Association Identifier=".htm" ProgId="AppXkv2jqn1pq8ajm0p5dhgqde7aafykkrrn" ApplicationName="Notepad" /> <Association Identifier=".html" ProgId="AppXkv2jqn1pq8ajm0p5dhgqde7aafykkrrn" ApplicationName="Notepad" /> <Association Identifier=".jse" ProgId="AppXkv2jqn1pq8ajm0p5dhgqde7aafykkrrn" ApplicationName="Notepad" /> <Association Identifier=".js" ProgId="AppXkv2jqn1pq8ajm0p5dhgqde7aafykkrrn" ApplicationName="Notepad" /> <Association Identifier=".wsf" ProgId="AppXkv2jqn1pq8ajm0p5dhgqde7aafykkrrn" ApplicationName="Notepad" /> <Association Identifier=".jar" ProgId="AppXkv2jqn1pq8ajm0p5dhgqde7aafykkrrn" ApplicationName="Notepad" /> <Association Identifier=".cmd" ProgId="AppXkv2jqn1pq8ajm0p5dhgqde7aafykkrrn" ApplicationName="Notepad" /> <Association Identifier=".vb" ProgId="AppXkv2jqn1pq8ajm0p5dhgqde7aafykkrrn" ApplicationName="Notepad" /> <Association Identifier=".vbs" ProgId="AppXkv2jqn1pq8ajm0p5dhgqde7aafykkrrn" ApplicationName="Notepad" /> <Association Identifier=".ws" ProgId="AppXkv2jqn1pq8ajm0p5dhgqde7aafykkrrn" ApplicationName="Notepad" /> </DefaultAssociations>
Convert to Base64
To utilize this XML file with Microsoft Intune, it must be converted into Base64 format. You can achieve this using your preferred online converter. For instance, I used the following tool: Convert XML to Base64 – Online XML Tools
The output will be something similar to below:
PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPERlZmF1bHRBc3NvY2lhdGlv bnM+CiAgPEFzc29jaWF0aW9uIElkZW50aWZpZXI9Ii5odGEiIFByb2dJZD0iQXBwWGt2MmpxbjFw cThham0wcDVkaGdxZGU3YWFmeWtrcnJuIiBBcHBsaWNhdGlvbk5hbWU9Ik5vdGVwYWQiIC8+CiAg PEFzc29jaWF0aW9uIElkZW50aWZpZXI9Ii5odG0iIFByb2dJZD0iQXBwWGt2MmpxbjFwcThham0w cDVkaGdxZGU3YWFmeWtrcnJuIiBBcHBsaWNhdGlvbk5hbWU9Ik5vdGVwYWQiIC8+CiAgPEFzc29j aWF0aW9uIElkZW50aWZpZXI9Ii5odG1sIiBQcm9nSWQ9IkFwcFhrdjJqcW4xcHE4YWptMHA1ZGhn cWRlN2FhZnlra3JybiIgQXBwbGljYXRpb25OYW1lPSJOb3RlcGFkIiAvPgogIDxBc3NvY2lhdGlv biBJZGVudGlmaWVyPSIuanNlIiBQcm9nSWQ9IkFwcFhrdjJqcW4xcHE4YWptMHA1ZGhncWRlN2Fh Znlra3JybiIgQXBwbGljYXRpb25OYW1lPSJOb3RlcGFkIiAvPgogIDxBc3NvY2lhdGlvbiBJZGVu dGlmaWVyPSIuanMiIFByb2dJZD0iQXBwWGt2MmpxbjFwcThham0wcDVkaGdxZGU3YWFmeWtrcnJu IiBBcHBsaWNhdGlvbk5hbWU9Ik5vdGVwYWQiIC8+CiAgPEFzc29jaWF0aW9uIElkZW50aWZpZXI9 Ii53c2YiIFByb2dJZD0iQXBwWGt2MmpxbjFwcThham0wcDVkaGdxZGU3YWFmeWtrcnJuIiBBcHBs aWNhdGlvbk5hbWU9Ik5vdGVwYWQiIC8+CiAgPEFzc29jaWF0aW9uIElkZW50aWZpZXI9Ii5qYXIi IFByb2dJZD0iQXBwWGt2MmpxbjFwcThham0wcDVkaGdxZGU3YWFmeWtrcnJuIiBBcHBsaWNhdGlv bk5hbWU9Ik5vdGVwYWQiIC8+CiAgPEFzc29jaWF0aW9uIElkZW50aWZpZXI9Ii5jbWQiIFByb2dJ ZD0iQXBwWGt2MmpxbjFwcThham0wcDVkaGdxZGU3YWFmeWtrcnJuIiBBcHBsaWNhdGlvbk5hbWU9 Ik5vdGVwYWQiIC8+CiAgPEFzc29jaWF0aW9uIElkZW50aWZpZXI9Ii52YiIgUHJvZ0lkPSJBcHBY a3YyanFuMXBxOGFqbTBwNWRoZ3FkZTdhYWZ5a2tycm4iIEFwcGxpY2F0aW9uTmFtZT0iTm90ZXBh ZCIgLz4KICA8QXNzb2NpYXRpb24gSWRlbnRpZmllcj0iLnZicyIgUHJvZ0lkPSJBcHBYa3YyanFu MXBxOGFqbTBwNWRoZ3FkZTdhYWZ5a2tycm4iIEFwcGxpY2F0aW9uTmFtZT0iTm90ZXBhZCIgLz4K ICA8QXNzb2NpYXRpb24gSWRlbnRpZmllcj0iLndzIiBQcm9nSWQ9IkFwcFhrdjJqcW4xcHE4YWpt MHA1ZGhncWRlN2FhZnlra3JybiIgQXBwbGljYXRpb25OYW1lPSJOb3RlcGFkIiAvPgo8L0RlZmF1 bHRBc3NvY2lhdGlvbnM+
Microsoft Intune
Create a new Configuration Profile in Microsoft Intune based off of the Settings catalog.
Find the highlighted setting and paste the Base64 formatted XML into the policy, as shown below:
End result
When a user opens a file that has been associated with Notepad, the content is displayed in plain text within Notepad rather than being executed by the original application. This approach mitigates the risk of inadvertently running malicious code.
Final note: Again, this configuration may not be suitable for all users, especially if some of these file types are used for legitimate purposes within your organization. It’s important to evaluate the needs of different user groups and implement this strategy accordingly to avoid disrupting normal workflows.
ENJOY 🙂