Pages

Showing posts with label Internet Explorer. Show all posts
Showing posts with label Internet Explorer. Show all posts

Thursday, March 21, 2019

Configuring Internet Explorer 11 zones and enabling / disabling "Require server verification (https:) for all sites in this zone"

I recently had to assist a client with configuring a GPO to add sites in Internet Explorer 11’s trusted zones and disabling "Require server verification (https:) for all sites in this zone" so I thought I’d write this blog post to outline the registry keys required for the settings.

Note that this post will only demonstrate configuring the registry for HKEY_CURRENT_USER and it is also possible to apply the changes HKEY_LOCAL_MACHINE.

Enabling or Disabling "Require server verification (https:) for all sites in this zone"

The registry key that controls the Require server verification (https:) for all sites in this zone setting is the REG_DWORD setting named Flags located in the following registry + the # representing the zone (we’ll use zone 2 which represents Trusted Sites):

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\

The value to enable the configuration is:

Hex: 47

Decimal: 71

The value to disable the configuration is:

Hex: 43

Decimal: 67

You can use Group Policy preferences to configure this for the user:

Adding URLs of Trusted Sites

The registry path for adding URLs of trusted sites is:

Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\

Adding http://www.msn.com would look as such:

Notice how the site URL www.msn.com is an actual key under the Domains key:

To add the msn.com and all of its subdomain, you can add the following key:

Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\msn.com

Posted by at No comments:
Labels: ,

Wednesday, March 20, 2019

Security tab for Internet Explorer 11 displays a lock key icon for Internet, Local intranet, Trusted sites, and Restricted sites zones

I received a call from a client a few weeks ago to look at an issue he had with all the computers in the domain where the security tab for Internet Explorer 11 displayed a lock key icon for Internet, Local intranet, Trusted sites, and Restricted sites zones.

He indicated that he had recently implemented a GPO policy to adjust the settings for each site and had reverted back but noticed the settings were still persistent. Reviewing the icons showed that each zone was completely locked preventing the user from clicking on the Sites or Custom level icon:

After going through all the policies in the domain and unable to locate any reference to the configuration causing this, I navigated to the registry key that contains the settings for each zones and noticed that the keys appear to be missing values:

Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\

I then attempted to use the Internet Settings in the Preferences configuration to reset all the zones to the default level:

The REG_DWORD values came back but various settings such as Flags and Icon did not get recreated:

I then decided to manually create the Flags key within the GPO:

With the Flags configuration reconfigured, I am now able to click on the Sites button:

Other registry entries were still missing:

So I compared it with another fully functional Windows 10 desktop (Not the Description, DisplayName, and Icon values):

From here I proceeded to add the missing keys to the GPO:

With all of the settings configured, I was now able to see the site icons as well as edit them:

It is a bit labour intensive to create all of these keys manually so I would suggest creating a .reg file to import into the user’s profile when they log in.

Posted by at 2 comments:
Labels: ,

Thursday, January 21, 2016

Viewing Adobe PDFs within Internet Explorer 11 throws the error: “There is a problem with Adobe Acrobat/Reader. If it is running, please exit and try again. (0:104)”

Problem

I was recently involved with an Internet Explorer upgrade for a client with VMware Horizon VIew virtual desktops accelerated with SanDisk’s ioVDI solution where we noticed that after upgrading from Internet Explorer 9 to 11, we were no longer able to open PDFs from within the browser as the following error is presented:

There is a problem with Adobe Acrobat/Reader. If it is running, please exit and try again. (0:104)

image

Solution

Through the week long troubleshooting process, we were able to identify three possible solutions to the problem.

Solution #1 – Configure Internet Explorer to launch the Adobe PDF in a new seperate window

This was one of the easiest solutions we found through the forums but it was not practical for the environment because we had web applications that required PDFs to be launched from within the Internet Explorer 11 window.

Solution #2 – Configure IE 11 Tab Process Growth to 1 and disable Adobe Protected Mode

The environment we worked in had an application that required the Tab Process Growth for IE 11 to be set to the value of 0. 

User Configuration – Policies – Administrative Templates – Windows Components – Internet Explorer

Set tab process growth

image

image

What we noticed was that if we set the value to 1 via the GPO:

image

… or via the registry:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main

REG_DWORD named TabProcGrowth

clip_image002clip_image002

------------------------------------------------------------------------------------------------------------------------------------------

**Note that if the above registry key does not work, try the following alternate location that also appears to work:

image

HKEY_CURRENT_USER\Software\Polices\Microsoft\Internet Explorer\Main

------------------------------------------------------------------------------------------------------------------------------------------

… and disable Protected Mode for Adobe Acrobat Reader DC 2015 as demonstrated in my previous post:

Disabling “Enable Protected Mode at startup” and “Enable Enhanced Security” for Adobe Acrobat Reader DC 2015
http://terenceluk.blogspot.com/2016/01/disabling-enable-protected-mode-at.html

… then the error will no longer be presented.

Solution #3 – Disable redirectusertemp for SanDisk ioVDI

The two solutions above would not have met our requirements for the organization and we were left wondering why our virtual desktops exhibited this problem but not our physical desktops.  Through further investigation and a bit of luck, we noticed errors being thrown in the Adobe Acrobat Reader DC 2015 referencing the directory:

C:\Windows\Temp\iotdx-disposable

As demonstrated in one of my previous posts:

VMware Horizon View virtual desktops experience temporary drive space issues with SanDisk Fusion-io ioVDI integration
http://terenceluk.blogspot.com/2015/08/vmware-horizon-view-virtual-desktops.html

I recently noticed that an environment with SanDisk ioVDI redirecting Windows files to a disposable disk could case issues if the drive fills up.  In this situation, the drive did not fill up but Adobe appears to have problems writing to it.  What we noticed was that this issue could be fixed if we iottool command on the VDI and disable the user temp folder from redirecting.

image

The command to execute would be as follows:

iottool redirectusertmp disable

Once executed, restart the system.

------------------------------------------------------------------------------------------------------------------------------------------

This issue took quite a bit of time and resources and I hope this post will help others who may come across this issue.

Posted by at 2 comments:
Labels: , , , , , , , ,
Subscribe to: Posts (Atom)