The most straightforward way to apply blanket updates to Internet Explorer settings for all users on a particular machine is to use the GPUpdate.msc tool to set the local group policy. Finding where these settings are in the group policy can be a challenge in itself.
In the following article I will review:
- Where to go in the local group policy to enable IE compatibility mode for a specific site on your local network
- How to set what sites are considered to be on your local network
- How to change an advanced setting for sites on your local network
- Dealing with IE Enhanced Security Configuration errors
To enable IE compatibility mode for a specific site:
- Open a DOS command prompt
- Type gpedit.msc
- In the Local Group Policy Editor that pops up, expand the following:
- Computer Configuration
- Administrative Templates
- Windows Components
- Internet Explorer
- Compatibility View
- In the Compatibility View folder, double click the option:
- Use Policy List of Internet Explorer 7 sites
- Select the Enabled option
- Add a comment (anything you like)
- Click on the Show button for the list of sites
- Add your site (without the http portion). For example add: mysitename instead of: http:/ /mysitename
Now that we’ve added our site, we need the setting to be applied computer-wide. To do so, back in your DOS command prompt type:
gpupdate /force
If you didn’t see any errors reported when you ran gpupdate, then when you browse to the site you entered, it will be displayed in compatibility mode.
To customize what sites are categorized as belonging to your local Intranet Zone:
- Open a DOS command prompt
- Type gpedit.msc
- In the Local Group Policy Editor windows that pops up, expand the following path:
- Computer Configuration
- Administrative Templates
- Windows Components
- Internet Explorer
- Internet Explorer Control Panel
- Security Page
- On the Security page set the following:
- Intranet Sites: Include all local (intranet) sites not listed in other zones : Enable
- Intranet Zone Template : You can set this to your preferred security level such as Medium Low
- Intranet Sites: Include all sites that bypass the proxy server : Enable
- Intranet Sites: Include all network paths (UNCs) : Enable
- Turn on automatic detection of intranet : Enable
This will tell IE how to auto-detect and how to handle sites on your local LAN.
Again, when you are done, don’t forget to run the DOS command prompt command:
gpupdate /force
How to change an advanced settings option in IE for sites on your LAN
Now let’s say you want to change the User Authentication: Logon option for your Intranet zone:
- From the Security Page folder that I explained how to get to above, you will see a sub-folder called Intranet Zone. Click on this sub-folder to see the available options
- You will see one option called Logon options. Double click it and select the Logon type you want to use.
- Also make sure this setting is Enabled.
How to deal with IE Enhanced Security Configuration errors
If you are getting Internet Explorer Enhanced Security Configuration errors when you try to browse site on your LAN, you will need to disable this setting. Likewise you should know that any of the LAN settings you have made in the Local Group Policy will not be applied until you remove IE Enhanced Security.
** Disclaimer: Microsoft has enabled IE Enhanced Security by default as a security feature. Personally I think it is overkill and causes confusion rather than helping. However, you should assess the pros and cons for your particular scenario before going ahead with disabling this feature.
Removing IE security configuration errors is simple when you know what needs to be done and where to do it. In this case the Server Manager tool is the key.
Open Server manager and click Local Server in the left pane. Then in the main window of Server Manager you will see the option to turn off IE Enhanced Security Configuration. It’s as easy as that.
Justin Cooney 
Great article.
Thanks. Helped me a lot!