On Fri, Jun 2, 2017 at 11:32 AM, Melvin Backus <[email protected]> wrote: > Run the policy wizard from within GP management, it should give you the > results.
That's what I did. The Group Policy Results Wizard shows those settings being applied, for that user on that VM. Logging in as that user to the actual VM, I don't see those settings in IE (pop-ups blocked, domains listed in Compatibility View). > > -- > There are 10 kinds of people in the world... > those who understand binary and those who don't. > > -----Original Message----- > From: [email protected] [mailto:[email protected]] > On Behalf Of Michael Leone > Sent: Friday, June 2, 2017 11:18 AM > To: [email protected] > Subject: Re: [NTSysADM] Re: Using GPO to allow pop-ups and to set > compatibility settings - MORE > > OK, so why then isn't it working? When I do a Group Policy Wizard, and choose > my user and test VM, I do see my domain in (Computer) Windows > Components/Internet Explorer/Compatibility View > > *.wrk.ads.xxx.xxx.xxx > > I also see "Use Pop-Up Blocker" disabled, under (Computer) Windows > Components/Internet Explorer/Internet Control Panel/Security Page/Trusted > Sites Zone. > > I even set the same things under the User Configuration (Compatibility View > settings, and pop-up blocker settings). > > So how come when I log in as that user, on that machine, and go to the local > website, I see that the Security page says I am in the Trusted Zone, but I > don't see pop-ups disabled. And I don't see my domain under Compatibility > View. > > It is IE11 (version 11.0.9600.18059). > > So what is the deal here? Ordinarily, I'd run rsop.msc, but this is a regular > user, and the other GPO settings prohibit running it. > > I suppose I could temporarily make the user a local admin, so I could check. > But the GP Wizard says they are set. > > Am I just setting the wrong things? How can I disable pop-ups in the Trusted > Zone, and add my internal domain to Compatibility View, if I don't use the > template? Am I going to have to push out a registry setting or something? > > > > > On Fri, Jun 2, 2017 at 10:21 AM, <[email protected]> wrote: >> Michael, >> >> Compatibility View settings are managed here: >> >> Computer Configuration -> Administrative Templates -> Windows >> Components -> Internet Explorer -> Compatibility View >> >> The settings you are looking for is "Use Policy List of Internet Explorer 7 >> sites", that is what the compatiblity view does. >> >> https://docs.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/m >> issing-the-compatibility-view-button >> >> -----Original Message----- >> From: [email protected] >> [mailto:[email protected]] On Behalf Of Michael Leone >> Sent: Friday, June 02, 2017 4:00 PM >> To: [email protected] >> Subject: [NTSysADM] Re: Using GPO to allow pop-ups and to set >> compatibility settings - MORE >> >> Apparently, a long time back, I did add my internal domain to the >> "Trusted Sites" zone via a GPP registry setting, as well as pushing >> out my internal CA cert. (just goes to shwo, getting old sucks. Only >> thing worse is not getting old ..) >> >> Anyway, when I go to the new VOIP server, and try to log in via web >> interface (to see reports, etc), >> >> I am NOT prompted for a cert >> The site does show as a "Trusted Site" >> >> Good! >> >> BUT ... even so, pop-ups say they are enabled, and I don't see my internal >> domain in Compatibility View. >> >> I've already disabled pop-up blockers in the Internet Control Panel/Security >> Page/Trusted Sites Zone for computers. Guess I'll try it for User >> Configuration ... >> >> >> Still haven't found where to add to Compatibility View ... >> >> >> On Fri, Jun 2, 2017 at 9:13 AM, Michael Leone <[email protected]> wrote: >>> Today we start rolling out a new VOIP phone system (I haven't been >>> involved with any of this). >>> >>> This morning I get an email, saying that some of our staff will need >>> to access the system via a web interface, and that we need to turn >>> off pop-up blockers for that site, and to add this site to >>> COmpability View. >>> >>> <SIGH> >>> >>> Why they just didn't wait to ask this until after we'd changed out >>> 1,000 Nortel phones for Cisco phones? >>> >>> Anyway: >>> >>> I've already pushed out our internal root cert, so they shouldn't be >>> asked to accept an unknown cert. This works for IE, but not for >>> Chrome, for some reason. But I'll get back to that. >>> >>> Anyway, since we use IE 10 and IE 11 (no Edge, no Win 10, everybody >>> is still Win 7), I think I need to use GP to: >>> >>> Computer Configuration/Policies/Administrative Templates/Windows >>> Components/Internet Explorer/Pop-up Allow List >>> >>> and add "*.<my internal domain>" >>> >>> (that won't erase any other pop-up settings they may have manually >>> entered, will it?) >>> >>> But where do I do that for Compatibility View? I see a "Compability >>> View" sub-section there, but nothing that looks like "Add this local >>> domain". >>> >>> Sorry for the rushed questions, but like I say, this is the first I >>> am hearing of this. How they did not notice this during testing, I >>> have no clue ... >>> >>> Thanks >> >> > >
