Solved

How do edit the Group Policy Preference Item for Internet Explorer 8

Posted on 2010-08-20
9
6,054 Views
Last Modified: 2012-05-10
Is there a way to do this? I need to edit the file, because it appears that there is a bug in the Internet Explorer 8 preference setting for the "check for server certificate revocation" setting under ''Internet Explorer 8/Advanced/Security/'Check for server certificate revocation''
Even if you uncheck the "Check for server certificate revocation" dialog box, it never changes the decimal value to the default value of 0x00023e00     146944

Here is the scenario when GP is enabled and when it isn't

HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing

No Group Policy Enabled

Enabled Check for Publishers certificate revocation                  Value      0x00023c00     146432
Disabled Check for Publishers certificate revocation                  Value      0x00023e00     146944


Group Policy Enabled

Disabled      Check for Publishers certificate revocation                      Value        0x000002c9     713
Enabled      Check for Publishers certificate revocation                      Value        0x000000c9     201

Anyways, I need to be able to set this key to either 146432 or 146944 for the above registry key. I can do this without creating the Internet Explorer 8 Preference Setting. As soon as I create the IE8 preference setting, the key changes to the value of 713 or 201.
How do I get this to work?

The reason I need to do this is because of the way that Webex handles the activeX controls when setting up a new meeting.

When it is set to 713 or 201 webex is broken.
146432 or 146944 works fine.

Also, if you are confused I have attached the below link.

http://social.technet.microsoft.com/Forums/en-US/winserverGP/thread/a2f5ae71-c4e8-4523-8817-dbc9161396a1
0
Comment
Question by:MGS-TECH
  • 5
  • 4
9 Comments
 
LVL 11

Expert Comment

by:pcfreaker
ID: 33488500
Those are registry values and the GPO sets them automaticaly, the way I see it will work is by a script setting this option on each computer's registry.
If you see this feasible, let me know in order to write you a code for this.
Awaiting your comments.
Rgds.
0
 

Author Comment

by:MGS-TECH
ID: 33488655
Even when i manually set the registry key to 146944 for HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\State

As soon as I add the default Internet Explorer 8 group policy preference item it defaults the above  key back to  0x000002c9     713

This happens no matter what I do. It always takes precedence over the GP applied key
0
 
LVL 11

Expert Comment

by:pcfreaker
ID: 33488668
I thought so, nonetheless, do you have to have the GPO set for that value? since, we can set it up manually via script through GPO.
0
 

Author Comment

by:MGS-TECH
ID: 33488694
Well I need to be able to use the Internet Explorer 8 preference setting in the GPMC. And I also need this key
 HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\State
 to be set to 146944
This is the only way Webex will work. I just got off the phone with them and they will do nothing for me.

I guess anyway I can go about this will work.

Thanks for the help
0
 
LVL 11

Accepted Solution

by:
pcfreaker earned 500 total points
ID: 33489176
Ok, here is the script, you should set it on the GPO's logon script and do not set the option via GPO as well, since you will have the same error.
Let me know.

'**************************************************************************

'* Modify the registry key set, and saves an output on the local computer. 

'* '* 'strCommand = "regedit /e <RutadelRespaldo> <RegKey>"

'* Date: 28/07/2010 Last Update: 20/08/2010 Versión: 1.1

'***************************************************************************



'Definitions



Dim objShell, RegLocate, RegLocate1, strKeyPath2, strValueName2, strValue, _

strKeyPath,strValueName,dwValue, Modify



'Const HKEY_LOCAL_MACHINE = &H80000002

Const HKEY_CURRENT_USER = &H80000001

'strComputer = InputBox("Type the server name:")

strComputer = "."

Set objReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & _

strComputer & "\root\default:StdRegProv")



Const REG_SZ = 1

Const REG_EXPAND_SZ = 2

Const REG_BINARY = 3

Const REG_DWORD = 4

Const REG_MULTI_SZ = 7



Set objShell = WScript.CreateObject("WScript.Shell")

Set wshShell = WScript.CreateObject( "WScript.Shell" )

strCommand = "regedit /e C:\KeyBackup_IE.reg HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\"

set objWshShell = WScript.CreateObject("WScript.Shell")

intRC = objWshShell.Run(strCommand, 0, TRUE)

Set objShell = CreateObject("Wscript.Shell")





On Error Resume Next



if intRC <> 0 then

WScript.Echo "An error has occured while backing up the key: " & intRC

else

WScript.Echo "Export completed"

end if





 

Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & _

    strComputer & "\root\default:StdRegProv")

 



RegLocate = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\State"

objShell.RegWrite RegLocate,"146944","REG_DWORD"



'*******



' Writes the output file

Const ForAppending = 8



Set objFSO = CreateObject("Scripting.FileSystemObject")

Set objTextFile = objFSO.OpenTextFile _

    ("c:\registry_status.txt", ForAppending, True)



	objTextFile.WriteLine( "The key was backed up: " & strCommand & "," & vbTab &  "The registry actual value is: " & RegLocate)

	objTextFile.WriteLine( "The modified value was:  " & strValueName & " " & strValue & "" & Modify)

    objTextFile.WriteLine strValueName2, strValue, vbTab, strValueName, dwValue, RegLocate, RegLocate1

		If Err.Number = 0 Then

		   objTextFile2.WriteLine("Error while modifying the key " & vbTab )

		End If	 

objTextFile.Close

WScript.Quit (0)

Open in new window

0
 

Author Comment

by:MGS-TECH
ID: 33501208
Thank you for your help. I tried this script which changed the value temporarily and it defaulted back to the value of  713 as soon as the group policy was re-applied with a gpupdate /force.

Please advise.

Thanks
0
 
LVL 11

Expert Comment

by:pcfreaker
ID: 33501269
You should set that particular gpo internet explorer option as not configured and use the script instead, that way the value will not be modified from the one set through the script.
Use the script via GPO logon script to the OU needed.
Let me know your outcome.
Rgds.
 
0
 

Author Comment

by:MGS-TECH
ID: 33501431
I think you are a bit confused as to what my configuration is, so let me clarify..
The Group Policy Preference setting for Internet Explorer 7 and 8 is what changes the default values of the key to 713 or 201 instead of the default values of 146432 and 146944 (pre group policy). The only group policy that is set is the below one:
This is located in User Configuration\Preferences\Control Panel Settings\Internet Settings\New Internet Explorer 8.
I want to be able to use the new preference settings so I can configure the Internet Explorer 7 and 8 settings for each user. However,
when this is enabled, it defaults to the values of 713 or 201 for

HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\State


When I configure it to run your script, it changes the value temporarily and it defaulted back to the value of  713 as soon as the group policy was re-applied with a gpupdate /force

I hope I am explaining this correctly
Thanks
0
 
LVL 11

Expert Comment

by:pcfreaker
ID: 33505410
I'm sorry I don't get it quite as well, but my question is, what do you set on GPO that you cannot do through script? since if you set a GPO it is certain that the values are changed automaticaly.
Rgds.
0

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This Micro Tutorial will teach you the basics of configuring your computer to improve its speed. It will also teach you how to disable programs that are running in the background simultaneously. This will be demonstrated using Windows 7 operating…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now