<RANT> Someone at Microsoft should smack the whole lot of the Internet Explorer team upside the head and tell them to bury the Internet Explorer Admin Kit (IEAK) and just put their damn policy settings under the POLICIES registry keys like everything else does.
I've NEVER understood why MS has made us suffer this broken crap for so long. </RANT> -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Miller Bonnie L. Sent: Monday, February 10, 2014 11:50 AM To: [email protected] Subject: RE: [NTSysADM] GP confusion - Internet Explorer Maintenance? I'm just finishing going through this cutover myself in our primary domain, and have a few more settings to do still for an external forest. We have used the IE Maintenance node for a long time, and as you've seen what's happened is as soon as you install IE 10 or higher, you will no longer see the node. http://technet.microsoft.com/en-us/library/jj890998.aspx http://technet.microsoft.com/library/dn338129.aspx To edit the old settings, you will need to install a Win7/Server 2008 R2 tools machine with IE 9 and GPMC, or successfully roll back one that you have that is running IE 10. Then, getting moved to gpp is a little tougher and will take some testing in your specific environment. In our case, I have been using GPP on our RDS servers, so had some "templates" to start from. Testing showed that I had to it this way: 1) To get GPP settings for IE 10 and higher (it will say IE 10 but the code is version 10 to 99, so applies to 11), you MUST edit the preference from a Windows 8.1 or server 2012 R2 machine--it will not work from WS08 R2/Win7, even if you've updated your templates, and you just won't see the option for IE 10 GPP. I have a Win8.1 machine for "tools" (GPMC/RSAT), and then also temporarily have the Win7 with IE9 "tools" machine--you need both. 2) Apply the new GPP template settings to the same GPO that contains your IE Maintenance settings. Wait a few days for all machines to get these applied. Watch out for any IE settings you may have configured using Administrative templates as well--these could interfere or cause things to act strangely. 3) As quickly as possible, use the IE 9 tools machine to remove the IE maintenance settings from the GPO, then open the same policy on the Win8.1 tools machine, refresh, and tickle a change to the each of the IE GPP settings to update the GPP settings. Without doing step 3 this way, my test machines ended up with no proxy server settings as soon as I removed the IE Maintenance settings (but without tickling a change to the GPP). Doing it in the order above, we had no gap without the correct settings. One last caveat you may run into is that in the GPP editor for IE 10+ settings, if you have a bypass proxy server and manual server definition, the interface is pretty broken. There is a way to get the interface to take your settings, but you have to do it in just the right order. Let me know if you have trouble here and I can send more info. Good luck! -Bonnie -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Michael Leone Sent: Monday, February 10, 2014 6:44 AM To: [email protected] Subject: [NTSysADM] GP confusion - Internet Explorer Maintenance? I am confused about something. We have a Win2008 R2 domain (domain and forest level). We have a number of Group Policies. If I go to one in the GP Management Console, and then click on "Settings", I see (among other things", User Configuration, Policies, Windows Settings, Internet Explorer Maintenance. If I click "show" next to that, I see all the settings. Including ones for sites in the "Trusted Sites" under "Security Zones". Yet when I edit the policy, I have no "IE Maintenance". From what I can gather from searching, I now need some server side *and* some client-side extensions? (Technet: http://technet.microsoft.com/en-us/library/gg699413.aspx). I get that IE Maintenance has (apparently) been deprecated in favor of settings in Group Policy Preferences, but why am I even seeing IE Maintenance at all? Especially if I can't edit them? I also get that I need GPP to set those settings for IE 10 and newer, but IE 9 settings are still in the IE Maintenance section that I can't access at the moment? We have a lot of people still with IE 9 out there. Very confusing. Anybody have a simple explanation they can slap me with? :-)
