Friday, September 13, 2013

Notes on Security Banner and IE Settings for Citrix XenApp servers

After realizing that I had to dig deep into my notes and search for registry settings on the web that I’ve used multiple times over the years, I thought I’d write a post to serve as something for me to reference in the future when I’m trying to create a Active Directory GPO for the following:

Prevent the corporate security banner from being presented:

Computer Configuration –> Policies –> Windows Settings –>Security Settings –> Local Policies –> Security Options:

  • Interactive logon: Message text for users attempting to log on –> Enabled
  • Interactive logon: Message title for users attempting to log on –> Enabled


Prevent the annoying IE first launch prompts from being presented:

User Configuration –> Policies –> Administrative Templates –> Windows Components –> Internet Explorer:

  • Prevent participation in the Customer Experience Improvement Program –> Enabled
  • Prevent running First Run wizard –> Enabled

Prevent the IE Protected Mode banner not enabled from popping up in the browser:

User Configuration –> Preferences –> Windows Settings –> Registry:

  • Action –> Create
  • Key Path –> Software\Microsoft\Internet Explorer\Main
  • Value name –> NoProtectedModeBanner
  • Value type –> REG_DWORD
  • Value data –> 1
  • Base –> Decimal


Since the latter 2 policies are applied to the user, loopback processing mode is enabled and set to Merge

Computer Configuration –> Policies –> Administrative Templates –> System –> Group Policy:

  • Configure user Group Policy loopback processing mode –> Enabled / Merge


For easy reference, the following is a screenshot of the policy settings:


1 comment:

digital signature software said...

Thanks for a great article. Your tips are accurate and they will be of great help to me with my business. I bookmarked your site and will be back ! !