Solved

on IE how can i find out which GPO is avoiding a correct display for a web site ?

Posted on 2015-01-09
13
104 Views
Last Modified: 2015-01-15
Hello,

We have a website that dont display a part of it's content when on IE11.
This website was added to the trusted sites for IE11 but the problem persists.

Now when i'm on IE 11 and i change
Menu -> tools -> security -> trusted sites :   from Medium to Medium-Low
and that then i refresh the page, i can have the full display of the page and it's the situation i'd like to have.

i've been asked to find out which config changes in the list that we can display when "Custom level.." button is pressed.

my question:

I.
is it possible to export the list of configuration values under "Custom level.." in order to compare them  with a vim diff  or other adhoc tool ?

I learnt that all GPO changes are changes to the registers, so i guess that we could find out which GPO has the ability to change which register. with that in mind I've started RegFromApp in order to have the changes in the register when operating the change from medieum to medium-low.

II.
How can i know with the registers that changed during the change medium->medium-low where is the configurations in the GPO ?


Thanks in advance for your help.

I'm trying to figure out which GPO is IE configuration is
0
Comment
Question by:toshi_
  • 6
  • 4
  • 3
13 Comments
 
LVL 4

Expert Comment

by:Antyrael
ID: 40540075
1. I don't think you can export those settings other than your registry monitoring kind of way.

2. When you run the command rsop.msc (as an administrator), you can see both the Computer and User policies applied to the currently running system.
You can find the Internet Explorer settings applied under Computer|User Configuration -> Administrative Templates -> Windows Components -> Internet Explorer (and, Security tab settings are under Internet Control Panel -> Security Page).
If, for instance, you select the Security Page in the tree, you can see assigned policies with their respective GPO and whether they are enabled or disabled.

I hope this answers your question. Good luck!
0
 
LVL 76

Expert Comment

by:arnold
ID: 40540109
Are you able to browse the site using IE 11 from a different location?
A GPO would not affect how a site is displayed in a browser, the issue might be that you need to browse the site in compatibility mode.

Is there content on the page that is not displaying, what errors if any are you getting?
0
 
LVL 4

Expert Comment

by:Antyrael
ID: 40540114
Arnold, a GPO can definitely affect how a site is displayed, by using the Browser Compatibility settings you yourself are referring to.
0
 

Author Comment

by:toshi_
ID: 40540118
thank you for your answer,

i was not enough clear.....

I know what changed in registers  when i moved the cursor from medium to medium-low (IE security level).
now I'd like to find which GPO could have been done such change in register ?
my goal is to keep the medium level but with customs changes that should be a change in the currents GPO.

thank you in advance for further help.
toshi
0
 

Author Comment

by:toshi_
ID: 40540120
Antyrael ,

thank you for your answer.
I'm sure that GPO can affect web sites through IE11.

we are checking all web sites that the company work with in order to adapt the GPO when things are not working as expected.

toshi
0
 
LVL 76

Expert Comment

by:arnold
ID: 40540139
you would need to use GPMC and run the group policy wizard if the naming of GPOs does not indicate what they do.
you would then search through the user configuration, windows settings, internet explorer maintenance

or administrative templates, internet explorer

Once you navigate to these and locate the change you did not want, you can see which GPO is the source of this change (winning GPO) you might have several GPOs modifying this setting, such that should you change the setting in the currently winning to not-set. rerun the report to make sure there is no other GPO that was being superseded by the current one. repeat if there are multiple, until the GPO setting is not being pushed, or the one you wanted is displayed.
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 76

Expert Comment

by:arnold
ID: 40540148
Antyrael, agree, but to understand whether one should look under the hood, or under the car, one needs to determine that there is something there.
The person merely said a site is not displaying in IE 11.
And when security changed to a lower it works.  
I attempted to determine whether this is following an update to IE11, whether the issue is isolated to one or through out, etc.
Starting small to see what ........
0
 

Author Comment

by:toshi_
ID: 40540170
hi arnold,

the web site generates a javascript error, an object that 's not present.

for the rest:
the web site is displayed normally on IE 11 with a machine that's is not in the domain.
the web site is dislpayed normally on IE  8 with a machine that is in the domain.

thank you for further help
0
 
LVL 76

Accepted Solution

by:
arnold earned 500 total points
ID: 40540195
I believe the default position of IE security is medium in a domain environment.
Using a GPO as referenced you can lower it if you want.

IE 8 => IE 9 => IE10 => IE11 MS made adjustments on the security model that while they all might be in the Medium security mode, they will have other settings that are adjusted.

This is often the reason in an AD you have to test before pushing updates.

Depending on your AD/DC OS version, you may need to get the IE 11 settings.
http://www.microsoft.com/en-us/download/details.aspx?id=40905
0
 
LVL 76

Expert Comment

by:arnold
ID: 40540204
Domain based environment the security settings are a bit more restrictive as compared to the same browser version in a home type of environment.
0
 
LVL 4

Expert Comment

by:Antyrael
ID: 40540211
Arnold, you are absolutely right, I didn't interpret the initial questions correctly it seems.
That's the problem sometimes when English isn't your native language ;)
0
 

Author Comment

by:toshi_
ID: 40540225
sorry guys,
i'm not native ....
but i'm taking as much time as necessary to explain what i'm looking for ;)

i don't know what to do now ....  :/ i'm getting lost

as a complement of information :  the domain has GPO for IE8 and GPO for IE11.
i'll take time to think about all your informations and be back .

so far, thanks a lot

toshi
0
 
LVL 76

Expert Comment

by:arnold
ID: 40540861
I do not believe you can have two GPOs since inetres.admx  can only exist once .


You would have a single IE settings, the settings set via GPO that IE8 does not have ie8 will ignore, the settings that IE9 does not have IE 9 will ignore.

While you may have an IE 11 GPO, if you do not have the iE 11 Settings template provided in the link to MS, some specific IE11 settings are not present in the options.
0

Featured Post

Promote certifications in your email signature

Has your company recently won an award or achieved a certification? They'll no doubt want to show it off. Email signature images used to promote certifications & awards can instantly establish credibility with a recipient and provide you with numerous benefits.

Join & Write a Comment

#Citrix #Internet Explorer #Enterprise Mode #IE 11 #IE 8
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now