Solved

How do edit the Group Policy Preference Item for Internet Explorer 8

Posted on 2010-08-20
9
6,239 Views
Last Modified: 2012-05-10
Is there a way to do this? I need to edit the file, because it appears that there is a bug in the Internet Explorer 8 preference setting for the "check for server certificate revocation" setting under ''Internet Explorer 8/Advanced/Security/'Check for server certificate revocation''
Even if you uncheck the "Check for server certificate revocation" dialog box, it never changes the decimal value to the default value of 0x00023e00     146944

Here is the scenario when GP is enabled and when it isn't

HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing

No Group Policy Enabled

Enabled Check for Publishers certificate revocation                  Value      0x00023c00     146432
Disabled Check for Publishers certificate revocation                  Value      0x00023e00     146944


Group Policy Enabled

Disabled      Check for Publishers certificate revocation                      Value        0x000002c9     713
Enabled      Check for Publishers certificate revocation                      Value        0x000000c9     201

Anyways, I need to be able to set this key to either 146432 or 146944 for the above registry key. I can do this without creating the Internet Explorer 8 Preference Setting. As soon as I create the IE8 preference setting, the key changes to the value of 713 or 201.
How do I get this to work?

The reason I need to do this is because of the way that Webex handles the activeX controls when setting up a new meeting.

When it is set to 713 or 201 webex is broken.
146432 or 146944 works fine.

Also, if you are confused I have attached the below link.

http://social.technet.microsoft.com/Forums/en-US/winserverGP/thread/a2f5ae71-c4e8-4523-8817-dbc9161396a1
0
Comment
Question by:MGS-TECH
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 11

Expert Comment

by:pcfreaker
ID: 33488500
Those are registry values and the GPO sets them automaticaly, the way I see it will work is by a script setting this option on each computer's registry.
If you see this feasible, let me know in order to write you a code for this.
Awaiting your comments.
Rgds.
0
 

Author Comment

by:MGS-TECH
ID: 33488655
Even when i manually set the registry key to 146944 for HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\State

As soon as I add the default Internet Explorer 8 group policy preference item it defaults the above  key back to  0x000002c9     713

This happens no matter what I do. It always takes precedence over the GP applied key
0
 
LVL 11

Expert Comment

by:pcfreaker
ID: 33488668
I thought so, nonetheless, do you have to have the GPO set for that value? since, we can set it up manually via script through GPO.
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 

Author Comment

by:MGS-TECH
ID: 33488694
Well I need to be able to use the Internet Explorer 8 preference setting in the GPMC. And I also need this key
 HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\State
 to be set to 146944
This is the only way Webex will work. I just got off the phone with them and they will do nothing for me.

I guess anyway I can go about this will work.

Thanks for the help
0
 
LVL 11

Accepted Solution

by:
pcfreaker earned 500 total points
ID: 33489176
Ok, here is the script, you should set it on the GPO's logon script and do not set the option via GPO as well, since you will have the same error.
Let me know.

'**************************************************************************
'* Modify the registry key set, and saves an output on the local computer. 
'* '* 'strCommand = "regedit /e <RutadelRespaldo> <RegKey>"
'* Date: 28/07/2010 Last Update: 20/08/2010 Versión: 1.1
'***************************************************************************

'Definitions

Dim objShell, RegLocate, RegLocate1, strKeyPath2, strValueName2, strValue, _
strKeyPath,strValueName,dwValue, Modify

'Const HKEY_LOCAL_MACHINE = &H80000002
Const HKEY_CURRENT_USER = &H80000001
'strComputer = InputBox("Type the server name:")
strComputer = "."
Set objReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & _
strComputer & "\root\default:StdRegProv")

Const REG_SZ = 1
Const REG_EXPAND_SZ = 2
Const REG_BINARY = 3
Const REG_DWORD = 4
Const REG_MULTI_SZ = 7

Set objShell = WScript.CreateObject("WScript.Shell")
Set wshShell = WScript.CreateObject( "WScript.Shell" )
strCommand = "regedit /e C:\KeyBackup_IE.reg HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\"
set objWshShell = WScript.CreateObject("WScript.Shell")
intRC = objWshShell.Run(strCommand, 0, TRUE)
Set objShell = CreateObject("Wscript.Shell")


On Error Resume Next

if intRC <> 0 then
WScript.Echo "An error has occured while backing up the key: " & intRC
else
WScript.Echo "Export completed"
end if


 
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & _
    strComputer & "\root\default:StdRegProv")
 

RegLocate = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\State"
objShell.RegWrite RegLocate,"146944","REG_DWORD"

'*******

' Writes the output file
Const ForAppending = 8

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile _
    ("c:\registry_status.txt", ForAppending, True)

	objTextFile.WriteLine( "The key was backed up: " & strCommand & "," & vbTab &  "The registry actual value is: " & RegLocate)
	objTextFile.WriteLine( "The modified value was:  " & strValueName & " " & strValue & "" & Modify)
    objTextFile.WriteLine strValueName2, strValue, vbTab, strValueName, dwValue, RegLocate, RegLocate1
		If Err.Number = 0 Then
		   objTextFile2.WriteLine("Error while modifying the key " & vbTab )
		End If	 
objTextFile.Close
WScript.Quit (0)

Open in new window

0
 

Author Comment

by:MGS-TECH
ID: 33501208
Thank you for your help. I tried this script which changed the value temporarily and it defaulted back to the value of  713 as soon as the group policy was re-applied with a gpupdate /force.

Please advise.

Thanks
0
 
LVL 11

Expert Comment

by:pcfreaker
ID: 33501269
You should set that particular gpo internet explorer option as not configured and use the script instead, that way the value will not be modified from the one set through the script.
Use the script via GPO logon script to the OU needed.
Let me know your outcome.
Rgds.
 
0
 

Author Comment

by:MGS-TECH
ID: 33501431
I think you are a bit confused as to what my configuration is, so let me clarify..
The Group Policy Preference setting for Internet Explorer 7 and 8 is what changes the default values of the key to 713 or 201 instead of the default values of 146432 and 146944 (pre group policy). The only group policy that is set is the below one:
This is located in User Configuration\Preferences\Control Panel Settings\Internet Settings\New Internet Explorer 8.
I want to be able to use the new preference settings so I can configure the Internet Explorer 7 and 8 settings for each user. However,
when this is enabled, it defaults to the values of 713 or 201 for

HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\State


When I configure it to run your script, it changes the value temporarily and it defaulted back to the value of  713 as soon as the group policy was re-applied with a gpupdate /force

I hope I am explaining this correctly
Thanks
0
 
LVL 11

Expert Comment

by:pcfreaker
ID: 33505410
I'm sorry I don't get it quite as well, but my question is, what do you set on GPO that you cannot do through script? since if you set a GPO it is certain that the values are changed automaticaly.
Rgds.
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
HP ENVY 7645 printer 5 31
Domain hosting question about hiding URL 9 51
Restore scheduled tasks from a backup 5 42
Active directory DNS integrated question? 7 43
A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question