"Roaming profile is tempting Bonnie, but there will be 1000+ using that profile at the same time. That scares me."
I regularly set up single roaming mandatory profiles for use by tens of thousands of users. Don't see any issues. You could create a single mandatory profile, and then copy it to the C: drive of every machine via a GPP File, if the chances of locking it bothered you. Here's a good guide (IMO!) to creating mandatory profiles just in case you take the plunge - http://appsensebigot.blogspot.co.uk/2014/10/create-windows-mandatory-profiles-in.html On 22 January 2015 at 14:01, Kennedy, Jim <[email protected]> wrote: > Going to reply here, and consolidate responses from everyone. Much > appreciated. > > > > > > “Automatically activate newly installed…..” Already enabled, does not > help. > > Protected modes does solve the Trusted sites issue, but then just creates > another warning about Protected sites being disabled. > > > > Allow Activex filtering- disable – no help. > Allow previously unused ActiveX to run w/o prompt –enabled….already on, no > help. > > > > Modifying zone settings is great idea!! Umm, wait…what settings should I > modify? J > > Roaming profile is tempting Bonnie, but there will be 1000+ using that > profile at the same time. That scares me. > > > > Trusted sites does fix this prompt but it brakes their crap setup where > they auth the user at one domain then pass the auth token to another > domain. IE hates that and for good reason. > > > > So, I have multiple days in this, and the bottom line, they are going to > have to hit the allow button. Good news is they will only have to do it > once per machine since they are all using the same computers and accounts. > > > > Thanks for the try gang, going to give up on this one. > > > > > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Aakash Shah > *Sent:* Wednesday, January 21, 2015 8:38 PM > > *To:* [email protected] > *Subject:* [NTSysADM] RE: OT Java issue. > > > > Also, if the message in IE that you are getting about add-ons is prompting > the user to allow/enable it, you can get prevent this message by > configuring “Automatically activate newly installed add-ons” under > Administrative Templates | Windows Components | Internet Explorer > (available under both Computer and User configuration). This will > automatically run the add-on as long as it has been installed. > > > > If you get the notifications about speed/slowness, you can disable this by > enabling “Turn off add-on performance notifications” in the same area above. > > > > -Aakash Shah > > > > *From:* Aakash Shah > *Sent:* Wednesday, January 21, 2015 5:31 PM > *To:* '[email protected]' > *Subject:* RE: OT Java issue. > > > > +1. This can also be done using native GPs too. > > > > Also, note that if you disable Protected Mode in IE, that should avoid the > cookie problem you noticed when browsing between the Internet and Trusted > Sites zone. More information at: > > > http://blogs.msdn.com/b/ieinternals/archive/2011/03/10/internet-explorer-beware-cookie-sharing-in-cross-zone-scenarios.aspx > > > > -Aakash Shah > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *Miller Bonnie L. > *Sent:* Wednesday, January 21, 2015 2:03 PM > *To:* '[email protected]' > *Subject:* [NTSysADM] RE: OT Java issue. > > > > I feel for you—we have testing coming soon too. > > > > Just my thoughts… > > > > Try modifying your Internet zone settings (can be done for the one user > via GPP) to make them similar to trusted. I’m not sure exactly which > advanced setting would cause this prompt, but maybe something in the > scripting section or removing protected mode > > > > Other thought would be to set up a mandatory roaming profile on the user, > with questions answered the way you want to allow everything to run. > > > > -Bonnie > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *Kennedy, Jim > *Sent:* Wednesday, January 21, 2015 1:17 PM > *To:* '[email protected]' > *Subject:* [NTSysADM] OT Java issue. > > > > Need a hand here gang, this is part of a giant nightmare called state > mandated student testing that is a mess. And I am under the gun. I had this > working, today it blew up. 5 days to the statewide test. > > Java 8 u31 IE 11. I need a user policy, or reg hack I can push to get IE > to not ask these little kids “This webpage wants to run the following > add-on” > > I have hit it with everything I can think of on the GPO side and the only > thing that really works user side is putting the site in ‘trusted sites’. > But that blows up other things because they pass authentication cookies > between domains. > > This will be one user that they all will use, I don’t care if IE is safe > for this user, the filter keeps them on one website only. > > > -- *James Rankin* --------------------- RCL - Senior Technical Consultant (ACA, CCA, MCTS) | The Virtualization Practice Analyst - Desktop Virtualization http://appsensebigot.blogspot.co.uk
