none
IE11 security zones are grayed out when GPO - Run only specified Windows applications- is enabled Windows 10 roaming profile RRS feed

  • Question

  • Hello all,

    This is my scenario

    Windows 10 Pro V1607 computer using roaming profile

    Internet Explorer 11

    GPO enabled "run only specified windows applications", as result, I can Open IE11, but security zones are locked down.

    Disabling GPO everything back to normal, but I like to manage the allowed applications in roaming profiles. Any help will be appreciated.

    JoMsAe




    • Edited by JoMsAe Thursday, June 8, 2017 7:42 PM
    Thursday, June 8, 2017 7:34 PM

All replies

  • Hi,

    Based on your description, it seems that the GPO not apply.

    We can try troubleshooting tools and check if it helps.

    Troubleshoot Group Policy from the Command Line with GPRESULT

    https://technet.microsoft.com/en-us/library/ff812646.aspx

    10 Common Problems Causing Group Policy To Not Apply

    https://social.technet.microsoft.com/wiki/contents/articles/22457.10-common-problems-causing-group-policy-to-not-apply.aspx

    Best Regards,

    Tao


    Please remember to mark the replies as answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, June 9, 2017 2:24 AM
    Moderator
  • Tao

    Thank you for you reply. I did run a gpresult command and this is that I got, for me looks like the GPO is applying, see below. As you can see, I added cmd.exe and command.exe to the allowed windows apps list, they are running fine, internet explorer 11 is running fine, but the security tab have the security zones locked down, if I do not configure the group policy internet explorer security zones are enabled.

    I was wondering if security zones in IE11 have a dll or exe file that maybe I need to add to the allowed windows apps list

    C:\Users\jcoto>gpresult /R /V

    Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
    © 2016 Microsoft Corporation. All rights reserved.

    Created on 6/9/2017 at 9:26:02 AM


    RSOP data for PROD1\jcoto on HAE612035 : Logging Mode
    -----------------------------------------------------------

    OS Configuration:            Member Workstation
    OS Version:                  10.0.14393
    Site Name:                   N/A
    Roaming Profile:             \\prd05\users\jcoto.V6
    Local Profile:               C:\Users\jcoto
    Connected over a slow link?: No


    USER SETTINGS
    --------------
        CN=Jeff Coto,OU=Test2,DC=PROD1,DC=com
        Last time Group Policy was applied: 6/9/2017 at 9:25:48 AM
        Group Policy was applied from:      prd04.PROD1.com
        Group Policy slow link threshold:   500 kbps
        Domain Name:                        PROD1
        Domain Type:                        Windows 2000

        Applied Group Policy Objects
        -----------------------------
            W10 Agents Group Policy

        The following GPOs were not applied because they were filtered out
        -------------------------------------------------------------------
            Local Group Policy
                Filtering:  Not Applied (Empty)

        The user is a part of the following security groups
        ---------------------------------------------------
            Domain Users
            Everyone
            BUILTIN\Users
            NT AUTHORITY\INTERACTIVE
            CONSOLE LOGON
            NT AUTHORITY\Authenticated Users
            This Organization
            LOCAL
            Medium Mandatory Level

        The user has the following security privileges
        ----------------------------------------------


        Resultant Set Of Policies for User
        -----------------------------------

            Software Installations
            ----------------------
                N/A

            Logon Scripts
            -------------
                N/A

            Logoff Scripts
            --------------
                N/A

            Public Key Policies
            -------------------
                N/A

            Administrative Templates
            ------------------------
                GPO: W10 Agents Group Policy
                    Folder Id: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun\command.exe
                    Value:       99, 0, 111, 0, 109, 0, 109, 0, 97, 0, 110, 0, 100, 0, 46, 0, 101, 0, 120, 0, 101, 0, 0, 0
                    State:       Enabled

                GPO: W10 Agents Group Policy
                    Folder Id: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun
                    Value:       1, 0, 0, 0
                    State:       Enabled

                GPO: W10 Agents Group Policy
                    Folder Id: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun\notepad.exe
                    Value:       110, 0, 111, 0, 116, 0, 101, 0, 112, 0, 97, 0, 100, 0, 46, 0, 101, 0, 120, 0, 101, 0, 0, 0
                    State:       Enabled

                GPO: W10 Agents Group Policy
                    Folder Id: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun\cmd.exe
                    Value:       99, 0, 109, 0, 100, 0, 46, 0, 101, 0, 120, 0, 101, 0, 0, 0
                    State:       Enabled

                GPO: W10 Agents Group Policy
                    Folder Id: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun\iexplore.exe
                    Value:       105, 0, 101, 0, 120, 0, 112, 0, 108, 0, 111, 0, 114, 0, 101, 0, 46, 0, 101, 0, 120, 0, 101, 0, 0, 0
                    State:       Enabled

            Folder Redirection
            ------------------
                N/A

            Internet Explorer Browser User Interface
            ----------------------------------------
                N/A

            Internet Explorer Connection
            ----------------------------
                N/A

            Internet Explorer URLs
            ----------------------
                N/A

            Internet Explorer Security
            --------------------------
                N/A

            Internet Explorer Programs
            --------------------------
                N/A



    • Edited by JoMsAe Friday, June 9, 2017 2:38 PM
    Friday, June 9, 2017 2:36 PM
  • Hi,

    We haven’t heard from you for a couple of days, have you solved the problem? We are looking forward to your good news.

    Best Regards,

    Tao


    Please remember to mark the replies as answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, June 16, 2017 8:20 AM
    Moderator