Severing File Associations
There are two scenarios in which severing the default file associations is useful to IT professionals. The first is when you're concerned about users accidentally running scripts that they receive as e-mail attachments. If you don't have a virus filter on your mail server and you're not using a mail client such as Office Outlook 2003, which blocks dangerous attachments, you can break the associations between the script files' extensions and the program class that opens them. Appendix A, “File Associations,” describes how Windows associates file extensions with program classes. In the first scenario, you'd break the file association between the .vbs and .js file extensions and WSH. To do that, clear the default values of HKCR\.vbs and HKCR\.js. This isn't foolproof, however, because you can't break other dangerous file associations without affecting users' ability to use the operating system.
The second common scenario is when deploying Office 2003 Editions in coexistence scenarios. For example, if you need to keep Microsoft Access 97 in the field until after you migrate those databases to Office Access 2003, you might consider blocking the installation of Access 2003 until later. However, some businesses deploy Access 2003 so that it coexists with Access 97. Technically, this scenario works, but you have to consider your license agreement. The problem with this scenario is that the default file association for the .mdb extension will be with Access 2003, which isn't usually appropriate. Instead, you'll want to restore the association with Access 97. Better yet, to prevent confusion, don't associate the .mdb file extension with any program class. To do this, clear the default value of HKCR\.mdb, and then teach users to use one of the following methods to ensure that they're opening each database in the appropriate version of Access:
Open either version of Access first, and then open the database through the File menu.
Create a shortcut for each database file that opens the file in the right version of Access.
NOTE
In the second scenario, you'll want to prevent Access 2003 users from accidentally converting down-level databases to the Access 2003 file format. You accomplish this by using the policies that come with the Office 2003 Editions Resource Kit. The kit installs these policy templates in %SystemRoot%\Inf, and you must load them into a GPO to use them. Be sure to enable the policy Do Not Prompt To Convert Older Databases, which prevents accidental database conversions.