AH HA! v2 "Deploy from Administrative Templates via GPO. However, it does not get reflected in IE user interface, we see the sites loading in the compatibility mode by opening the developer tool bar (press F12) and checking the browser mode.
Also, we can verify the setting in the client machine registry. The configuration is written to registry under HKCU(HKLM)\Software\[Wow6432Node]\Policies\Microsoft\Internet Explorer\BrowserEmulation\PolicyList." https://blogs.msdn.microsoft.com/asiatech/2013/10/22/how-to-add-web-site-to-compatibility-view-list-via-gpo/ So apparently GPO assigned Compatability View domains do NOT show up in the UI, but when I did a regedit, and navigated to that key ... lo and behold! There was my entry. <SIGH> MS doesn't make this easy and straight-forward, that's for sure ... On Fri, Jun 2, 2017 at 11:55 AM, Michael Leone <[email protected]> wrote: > AH HA! So for the pop-ups, it is counter-intuitive. Instead of > DISABLE, you have to set it to ENABLE .. .and then choose DISABLE from > the drop-down. > > <SIGH> > > So I have to enable it, to disable it ... > > Still dunno what's up with the Compatibility View .... > > > On Fri, Jun 2, 2017 at 11:17 AM, Michael Leone <[email protected]> > wrote: > > OK, so why then isn't it working? When I do a Group Policy Wizard, and > > choose my user and test VM, I do see my domain in (Computer) Windows > > Components/Internet Explorer/Compatibility View > > > > *.wrk.ads.xxx.xxx.xxx > > > > I also see "Use Pop-Up Blocker" disabled, under (Computer) Windows > > Components/Internet Explorer/Internet Control Panel/Security > > Page/Trusted Sites Zone. > > > > I even set the same things under the User Configuration (Compatibility > > View settings, and pop-up blocker settings). > > > > So how come when I log in as that user, on that machine, and go to the > > local website, I see that the Security page says I am in the Trusted > > Zone, but I don't see pop-ups disabled. And I don't see my domain > > under Compatibility View. > > > > It is IE11 (version 11.0.9600.18059). > > > > So what is the deal here? Ordinarily, I'd run rsop.msc, but this is a > > regular user, and the other GPO settings prohibit running it. > > > > I suppose I could temporarily make the user a local admin, so I could > > check. But the GP Wizard says they are set. > > > > Am I just setting the wrong things? How can I disable pop-ups in the > > Trusted Zone, and add my internal domain to Compatibility View, if I > > don't use the template? Am I going to have to push out a registry > > setting or something? > > > > > > > > > > On Fri, Jun 2, 2017 at 10:21 AM, <[email protected]> wrote: > >> Michael, > >> > >> Compatibility View settings are managed here: > >> > >> Computer Configuration -> Administrative Templates -> Windows > Components -> Internet Explorer -> Compatibility View > >> > >> The settings you are looking for is "Use Policy List of Internet > Explorer 7 sites", that is what the compatiblity view does. > >> > >> https://docs.microsoft.com/en-us/internet-explorer/ie11- > deploy-guide/missing-the-compatibility-view-button > >> > >> -----Original Message----- > >> From: [email protected] [mailto:listsadmin@lists. > myitforum.com] On Behalf Of Michael Leone > >> Sent: Friday, June 02, 2017 4:00 PM > >> To: [email protected] > >> Subject: [NTSysADM] Re: Using GPO to allow pop-ups and to set > compatibility settings - MORE > >> > >> Apparently, a long time back, I did add my internal domain to the > "Trusted Sites" zone via a GPP registry setting, as well as pushing out my > internal CA cert. (just goes to shwo, getting old sucks. Only thing worse > is not getting old ..) > >> > >> Anyway, when I go to the new VOIP server, and try to log in via web > interface (to see reports, etc), > >> > >> I am NOT prompted for a cert > >> The site does show as a "Trusted Site" > >> > >> Good! > >> > >> BUT ... even so, pop-ups say they are enabled, and I don't see my > internal domain in Compatibility View. > >> > >> I've already disabled pop-up blockers in the Internet Control > Panel/Security Page/Trusted Sites Zone for computers. Guess I'll try it for > User Configuration ... > >> > >> > >> Still haven't found where to add to Compatibility View ... > >> > >> > >> On Fri, Jun 2, 2017 at 9:13 AM, Michael Leone <[email protected]> > wrote: > >>> Today we start rolling out a new VOIP phone system (I haven't been > >>> involved with any of this). > >>> > >>> This morning I get an email, saying that some of our staff will need > >>> to access the system via a web interface, and that we need to turn off > >>> pop-up blockers for that site, and to add this site to COmpability > >>> View. > >>> > >>> <SIGH> > >>> > >>> Why they just didn't wait to ask this until after we'd changed out > >>> 1,000 Nortel phones for Cisco phones? > >>> > >>> Anyway: > >>> > >>> I've already pushed out our internal root cert, so they shouldn't be > >>> asked to accept an unknown cert. This works for IE, but not for > >>> Chrome, for some reason. But I'll get back to that. > >>> > >>> Anyway, since we use IE 10 and IE 11 (no Edge, no Win 10, everybody is > >>> still Win 7), I think I need to use GP to: > >>> > >>> Computer Configuration/Policies/Administrative Templates/Windows > >>> Components/Internet Explorer/Pop-up Allow List > >>> > >>> and add "*.<my internal domain>" > >>> > >>> (that won't erase any other pop-up settings they may have manually > >>> entered, will it?) > >>> > >>> But where do I do that for Compatibility View? I see a "Compability > >>> View" sub-section there, but nothing that looks like "Add this local > >>> domain". > >>> > >>> Sorry for the rushed questions, but like I say, this is the first I am > >>> hearing of this. How they did not notice this during testing, I have > >>> no clue ... > >>> > >>> Thanks > >> > >> >
