Just getting caught up, I don't see that anyone has mentioned it but compatibility view is horrible and it has all sorts of limitations, including that it really only handles addresses out to two domain levels. So for example, you can add xyz.foo.edu, but it actually will put all of foo.edu into compatibility mode, which you may not really want.
If you're stuck on IE10, you may not have an option, but if you can get them to IE 11 then you will want to check out the IE Enterprise mode settings and tools. We have ours up and running and did not have to put any kind of logging server in place for posting, it's optional. Start here, it might even let you get away from IE 10 if you have other sites with compatibility issues that it can support: https://docs.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode -Bonnie -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Michael Leone Sent: Friday, June 2, 2017 8:55 AM To: [email protected] Subject: Re: [NTSysADM] Re: Using GPO to allow pop-ups and to set compatibility settings - MORE AH HA! So for the pop-ups, it is counter-intuitive. Instead of DISABLE, you have to set it to ENABLE .. .and then choose DISABLE from the drop-down. <SIGH> So I have to enable it, to disable it ... Still dunno what's up with the Compatibility View .... On Fri, Jun 2, 2017 at 11:17 AM, Michael Leone <[email protected]> wrote: > OK, so why then isn't it working? When I do a Group Policy Wizard, and > choose my user and test VM, I do see my domain in (Computer) Windows > Components/Internet Explorer/Compatibility View > > *.wrk.ads.xxx.xxx.xxx > > I also see "Use Pop-Up Blocker" disabled, under (Computer) Windows > Components/Internet Explorer/Internet Control Panel/Security > Page/Trusted Sites Zone. > > I even set the same things under the User Configuration (Compatibility > View settings, and pop-up blocker settings). > > So how come when I log in as that user, on that machine, and go to the > local website, I see that the Security page says I am in the Trusted > Zone, but I don't see pop-ups disabled. And I don't see my domain > under Compatibility View. > > It is IE11 (version 11.0.9600.18059). > > So what is the deal here? Ordinarily, I'd run rsop.msc, but this is a > regular user, and the other GPO settings prohibit running it. > > I suppose I could temporarily make the user a local admin, so I could > check. But the GP Wizard says they are set. > > Am I just setting the wrong things? How can I disable pop-ups in the > Trusted Zone, and add my internal domain to Compatibility View, if I > don't use the template? Am I going to have to push out a registry > setting or something? > > > > > On Fri, Jun 2, 2017 at 10:21 AM, <[email protected]> wrote: >> Michael, >> >> Compatibility View settings are managed here: >> >> Computer Configuration -> Administrative Templates -> Windows >> Components -> Internet Explorer -> Compatibility View >> >> The settings you are looking for is "Use Policy List of Internet Explorer 7 >> sites", that is what the compatiblity view does. >> >> https://docs.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/ >> missing-the-compatibility-view-button >> >> -----Original Message----- >> From: [email protected] >> [mailto:[email protected]] On Behalf Of Michael Leone >> Sent: Friday, June 02, 2017 4:00 PM >> To: [email protected] >> Subject: [NTSysADM] Re: Using GPO to allow pop-ups and to set >> compatibility settings - MORE >> >> Apparently, a long time back, I did add my internal domain to the >> "Trusted Sites" zone via a GPP registry setting, as well as pushing >> out my internal CA cert. (just goes to shwo, getting old sucks. Only >> thing worse is not getting old ..) >> >> Anyway, when I go to the new VOIP server, and try to log in via web >> interface (to see reports, etc), >> >> I am NOT prompted for a cert >> The site does show as a "Trusted Site" >> >> Good! >> >> BUT ... even so, pop-ups say they are enabled, and I don't see my internal >> domain in Compatibility View. >> >> I've already disabled pop-up blockers in the Internet Control Panel/Security >> Page/Trusted Sites Zone for computers. Guess I'll try it for User >> Configuration ... >> >> >> Still haven't found where to add to Compatibility View ... >> >> >> On Fri, Jun 2, 2017 at 9:13 AM, Michael Leone <[email protected]> wrote: >>> Today we start rolling out a new VOIP phone system (I haven't been >>> involved with any of this). >>> >>> This morning I get an email, saying that some of our staff will need >>> to access the system via a web interface, and that we need to turn >>> off pop-up blockers for that site, and to add this site to >>> COmpability View. >>> >>> <SIGH> >>> >>> Why they just didn't wait to ask this until after we'd changed out >>> 1,000 Nortel phones for Cisco phones? >>> >>> Anyway: >>> >>> I've already pushed out our internal root cert, so they shouldn't be >>> asked to accept an unknown cert. This works for IE, but not for >>> Chrome, for some reason. But I'll get back to that. >>> >>> Anyway, since we use IE 10 and IE 11 (no Edge, no Win 10, everybody >>> is still Win 7), I think I need to use GP to: >>> >>> Computer Configuration/Policies/Administrative Templates/Windows >>> Components/Internet Explorer/Pop-up Allow List >>> >>> and add "*.<my internal domain>" >>> >>> (that won't erase any other pop-up settings they may have manually >>> entered, will it?) >>> >>> But where do I do that for Compatibility View? I see a "Compability >>> View" sub-section there, but nothing that looks like "Add this local >>> domain". >>> >>> Sorry for the rushed questions, but like I say, this is the first I >>> am hearing of this. How they did not notice this during testing, I >>> have no clue ... >>> >>> Thanks >> >>
