Solved

How do edit the Group Policy Preference Item for Internet Explorer 8

Posted on 2010-08-20
9
6,283 Views
Last Modified: 2012-05-10
Is there a way to do this? I need to edit the file, because it appears that there is a bug in the Internet Explorer 8 preference setting for the "check for server certificate revocation" setting under ''Internet Explorer 8/Advanced/Security/'Check for server certificate revocation''
Even if you uncheck the "Check for server certificate revocation" dialog box, it never changes the decimal value to the default value of 0x00023e00     146944

Here is the scenario when GP is enabled and when it isn't

HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing

No Group Policy Enabled

Enabled Check for Publishers certificate revocation                  Value      0x00023c00     146432
Disabled Check for Publishers certificate revocation                  Value      0x00023e00     146944


Group Policy Enabled

Disabled      Check for Publishers certificate revocation                      Value        0x000002c9     713
Enabled      Check for Publishers certificate revocation                      Value        0x000000c9     201

Anyways, I need to be able to set this key to either 146432 or 146944 for the above registry key. I can do this without creating the Internet Explorer 8 Preference Setting. As soon as I create the IE8 preference setting, the key changes to the value of 713 or 201.
How do I get this to work?

The reason I need to do this is because of the way that Webex handles the activeX controls when setting up a new meeting.

When it is set to 713 or 201 webex is broken.
146432 or 146944 works fine.

Also, if you are confused I have attached the below link.

http://social.technet.microsoft.com/Forums/en-US/winserverGP/thread/a2f5ae71-c4e8-4523-8817-dbc9161396a1
0
Comment
Question by:MGS-TECH
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 11

Expert Comment

by:pcfreaker
ID: 33488500
Those are registry values and the GPO sets them automaticaly, the way I see it will work is by a script setting this option on each computer's registry.
If you see this feasible, let me know in order to write you a code for this.
Awaiting your comments.
Rgds.
0
 

Author Comment

by:MGS-TECH
ID: 33488655
Even when i manually set the registry key to 146944 for HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\State

As soon as I add the default Internet Explorer 8 group policy preference item it defaults the above  key back to  0x000002c9     713

This happens no matter what I do. It always takes precedence over the GP applied key
0
 
LVL 11

Expert Comment

by:pcfreaker
ID: 33488668
I thought so, nonetheless, do you have to have the GPO set for that value? since, we can set it up manually via script through GPO.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:MGS-TECH
ID: 33488694
Well I need to be able to use the Internet Explorer 8 preference setting in the GPMC. And I also need this key
 HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\State
 to be set to 146944
This is the only way Webex will work. I just got off the phone with them and they will do nothing for me.

I guess anyway I can go about this will work.

Thanks for the help
0
 
LVL 11

Accepted Solution

by:
pcfreaker earned 500 total points
ID: 33489176
Ok, here is the script, you should set it on the GPO's logon script and do not set the option via GPO as well, since you will have the same error.
Let me know.

'**************************************************************************
'* Modify the registry key set, and saves an output on the local computer. 
'* '* 'strCommand = "regedit /e <RutadelRespaldo> <RegKey>"
'* Date: 28/07/2010 Last Update: 20/08/2010 Versión: 1.1
'***************************************************************************

'Definitions

Dim objShell, RegLocate, RegLocate1, strKeyPath2, strValueName2, strValue, _
strKeyPath,strValueName,dwValue, Modify

'Const HKEY_LOCAL_MACHINE = &H80000002
Const HKEY_CURRENT_USER = &H80000001
'strComputer = InputBox("Type the server name:")
strComputer = "."
Set objReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & _
strComputer & "\root\default:StdRegProv")

Const REG_SZ = 1
Const REG_EXPAND_SZ = 2
Const REG_BINARY = 3
Const REG_DWORD = 4
Const REG_MULTI_SZ = 7

Set objShell = WScript.CreateObject("WScript.Shell")
Set wshShell = WScript.CreateObject( "WScript.Shell" )
strCommand = "regedit /e C:\KeyBackup_IE.reg HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\"
set objWshShell = WScript.CreateObject("WScript.Shell")
intRC = objWshShell.Run(strCommand, 0, TRUE)
Set objShell = CreateObject("Wscript.Shell")


On Error Resume Next

if intRC <> 0 then
WScript.Echo "An error has occured while backing up the key: " & intRC
else
WScript.Echo "Export completed"
end if


 
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & _
    strComputer & "\root\default:StdRegProv")
 

RegLocate = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\State"
objShell.RegWrite RegLocate,"146944","REG_DWORD"

'*******

' Writes the output file
Const ForAppending = 8

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile _
    ("c:\registry_status.txt", ForAppending, True)

	objTextFile.WriteLine( "The key was backed up: " & strCommand & "," & vbTab &  "The registry actual value is: " & RegLocate)
	objTextFile.WriteLine( "The modified value was:  " & strValueName & " " & strValue & "" & Modify)
    objTextFile.WriteLine strValueName2, strValue, vbTab, strValueName, dwValue, RegLocate, RegLocate1
		If Err.Number = 0 Then
		   objTextFile2.WriteLine("Error while modifying the key " & vbTab )
		End If	 
objTextFile.Close
WScript.Quit (0)

Open in new window

0
 

Author Comment

by:MGS-TECH
ID: 33501208
Thank you for your help. I tried this script which changed the value temporarily and it defaulted back to the value of  713 as soon as the group policy was re-applied with a gpupdate /force.

Please advise.

Thanks
0
 
LVL 11

Expert Comment

by:pcfreaker
ID: 33501269
You should set that particular gpo internet explorer option as not configured and use the script instead, that way the value will not be modified from the one set through the script.
Use the script via GPO logon script to the OU needed.
Let me know your outcome.
Rgds.
 
0
 

Author Comment

by:MGS-TECH
ID: 33501431
I think you are a bit confused as to what my configuration is, so let me clarify..
The Group Policy Preference setting for Internet Explorer 7 and 8 is what changes the default values of the key to 713 or 201 instead of the default values of 146432 and 146944 (pre group policy). The only group policy that is set is the below one:
This is located in User Configuration\Preferences\Control Panel Settings\Internet Settings\New Internet Explorer 8.
I want to be able to use the new preference settings so I can configure the Internet Explorer 7 and 8 settings for each user. However,
when this is enabled, it defaults to the values of 713 or 201 for

HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\State


When I configure it to run your script, it changes the value temporarily and it defaulted back to the value of  713 as soon as the group policy was re-applied with a gpupdate /force

I hope I am explaining this correctly
Thanks
0
 
LVL 11

Expert Comment

by:pcfreaker
ID: 33505410
I'm sorry I don't get it quite as well, but my question is, what do you set on GPO that you cannot do through script? since if you set a GPO it is certain that the values are changed automaticaly.
Rgds.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question