Solved

on IE how can i find out which GPO is avoiding a correct display for a web site ?

Posted on 2015-01-09
13
109 Views
Last Modified: 2015-01-15
Hello,

We have a website that dont display a part of it's content when on IE11.
This website was added to the trusted sites for IE11 but the problem persists.

Now when i'm on IE 11 and i change
Menu -> tools -> security -> trusted sites :   from Medium to Medium-Low
and that then i refresh the page, i can have the full display of the page and it's the situation i'd like to have.

i've been asked to find out which config changes in the list that we can display when "Custom level.." button is pressed.

my question:

I.
is it possible to export the list of configuration values under "Custom level.." in order to compare them  with a vim diff  or other adhoc tool ?

I learnt that all GPO changes are changes to the registers, so i guess that we could find out which GPO has the ability to change which register. with that in mind I've started RegFromApp in order to have the changes in the register when operating the change from medieum to medium-low.

II.
How can i know with the registers that changed during the change medium->medium-low where is the configurations in the GPO ?


Thanks in advance for your help.

I'm trying to figure out which GPO is IE configuration is
0
Comment
Question by:toshi_
  • 6
  • 4
  • 3
13 Comments
 
LVL 4

Expert Comment

by:Antyrael
ID: 40540075
1. I don't think you can export those settings other than your registry monitoring kind of way.

2. When you run the command rsop.msc (as an administrator), you can see both the Computer and User policies applied to the currently running system.
You can find the Internet Explorer settings applied under Computer|User Configuration -> Administrative Templates -> Windows Components -> Internet Explorer (and, Security tab settings are under Internet Control Panel -> Security Page).
If, for instance, you select the Security Page in the tree, you can see assigned policies with their respective GPO and whether they are enabled or disabled.

I hope this answers your question. Good luck!
0
 
LVL 77

Expert Comment

by:arnold
ID: 40540109
Are you able to browse the site using IE 11 from a different location?
A GPO would not affect how a site is displayed in a browser, the issue might be that you need to browse the site in compatibility mode.

Is there content on the page that is not displaying, what errors if any are you getting?
0
 
LVL 4

Expert Comment

by:Antyrael
ID: 40540114
Arnold, a GPO can definitely affect how a site is displayed, by using the Browser Compatibility settings you yourself are referring to.
0
 

Author Comment

by:toshi_
ID: 40540118
thank you for your answer,

i was not enough clear.....

I know what changed in registers  when i moved the cursor from medium to medium-low (IE security level).
now I'd like to find which GPO could have been done such change in register ?
my goal is to keep the medium level but with customs changes that should be a change in the currents GPO.

thank you in advance for further help.
toshi
0
 

Author Comment

by:toshi_
ID: 40540120
Antyrael ,

thank you for your answer.
I'm sure that GPO can affect web sites through IE11.

we are checking all web sites that the company work with in order to adapt the GPO when things are not working as expected.

toshi
0
 
LVL 77

Expert Comment

by:arnold
ID: 40540139
you would need to use GPMC and run the group policy wizard if the naming of GPOs does not indicate what they do.
you would then search through the user configuration, windows settings, internet explorer maintenance

or administrative templates, internet explorer

Once you navigate to these and locate the change you did not want, you can see which GPO is the source of this change (winning GPO) you might have several GPOs modifying this setting, such that should you change the setting in the currently winning to not-set. rerun the report to make sure there is no other GPO that was being superseded by the current one. repeat if there are multiple, until the GPO setting is not being pushed, or the one you wanted is displayed.
0
The curse of the end user strikes again      

You’ve updated all your end user’s email signatures. Hooray! But guess what? They’re playing around with the HTML, adding stupid taglines and ruining the imagery. Find out how you can save your signatures from end users today.

 
LVL 77

Expert Comment

by:arnold
ID: 40540148
Antyrael, agree, but to understand whether one should look under the hood, or under the car, one needs to determine that there is something there.
The person merely said a site is not displaying in IE 11.
And when security changed to a lower it works.  
I attempted to determine whether this is following an update to IE11, whether the issue is isolated to one or through out, etc.
Starting small to see what ........
0
 

Author Comment

by:toshi_
ID: 40540170
hi arnold,

the web site generates a javascript error, an object that 's not present.

for the rest:
the web site is displayed normally on IE 11 with a machine that's is not in the domain.
the web site is dislpayed normally on IE  8 with a machine that is in the domain.

thank you for further help
0
 
LVL 77

Accepted Solution

by:
arnold earned 500 total points
ID: 40540195
I believe the default position of IE security is medium in a domain environment.
Using a GPO as referenced you can lower it if you want.

IE 8 => IE 9 => IE10 => IE11 MS made adjustments on the security model that while they all might be in the Medium security mode, they will have other settings that are adjusted.

This is often the reason in an AD you have to test before pushing updates.

Depending on your AD/DC OS version, you may need to get the IE 11 settings.
http://www.microsoft.com/en-us/download/details.aspx?id=40905
0
 
LVL 77

Expert Comment

by:arnold
ID: 40540204
Domain based environment the security settings are a bit more restrictive as compared to the same browser version in a home type of environment.
0
 
LVL 4

Expert Comment

by:Antyrael
ID: 40540211
Arnold, you are absolutely right, I didn't interpret the initial questions correctly it seems.
That's the problem sometimes when English isn't your native language ;)
0
 

Author Comment

by:toshi_
ID: 40540225
sorry guys,
i'm not native ....
but i'm taking as much time as necessary to explain what i'm looking for ;)

i don't know what to do now ....  :/ i'm getting lost

as a complement of information :  the domain has GPO for IE8 and GPO for IE11.
i'll take time to think about all your informations and be back .

so far, thanks a lot

toshi
0
 
LVL 77

Expert Comment

by:arnold
ID: 40540861
I do not believe you can have two GPOs since inetres.admx  can only exist once .


You would have a single IE settings, the settings set via GPO that IE8 does not have ie8 will ignore, the settings that IE9 does not have IE 9 will ignore.

While you may have an IE 11 GPO, if you do not have the iE 11 Settings template provided in the link to MS, some specific IE11 settings are not present in the options.
0

Featured Post

The curse of the end user strikes again      

You’ve updated all your end user’s email signatures. Hooray! But guess what? They’re playing around with the HTML, adding stupid taglines and ruining the imagery. Find out how you can save your signatures from end users today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
Google currently has a new report that is in beta and coming soon to Webmaster Tool accounts. This Micro Tutorial will highlight new features for Google Webmaster Tools.

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now