RE: [NTSysADM] Re: Using GPO to allow pop-ups and to set compatibility settings - MORE
I hear ya! Compatibility mode might be fine for what you need, it just has a lot of limitations that also make it difficult and sometimes fixing one site breaks others. From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael Leone Sent: Friday, June 2, 2017 9:21 AM To: ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] Re: Using GPO to allow pop-ups and to set compatibility settings - MORE On Fri, Jun 2, 2017 at 12:12 PM, Miller Bonnie L. <mille...@mukilteo.wednet.edu<mailto:mille...@mukilteo.wednet.edu>> wrote: Just getting caught up, I don't see that anyone has mentioned it but compatibility view is horrible and it has all sorts of limitations, including that it really only handles addresses out to two domain levels. So for example, you can add xyz.foo.edu<http://xyz.foo.edu>, but it actually will put all of foo.edu<http://foo.edu> into compatibility mode, which you may not really want. If you're stuck on IE10, you may not have an option, but if you can get them to IE 11 then you will want to check out the IE Enterprise mode settings and tools. We have ours up and running and did not have to put any kind of logging server in place for posting, it's optional. Start here, it might even let you get away from IE 10 if you have other sites with compatibility issues that it can support: https://docs.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode Thanks. I will look into it. But since we're short 2 network admins, and the other admin is ... well, anyway, he's tied up being the router/switch guy ... I'm not sure when I can get to it ..
Re: [NTSysADM] Re: Using GPO to allow pop-ups and to set compatibility settings - MORE
On Fri, Jun 2, 2017 at 12:12 PM, Miller Bonnie L. < mille...@mukilteo.wednet.edu> wrote: > Just getting caught up, I don't see that anyone has mentioned it but > compatibility view is horrible and it has all sorts of limitations, > including that it really only handles addresses out to two domain levels. > So for example, you can add xyz.foo.edu, but it actually will put all of > foo.edu into compatibility mode, which you may not really want. > > If you're stuck on IE10, you may not have an option, but if you can get > them to IE 11 then you will want to check out the IE Enterprise mode > settings and tools. We have ours up and running and did not have to put > any kind of logging server in place for posting, it's optional. Start > here, it might even let you get away from IE 10 if you have other sites > with compatibility issues that it can support: > > https://docs.microsoft.com/en-us/internet-explorer/ie11- > deploy-guide/what-is-enterprise-mode Thanks. I will look into it. But since we're short 2 network admins, and the other admin is ... well, anyway, he's tied up being the router/switch guy ... I'm not sure when I can get to it ..
RE: [NTSysADM] Re: Using GPO to allow pop-ups and to set compatibility settings - MORE
Just getting caught up, I don't see that anyone has mentioned it but compatibility view is horrible and it has all sorts of limitations, including that it really only handles addresses out to two domain levels. So for example, you can add xyz.foo.edu, but it actually will put all of foo.edu into compatibility mode, which you may not really want. If you're stuck on IE10, you may not have an option, but if you can get them to IE 11 then you will want to check out the IE Enterprise mode settings and tools. We have ours up and running and did not have to put any kind of logging server in place for posting, it's optional. Start here, it might even let you get away from IE 10 if you have other sites with compatibility issues that it can support: https://docs.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode -Bonnie -Original Message- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael Leone Sent: Friday, June 2, 2017 8:55 AM To: ntsysadm@lists.myitforum.com Subject: Re: [NTSysADM] Re: Using GPO to allow pop-ups and to set compatibility settings - MORE AH HA! So for the pop-ups, it is counter-intuitive. Instead of DISABLE, you have to set it to ENABLE .. .and then choose DISABLE from the drop-down. So I have to enable it, to disable it ... Still dunno what's up with the Compatibility View On Fri, Jun 2, 2017 at 11:17 AM, Michael Leone <oozerd...@gmail.com> wrote: > OK, so why then isn't it working? When I do a Group Policy Wizard, and > choose my user and test VM, I do see my domain in (Computer) Windows > Components/Internet Explorer/Compatibility View > > *.wrk.ads.xxx.xxx.xxx > > I also see "Use Pop-Up Blocker" disabled, under (Computer) Windows > Components/Internet Explorer/Internet Control Panel/Security > Page/Trusted Sites Zone. > > I even set the same things under the User Configuration (Compatibility > View settings, and pop-up blocker settings). > > So how come when I log in as that user, on that machine, and go to the > local website, I see that the Security page says I am in the Trusted > Zone, but I don't see pop-ups disabled. And I don't see my domain > under Compatibility View. > > It is IE11 (version 11.0.9600.18059). > > So what is the deal here? Ordinarily, I'd run rsop.msc, but this is a > regular user, and the other GPO settings prohibit running it. > > I suppose I could temporarily make the user a local admin, so I could > check. But the GP Wizard says they are set. > > Am I just setting the wrong things? How can I disable pop-ups in the > Trusted Zone, and add my internal domain to Compatibility View, if I > don't use the template? Am I going to have to push out a registry > setting or something? > > > > > On Fri, Jun 2, 2017 at 10:21 AM, <dylan.mar...@bench.com> wrote: >> Michael, >> >> Compatibility View settings are managed here: >> >> Computer Configuration -> Administrative Templates -> Windows >> Components -> Internet Explorer -> Compatibility View >> >> The settings you are looking for is "Use Policy List of Internet Explorer 7 >> sites", that is what the compatiblity view does. >> >> https://docs.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/ >> missing-the-compatibility-view-button >> >> -----Original Message- >> From: listsad...@lists.myitforum.com >> [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael Leone >> Sent: Friday, June 02, 2017 4:00 PM >> To: ntsysadm@lists.myitforum.com >> Subject: [NTSysADM] Re: Using GPO to allow pop-ups and to set >> compatibility settings - MORE >> >> Apparently, a long time back, I did add my internal domain to the >> "Trusted Sites" zone via a GPP registry setting, as well as pushing >> out my internal CA cert. (just goes to shwo, getting old sucks. Only >> thing worse is not getting old ..) >> >> Anyway, when I go to the new VOIP server, and try to log in via web >> interface (to see reports, etc), >> >> I am NOT prompted for a cert >> The site does show as a "Trusted Site" >> >> Good! >> >> BUT ... even so, pop-ups say they are enabled, and I don't see my internal >> domain in Compatibility View. >> >> I've already disabled pop-up blockers in the Internet Control Panel/Security >> Page/Trusted Sites Zone for computers. Guess I'll try it for User >> Configuration ... >> >> >> Still haven't found where to add to Compatibility View ... >> >> >> On Fri, Jun 2, 2017 at 9:13 AM, Michael Leone <oozerd...@gmail.com> wrote: >>>
Re: [NTSysADM] Re: Using GPO to allow pop-ups and to set compatibility settings - MORE
AH HA! v2 "Deploy from Administrative Templates via GPO. However, it does not get reflected in IE user interface, we see the sites loading in the compatibility mode by opening the developer tool bar (press F12) and checking the browser mode. Also, we can verify the setting in the client machine registry. The configuration is written to registry under HKCU(HKLM)\Software\[Wow6432Node]\Policies\Microsoft\Internet Explorer\BrowserEmulation\PolicyList." https://blogs.msdn.microsoft.com/asiatech/2013/10/22/how-to-add-web-site-to-compatibility-view-list-via-gpo/ So apparently GPO assigned Compatability View domains do NOT show up in the UI, but when I did a regedit, and navigated to that key ... lo and behold! There was my entry. MS doesn't make this easy and straight-forward, that's for sure ... On Fri, Jun 2, 2017 at 11:55 AM, Michael Leone <oozerd...@gmail.com> wrote: > AH HA! So for the pop-ups, it is counter-intuitive. Instead of > DISABLE, you have to set it to ENABLE .. .and then choose DISABLE from > the drop-down. > > > > So I have to enable it, to disable it ... > > Still dunno what's up with the Compatibility View > > > On Fri, Jun 2, 2017 at 11:17 AM, Michael Leone <oozerd...@gmail.com> > wrote: > > OK, so why then isn't it working? When I do a Group Policy Wizard, and > > choose my user and test VM, I do see my domain in (Computer) Windows > > Components/Internet Explorer/Compatibility View > > > > *.wrk.ads.xxx.xxx.xxx > > > > I also see "Use Pop-Up Blocker" disabled, under (Computer) Windows > > Components/Internet Explorer/Internet Control Panel/Security > > Page/Trusted Sites Zone. > > > > I even set the same things under the User Configuration (Compatibility > > View settings, and pop-up blocker settings). > > > > So how come when I log in as that user, on that machine, and go to the > > local website, I see that the Security page says I am in the Trusted > > Zone, but I don't see pop-ups disabled. And I don't see my domain > > under Compatibility View. > > > > It is IE11 (version 11.0.9600.18059). > > > > So what is the deal here? Ordinarily, I'd run rsop.msc, but this is a > > regular user, and the other GPO settings prohibit running it. > > > > I suppose I could temporarily make the user a local admin, so I could > > check. But the GP Wizard says they are set. > > > > Am I just setting the wrong things? How can I disable pop-ups in the > > Trusted Zone, and add my internal domain to Compatibility View, if I > > don't use the template? Am I going to have to push out a registry > > setting or something? > > > > > > > > > > On Fri, Jun 2, 2017 at 10:21 AM, <dylan.mar...@bench.com> wrote: > >> Michael, > >> > >> Compatibility View settings are managed here: > >> > >> Computer Configuration -> Administrative Templates -> Windows > Components -> Internet Explorer -> Compatibility View > >> > >> The settings you are looking for is "Use Policy List of Internet > Explorer 7 sites", that is what the compatiblity view does. > >> > >> https://docs.microsoft.com/en-us/internet-explorer/ie11- > deploy-guide/missing-the-compatibility-view-button > >> > >> -Original Message- > >> From: listsad...@lists.myitforum.com [mailto:listsadmin@lists. > myitforum.com] On Behalf Of Michael Leone > >> Sent: Friday, June 02, 2017 4:00 PM > >> To: ntsysadm@lists.myitforum.com > >> Subject: [NTSysADM] Re: Using GPO to allow pop-ups and to set > compatibility settings - MORE > >> > >> Apparently, a long time back, I did add my internal domain to the > "Trusted Sites" zone via a GPP registry setting, as well as pushing out my > internal CA cert. (just goes to shwo, getting old sucks. Only thing worse > is not getting old ..) > >> > >> Anyway, when I go to the new VOIP server, and try to log in via web > interface (to see reports, etc), > >> > >> I am NOT prompted for a cert > >> The site does show as a "Trusted Site" > >> > >> Good! > >> > >> BUT ... even so, pop-ups say they are enabled, and I don't see my > internal domain in Compatibility View. > >> > >> I've already disabled pop-up blockers in the Internet Control > Panel/Security Page/Trusted Sites Zone for computers. Guess I'll try it for > User Configuration ... > >> > >> > >> Still haven't found where to add to Compatibility View ... > >> > >> > >> On Fri, Jun 2, 2017 at 9:
Re: [NTSysADM] Re: Using GPO to allow pop-ups and to set compatibility settings - MORE
AH HA! So for the pop-ups, it is counter-intuitive. Instead of DISABLE, you have to set it to ENABLE .. .and then choose DISABLE from the drop-down. So I have to enable it, to disable it ... Still dunno what's up with the Compatibility View On Fri, Jun 2, 2017 at 11:17 AM, Michael Leone <oozerd...@gmail.com> wrote: > OK, so why then isn't it working? When I do a Group Policy Wizard, and > choose my user and test VM, I do see my domain in (Computer) Windows > Components/Internet Explorer/Compatibility View > > *.wrk.ads.xxx.xxx.xxx > > I also see "Use Pop-Up Blocker" disabled, under (Computer) Windows > Components/Internet Explorer/Internet Control Panel/Security > Page/Trusted Sites Zone. > > I even set the same things under the User Configuration (Compatibility > View settings, and pop-up blocker settings). > > So how come when I log in as that user, on that machine, and go to the > local website, I see that the Security page says I am in the Trusted > Zone, but I don't see pop-ups disabled. And I don't see my domain > under Compatibility View. > > It is IE11 (version 11.0.9600.18059). > > So what is the deal here? Ordinarily, I'd run rsop.msc, but this is a > regular user, and the other GPO settings prohibit running it. > > I suppose I could temporarily make the user a local admin, so I could > check. But the GP Wizard says they are set. > > Am I just setting the wrong things? How can I disable pop-ups in the > Trusted Zone, and add my internal domain to Compatibility View, if I > don't use the template? Am I going to have to push out a registry > setting or something? > > > > > On Fri, Jun 2, 2017 at 10:21 AM, <dylan.mar...@bench.com> wrote: >> Michael, >> >> Compatibility View settings are managed here: >> >> Computer Configuration -> Administrative Templates -> Windows Components -> >> Internet Explorer -> Compatibility View >> >> The settings you are looking for is "Use Policy List of Internet Explorer 7 >> sites", that is what the compatiblity view does. >> >> https://docs.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/missing-the-compatibility-view-button >> >> -Original Message- >> From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] >> On Behalf Of Michael Leone >> Sent: Friday, June 02, 2017 4:00 PM >> To: ntsysadm@lists.myitforum.com >> Subject: [NTSysADM] Re: Using GPO to allow pop-ups and to set compatibility >> settings - MORE >> >> Apparently, a long time back, I did add my internal domain to the "Trusted >> Sites" zone via a GPP registry setting, as well as pushing out my internal >> CA cert. (just goes to shwo, getting old sucks. Only thing worse is not >> getting old ..) >> >> Anyway, when I go to the new VOIP server, and try to log in via web >> interface (to see reports, etc), >> >> I am NOT prompted for a cert >> The site does show as a "Trusted Site" >> >> Good! >> >> BUT ... even so, pop-ups say they are enabled, and I don't see my internal >> domain in Compatibility View. >> >> I've already disabled pop-up blockers in the Internet Control Panel/Security >> Page/Trusted Sites Zone for computers. Guess I'll try it for User >> Configuration ... >> >> >> Still haven't found where to add to Compatibility View ... >> >> >> On Fri, Jun 2, 2017 at 9:13 AM, Michael Leone <oozerd...@gmail.com> wrote: >>> Today we start rolling out a new VOIP phone system (I haven't been >>> involved with any of this). >>> >>> This morning I get an email, saying that some of our staff will need >>> to access the system via a web interface, and that we need to turn off >>> pop-up blockers for that site, and to add this site to COmpability >>> View. >>> >>> >>> >>> Why they just didn't wait to ask this until after we'd changed out >>> 1,000 Nortel phones for Cisco phones? >>> >>> Anyway: >>> >>> I've already pushed out our internal root cert, so they shouldn't be >>> asked to accept an unknown cert. This works for IE, but not for >>> Chrome, for some reason. But I'll get back to that. >>> >>> Anyway, since we use IE 10 and IE 11 (no Edge, no Win 10, everybody is >>> still Win 7), I think I need to use GP to: >>> >>> Computer Configuration/Policies/Administrative Templates/Windows >>> Components/Internet Explorer/Pop-up Allow List >>> >>> and add "*." >>> >>> (that won't erase any other pop-up settings they may have manually >>> entered, will it?) >>> >>> But where do I do that for Compatibility View? I see a "Compability >>> View" sub-section there, but nothing that looks like "Add this local >>> domain". >>> >>> Sorry for the rushed questions, but like I say, this is the first I am >>> hearing of this. How they did not notice this during testing, I have >>> no clue ... >>> >>> Thanks >> >>
Re: [NTSysADM] Re: Using GPO to allow pop-ups and to set compatibility settings - MORE
On Fri, Jun 2, 2017 at 11:32 AM, Melvin Backus <melvin.bac...@byers.com> wrote: > Run the policy wizard from within GP management, it should give you the > results. That's what I did. The Group Policy Results Wizard shows those settings being applied, for that user on that VM. Logging in as that user to the actual VM, I don't see those settings in IE (pop-ups blocked, domains listed in Compatibility View). > > -- > There are 10 kinds of people in the world... > those who understand binary and those who don't. > > -Original Message- > From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] > On Behalf Of Michael Leone > Sent: Friday, June 2, 2017 11:18 AM > To: ntsysadm@lists.myitforum.com > Subject: Re: [NTSysADM] Re: Using GPO to allow pop-ups and to set > compatibility settings - MORE > > OK, so why then isn't it working? When I do a Group Policy Wizard, and choose > my user and test VM, I do see my domain in (Computer) Windows > Components/Internet Explorer/Compatibility View > > *.wrk.ads.xxx.xxx.xxx > > I also see "Use Pop-Up Blocker" disabled, under (Computer) Windows > Components/Internet Explorer/Internet Control Panel/Security Page/Trusted > Sites Zone. > > I even set the same things under the User Configuration (Compatibility View > settings, and pop-up blocker settings). > > So how come when I log in as that user, on that machine, and go to the local > website, I see that the Security page says I am in the Trusted Zone, but I > don't see pop-ups disabled. And I don't see my domain under Compatibility > View. > > It is IE11 (version 11.0.9600.18059). > > So what is the deal here? Ordinarily, I'd run rsop.msc, but this is a regular > user, and the other GPO settings prohibit running it. > > I suppose I could temporarily make the user a local admin, so I could check. > But the GP Wizard says they are set. > > Am I just setting the wrong things? How can I disable pop-ups in the Trusted > Zone, and add my internal domain to Compatibility View, if I don't use the > template? Am I going to have to push out a registry setting or something? > > > > > On Fri, Jun 2, 2017 at 10:21 AM, <dylan.mar...@bench.com> wrote: >> Michael, >> >> Compatibility View settings are managed here: >> >> Computer Configuration -> Administrative Templates -> Windows >> Components -> Internet Explorer -> Compatibility View >> >> The settings you are looking for is "Use Policy List of Internet Explorer 7 >> sites", that is what the compatiblity view does. >> >> https://docs.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/m >> issing-the-compatibility-view-button >> >> -Original Message- >> From: listsad...@lists.myitforum.com >> [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael Leone >> Sent: Friday, June 02, 2017 4:00 PM >> To: ntsysadm@lists.myitforum.com >> Subject: [NTSysADM] Re: Using GPO to allow pop-ups and to set >> compatibility settings - MORE >> >> Apparently, a long time back, I did add my internal domain to the >> "Trusted Sites" zone via a GPP registry setting, as well as pushing >> out my internal CA cert. (just goes to shwo, getting old sucks. Only >> thing worse is not getting old ..) >> >> Anyway, when I go to the new VOIP server, and try to log in via web >> interface (to see reports, etc), >> >> I am NOT prompted for a cert >> The site does show as a "Trusted Site" >> >> Good! >> >> BUT ... even so, pop-ups say they are enabled, and I don't see my internal >> domain in Compatibility View. >> >> I've already disabled pop-up blockers in the Internet Control Panel/Security >> Page/Trusted Sites Zone for computers. Guess I'll try it for User >> Configuration ... >> >> >> Still haven't found where to add to Compatibility View ... >> >> >> On Fri, Jun 2, 2017 at 9:13 AM, Michael Leone <oozerd...@gmail.com> wrote: >>> Today we start rolling out a new VOIP phone system (I haven't been >>> involved with any of this). >>> >>> This morning I get an email, saying that some of our staff will need >>> to access the system via a web interface, and that we need to turn >>> off pop-up blockers for that site, and to add this site to >>> COmpability View. >>> >>> >>> >>> Why they just didn't wait to ask this until after we'd changed out >>> 1,000 Nortel phones for Cisco phones? >>> >>> Anyway: >>> >>> I've already p
Re: [NTSysADM] Re: Using GPO to allow pop-ups and to set compatibility settings - MORE
OK, so why then isn't it working? When I do a Group Policy Wizard, and choose my user and test VM, I do see my domain in (Computer) Windows Components/Internet Explorer/Compatibility View *.wrk.ads.xxx.xxx.xxx I also see "Use Pop-Up Blocker" disabled, under (Computer) Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone. I even set the same things under the User Configuration (Compatibility View settings, and pop-up blocker settings). So how come when I log in as that user, on that machine, and go to the local website, I see that the Security page says I am in the Trusted Zone, but I don't see pop-ups disabled. And I don't see my domain under Compatibility View. It is IE11 (version 11.0.9600.18059). So what is the deal here? Ordinarily, I'd run rsop.msc, but this is a regular user, and the other GPO settings prohibit running it. I suppose I could temporarily make the user a local admin, so I could check. But the GP Wizard says they are set. Am I just setting the wrong things? How can I disable pop-ups in the Trusted Zone, and add my internal domain to Compatibility View, if I don't use the template? Am I going to have to push out a registry setting or something? On Fri, Jun 2, 2017 at 10:21 AM, <dylan.mar...@bench.com> wrote: > Michael, > > Compatibility View settings are managed here: > > Computer Configuration -> Administrative Templates -> Windows Components -> > Internet Explorer -> Compatibility View > > The settings you are looking for is "Use Policy List of Internet Explorer 7 > sites", that is what the compatiblity view does. > > https://docs.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/missing-the-compatibility-view-button > > -Original Message- > From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] > On Behalf Of Michael Leone > Sent: Friday, June 02, 2017 4:00 PM > To: ntsysadm@lists.myitforum.com > Subject: [NTSysADM] Re: Using GPO to allow pop-ups and to set compatibility > settings - MORE > > Apparently, a long time back, I did add my internal domain to the "Trusted > Sites" zone via a GPP registry setting, as well as pushing out my internal CA > cert. (just goes to shwo, getting old sucks. Only thing worse is not getting > old ..) > > Anyway, when I go to the new VOIP server, and try to log in via web interface > (to see reports, etc), > > I am NOT prompted for a cert > The site does show as a "Trusted Site" > > Good! > > BUT ... even so, pop-ups say they are enabled, and I don't see my internal > domain in Compatibility View. > > I've already disabled pop-up blockers in the Internet Control Panel/Security > Page/Trusted Sites Zone for computers. Guess I'll try it for User > Configuration ... > > > Still haven't found where to add to Compatibility View ... > > > On Fri, Jun 2, 2017 at 9:13 AM, Michael Leone <oozerd...@gmail.com> wrote: >> Today we start rolling out a new VOIP phone system (I haven't been >> involved with any of this). >> >> This morning I get an email, saying that some of our staff will need >> to access the system via a web interface, and that we need to turn off >> pop-up blockers for that site, and to add this site to COmpability >> View. >> >> >> >> Why they just didn't wait to ask this until after we'd changed out >> 1,000 Nortel phones for Cisco phones? >> >> Anyway: >> >> I've already pushed out our internal root cert, so they shouldn't be >> asked to accept an unknown cert. This works for IE, but not for >> Chrome, for some reason. But I'll get back to that. >> >> Anyway, since we use IE 10 and IE 11 (no Edge, no Win 10, everybody is >> still Win 7), I think I need to use GP to: >> >> Computer Configuration/Policies/Administrative Templates/Windows >> Components/Internet Explorer/Pop-up Allow List >> >> and add "*." >> >> (that won't erase any other pop-up settings they may have manually >> entered, will it?) >> >> But where do I do that for Compatibility View? I see a "Compability >> View" sub-section there, but nothing that looks like "Add this local >> domain". >> >> Sorry for the rushed questions, but like I say, this is the first I am >> hearing of this. How they did not notice this during testing, I have >> no clue ... >> >> Thanks > >
Re: [NTSysADM] Re: Using GPO to allow pop-ups and to set compatibility settings - MORE
AH HA! Thanks. I will just add my interal domain, so I don't have to go through this again. *. Thanks On Fri, Jun 2, 2017 at 10:21 AM, <dylan.mar...@bench.com> wrote: > Michael, > > Compatibility View settings are managed here: > > Computer Configuration -> Administrative Templates -> Windows Components -> > Internet Explorer -> Compatibility View > > The settings you are looking for is "Use Policy List of Internet Explorer 7 > sites", that is what the compatiblity view does. > > https://docs.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/missing-the-compatibility-view-button > > -Original Message- > From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] > On Behalf Of Michael Leone > Sent: Friday, June 02, 2017 4:00 PM > To: ntsysadm@lists.myitforum.com > Subject: [NTSysADM] Re: Using GPO to allow pop-ups and to set compatibility > settings - MORE > > Apparently, a long time back, I did add my internal domain to the "Trusted > Sites" zone via a GPP registry setting, as well as pushing out my internal CA > cert. (just goes to shwo, getting old sucks. Only thing worse is not getting > old ..) > > Anyway, when I go to the new VOIP server, and try to log in via web interface > (to see reports, etc), > > I am NOT prompted for a cert > The site does show as a "Trusted Site" > > Good! > > BUT ... even so, pop-ups say they are enabled, and I don't see my internal > domain in Compatibility View. > > I've already disabled pop-up blockers in the Internet Control Panel/Security > Page/Trusted Sites Zone for computers. Guess I'll try it for User > Configuration ... > > > Still haven't found where to add to Compatibility View ... > > > On Fri, Jun 2, 2017 at 9:13 AM, Michael Leone <oozerd...@gmail.com> wrote: >> Today we start rolling out a new VOIP phone system (I haven't been >> involved with any of this). >> >> This morning I get an email, saying that some of our staff will need >> to access the system via a web interface, and that we need to turn off >> pop-up blockers for that site, and to add this site to COmpability >> View. >> >> >> >> Why they just didn't wait to ask this until after we'd changed out >> 1,000 Nortel phones for Cisco phones? >> >> Anyway: >> >> I've already pushed out our internal root cert, so they shouldn't be >> asked to accept an unknown cert. This works for IE, but not for >> Chrome, for some reason. But I'll get back to that. >> >> Anyway, since we use IE 10 and IE 11 (no Edge, no Win 10, everybody is >> still Win 7), I think I need to use GP to: >> >> Computer Configuration/Policies/Administrative Templates/Windows >> Components/Internet Explorer/Pop-up Allow List >> >> and add "*." >> >> (that won't erase any other pop-up settings they may have manually >> entered, will it?) >> >> But where do I do that for Compatibility View? I see a "Compability >> View" sub-section there, but nothing that looks like "Add this local >> domain". >> >> Sorry for the rushed questions, but like I say, this is the first I am >> hearing of this. How they did not notice this during testing, I have >> no clue ... >> >> Thanks > >
RE: [NTSysADM] Re: Using GPO to allow pop-ups and to set compatibility settings - MORE
Michael, Compatibility View settings are managed here: Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Compatibility View The settings you are looking for is "Use Policy List of Internet Explorer 7 sites", that is what the compatiblity view does. https://docs.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/missing-the-compatibility-view-button -Original Message- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Michael Leone Sent: Friday, June 02, 2017 4:00 PM To: ntsysadm@lists.myitforum.com Subject: [NTSysADM] Re: Using GPO to allow pop-ups and to set compatibility settings - MORE Apparently, a long time back, I did add my internal domain to the "Trusted Sites" zone via a GPP registry setting, as well as pushing out my internal CA cert. (just goes to shwo, getting old sucks. Only thing worse is not getting old ..) Anyway, when I go to the new VOIP server, and try to log in via web interface (to see reports, etc), I am NOT prompted for a cert The site does show as a "Trusted Site" Good! BUT ... even so, pop-ups say they are enabled, and I don't see my internal domain in Compatibility View. I've already disabled pop-up blockers in the Internet Control Panel/Security Page/Trusted Sites Zone for computers. Guess I'll try it for User Configuration ... Still haven't found where to add to Compatibility View ... On Fri, Jun 2, 2017 at 9:13 AM, Michael Leone <oozerd...@gmail.com> wrote: > Today we start rolling out a new VOIP phone system (I haven't been > involved with any of this). > > This morning I get an email, saying that some of our staff will need > to access the system via a web interface, and that we need to turn off > pop-up blockers for that site, and to add this site to COmpability > View. > > > > Why they just didn't wait to ask this until after we'd changed out > 1,000 Nortel phones for Cisco phones? > > Anyway: > > I've already pushed out our internal root cert, so they shouldn't be > asked to accept an unknown cert. This works for IE, but not for > Chrome, for some reason. But I'll get back to that. > > Anyway, since we use IE 10 and IE 11 (no Edge, no Win 10, everybody is > still Win 7), I think I need to use GP to: > > Computer Configuration/Policies/Administrative Templates/Windows > Components/Internet Explorer/Pop-up Allow List > > and add "*." > > (that won't erase any other pop-up settings they may have manually > entered, will it?) > > But where do I do that for Compatibility View? I see a "Compability > View" sub-section there, but nothing that looks like "Add this local > domain". > > Sorry for the rushed questions, but like I say, this is the first I am > hearing of this. How they did not notice this during testing, I have > no clue ... > > Thanks