Going to reply here, and consolidate responses from everyone. Much appreciated.
"Automatically activate newly installed....." Already enabled, does not help. Protected modes does solve the Trusted sites issue, but then just creates another warning about Protected sites being disabled. Allow Activex filtering- disable - no help. Allow previously unused ActiveX to run w/o prompt -enabled....already on, no help. Modifying zone settings is great idea!! Umm, wait...what settings should I modify? :) Roaming profile is tempting Bonnie, but there will be 1000+ using that profile at the same time. That scares me. Trusted sites does fix this prompt but it brakes their crap setup where they auth the user at one domain then pass the auth token to another domain. IE hates that and for good reason. So, I have multiple days in this, and the bottom line, they are going to have to hit the allow button. Good news is they will only have to do it once per machine since they are all using the same computers and accounts. Thanks for the try gang, going to give up on this one. From: [email protected] [mailto:[email protected]] On Behalf Of Aakash Shah Sent: Wednesday, January 21, 2015 8:38 PM To: [email protected] Subject: [NTSysADM] RE: OT Java issue. Also, if the message in IE that you are getting about add-ons is prompting the user to allow/enable it, you can get prevent this message by configuring "Automatically activate newly installed add-ons" under Administrative Templates | Windows Components | Internet Explorer (available under both Computer and User configuration). This will automatically run the add-on as long as it has been installed. If you get the notifications about speed/slowness, you can disable this by enabling "Turn off add-on performance notifications" in the same area above. -Aakash Shah From: Aakash Shah Sent: Wednesday, January 21, 2015 5:31 PM To: '[email protected]' Subject: RE: OT Java issue. +1. This can also be done using native GPs too. Also, note that if you disable Protected Mode in IE, that should avoid the cookie problem you noticed when browsing between the Internet and Trusted Sites zone. More information at: http://blogs.msdn.com/b/ieinternals/archive/2011/03/10/internet-explorer-beware-cookie-sharing-in-cross-zone-scenarios.aspx -Aakash Shah From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Miller Bonnie L. Sent: Wednesday, January 21, 2015 2:03 PM To: '[email protected]' Subject: [NTSysADM] RE: OT Java issue. I feel for you-we have testing coming soon too. Just my thoughts... Try modifying your Internet zone settings (can be done for the one user via GPP) to make them similar to trusted. I'm not sure exactly which advanced setting would cause this prompt, but maybe something in the scripting section or removing protected mode Other thought would be to set up a mandatory roaming profile on the user, with questions answered the way you want to allow everything to run. -Bonnie From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Kennedy, Jim Sent: Wednesday, January 21, 2015 1:17 PM To: '[email protected]' Subject: [NTSysADM] OT Java issue. Need a hand here gang, this is part of a giant nightmare called state mandated student testing that is a mess. And I am under the gun. I had this working, today it blew up. 5 days to the statewide test. Java 8 u31 IE 11. I need a user policy, or reg hack I can push to get IE to not ask these little kids "This webpage wants to run the following add-on" I have hit it with everything I can think of on the GPO side and the only thing that really works user side is putting the site in 'trusted sites'. But that blows up other things because they pass authentication cookies between domains. This will be one user that they all will use, I don't care if IE is safe for this user, the filter keeps them on one website only.
