Windows 10 1607/Anniversary Update opens msn.com at login and how to stop it.

I thought about trying to find a better name for this post and this issue, but this is all I could come up with.

Update 02/05/2017: This post is also relevant to Windows 10 1703 (Creators Update), which I’ve posted about here.

Original Post

ANYWAY, I finally tracked down how to stop Windows 10 1607 (Anniversary Update) from opening the default browser with msn.com. There are no startup or login registry entries, Group Policy settings, Scheduled Tasks, or even programs in the Start Menu startup folder. This is *something* that Windows is doing itself.

I’ve only encountered this issue on corporate networks, not on my home network, so I knew that some sort of authentication/proxy/filtering/firewall thing. I’ve also only had this issue with Windows 10 1607 (Anniversary Update), not 1511 (November Update) or 1507 (RTM).

It seems that Windows 10 is probing the network to get out to the internet, hitting some sort of issue (I’m guessing that it’s authentication in my case) and then opening up the default browser and browsing to a Microsoft owned address that results in a redirect to http://www.msn.com. In my case no authentication dialogue box pops up, it just browses to the site and appears to be happy with that. Weird. If it were only happening to “Admin” users I wouldn’t worry about it, but it happens to everyone! So, although not a cause for major concern or enough to halt my roll out of Windows 10 1607, I still wanted to fix it, if possible.

After some research it appears a similar issue to this occurred with Windows 8. I never had this issue during my roll out of Windows 8 but the resolution appears to work for Windows 10 1607 as well. At this stage I don’t know if making this change causes any unforeseen problems, but I’ll add to this post if I see anything.

Here’s how to prevent it. Using the registry editor, navigate to the location below, and change the “1” (enabled) to a “0” (disabled).

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet\EnableActiveProbing

This should stop the browser from opening at login but Internet access should still be available.

I hope this helps. If you’ve already done this and it’s caused another issue, please let me know in the comments or tweet me!

You’ll probably want to roll this out to your Windows 10 clients, of course you can do it via Group Policy but as it’s a one time setting I would suggest adding it to the Task Sequence that builds your reference image.

Adding the registry change to Group Policy

  1. Open Group Policy Management
  2. Navigate to Group Policy Objects
  3. Right click and Create or edit your Group Policy for your Windows 10 Clients
  4. Navigate to Computer Configuration > Preferences > Windows Settings > Registry
  5. Right click and go to New > Registry Item
  6. Under Key Path enter SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet
  7. Under Value name enter EnableActiveProbing
  8. The Value type should be REG_DWORD
  9. The Value data should be set to 00000000  – that’s six zeros for a Hexadecimal Base or you can just enter one zero for Decimal Base.
  10. Click OK to save the changes.
  11. If you created a new Group Policy Object, you will need to link it to an OU that contains the clients you want the GPO to affect. To do this right click the OU and select Link an existing Group Policy… and then select the Group Policy you created earlier.

Adding the registry change to a Task Sequence

  1. Open Notepad and paste the following into it:
    Windows Registry Editor Version 5.00
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet]
    "EnableActiveProbing"=dword:00000000
    
  2. Save the file with any name you like, but it must have the extension .reg
  3. Copy the .reg file to your Deployment server. It needs to be accessible by the Task Sequence, so I put mine in E:\DeploymentShare\Applications\
  4. In the Task Sequence, you’ll want to add it before the Windows Update (Pre-Application Installation) item, so select that item first.
  5. Click the Add button at the top of the sequence, and go to General > Run Command Line.
  6. Select the new Run Command Line item and click the Up button at the top of the sequence to move it above the Windows Update (Pre-Application Installation) item.
  7. On the right hand side of the window, under Name, enter whatever you want, I called mine cmd – disable active probing
  8. Under Command Line enter REG IMPORT Z:\Applications\ActiveProbing.reg
  9. Click OK to save and close the Task Sequence and you’re done!

When you run the Task Sequence to create a reference image, the registry will be edited and during your build phase you won’t get any browser windows opening on login.

Follow me on Twitter – @Digressive.

9 thoughts on “Windows 10 1607/Anniversary Update opens msn.com at login and how to stop it.

  1. Pingback: Building a Windows 10 1703 (Creators Update) Reference Image with Microsoft Deployment Toolkit | Stick To The Script!

  2. Hi I think I got this issue but its slightly different – WIN10 Anniversary Update I was playing a game on steam and I noticed the router next to me was flashing orange so I exited my game to see what was going on. The windows network icon had a yellow “!” and my default browser – firefox had opened all by itself (i’m 100% sure I did not have one open before exiting the game) no-script blocked whatever it was trying to do which seemed to be trying to open the router page? – http://dsldevice.lan. then redirect to a microsoft site?

    Here is an image of what I saw:

    This is not on logon so its not exactly the same as your issue but very close – you said “It seems that Windows 10 is probing the network to get out to the internet, hitting some sort of issue (I’m guessing that it’s authentication in my case)” which seems what could be going on here?

    I’m quite parinoid about things like this do I need to worry (malware etc) or are you confident this is just the issue you have highlighted?

    Thank you.

    Like

    • edit/update – I should say my browser has no-script on which is why it blocked whatever it was doing with the browser that came up by itself. (see image in first post).

      Like

      • Hi there, your issue could be related to the one in my post but I’ve only really experienced it on networks behind corporate firewalls and content filtering systems before. I don’t think you need to worry. What it sounds like is that your router lost internet connectivity in some way for a moment and your computer noticed and went through the procedure of loading up the default browser to test internet connectivity. Sorry I can’t really give you a concrete answer.

        Like

  3. Hi Mike thanks for the fast response – yeah its very difficult to get a concrete answer on this as it does seem quite rare. I would of been more worried but the fact it happend the exact time the router had a problem seems to indicate it must be related to connectivity.

    That said I really don’t like issues like this where it is hard to reproduce and not possible to be certain what happend. Would you say the odds of this being malware are low and I should just keep an eye on the system? part of me wants to re-install windows but that seems a little drastic :p

    Like

  4. Setting the following GPO seems to have the same effect as directly setting the registry entry:
    In System/Internet Communication Management/Internet Communication settings, set “Turn off Windows Network Connectivity Status Indicator active tests” to Enabled.

    Like

  5. Hi, in my office we are having the same problem, but when I navigate in the Registry I can only get to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters, there’s no “Internet” sub-key, got any idea why could this be or how can I solve it? Thanks!

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s