Solved

How do edit the Group Policy Preference Item for Internet Explorer 8

Posted on 2010-08-20
9
6,129 Views
Last Modified: 2012-05-10
Is there a way to do this? I need to edit the file, because it appears that there is a bug in the Internet Explorer 8 preference setting for the "check for server certificate revocation" setting under ''Internet Explorer 8/Advanced/Security/'Check for server certificate revocation''
Even if you uncheck the "Check for server certificate revocation" dialog box, it never changes the decimal value to the default value of 0x00023e00     146944

Here is the scenario when GP is enabled and when it isn't

HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing

No Group Policy Enabled

Enabled Check for Publishers certificate revocation                  Value      0x00023c00     146432
Disabled Check for Publishers certificate revocation                  Value      0x00023e00     146944


Group Policy Enabled

Disabled      Check for Publishers certificate revocation                      Value        0x000002c9     713
Enabled      Check for Publishers certificate revocation                      Value        0x000000c9     201

Anyways, I need to be able to set this key to either 146432 or 146944 for the above registry key. I can do this without creating the Internet Explorer 8 Preference Setting. As soon as I create the IE8 preference setting, the key changes to the value of 713 or 201.
How do I get this to work?

The reason I need to do this is because of the way that Webex handles the activeX controls when setting up a new meeting.

When it is set to 713 or 201 webex is broken.
146432 or 146944 works fine.

Also, if you are confused I have attached the below link.

http://social.technet.microsoft.com/Forums/en-US/winserverGP/thread/a2f5ae71-c4e8-4523-8817-dbc9161396a1
0
Comment
Question by:MGS-TECH
  • 5
  • 4
9 Comments
 
LVL 11

Expert Comment

by:pcfreaker
ID: 33488500
Those are registry values and the GPO sets them automaticaly, the way I see it will work is by a script setting this option on each computer's registry.
If you see this feasible, let me know in order to write you a code for this.
Awaiting your comments.
Rgds.
0
 

Author Comment

by:MGS-TECH
ID: 33488655
Even when i manually set the registry key to 146944 for HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\State

As soon as I add the default Internet Explorer 8 group policy preference item it defaults the above  key back to  0x000002c9     713

This happens no matter what I do. It always takes precedence over the GP applied key
0
 
LVL 11

Expert Comment

by:pcfreaker
ID: 33488668
I thought so, nonetheless, do you have to have the GPO set for that value? since, we can set it up manually via script through GPO.
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 

Author Comment

by:MGS-TECH
ID: 33488694
Well I need to be able to use the Internet Explorer 8 preference setting in the GPMC. And I also need this key
 HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\State
 to be set to 146944
This is the only way Webex will work. I just got off the phone with them and they will do nothing for me.

I guess anyway I can go about this will work.

Thanks for the help
0
 
LVL 11

Accepted Solution

by:
pcfreaker earned 500 total points
ID: 33489176
Ok, here is the script, you should set it on the GPO's logon script and do not set the option via GPO as well, since you will have the same error.
Let me know.

'**************************************************************************
'* Modify the registry key set, and saves an output on the local computer. 
'* '* 'strCommand = "regedit /e <RutadelRespaldo> <RegKey>"
'* Date: 28/07/2010 Last Update: 20/08/2010 Versión: 1.1
'***************************************************************************

'Definitions

Dim objShell, RegLocate, RegLocate1, strKeyPath2, strValueName2, strValue, _
strKeyPath,strValueName,dwValue, Modify

'Const HKEY_LOCAL_MACHINE = &H80000002
Const HKEY_CURRENT_USER = &H80000001
'strComputer = InputBox("Type the server name:")
strComputer = "."
Set objReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & _
strComputer & "\root\default:StdRegProv")

Const REG_SZ = 1
Const REG_EXPAND_SZ = 2
Const REG_BINARY = 3
Const REG_DWORD = 4
Const REG_MULTI_SZ = 7

Set objShell = WScript.CreateObject("WScript.Shell")
Set wshShell = WScript.CreateObject( "WScript.Shell" )
strCommand = "regedit /e C:\KeyBackup_IE.reg HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\"
set objWshShell = WScript.CreateObject("WScript.Shell")
intRC = objWshShell.Run(strCommand, 0, TRUE)
Set objShell = CreateObject("Wscript.Shell")


On Error Resume Next

if intRC <> 0 then
WScript.Echo "An error has occured while backing up the key: " & intRC
else
WScript.Echo "Export completed"
end if


 
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & _
    strComputer & "\root\default:StdRegProv")
 

RegLocate = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\State"
objShell.RegWrite RegLocate,"146944","REG_DWORD"

'*******

' Writes the output file
Const ForAppending = 8

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile _
    ("c:\registry_status.txt", ForAppending, True)

	objTextFile.WriteLine( "The key was backed up: " & strCommand & "," & vbTab &  "The registry actual value is: " & RegLocate)
	objTextFile.WriteLine( "The modified value was:  " & strValueName & " " & strValue & "" & Modify)
    objTextFile.WriteLine strValueName2, strValue, vbTab, strValueName, dwValue, RegLocate, RegLocate1
		If Err.Number = 0 Then
		   objTextFile2.WriteLine("Error while modifying the key " & vbTab )
		End If	 
objTextFile.Close
WScript.Quit (0)

Open in new window

0
 

Author Comment

by:MGS-TECH
ID: 33501208
Thank you for your help. I tried this script which changed the value temporarily and it defaulted back to the value of  713 as soon as the group policy was re-applied with a gpupdate /force.

Please advise.

Thanks
0
 
LVL 11

Expert Comment

by:pcfreaker
ID: 33501269
You should set that particular gpo internet explorer option as not configured and use the script instead, that way the value will not be modified from the one set through the script.
Use the script via GPO logon script to the OU needed.
Let me know your outcome.
Rgds.
 
0
 

Author Comment

by:MGS-TECH
ID: 33501431
I think you are a bit confused as to what my configuration is, so let me clarify..
The Group Policy Preference setting for Internet Explorer 7 and 8 is what changes the default values of the key to 713 or 201 instead of the default values of 146432 and 146944 (pre group policy). The only group policy that is set is the below one:
This is located in User Configuration\Preferences\Control Panel Settings\Internet Settings\New Internet Explorer 8.
I want to be able to use the new preference settings so I can configure the Internet Explorer 7 and 8 settings for each user. However,
when this is enabled, it defaults to the values of 713 or 201 for

HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\State


When I configure it to run your script, it changes the value temporarily and it defaulted back to the value of  713 as soon as the group policy was re-applied with a gpupdate /force

I hope I am explaining this correctly
Thanks
0
 
LVL 11

Expert Comment

by:pcfreaker
ID: 33505410
I'm sorry I don't get it quite as well, but my question is, what do you set on GPO that you cannot do through script? since if you set a GPO it is certain that the values are changed automaticaly.
Rgds.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A procedure for exporting installed hotfix details of remote computers using powershell
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question