Administrative Templates For Windows Internet Explorer 9 : Free Programs, Utilities and Apps11/28/2016 Understanding Group Policy Settings In Internet Explorer 8. This weeks post is from Carl Luberti, a Senior Support Escalation Engineer with the Internet Explorer team. To start, I wanted to address that Internet Explorer 8 has over 1. Group Policy entries that can be configured, which is great for keeping your environment managed and safe. That can also create some challenges in wrapping your head around all of the possibilities, so I wanted to begin with a list of 1. IE8 from a support perspective. Hopefully, this will give a bit of a “jumping off” point to managing Internet Explorer with Group Policy. It’s one of the most powerful features of using Internet Explorer 8 in an Active Directory domain, so I want to make this easier to use and understand. Data Execution Prevention (DEP) I’ll start at the top, with Data Execution Prevention (DEP) configuration in Internet Explorer 8. Because browsers are the gateway to the internet, I think it wise to look at the Data Execution Prevention policy setting for Internet Explorer 8. By default, Internet Explorer 8 opts- in to DEP on platforms that support the Set. Process. DEPPolicy API, which means Windows XP SP3 systems and Windows Vista SP1 / Server 2. DEP is useful in that it helps to foil attacks by preventing code from running in memory that is marked non- executable, which helps mitigate against certain types of attacks that try to make use of placing executable code in areas of memory not marked as executable, like buffer overrun attacks. This behavior can be configured in Group Policy, whether you want to make certain this is happening or if you want to disable DEP opt- in for IE8, and can be found as a policy item under Computer Configuration. Understanding Administrative Templates. Displays additional policy settings for configuring Internet Explorer. Displays policy settings specific to Windows 9x (used with.The Administrative Templates for Internet Explorer 10 is available for download. This download provides the Group Policy Administrative Template (inetres.adm). Download Administrative Templates for Windows Internet Explorer 10.
Administrative Templates. Windows Components. Internet Explorer. Security Features, called “Turn off Data Execution Prevention”: Note that if the Operating System that IE8 is running on is configured to opt- in to DEP for all processes, then this policy setting has no effect and DEP is enabled for IE unless it is configured here as an opted- out process: 3. Smart. Screen Filter. Another area of security in Internet Explorer 8 that is configurable from Group Policy is the Smart. Screen Filter, which is used to help prevent phishing attacks and block access to sites that are flagged as malware hosting sites. This setting is configured per zone, which means you can configure Smart. Screen scanning to be enabled or disabled for each individual security zone. For example, you could have it enabled for the Internet Zone, but disabled for the Trusted Sites zone. By default, if the Smart. Screen filter is not configured from Group Policy, the user has control over whether or not it is enabled, and also whether or not to visit a site anyway if Smart. Screen determines a site is to be blocked. However, if this is configured from Group Policy, the user cannot visit a site listed as blocked, and cannot configure the Smart. Screen Filter or bypass it’s settings. This setting can be found as a policy item in each named security zone folder under Administrative Templates. Windows Components. Internet Explorer. Internet Control Panel. Security Page, called “Use Smart. Screen Filter”: 3. Site to Zone Assignment. The Site to Zone assignment list allows you to configure which security zones a particular site should render in, allowing you to configure how restrictive or relaxed security settings should be for a particular site based on the security zone settings the site renders in. This policy allows you to ensure that the security settings for the specified zone are applied to the site. Additionally, you can apply granular control over a site in a zone if desired, including control over whether a specific protocol is to be checked for a site, a specific site for that domain is to be specified, or if the entire domain should exist in a particular zone irrelevant of which protocol or site is specified in that domain. You can also use this to specify which sites will reside in the Restricted Sites zone, as part of a defense- in- depth strategy – sites that you do not trust can be placed in this most restrictive zone, which uses the “HIGH” security zone setting by default. This setting can be found as a policy item under Administrative Templates. Windows Components. Internet Explorer. Internet Control Panel. Security Page, called “Site to Zone Assignment List”: Note that if you enable the Site to Zone Assignment List policy, users no longer have control over adding or removing sites from this list, and it becomes completely controlled by Group Policy. If you disable the policy, any list on the client is deleted and no specific site assignments are permitted. Home Page Settings. Configuring the user’s home/start page has been a feature of policy since Internet Explorer 5, and to go along with the new ability to configure multiple secondary start pages with Internet Explorer 8 there is a policy to configure both the initial start page, as well as any secondary start pages that are desired. Each secondary start page is loaded in a separate tab from the initial home/start page when the browser is run, although it is worth noting that if you configure the initial start page or any secondary start pages in group policy the user can no longer set or modify any start pages from the Internet Explorer options. These setting can be found as policy items under Administrative Templates. Windows Components. Internet Explorer, called “Disable changing home page settings” (configuring the default start page) and “Disable changing secondary home page settings”: 5. First Run Customize Settings. Internet Explorer 8 by default runs through the “First Run Customize” wizard when a user starts the new browser for the first time, and quite a few admins like to prevent this from running as they’ve already configured user settings, whether that be via Group Policy, the IEAK, logon scripts and registry values, etc. This can be configured in Group Policy so that the user does not see the First Run Customize wizard, but is instead shown their default home page (and any subsequent start pages on separate tabs), and can be found as a policy item under Administrative Templates. Windows Components. Internet Explorer called “Prevent performance of First Run Customize settings”: 6. Suggested Sites. Suggested Sites is a new feature of Internet Explorer 8 that can recommend sites a user may wish to visit based on the user’s browsing activity, and an admin may wish to control this behavior in a domain environment due to the fact that the user’s site visit history is sent to Microsoft on a periodic basis when this feature is enabled (privacy information on this and other features can be found here). This setting can be found as a policy item under User Configuration. Administrative Templates. Windows Components. Internet Explorer called “Turn on Suggested Sites”: 7. New Tab Settings. Some administrators like to configure the new tab behavior of what Internet Explorer opens when a new tab is created, and with Internet Explorer 8 this is configurable via Group Policy. You can specify that when a user opens a new tab, that one of three things happens: the tab opens a blank page (about: blank), the “new tab page” page (which is the default behavior), or the tab opens their primary start page. This can be found as a policy item under Administrative Templates. Windows Components. Internet Explorer called “Configure new tab page default behavior”: 8. In. Private Browsing and In. Private Filtering. In. Private browsing is a feature in Internet Explorer 8 that allows a user to browse leaving virtually no traces of the web browsing actions performed in an In. Private session, including preventing the browsing history, temporary internet files, cookies, usernames and passwords, etc. An administrator might not want users to be able to utilize In. Private browsing, or they may wish to have some control over the defaults of In. Private browsing, like whether or not toolbars or browser helper objects (BHOs) are loaded during an In. Private session, or whether or not In. Private Filtering is disabled or available for use. These policy items can be configured via a number of entries under Administrative Templates. Windows Components. Internet Explorer. In. Private and Administrative Templates. Windows Components. Internet Explorer. Delete Browsing History: More detailed information about In. Private browsing and filtering can be found here. Compatibility View Settings. Compatibility View is a feature that allows the browser to display a web page that may not render correctly when viewed in the default Internet Explorer 8 Standards Mode in a mode that is more compatible with content that is not necessarily written to common Internet standards. This allows the browser to provide greater compatibility with these sites, although standards mode Web pages viewed under Compatibility View will render in Internet Explorer 7 Standards Mode rather than Internet Explorer 8 Standards Mode, and newer content written to common Internet standards may not display correctly in this mode. This particular feature can be configured in Group Policy amongst a number of policy items that control whether or not this feature is enabled and forced for all sites that the user may visit, whether it is enabled for the Local Intranet zone (the default behavior) or whether the browser should use the latest Internet Explorer Standards Mode for the Local Intranet zone, a list of sites to be explicitly viewed under Compatibility View, etc: 1. Maximum Number of Connections per Server (for AJAX)Internet Explorer uses a configured number of maximum persistent connections per server per session for both HTTP 1. HTTP 1. 1 connections, and in Internet Explorer 8 the control for this behavior has been modified so that it is configurable via Group Policy. By default, Internet Explorer 8 uses a maximum of 6 persistent connections for HTTP 1.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |