IIS, IIS8, Internet Explorer, Software, Technology, Web Development, Web Server, Windows 2012

Windows 2012: Update IE Settings for all Users with GPEdit

The most straightforward way to apply blanket updates to Internet Explorer settings for all users on a particular machine is to use the GPUpdate.msc tool to set the local group policy. Finding where these settings are in the group policy can be a challenge in itself.

In the following article I will review:

  1. Where to go in the local group policy to enable IE compatibility mode for a specific site on your local network
  2. How to set what sites are considered to be on your local network
  3. How to change an advanced setting for sites on your local network
  4. Dealing with IE  Enhanced Security Configuration errors

To enable IE compatibility mode for a specific site:

  1. Open a DOS command prompt
  2. Type gpedit.msc
  3. In the Local Group Policy Editor that pops up, expand the following:
  4. Computer Configuration
  5. Administrative Templates
  6. Windows Components
  7. Internet Explorer
  8. Compatibility View
  9. In the Compatibility View folder, double click the option:
  10. Use Policy List of Internet Explorer 7 sites
  11. Select the Enabled option
  12. Add a comment (anything you like)
  13. Click on the Show button for the list of sites
  14. Add your site (without the http portion). For example add: mysitename instead of: http:/ /mysitename

Now that we’ve added our site, we need the setting to be applied computer-wide. To do so, back in your DOS command prompt type:
gpupdate /force

If you didn’t see any errors reported when you ran gpupdate, then when you browse to the site you entered, it will be displayed in compatibility mode.

To customize what sites are categorized as belonging to your local Intranet Zone:

  1. Open a DOS command prompt
  2. Type gpedit.msc
  3. In the Local Group Policy Editor windows that pops up, expand the following path:
  4. Computer Configuration
  5. Administrative Templates
  6. Windows Components
  7. Internet Explorer
  8. Internet Explorer Control Panel
  9. Security Page
  10. On the Security page set the following:
    • Intranet Sites: Include all local (intranet) sites not listed in other zones : Enable
    • Intranet Zone Template : You can set this to your preferred security level such as Medium Low
    • Intranet Sites: Include all sites that bypass the proxy server : Enable
    • Intranet Sites: Include all network paths (UNCs) : Enable
    • Turn on automatic detection of intranet : Enable

This will tell IE how to auto-detect and how to handle sites on your local LAN.

Again, when you are done, don’t forget to run the DOS command prompt command:

gpupdate /force

How to change an advanced settings option in IE for sites on your LAN

Now let’s say you want to change the User Authentication: Logon option for your Intranet zone:

  1. From the Security Page folder that I explained how to get to above, you will see a sub-folder called Intranet Zone. Click on this sub-folder to see the available options
  2. You will see one option called Logon options. Double click it and select the Logon type you want to use.
  3. Also make sure this setting is Enabled.

How to deal with IE  Enhanced Security Configuration errors

If you are getting Internet Explorer Enhanced Security Configuration errors when you try to browse site on your LAN, you will need to disable this setting. Likewise you should know that any of the LAN settings you have made in the Local Group Policy will not be applied until you remove IE Enhanced Security.

** Disclaimer: Microsoft has enabled IE Enhanced Security by default as a security feature. Personally I think it is overkill and causes confusion rather than helping. However, you should assess the pros and cons for your particular scenario before going ahead with disabling this feature.

Removing IE security configuration errors is simple when you know what needs to be done and where to do it. In this case the Server Manager tool is the key.

Open Server manager and click Local Server in the left pane. Then in the main window of Server Manager you will see the option to turn off IE Enhanced Security Configuration. It’s as easy as that.

Advertisements

2 thoughts on “Windows 2012: Update IE Settings for all Users with GPEdit”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s