Solved

on IE how can i find out which GPO is avoiding a correct display for a web site ?

Posted on 2015-01-09
13
113 Views
Last Modified: 2015-01-15
Hello,

We have a website that dont display a part of it's content when on IE11.
This website was added to the trusted sites for IE11 but the problem persists.

Now when i'm on IE 11 and i change
Menu -> tools -> security -> trusted sites :   from Medium to Medium-Low
and that then i refresh the page, i can have the full display of the page and it's the situation i'd like to have.

i've been asked to find out which config changes in the list that we can display when "Custom level.." button is pressed.

my question:

I.
is it possible to export the list of configuration values under "Custom level.." in order to compare them  with a vim diff  or other adhoc tool ?

I learnt that all GPO changes are changes to the registers, so i guess that we could find out which GPO has the ability to change which register. with that in mind I've started RegFromApp in order to have the changes in the register when operating the change from medieum to medium-low.

II.
How can i know with the registers that changed during the change medium->medium-low where is the configurations in the GPO ?


Thanks in advance for your help.

I'm trying to figure out which GPO is IE configuration is
0
Comment
Question by:toshi_
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
  • 3
13 Comments
 
LVL 4

Expert Comment

by:Antyrael
ID: 40540075
1. I don't think you can export those settings other than your registry monitoring kind of way.

2. When you run the command rsop.msc (as an administrator), you can see both the Computer and User policies applied to the currently running system.
You can find the Internet Explorer settings applied under Computer|User Configuration -> Administrative Templates -> Windows Components -> Internet Explorer (and, Security tab settings are under Internet Control Panel -> Security Page).
If, for instance, you select the Security Page in the tree, you can see assigned policies with their respective GPO and whether they are enabled or disabled.

I hope this answers your question. Good luck!
0
 
LVL 78

Expert Comment

by:arnold
ID: 40540109
Are you able to browse the site using IE 11 from a different location?
A GPO would not affect how a site is displayed in a browser, the issue might be that you need to browse the site in compatibility mode.

Is there content on the page that is not displaying, what errors if any are you getting?
0
 
LVL 4

Expert Comment

by:Antyrael
ID: 40540114
Arnold, a GPO can definitely affect how a site is displayed, by using the Browser Compatibility settings you yourself are referring to.
0
Revamp Your Training Process

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action.

 

Author Comment

by:toshi_
ID: 40540118
thank you for your answer,

i was not enough clear.....

I know what changed in registers  when i moved the cursor from medium to medium-low (IE security level).
now I'd like to find which GPO could have been done such change in register ?
my goal is to keep the medium level but with customs changes that should be a change in the currents GPO.

thank you in advance for further help.
toshi
0
 

Author Comment

by:toshi_
ID: 40540120
Antyrael ,

thank you for your answer.
I'm sure that GPO can affect web sites through IE11.

we are checking all web sites that the company work with in order to adapt the GPO when things are not working as expected.

toshi
0
 
LVL 78

Expert Comment

by:arnold
ID: 40540139
you would need to use GPMC and run the group policy wizard if the naming of GPOs does not indicate what they do.
you would then search through the user configuration, windows settings, internet explorer maintenance

or administrative templates, internet explorer

Once you navigate to these and locate the change you did not want, you can see which GPO is the source of this change (winning GPO) you might have several GPOs modifying this setting, such that should you change the setting in the currently winning to not-set. rerun the report to make sure there is no other GPO that was being superseded by the current one. repeat if there are multiple, until the GPO setting is not being pushed, or the one you wanted is displayed.
0
 
LVL 78

Expert Comment

by:arnold
ID: 40540148
Antyrael, agree, but to understand whether one should look under the hood, or under the car, one needs to determine that there is something there.
The person merely said a site is not displaying in IE 11.
And when security changed to a lower it works.  
I attempted to determine whether this is following an update to IE11, whether the issue is isolated to one or through out, etc.
Starting small to see what ........
0
 

Author Comment

by:toshi_
ID: 40540170
hi arnold,

the web site generates a javascript error, an object that 's not present.

for the rest:
the web site is displayed normally on IE 11 with a machine that's is not in the domain.
the web site is dislpayed normally on IE  8 with a machine that is in the domain.

thank you for further help
0
 
LVL 78

Accepted Solution

by:
arnold earned 500 total points
ID: 40540195
I believe the default position of IE security is medium in a domain environment.
Using a GPO as referenced you can lower it if you want.

IE 8 => IE 9 => IE10 => IE11 MS made adjustments on the security model that while they all might be in the Medium security mode, they will have other settings that are adjusted.

This is often the reason in an AD you have to test before pushing updates.

Depending on your AD/DC OS version, you may need to get the IE 11 settings.
http://www.microsoft.com/en-us/download/details.aspx?id=40905
0
 
LVL 78

Expert Comment

by:arnold
ID: 40540204
Domain based environment the security settings are a bit more restrictive as compared to the same browser version in a home type of environment.
0
 
LVL 4

Expert Comment

by:Antyrael
ID: 40540211
Arnold, you are absolutely right, I didn't interpret the initial questions correctly it seems.
That's the problem sometimes when English isn't your native language ;)
0
 

Author Comment

by:toshi_
ID: 40540225
sorry guys,
i'm not native ....
but i'm taking as much time as necessary to explain what i'm looking for ;)

i don't know what to do now ....  :/ i'm getting lost

as a complement of information :  the domain has GPO for IE8 and GPO for IE11.
i'll take time to think about all your informations and be back .

so far, thanks a lot

toshi
0
 
LVL 78

Expert Comment

by:arnold
ID: 40540861
I do not believe you can have two GPOs since inetres.admx  can only exist once .


You would have a single IE settings, the settings set via GPO that IE8 does not have ie8 will ignore, the settings that IE9 does not have IE 9 will ignore.

While you may have an IE 11 GPO, if you do not have the iE 11 Settings template provided in the link to MS, some specific IE11 settings are not present in the options.
0

Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
The Windows functions GetTickCount and timeGetTime retrieve the number of milliseconds since the system was started. However, the value is stored in a DWORD, which means that it wraps around to zero every 49.7 days. This article shows how to solve t…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
Google currently has a new report that is in beta and coming soon to Webmaster Tool accounts. This Micro Tutorial will highlight new features for Google Webmaster Tools.

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question