Well, I’m all set deploying a patched version of IE 11 with the Dec 2015 CU. Thanks for the tips.
Now on to the more arduous job of hacking together all the functionality lost with discontinuation of Maintenance Mode/Preference mode. I hope whoever signed off on that decision has “moved on.” (I was going to say “passed on,” but I’m not quite THAT upset about it :)) I’ve got IE 11 deployed now. I just hope no one asks me to make any post deployment customizations for a while. The once simple task of adding a URL to the trusted sites or intranet zone for all users is now much more of an ordeal. From: [email protected] [mailto:[email protected]] On Behalf Of John Aubrey Sent: Friday, January 08, 2016 1:39 PM To: [email protected] Subject: RE: [mssms] RE: FYI, if you still have versions of IE older than 11 out there... I like to consider open security holes as “broken”. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Jimmy Martin Sent: Friday, January 8, 2016 2:20 PM To: [email protected]<mailto:[email protected]> Subject: RE: [mssms] RE: FYI, if you still have versions of IE older than 11 out there... If isn't broke, don't fix it... But for me, I did not get dependable enterprise mode until I installed it It wouldn't even show up on tool bar... Sent from my Windows Phone ________________________________ From: ODONNELL Aaron M<mailto:[email protected]> Sent: 1/8/2016 1:14 PM To: '[email protected]'<mailto:[email protected]> Subject: [mssms] RE: FYI, if you still have versions of IE older than 11 out there... Is whatever KB2929437 patches not included in the latest IE cumulative updates? My task sequence does basically the same as what you have listed below except for installing KB2929437 and we haven’t seen any enterprise mode issues once after IE11 is installed and they get the appropriate group policy. Thanks, Aaron O’Donnell From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Jimmy Martin Sent: Friday, January 08, 2016 4:53 AM To: '[email protected]' Subject: [mssms] RE: FYI, if you still have versions of IE older than 11 out there... Here’s a good formula that will leave you with ie11, and enterprise mode being available My task sequence does 3 reboots… maybe excessive, but it is dependable and the task sequence quickly starts back up after the reboot without logon being required Install all the pre-reqs with a batch file called in task sequence step Batch file contents for a win7entx64 env %WINDIR%\SysNative\wusa.exe "%~dp0Windows6.1-KB2533623-x64.msu" /quiet /norestart %WINDIR%\SysNative\wusa.exe "%~dp0Windows6.1-KB2639308-x64.msu" /quiet /norestart %WINDIR%\SysNative\wusa.exe "%~dp0Windows6.1-KB2670838-x64.msu" /quiet /norestart %WINDIR%\SysNative\wusa.exe "%~dp0Windows6.1-KB2729094-v2-x64.msu" /quiet /norestart %WINDIR%\SysNative\wusa.exe "%~dp0Windows6.1-KB2731771-x64.msu" /quiet /norestart %WINDIR%\SysNative\wusa.exe "%~dp0Windows6.1-KB2786081-x64.msu" /quiet /norestart %WINDIR%\SysNative\wusa.exe "%~dp0Windows6.1-KB2834140-v2-x64.msu" /quiet /norestart %WINDIR%\SysNative\wusa.exe "%~dp0Windows6.1-KB2882822-x64.msu" /quiet /norestart %WINDIR%\SysNative\wusa.exe "%~dp0Windows6.1-KB2888049-x64.msu" /quiet /norestart First reboot Install ie11 Ie11-setup-full.msi Second reboot Now install post ie11 patches in another batch file %WINDIR%\SysNative\wusa.exe %~dp0IE11-Windows6.1-KB2929437-x64.msu /quiet %WINDIR%\SysNative\wusa.exe %~dp0AMD64-all-ie11-windows6.1-kb3100773-x64.msu /quiet KB2929437 is the important one u will need to make ent mode button and functionality show up Kb3100773 was the latest cumulative when I deployed Did about 10000 workstations/laptops with this Jimmy Martin (901) 227-8209 From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Kevin Johnston Sent: Friday, January 08, 2016 6:46 AM To: '[email protected]' <[email protected]<mailto:[email protected]>> Subject: [mssms] RE: FYI, if you still have versions of IE older than 11 out there... I used PSApp deploy and I added the prerequisites plus the latest CU to it. It also does 1 reboot. I haven’t had an issue yet with it. Only problem is the detection method. When you configure it to be looking for the version you are deploying, the next month a new one comes out those users that installed IE11 it will then show up again as they are no longer compliant, so I have to modify the setup again to look for the newest version… tedious I know, but at least I only have this month left :) KEVIN JOHNSTON From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Art Flores Sent: Thursday, January 07, 2016 7:29 PM To: [email protected]<mailto:[email protected]> Subject: [mssms] RE: FYI, if you still have versions of IE older than 11 out there... I used the following links and included the latest IE11 cumulative security update KB3104002 that was released 12/8/15. http://joji.me/en-us/blog/create-internet-explorer-11-batch-deployment-package https://technet.microsoft.com/en-us/library/security/MS15-124 From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Daniel Ratliff Sent: Thursday, January 07, 2016 3:49 PM To: [email protected]<mailto:[email protected]> Subject: [mssms] RE: FYI, if you still have versions of IE older than 11 out there... Same here, task sequence with the post-IE11 CU installed. The good news is if you install using the .exe, the post-install CU doesn’t require a reboot before being installed. One single reboot for everything. Daniel Ratliff From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of ODONNELL Aaron M Sent: Thursday, January 7, 2016 1:40 PM To: '[email protected]' Subject: [mssms] RE: FYI, if you still have versions of IE older than 11 out there... We are just finishing up our rollout of IE11 and ran into the same issue. The SCCM software updates scan on the workstation wasn’t catching computers fast enough when we deployed IE11 overnight so people would log in the next morning and IE would still be unpatched and then have various enterprise mode issues. Our solution was to use a task sequence to push out the IE update installer with an added command line step for using DISM to apply the .cab file of the latest IE cumulative update and kick off another reboot. Kind of the brute force method but it eliminated a lot of problems for us. Thanks, Aaron O’Donnell From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Miller, Todd Sent: Thursday, January 07, 2016 1:25 PM To: [email protected]<mailto:[email protected]> Subject: [mssms] RE: FYI, if you still have versions of IE older than 11 out there... Hey, on this topic… I am in the final stages of preparing to deploy IE 11. During the testing phase I discovered that it is deployiong IE 11 and the client end up with the June 9 2015 Cumulative update installed. This is version 11.0.20. That version is supposed to be new enough for the Enterprise Mode “stuff’ but the Enterprise mode stuff is not working and not showing in the Tools menu. Only after a more recent CU is installed – like the December 2015 update – does the Enterprise Mode start working. (I’ve looked in the registry on the machines and the policy entries are there –so it is not because the GPO is not making it to the client) I can’t figure out why 1) The June 2015 version is not “new” enough for the Enterprise mode stuff that came in 2014 and 2) if there is a way to pack in a newer Cumulative Update. I don’t honestly know how the June 9 2015 CU got included in the package either… Looking on the internet – there are gobs of blogs about adding pre-requisites, but nothing on post requisites. I’ve tried to use a similar method to include an MSU in the IEAK, but set it to “after system restart” but that is a no go. Internet research tells me that function in IEAK doesn’t work anyway. So any tips on deploying IE 11 with a version that can use Enterprise mode out of the gate? Otherwise my clients are without Enterprise mode for 1-6 days depending where they are on the software update re-scan cycle. I’m about to throw in the towel and just have some web sites not work for a few days while the clients catch up with a new IE 11 Update version that supports Enterprise mode. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Art Flores Sent: Thursday, January 07, 2016 1:13 PM To: [email protected]<mailto:[email protected]> Subject: [mssms] FYI, if you still have versions of IE older than 11 out there... Time to push out a GPO if you want to avoid some new nag notifications. https://support.microsoft.com/en-us/kb/3123303 http://blogs.msdn.com/b/askie/archive/2015/12/17/how-to-implement-the-end-of-life-feature-control-key-outlined-in-kb3123303-using-group-policy.aspx ________________________________ Notice: This UI Health Care e-mail (including attachments) is covered by the Electronic Communications Privacy Act, 18 U.S.C. 2510-2521, is confidential and may be legally privileged. If you are not the intended recipient, you are hereby notified that any retention, dissemination, distribution, or copying of this communication is strictly prohibited. Please reply to the sender that you have received the message in error, then delete it. Thank you. ________________________________ The information transmitted is intended only for the person or entity to which it is addressed and may contain CONFIDENTIAL material. If you receive this material/information in error, please contact the sender and delete or destroy the material/information. This message and any files transmitted with it may contain legally privileged, confidential, or proprietary information. If you are not the intended recipient of this message, you are not permitted to use, copy, or forward it, in whole or in part without the express consent of the sender. Please notify the sender of the error by reply email, disregard the foregoing messages, and delete it immediately. P Please consider the environment before printing this email... This message and any files transmitted with it may contain legally privileged, confidential, or proprietary information. If you are not the intended recipient of this message, you are not permitted to use, copy, or forward it, in whole or in part without the express consent of the sender. Please notify the sender of the error by reply email, disregard the foregoing messages, and delete it immediately. P Please consider the environment before printing this email... ________________________________ Notice: This UI Health Care e-mail (including attachments) is covered by the Electronic Communications Privacy Act, 18 U.S.C. 2510-2521, is confidential and may be legally privileged. If you are not the intended recipient, you are hereby notified that any retention, dissemination, distribution, or copying of this communication is strictly prohibited. Please reply to the sender that you have received the message in error, then delete it. Thank you. ________________________________
