SBS 2011 - How to manage IE11 using Group Policy
Hi All,
I am working on an SBS 2011 domain.
Is there any way to manage IE11 running on Win 7 using Group Policy across the domain?
I found this thread on EE and the post immediately above the accepted answer (by the same contributor) that says:
So, I am not very hopeful, but I was hoping there might be some workaround or that something has come to light since that thread / post.
If not, what is the recommended approach? Should we restrict all Win7 machines to IE8 so that it can be managed using Group Policy Preferences? The only versions of IE that show up under GPP - Internet Settings, are IE5, IE6, IE7, and IE8.
This doesn't seem like a good solution though, since IE11 is more secure than IE8.
Thanks,
Alan.
I am working on an SBS 2011 domain.
Is there any way to manage IE11 running on Win 7 using Group Policy across the domain?
I found this thread on EE and the post immediately above the accepted answer (by the same contributor) that says:
The only official/supported way to manage Group Policy Preferences for IE10 is with a management station running the GPMC on Windows 8 or Windows Server 2012There are no Win 8 or Window Server 2012 machines in the domain.
So, I am not very hopeful, but I was hoping there might be some workaround or that something has come to light since that thread / post.
If not, what is the recommended approach? Should we restrict all Win7 machines to IE8 so that it can be managed using Group Policy Preferences? The only versions of IE that show up under GPP - Internet Settings, are IE5, IE6, IE7, and IE8.
This doesn't seem like a good solution though, since IE11 is more secure than IE8.
Thanks,
Alan.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Did you install the latest ADMX files--user system requirements it says you can use Win7 or Server 2008 or 2012 (does not mention SBS but you could try it) http://www.microsoft.com/en-us/download/details.aspx?id=36991 Even with this you will only get IE10 in the list but IE 11 will be still read and operate using those GPOs.
ASKER
Hi Lionelmm,
Thanks,
Alan.
lionelmm - 2014-07-15 at 10:57:37 - ID: 40195845Good find! I shall try that and see if it works.
Did you install the latest ADMX files--user system requirements it says you can use Win7 or Server 2008 or 2012 (does not mention SBS but you could try it) http://www.microsoft.com/en-us/download/details.aspx?id=36991 Even with this you will only get IE10 in the list but IE 11 will be still read and operate using those GPOs.
Thanks,
Alan.
ASKER
Hi Lionelmm,
I downloaded and installed the Win8 / Win Server 2012 ADMX group policy templates to the SBS 2011 server (dropped them into C:\Windows\SysVol\SysVol\M
However, whilst they seem to 'work', I suspect I still need a Win8 / WinServer2012 machine to be able to actually access the IE10 / IE11 settings, since it still only gives me IE5 through IE8.
I found this post here on EE that seems to confirm that.
So, it looks like I am back to Mahesh's suggestion when I can get a Win8.1 machine up and running, unless you have any other suggestions?
Thanks,
Alan.
I downloaded and installed the Win8 / Win Server 2012 ADMX group policy templates to the SBS 2011 server (dropped them into C:\Windows\SysVol\SysVol\M
However, whilst they seem to 'work', I suspect I still need a Win8 / WinServer2012 machine to be able to actually access the IE10 / IE11 settings, since it still only gives me IE5 through IE8.
I found this post here on EE that seems to confirm that.
So, it looks like I am back to Mahesh's suggestion when I can get a Win8.1 machine up and running, unless you have any other suggestions?
Thanks,
Alan.
Unfortunately I don't have a SBS2011 to test on so I can't replicate what you are getting. You say you don't have Win8 PCs in place so have you tried a Win7--the link says it should work on Win7 so I would try to admin the GPO from a Win7 first.
ASKER
@lionelmm:
I tried from Win7, but no go - it doesn't expose the GP settings for anything past IE8 still.
I now have an Eval Version of Win8.1, so I'll see if that works....
Thanks,
Alan.
I tried from Win7, but no go - it doesn't expose the GP settings for anything past IE8 still.
I now have an Eval Version of Win8.1, so I'll see if that works....
Thanks,
Alan.
Good luck and sorry I couldn't be much more help to you
ASKER
Hi Lionel,
Appreciate your help :-)
I am now having trouble getting the Win8.1 machine to join the domain, so stalled on that one and have posted a new question here at EE to try and resolve that first!
Thanks,
Alan.
Appreciate your help :-)
I am now having trouble getting the Win8.1 machine to join the domain, so stalled on that one and have posted a new question here at EE to try and resolve that first!
Thanks,
Alan.
ASKER
Hi All,
I now have a Win8.1 Enterprise Evaluation VM running and joined to the domain.
I copied all the files from that machine under:
C:\Windows\Policy Definitions\
to the SBS 2011 box, under:
%windir%\sysvol\sysvol\ttn
and rebooted the SBS 2011 for good measure.
However, I still don't get any options to manage anything other than IE6, IE7, and IE8.
Have I taken over the correct files from Win8.1 to the GPO Central Policy Store?
Thanks,
Alan.
I now have a Win8.1 Enterprise Evaluation VM running and joined to the domain.
I copied all the files from that machine under:
C:\Windows\Policy Definitions\
to the SBS 2011 box, under:
%windir%\sysvol\sysvol\ttn
and rebooted the SBS 2011 for good measure.
However, I still don't get any options to manage anything other than IE6, IE7, and IE8.
Have I taken over the correct files from Win8.1 to the GPO Central Policy Store?
Thanks,
Alan.
these are the latest files http://www.microsoft.com/en-us/download/details.aspx?id=36991
ASKER
Hi Lionel,
C:\Program Files (x86)\Microsoft Group Policy\PolicyDefinitions\
and put them on the SBS 2011 machine in:
%windir%\sysvol\sysvol\ttn
I then rebooted SBS 2011, but still nothing showing under Group Policy for IE later than IE8.
Did I do the right things above to get them onto SBS 2011?
Thanks,
Alan.
lionelmm- 2014-07-23 at 09:46:35 - ID: 40212948I downloaded and installed those to the Win8.1 test machine - they went to:
these are the latest files http://www.microsoft.com/en-us/download/details.aspx?id=36991
C:\Program Files (x86)\Microsoft Group Policy\PolicyDefinitions\
and put them on the SBS 2011 machine in:
%windir%\sysvol\sysvol\ttn
I then rebooted SBS 2011, but still nothing showing under Group Policy for IE later than IE8.
Did I do the right things above to get them onto SBS 2011?
Thanks,
Alan.
Have you install GPMC on windows 8.1 machine?
U need to install GPMC on win 8.1 and from there you need to manage GPO
U need to install GPMC on win 8.1 and from there you need to manage GPO
ASKER
Hi Mahesh,
RSAT cannot be installed on the evaluation version of Win8.1 Enterprise:
http://www.microsoft.com/en-us/download/confirmation.aspx?id=39296
Expand the 'Install Instructions' and it says:
Where from here?
Thanks,
Alan.
Mahesh - 2014-07-24 at 05:43:11 - ID: 40214956I was hoping to avoid that. Is there any way to install GPMC on Win8.1 Enterprise Evaluation, without having to install the whole RSAT?
Have you install GPMC on windows 8.1 machine?
U need to install GPMC on win 8.1 and from there you need to manage GPO
RSAT cannot be installed on the evaluation version of Win8.1 Enterprise:
http://www.microsoft.com/en-us/download/confirmation.aspx?id=39296
Expand the 'Install Instructions' and it says:
IMPORTANT: You can install Remote Server Administration Tools for Windows 8.1 only on Windows 8.1 Pro or Windows 8.1 Enterprise, and you must be running a full release of Windows 8.1 Pro or Windows 8.1 Enterprise; it cannot be a prerelease or evaluation copy.
Where from here?
Thanks,
Alan.
1st thing, it saying that you do need to use retail (Full) version which can be registered for 30 days to 90 days
2nd thing, I have not installed these tools yet, once you installed above patch on machine, I think RSAT will be added in add remove features or even if gets installed with GPMC, you can user it
Lastly, you can download 2012 R2 standard edition, and register it for 180 days for free and join it to domain and install GPMC on that server and use it.
U cannot skip this because in future U have to upgrade AD to 2012 R2 only and still it retains functionality for all previous versions of IE from 11 to 5
2nd thing, I have not installed these tools yet, once you installed above patch on machine, I think RSAT will be added in add remove features or even if gets installed with GPMC, you can user it
Lastly, you can download 2012 R2 standard edition, and register it for 180 days for free and join it to domain and install GPMC on that server and use it.
U cannot skip this because in future U have to upgrade AD to 2012 R2 only and still it retains functionality for all previous versions of IE from 11 to 5
ASKER
Hi Mahesh,
Thanks!
Alan.
Mahesh - 2014-07-24 at 16:03:44 - ID: 40216003Do you know if I can download that from Microsoft? The only options I can see are the Win8.1 Enterprise Evaluation, and to download Win8.1 Home or Pro, you need a Product Key? I would guess though that Win8.1 Home would not work based on the previous posted note on the Microsoft website.
1st thing, it saying that you do need to use retail (Full) version which can be registered for 30 days to 90 days
2nd thing, I have not installed these tools yet, once you installed above patch on machine, I think RSAT will be added in add remove features or even if gets installed with GPMC, you can user itI'm sure you are right - I just need to get a non evaluation copy of either Win8.1 Pro or Enterprise.
Lastly, you can download 2012 R2 standard edition, and register it for 180 days for free and join it to domain and install GPMC on that server and use it.Do you mean Windows Server 2012 R2? I will have a look for that.
U cannot skip this because in future U have to upgrade AD to 2012 R2 only and still it retains functionality for all previous versions of IE from 11 to 5When you say, 'in future' - do you mean 'one day' or do you mean I would have to Raise the Functional Level of the Domain to Windows Server 2012 R2 (it is currently Windows Server 2008 R2 which, I believe, is the highest that SBS 2011 Std can go to) in order to use the ADMX templates to manage IE11?
Thanks!
Alan.
Yes, it is Windows server 2012 r2 standard edition, you can use it for 180 days free once you registered with MS on line and there are no restrcitions like win8.1 and do not require any thing additional download
RSAT are part of windows features, you need to enable it from server manager
If current functional level is 2008 R2, its good and no need to upgrade it until MS enforce in later server OS and active directory requirements
You can use previous versions of GPMC on 2012 R2, but it will limit the functionality, hence its better to have latest GPMC for management which take care of previos versions as well
RSAT are part of windows features, you need to enable it from server manager
If current functional level is 2008 R2, its good and no need to upgrade it until MS enforce in later server OS and active directory requirements
You can use previous versions of GPMC on 2012 R2, but it will limit the functionality, hence its better to have latest GPMC for management which take care of previos versions as well
ASKER
Hi Guys,
Apologies for not closing this earlier. I have been on EE many times since Jul 2014, but for some reason this one managed to slip through the cracks.
I solved it by the simple answer of having to replace my own machine, and I got a Win8.1 Pro laptop, which allowed me to setup IE10 (and later) templates which is essentially what you told me to do.
Thanks for your help!
Alan.
Apologies for not closing this earlier. I have been on EE many times since Jul 2014, but for some reason this one managed to slip through the cracks.
I solved it by the simple answer of having to replace my own machine, and I got a Win8.1 Pro laptop, which allowed me to setup IE10 (and later) templates which is essentially what you told me to do.
Thanks for your help!
Alan.
ASKER
That would be great, except that SBS 2011 only covers IE5, IE6, IE7, and IE8 - see my OP.
Unless I missed something in that blog post?
Please do post back if I have that wrong.
I am currently looking into Mahesh's suggestion, at installing an Eval copy of Win8.1, but there are no Win8 machines in there already, so I am a little nervous about introducing a new OS....
Thanks,
Alan.