Solved

How do edit the Group Policy Preference Item for Internet Explorer 8

Posted on 2010-08-20
9
6,199 Views
Last Modified: 2012-05-10
Is there a way to do this? I need to edit the file, because it appears that there is a bug in the Internet Explorer 8 preference setting for the "check for server certificate revocation" setting under ''Internet Explorer 8/Advanced/Security/'Check for server certificate revocation''
Even if you uncheck the "Check for server certificate revocation" dialog box, it never changes the decimal value to the default value of 0x00023e00     146944

Here is the scenario when GP is enabled and when it isn't

HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing

No Group Policy Enabled

Enabled Check for Publishers certificate revocation                  Value      0x00023c00     146432
Disabled Check for Publishers certificate revocation                  Value      0x00023e00     146944


Group Policy Enabled

Disabled      Check for Publishers certificate revocation                      Value        0x000002c9     713
Enabled      Check for Publishers certificate revocation                      Value        0x000000c9     201

Anyways, I need to be able to set this key to either 146432 or 146944 for the above registry key. I can do this without creating the Internet Explorer 8 Preference Setting. As soon as I create the IE8 preference setting, the key changes to the value of 713 or 201.
How do I get this to work?

The reason I need to do this is because of the way that Webex handles the activeX controls when setting up a new meeting.

When it is set to 713 or 201 webex is broken.
146432 or 146944 works fine.

Also, if you are confused I have attached the below link.

http://social.technet.microsoft.com/Forums/en-US/winserverGP/thread/a2f5ae71-c4e8-4523-8817-dbc9161396a1
0
Comment
Question by:MGS-TECH
  • 5
  • 4
9 Comments
 
LVL 11

Expert Comment

by:pcfreaker
ID: 33488500
Those are registry values and the GPO sets them automaticaly, the way I see it will work is by a script setting this option on each computer's registry.
If you see this feasible, let me know in order to write you a code for this.
Awaiting your comments.
Rgds.
0
 

Author Comment

by:MGS-TECH
ID: 33488655
Even when i manually set the registry key to 146944 for HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\State

As soon as I add the default Internet Explorer 8 group policy preference item it defaults the above  key back to  0x000002c9     713

This happens no matter what I do. It always takes precedence over the GP applied key
0
 
LVL 11

Expert Comment

by:pcfreaker
ID: 33488668
I thought so, nonetheless, do you have to have the GPO set for that value? since, we can set it up manually via script through GPO.
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 

Author Comment

by:MGS-TECH
ID: 33488694
Well I need to be able to use the Internet Explorer 8 preference setting in the GPMC. And I also need this key
 HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\State
 to be set to 146944
This is the only way Webex will work. I just got off the phone with them and they will do nothing for me.

I guess anyway I can go about this will work.

Thanks for the help
0
 
LVL 11

Accepted Solution

by:
pcfreaker earned 500 total points
ID: 33489176
Ok, here is the script, you should set it on the GPO's logon script and do not set the option via GPO as well, since you will have the same error.
Let me know.

'**************************************************************************
'* Modify the registry key set, and saves an output on the local computer. 
'* '* 'strCommand = "regedit /e <RutadelRespaldo> <RegKey>"
'* Date: 28/07/2010 Last Update: 20/08/2010 Versión: 1.1
'***************************************************************************

'Definitions

Dim objShell, RegLocate, RegLocate1, strKeyPath2, strValueName2, strValue, _
strKeyPath,strValueName,dwValue, Modify

'Const HKEY_LOCAL_MACHINE = &H80000002
Const HKEY_CURRENT_USER = &H80000001
'strComputer = InputBox("Type the server name:")
strComputer = "."
Set objReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & _
strComputer & "\root\default:StdRegProv")

Const REG_SZ = 1
Const REG_EXPAND_SZ = 2
Const REG_BINARY = 3
Const REG_DWORD = 4
Const REG_MULTI_SZ = 7

Set objShell = WScript.CreateObject("WScript.Shell")
Set wshShell = WScript.CreateObject( "WScript.Shell" )
strCommand = "regedit /e C:\KeyBackup_IE.reg HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\"
set objWshShell = WScript.CreateObject("WScript.Shell")
intRC = objWshShell.Run(strCommand, 0, TRUE)
Set objShell = CreateObject("Wscript.Shell")


On Error Resume Next

if intRC <> 0 then
WScript.Echo "An error has occured while backing up the key: " & intRC
else
WScript.Echo "Export completed"
end if


 
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & _
    strComputer & "\root\default:StdRegProv")
 

RegLocate = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\State"
objShell.RegWrite RegLocate,"146944","REG_DWORD"

'*******

' Writes the output file
Const ForAppending = 8

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile _
    ("c:\registry_status.txt", ForAppending, True)

	objTextFile.WriteLine( "The key was backed up: " & strCommand & "," & vbTab &  "The registry actual value is: " & RegLocate)
	objTextFile.WriteLine( "The modified value was:  " & strValueName & " " & strValue & "" & Modify)
    objTextFile.WriteLine strValueName2, strValue, vbTab, strValueName, dwValue, RegLocate, RegLocate1
		If Err.Number = 0 Then
		   objTextFile2.WriteLine("Error while modifying the key " & vbTab )
		End If	 
objTextFile.Close
WScript.Quit (0)

Open in new window

0
 

Author Comment

by:MGS-TECH
ID: 33501208
Thank you for your help. I tried this script which changed the value temporarily and it defaulted back to the value of  713 as soon as the group policy was re-applied with a gpupdate /force.

Please advise.

Thanks
0
 
LVL 11

Expert Comment

by:pcfreaker
ID: 33501269
You should set that particular gpo internet explorer option as not configured and use the script instead, that way the value will not be modified from the one set through the script.
Use the script via GPO logon script to the OU needed.
Let me know your outcome.
Rgds.
 
0
 

Author Comment

by:MGS-TECH
ID: 33501431
I think you are a bit confused as to what my configuration is, so let me clarify..
The Group Policy Preference setting for Internet Explorer 7 and 8 is what changes the default values of the key to 713 or 201 instead of the default values of 146432 and 146944 (pre group policy). The only group policy that is set is the below one:
This is located in User Configuration\Preferences\Control Panel Settings\Internet Settings\New Internet Explorer 8.
I want to be able to use the new preference settings so I can configure the Internet Explorer 7 and 8 settings for each user. However,
when this is enabled, it defaults to the values of 713 or 201 for

HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\State


When I configure it to run your script, it changes the value temporarily and it defaulted back to the value of  713 as soon as the group policy was re-applied with a gpupdate /force

I hope I am explaining this correctly
Thanks
0
 
LVL 11

Expert Comment

by:pcfreaker
ID: 33505410
I'm sorry I don't get it quite as well, but my question is, what do you set on GPO that you cannot do through script? since if you set a GPO it is certain that the values are changed automaticaly.
Rgds.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This Micro Tutorial will teach you how to change your appearance and customize your Windows 7 interface to your unique preference. This will be demonstrated using Windows 7 operating system.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

713 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question