This post has already been read 7567 times!
I was having an issue the other day whereby the users of the new XenApp and XenDesktop estate were complaining about sites not working correctly after they had been migrated. The big difference being that on the new estate we are running Internet Explorer v8 and not v7.
I started to look at why this was happening and found that by default in Internet Explorer 8 cookies are blocked for the Internet Zone. Not sure why Microsoft have decided to go down this route but hey, have to deal with it. So we had a couple of options available to us.
- Send out a document describing how to set the privacy slider to all users (this has obvious pitfalls as the users could set it to low).
- Add all the non-working sites to Trusted Sites (not ideal either)
- Force the correct settings to the users via Gpo.
Option 3 is obviously the way I wanted to go so I started to look at the options available to me. Microsoft allow you to set this option using the Security Zones and Content Ratings shown below. However, if you look into this and import all the settings it will more than likely mess up the rest of your Internet Explorer policy as it will import a LOT of other settings as well.
If, like me, you have slight OCD and this does not work for you here is how i implemented it using Group Policy Preferences.
There are 3 registry keys that you need to set to force the options down to the users. 1 DWORD key and 2 BINARY keys. The DWORD key is directly related to what is set in the binary keys so I suggest that you set up Internet Explorer v8 how you want it deployed to the users (Privacy Slider Only) on the machine or server that you are configuring the Group Policy with then import the keys. This will stop you getting stuck with a typo or the like!!
All 3 keys are located here: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
The 3 being the zone you are dealing with (Internet Zone in this case) If you want to know about the other zones just google it!
The main value is: 1A10 and can be set to the following values: 0, 1 or 3
3 being block all, 0 being allow all and 1 being anything in-between!
If you set this to 1 then it will depend on what you have in the binary values below as to where the slider will be positioned (Low, Medium, Medium High etc)
The 2 binary keys are:
These need to be in place for the value to take effect. The value of these keys change depending on the slider hence the reason I said its easier to import them.
Thats it! once you have these 3 registry keys in place you are able to set the slider to the wanted position without importing all the other rubbish into your policy.
One last point – if you want to FORCE this out every login regardless if the user changes the option during a session set the registry keys to replace. This will ensure they get written every login.
Hope this was useful and saves you trawling around the internet for ages…