IE 8 Trusted sites list and Group Policy

Similar Messages

• Error: "We're having a problem opening this location on file explorer. Add this website to your trusted sites list and try again"

  Hello,
  When i try to open document library from SharePoint Production portal then it throws the specified error. However, when i open document library from SharePoint Development portal then it opens it in file explorer quite easily.
  Production portal is on https whereas development portal is on http. Also, UAG has been configured on production portal.
  Any idea where it's getting stuck up? Surely, this is not a browser issue on Windows 7 as it's opening the development portal's document library on the same machine.
  I've also done following things:
  - Configured Desktop Experience on production environment
  - Installed the hotfix for Windows 7
  Regards,
  Sohaib
  Sohaib Khan

  Hello Sohaib.
  Here is the list of causes defined here.Hope it helps you
  The cause and the resolution methods are the following:
  Cause: There is a missing Root site collection...
  Resolution: Check and ensure,  that the “Managed Paths” are not changed in the web Application’s page, there is a (root) explicit for
  this web application and there is a working Root site collection.
  If for any reason this is not the case in your environment, you may try the following:
  - Apply (if not already) the following Hotfix to one of those clients:
  Error when you open a SharePoint Document Library in Windows Explorer or map a network drive to the library after you install Internet Explorer 10 in Windows 7 or Windows Server 2008 R2 
  http://support.microsoft.com/kb/2846960
  Then, try to delete the cache of the IE browser before reproducing the issue. Check the result..
  - Try to temporarily disable the Antivirus and test again.
  - Check if you have installed the Desktop Experience feature on the SPS13 server.
  - Check if you face this behavior with all users, Or only with some specific ones, Or with all different client OSes.. 
  Otherwise you will need to collect the logs to further analyze...
  http://blogs.msdn.com/b/george_bethanis/archive/2013/11/04/sps13-quot-open-with-explorer-quot-random-error-quot-we-re-having-a-problem-opening-this-location-in-file-explorer-add-this-web-site-to-your-trusted-sites-list-and-try-again-quot.aspx
  Please remember to click 'Mark as Answer' on the answer if it helps you

• Windows 7 DNS and Group Policy Issues

  Hi,
  We have several suites of Windows 7 domain connected PC's.
  In one of the suites I have been called into look at 3 different PC's where the users have not got mapped drives, desktop backgrounds, internet connectivity - because their group policies have not applied.
  When I look at the error logs I find DNS 1014 errors, and Group Policy 1054 errors.
  I have looked at the logs on the switches, and there is nothing on them - Could a pupil pulling the network cable out cause these errors?... Possibly they could have put it back in before I got back in the room.
  The user logs off of the PC and back on again and are fine, as are the users that logon after them.
  We have 2 DC's/DNS servers, which I would have thought would be able to cope with the load here.
  Please let me know what you think the likely cause could be.

  Hello John555444,
  What is your current situation?
  Is this issue resolved?
  Best regards,
  Fangzhou CHEN
  Fangzhou CHEN
  TechNet Community Support

• Enterprise Mode site list and manual override

  I have a small question / issue when using Enterprise Mode.
  We have enabled it using GPO by specifying both a site list and the Enable settings for manual override. This works fine but I don't know how to reset the manual override if somebody flicks the EM mode for a specific site.
  I just want to tell IE to forget all manual overrides and apply the sitelist as delivered.
  I tried to look in the registry, in the %AppData% fodler, even cleared the IE cache but IE still remembers the user overrides.
  Any help will be really appreciated.
  Thanks, Nic.

  Hi Nic,
  As the official documents said, this registry key [HKEY_LOCAL_MACHINE\SOFTWARE\ Policies\Microsoft\Internet Explorer\Main\EnterpriseMode] “Enable” = “” | {URL:port} can also be used to collect manual overrides. By configuring the “Enable” key with a
  valid URL and port, Internet Explorer will initiate a simple POST to the supplied address whenever a user enables or disables Enterprise Mode. This effectively helps customers crowd-source lists of compatible Web apps from their own users, which may decrease
  triage and testing costs.
  Approximately 65 seconds after Internet Explorer 11 starts, it looks for a properly formatted site list. If a new site list is found, with a different version number than the active list, Internet Explorer 11 loads and uses the newer version.
  This is designed by default, and we cannot reset the by preventing the changes.
  We may try to logon script to re-deploy the original site list to reset the site list settings.
  Kate Li
  TechNet Community Support

• Adding sites to compatibility mode and trusted sites, IE10 and Server 2008

  We're having a challenge with configuring a GPO to add several sites to Compatibility View Settings as well as adding several others (the same sites, plus some others) to Trusted Sites.  We are currently running VMware's Persona Management/floating
  pools (thin provisioned linked clones), with the appdata folder redirected to the Persona server.  Clients are running IE10, DCs are running Server 2008 R2 with IE8.
  gpresult/r shows the GPO listed under Applied GPOs on the User Settings side (and all the settings are user settings); however, compatibility and trusted sites settings do not apply.
  From prior research on the topic, I seem to recall that I needed to install the IE10 IEAK; however, I cannot install that without having IE10 installed first, and I cannot install IE10 without installing the pre-requisite elements, which I cannot install
  (either through Windows Update or the IE10 standalone installer).  When the IE10 install fails, it refers me to a Microsoft KB article that won't open.  If I open the article on a workstation PC, I find links to five separate prerequisite files. 
  If I download all five files and attempt to install them, they say they're not applicable to my computer.  I can't post links in this article yet (account hasn't been verified), but a Google search for "MS KB 2818833" leads to the page with
  the links.
  64-bit Server 2008 R2.
  Any thoughts?

  Hi,
  Before going further, how did we configure the settings? Since Windows 8, the IEM settings have been deprecated.  As a result, IEM settings won't apply to IE10 or above. However, in this situation, we should be able to use administrative templates
  to configure the settings we want.
  Regarding how to add web site to Compatibility View List via GPO, the following article can be referred to as reference.
  How to add web site to Compatibility View List via GPO
  http://blogs.msdn.com/b/asiatech/archive/2013/10/23/how-to-add-web-site-to-compatibility-view-list-via-gpo.aspx
  Regarding how to Internet Explorer security zone sites via native policies, the following article can be referred to for more information.
  How to configure Internet Explorer security zone sites using group polices
  http://blogs.msdn.com/b/askie/archive/2012/06/05/how-to-configure-internet-explorer-security-zone-sites-using-group-polices.aspx
  Best regards,
  Frank Shen

• Access Connections and Group Policy generated network profiles

  Hello,
  We are in the middle of rolling out 3500 T400 machines and are having fits with Access Connections 5.02. We have a default in-house Preferred Wireless Network Profile that is created on each machine via Group Policy. This works fine with AC and everything does what is supposed to do when our users are in our buildings. When our users go offsite, we have nothing but fits with AC and trying to set up any other WAN connections.
  If users set up a new network connection, we are asking them to set it up thru AC. We have had them try using both the "Use Windows to Configure Wireless Network" as well as "IEEE 802.1X Authentication". Once the network connection is set up, for some, the wireless will work for a short period (a week or so) and then will no longer detect network connections.  The user nor the client site has made any changes to the wireless configuration. 
  Others will have a stable connection wirelessly until they connect over VPN – VPN will drop in a few minutes after connection.  They can then sometimes reconnect after a reboot; but the instability is a constant problem.
  It seems to me that the problem could all be traced back to GP enforcement, which occurs every 8 hours when connected to our network. If a user is offline for several days, then connects up to check email or transfer time or whatever, then they are kicked off. If a user connects via VPN, they are kicked off within minutes - again potentially traceable to GP enforcement.
  Has anyone else dealt with this scenario of Preferred Wireless Network policies and Access Connections?
  Thanks!

  Try going back to AC 4.52, which solved the problems i was having with AC5.02 (freezes, BSOD, loss of wireless connections when coming out of standby, GUI problems) on Vista Home Premium.  Scroll down for prevous versions of AC5.02 here:
  http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-67283
   I do not use a VPN system so AC4.52 may not help your 3500 Thinkpads.
  Lenovo (Mark_Lenovo) knows there are problems with AC5.02 for the last three (or more ) months and have stated that AC 5.1 will solve the problems, but it has not been released as far as I know. There are many threads on AC5.02 on this forum and also on thinkpads.com
  the Lenovo Blog site also has an update on AC5.02 ;under "Design Matters" on how they selected the graphics for wireless connections - the responses there offer some suggestions to fix the problems. 
  T60: 6371-CTO, VISTA Home Premium+SP1, 2GB....R51: 1836-Q4U,XP,1GB...600...755CD

• Anyconnect tunnel-group and group-policy from LDAP

  Recently we've changed from LOCAL to LDAP authentication and added additional group-policies for different users to increase security.
  To prevent users from selecting an incorrect group-policy, the LDAP server provides a IETF-Radius-Class value which matches the different group-policy names.
  It is my understanding that the authentication method is provided by the tunnel-group.
  tunnel-group DefaultWEBVPNGroup general-attributes
   authentication-server-group LDAP_AD
  This all works, but for _one_ of the group policies i'd like to enable (external) two factor authentication. Two enable two factor auth a 'secondary-authentication-server-group' needs to be set in the tunnel-group.
  Creating a tunnel-group which maches the name of the group-policy doesn't seem to have any effect.  When listing the connected users via "show vpn-sessiondb anyconnect", it always states the correct Group Policy but also always DefaultWEBVPNGroup.
  When enabling the listing of tunnel-groups for webvpn, thus allowing users to select their own tunnel-group, the two factor auth does work.
  To summarize, is it possible to let LDAP decide which tunnel-group is used or is there another way to have different group policies without users being able to choose ?

  Fabian, 
  Your connection lands on a tunnel group and picks a group policy. 
  A typical way to overcome the problem you're indicating is by using group-url. 
  a URL is bound to a specific tunnel-group and allows you to land directly on the one you desire. 
  vide:
  http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/98580-enable-group-dropdown.html
  M.

• How do I setup Active Directory and Group Policy on Windows Server 2012?

  I work for a school district that uses a Windows 2012 server with about 400 Windows 7 PCs and 150 Mac PCs. We are set up with Roaming Profiles on the PCs and would like to be able to setup Active Directory, Group Policy, and Roaming Profiles on our macs. (We also have a mac server that they are using as a file server only) As we are a school, our funds are very low. Now for the questions...
  Is there a software that allow us to accomplish this?
  Is there a free solution or a very reduced price option to do this?
  I heard that http://www.centrify.com/products/mac-edition.asp may accomplish this and I read something about it on here but didn't know if this is what I was really trying to do becuase it was marked as "The Golden Triangle" and did not mention Raoming Profiles. This is the link though: https://discussions.apple.com/message/17200059#17200059
  Any help would be greatly appreciated.

  The above reply does not take into account that I am trying to use GROUP POLICY EDITOR to make it the default browser.

• Difference between domain controllers and group policy objects in GPMC

  Hello,
  Am in confusion, someone can tel me the difference between
  1.Domain controllers>default domain controller policy  and
  2.Group policy object>default domain controller policy
  In Group policy management console and also i would like know where to define these categories. I normally use second option.
  I have attached screenshot for your information.
   regards,
  Dharanesh,

  This first/upper item is a link to the GPO, the second/lower item is the actual GPO.
  (notice the link, has a shortcut arrow showing)
  by default, when you double-click on a link, a message will display which says "you have clicked on a link....." and the messagbox offers a checkbox for "do not display this message again..."
  Effectively they are equivalent to a shortcut-to-a-file vs. the actual file.
  Don
  (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
  This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

• Demoting a DC and Group policy, help needed.

  Hi all,
  so we have 3 domain controllers, lets say dc1,dc2 and dc3. We have the 3rd line assistance from another company, they have advised the following.... 
  SO the stages will be
  1) Can you please go through all the GPO's in DC3 and consolidate what you need and what you do not need, you need to extensively cross reference this with DC1 and DC2, this is something you have to do. As I will not know what you need and what you do
  not. You can do this by logging into each domain controller and opening up the settings of each GPO and cross referencing.
  2) Once the above is done, we will consolidate the GPO's to a central repository in your domain
  3) Backup Sysvol directory and Netlogon folder in DC3
  3) Proceed to dcpromo DC3 out of the domain
  4) Test connectivity if clients to the AD
  5) Add the additional Server options
  6) All of the above can be done during office hours.
  it was my understanding (perhaps wrongly) that the group policies were not on the individual Domain Controllers but in Sysvol and as such replicated anyway?
  any advice would be very much appreciated.

  > I am being told that our Group policies are different across different
  > Domain Controllers and to my knowledge that's impossible as we have
  > discussed it should be in the replicated Sysvol.
  Ok, that's a common problem. Fix it and you will be fine:
  http//support.microsoft.com/kb/2218556 (for DFS-R Replication of Sysvol)
  http://support.microsoft.com/kb/315457 (for NTFRS replication)
  > I'm a bit lost on the central repository aspect but prior to saying it
  > makes no sense I just wanted to check my understanding, especially with
  > an MVP!
  I agree. Talking of a "central repository" fro group policy doesn't make
  sense, because group policy from the very beginning lives in AD and
  sysvol, which both are kind of "central repository". Seems they don't
  really know what they're talking about :)
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))

• Pix 515 and group-policy

  Hello,
  how many group-policy can I configure on PIx 515E with release 7.x?
  Thanks in advance
  B.

  The number of group-policy is important for me because I've many vpn-client sessions that refer to only one vpn-group.
  By radius I authenticate the user and I send to pix the name of group policy that contains the specific address-pool and the split-tunneling acl.
  In this way I can associate per-user the address-pool and the split-acl.
  The best way would be to have only one group-policy and to send by radius the name of addrress pool and the name of split acl but the pix seems no support these parameters.
  Thanks B

• Safari top site list and PubSub client list override

  After finding the PubSub client.plist was causing my system to go out and update some RSS feeds I had not been into in years - found I could delete the list and the file was recreated when I went into Mail or Safari.
  Mail created the clean list I wanted but when I went into Safari it added the old sites to the client list.
  Found that the TopSites plist in Safari folder had the rss sites in it -- so I went to top sites screen and removed all of the top sites (I don't use it)  then delete the client list in PubSub and went on-line etc.
  At this point client list is still clean and no bogus feeds (also in pubsub) coming in.
  Assume if it was reported in SnowLeopard assume it would have been fixed - if it wasn't reported - may be causing slow downs in later versions so I reported it to Apple in Feedback.
  Has anyone else had this problem and found other places to clean up?
  (Can't get software on media so can't update -- and based on download problems seen here bet a lot of people would rather get the media - and I do tell this to Apple in every feedback)

  Hi Nic,
  As the official documents said, this registry key [HKEY_LOCAL_MACHINE\SOFTWARE\ Policies\Microsoft\Internet Explorer\Main\EnterpriseMode] “Enable” = “” | {URL:port} can also be used to collect manual overrides. By configuring the “Enable” key with a
  valid URL and port, Internet Explorer will initiate a simple POST to the supplied address whenever a user enables or disables Enterprise Mode. This effectively helps customers crowd-source lists of compatible Web apps from their own users, which may decrease
  triage and testing costs.
  Approximately 65 seconds after Internet Explorer 11 starts, it looks for a properly formatted site list. If a new site list is found, with a different version number than the active list, Internet Explorer 11 loads and uses the newer version.
  This is designed by default, and we cannot reset the by preventing the changes.
  We may try to logon script to re-deploy the original site list to reset the site list settings.
  Kate Li
  TechNet Community Support

• ZENworks 6.5 SP1b And Group Policy Editor Problems

  I just installed ZENworks 6.5 SP1b on a brand new test server that I am
  running. I have no users or strain on the server. After I installed the
  service pack it started take about 20 to open the Group Policy Editor for
  a user policy and about a minute 20 to close it. I was using it before the
  upgrade and it only took like 10 seconds to close before. What's up? Can
  any one help?

  Yeah Sorry I clicked the wrong one
  > I presume someone will help in the Desktops forum, since this is for
  > server management...
  >
  > --
  >
  > Shaun Pond
  >
  >

• Update Tariff Number,Export Control List and Grouping in /sapsll/product_02

  Hi Experts,
  I am trying to update/change Tariff Number(CCNGN) in Classification tab and Legal Regulation(LGREG) and Grouping(CONGR) in Legal Control tab.
  Can i use class : /SAPSLL/CL_PR  for updating the above fields?
  In class /SAPSLL/CL_PR - in any method,i could not find any structures to fill data related to Classification Tab.
  For Grouping i can fill in /SAPSLL/PRCON_T structure
  Can any one please suggest relevant class - method for updating data in Classification Tab.
  Any suggestions would be helpful.
  Regards,
  Karthik Rali.

  Hi Karthik,
  Class /SAPSLL/CL_PR contains the Structure set GT_PRCTS, and Method MAINTAIN_SUBOBJECT seems to take care of it.
  If I am missing your point, please explain further - thanks.
  Regards,
  Dave

• Itunes and group policy

  Hi all,
  I'm trying to deploy iTunes via published group policy package. I have modified the MSI package with ORCA. The setup goes fine but at the end it fails by the ipodservice.exe. It says the user does not have permission to install service. Anyone knows how to overcome this (with non-admin user of course) ?

  try this in your package
  1. create a custom action that runs the iPodService.exe file (found in the c:\program files\ipod\bin folder) with a /service
  2. I placed this custom action last in the InstallExecute sequence.