I've recently upgraded IE from IE9 to IE11. Although the installation itself was simple, configuring the settings via group policy wasn't as straightforward...
I assumed that our existing GPO created for IE9 would continue to work, but quickly found out this was not the case. Proxy settings and security zone settings were some of the things that were now not working in IE11.
The first thing I did was download the IE11 Administration Templates (ADM file) from Microsoft. http://www.microsoft.com/en-gb/download/details.aspx?id=40905
I then created a new GPO specifically for Internet Explorer 11 settings. I added the ADM file by expanding User Configuration > right clicking on Administrative Templates > selecting 'Add/Remove Templates' > and selecting the ADM file to import it into the GPO.
I assumed that our existing GPO created for IE9 would continue to work, but quickly found out this was not the case. Proxy settings and security zone settings were some of the things that were now not working in IE11.
The first thing I did was download the IE11 Administration Templates (ADM file) from Microsoft. http://www.microsoft.com/en-gb/download/details.aspx?id=40905
I then created a new GPO specifically for Internet Explorer 11 settings. I added the ADM file by expanding User Configuration > right clicking on Administrative Templates > selecting 'Add/Remove Templates' > and selecting the ADM file to import it into the GPO.
Configuring Internet SettingsTo configure Internet settings such as home page and security zone settings, in the GPO I expanded User Configuration > Control Panel Settings > Internet Settings.I right clicked in the main pane > New > and selected the version of IE I wished to manage. IE11 was not listed, but chose IE10 which works.
Here, I went through the tabs (same tabs as you would see if you went to IE's tools and options) and set as desired. However I found out that two things in particular would not work... 1) Proxy settings and also 2) when setting security zones, the 'Sites' option is greyed out, so you are unable to manually enter site addresses that should belong to a particular zone. These need to be configured elsewhere.
Proxy settingsSo, as tried above, I was unable to set the proxy server using the 'Internet Settings' GPO options. I also tried without success using the 'Internet Explorer Maintenance' settings, which is what I had always used in IE9 and previous versions.
I therefore had to set the proxy settings using the registry and Group Policy Preferences (GPP).
In the GPO, I expanded User Configuration > Preferences > Registry. I then created three new registry items for the following:
HKCU\Software\Microsoft\Windows\CurrentVersion\InternetSettings\ProxyEnable To enable, set the REG_DWORD to 00000001
HKCU\Software\Microsoft\Windows\CurrentVersion\InternetSettings\ProxyServer Set the REG_SZ to your proxy server’s IP or hostname:8080 (i.e proxy:8080 or 192.168.1.10:8080)
HKCU\Software\Microsoft\Windows\CurrentVersion\InternetSettings\ProxyOverride
Set the REG_SZ to list all the sites which should bypass the proxy, separated by a semi-colon ‘;’. If you need to enable the option ‘Do not use proxy server for local (Intranet) addresses’ then you will need to add ‘;<local> at the end of the ProxyOverride key. There is no separate key for this setting.
Proxy settingsSo, as tried above, I was unable to set the proxy server using the 'Internet Settings' GPO options. I also tried without success using the 'Internet Explorer Maintenance' settings, which is what I had always used in IE9 and previous versions.
I therefore had to set the proxy settings using the registry and Group Policy Preferences (GPP).
In the GPO, I expanded User Configuration > Preferences > Registry. I then created three new registry items for the following:
HKCU\Software\Microsoft\Windows\CurrentVersion\InternetSettings\ProxyEnable To enable, set the REG_DWORD to 00000001
HKCU\Software\Microsoft\Windows\CurrentVersion\InternetSettings\ProxyServer Set the REG_SZ to your proxy server’s IP or hostname:8080 (i.e proxy:8080 or 192.168.1.10:8080)
HKCU\Software\Microsoft\Windows\CurrentVersion\InternetSettings\ProxyOverride
Set the REG_SZ to list all the sites which should bypass the proxy, separated by a semi-colon ‘;’. If you need to enable the option ‘Do not use proxy server for local (Intranet) addresses’ then you will need to add ‘;<local> at the end of the ProxyOverride key. There is no separate key for this setting.
Adding sites to Security ZonesAs I earlier found out, although I could set security zone levels, the options for specifying sites was greyed out. To populate the sites for the different zones, I had to go somewhere else within the GPO. User Configuration > Policies > Administration Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page.In here, I enabled 'Site to Zone Assignment list' and in the Value Name, entered the website address, and for Value, I entered the corresponding number for the zone I wanted to add the site into.
Internet Explorer has 4 security zones, numbered 1-4, and these are used by this policy setting to associate sites to zones. They are: (1) Intranet zone, (2) Trusted Sites zone, (3) Internet zone, and (4) Restricted Sites zone.
Internet Explorer has 4 security zones, numbered 1-4, and these are used by this policy setting to associate sites to zones. They are: (1) Intranet zone, (2) Trusted Sites zone, (3) Internet zone, and (4) Restricted Sites zone.
That's the main settings for IE11 configured! I linked the GPO to an OU containing the users and at the next group policy refresh they received the new settings. At first, I applied this to just myself, then to a small group of users. Once all problems are ironed out (normally with security zone settings) I could safely deploy to all other users.
To Change the HomePage or Startup Page:
HKCU\Software\Microsoft\Internet Explorer\Main
Home Page =
So in the box that appears select :
Action : Update
Hive : HKEY_CURRENT_USER
Key Path: Software\Microsoft\Internet Explorer\Main
Value name (default unticked) : Start Page
Value type : REG_SZ
Value data : http://www.google.co.uk
So for this example it would look like
If you want more than one tab to open at once then you can use the key Secondary Start Pages.
Action : Update
Hive : HKEY_CURRENT_USER
Key Path: Software\Microsoft\Internet Explorer\Main
Value name (default un ticked) : Secondary Start Pages
Value type : REG_MULTI_SZ
Value data : http://www.bbc.co.uk
To Change the HomePage or Startup Page:
HKCU\Software\Microsoft\Internet Explorer\Main
Home Page =
Start Page = REG_SZ, Value, http://www.google.co.ukSo in the box that appears select :
Action : Update
Hive : HKEY_CURRENT_USER
Key Path: Software\Microsoft\Internet Explorer\Main
Value name (default unticked) : Start Page
Value type : REG_SZ
Value data : http://www.google.co.uk
So for this example it would look like
If you want more than one tab to open at once then you can use the key Secondary Start Pages.
Action : Update
Hive : HKEY_CURRENT_USER
Key Path: Software\Microsoft\Internet Explorer\Main
Value name (default un ticked) : Secondary Start Pages
Value type : REG_MULTI_SZ
Value data : http://www.bbc.co.uk
No comments:
Post a Comment