Notes on Security Banner and IE Settings for Citrix XenApp servers

After realizing that I had to dig deep into my notes and search for registry settings on the web that I’ve used multiple times over the years, I thought I’d write a post to serve as something for me to reference in the future when I’m trying to create a Active Directory GPO for the following:

Prevent the corporate security banner from being presented:

Computer Configuration –> Policies –> Windows Settings –>Security Settings –> Local Policies –> Security Options:

• Interactive logon: Message text for users attempting to log on –> Enabled
• Interactive logon: Message title for users attempting to log on –> Enabled

Prevent the annoying IE first launch prompts from being presented:

User Configuration –> Policies –> Administrative Templates –> Windows Components –> Internet Explorer:

• Prevent participation in the Customer Experience Improvement Program –> Enabled
• Prevent running First Run wizard –> Enabled

Prevent the IE Protected Mode banner not enabled from popping up in the browser:

User Configuration –> Preferences –> Windows Settings –> Registry:

• Action –> Create
• Hive –> HKEY_CURRENT_USER
• Key Path –> Software\Microsoft\Internet Explorer\Main
• Value name –> NoProtectedModeBanner
• Value type –> REG_DWORD
• Value data –> 1
• Base –> Decimal

Since the latter 2 policies are applied to the user, loopback processing mode is enabled and set to Merge

Computer Configuration –> Policies –> Administrative Templates –> System –> Group Policy:

• Configure user Group Policy loopback processing mode –> Enabled / Merge

--------------------------------------------------------------------------------------------------------------------------------------------------------------------

For easy reference, the following is a screenshot of the policy settings: