Skip to main content
A
Anonymous
May 20, 2016
Answered

[Unsolved] mms.cfg not acknowledging AVHardwareEnabledDomain

  • May 20, 2016
  • 1 reply
  • 418 views

Information and Versions

Windows 7 SP1

Firefox 19.0.2.0

Flash Player 11.8.800.168

Problem

We have a SharePoint page that has a link to open the webcam and attach a photo. We want all users of this device, current profiles and future profiles, to automatically allow access to the webcam without being prompted to allow. I have tried adding the domain, page URL specifically, and ip to mms.cfg in C:\Windows\System32\Macromed\flash using the following, but it does not seem to be effective:

AVHardwareEnabledDomain=[domain, site, or ip address here]

I have tried re-creating my Windows profile, disabling McAfee and Bit9 before modifying the file and reinstalling Flash Player but the issue persists.

This topic has been closed for replies.
Correct answer jeromiec83223024

Unfortunately, I don't think this approach is going to work out for what you're trying to accomplish.

AVHardwareDisable is intended for system administrators who want to disable camera/microphone access entirely in sensitie environments where eavesdropping is a concern.

AVHardwareEnabledDomain only works when AVHardwareDisable is set to true, and is a mechanism for explicitly whitelisting one or more domains for which camera/microphone access should be allowed, like the company's conferencing software.

As far as we can tell, the original intent is not to suppress the user dialog.  We would not, as an example, want to enable employers to watch employees via their webcam without getting their consent. We *would* want them to be able to block malicious ads from prompting their users for camera/mic access, while still allowing them access to the company's conferencing services.

More importantly, when we talk about browsers with modern plug-in sandboxes, like Google Chrome or Edge, the browser intercepts requests for camera and microphone and presents a native permission dialog, which doesn't know about mms.cfg settings.  Moving permissions to native dialogs ensures that we behave consistently with HTML5/WebRTC features, and largely solves the clickjacking problem (it's easier to track what's actually visible to the end-user from the perspective of the browser vs. the view from an element in a browser page). 

As a long-term strategy, I don't see this being viable across the major browsers.  This really seems like a job for a native application.

1 reply

jeromiec83223024
jeromiec83223024Correct answer
Inspiring
May 20, 2016

Unfortunately, I don't think this approach is going to work out for what you're trying to accomplish.

AVHardwareDisable is intended for system administrators who want to disable camera/microphone access entirely in sensitie environments where eavesdropping is a concern.

AVHardwareEnabledDomain only works when AVHardwareDisable is set to true, and is a mechanism for explicitly whitelisting one or more domains for which camera/microphone access should be allowed, like the company's conferencing software.

As far as we can tell, the original intent is not to suppress the user dialog.  We would not, as an example, want to enable employers to watch employees via their webcam without getting their consent. We *would* want them to be able to block malicious ads from prompting their users for camera/mic access, while still allowing them access to the company's conferencing services.

More importantly, when we talk about browsers with modern plug-in sandboxes, like Google Chrome or Edge, the browser intercepts requests for camera and microphone and presents a native permission dialog, which doesn't know about mms.cfg settings.  Moving permissions to native dialogs ensures that we behave consistently with HTML5/WebRTC features, and largely solves the clickjacking problem (it's easier to track what's actually visible to the end-user from the perspective of the browser vs. the view from an element in a browser page). 

As a long-term strategy, I don't see this being viable across the major browsers.  This really seems like a job for a native application.

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices