none
Allow font download in IE 11 RRS feed

  • Question

  • Hi Microsoft,

    Can you please shed some lights on these two IE11 policies:

    Policies in question: The Allow font download and the Security Zone: Do not allow users to change policies.

    In Computer Configuration > Administrative Templates > Windows Components > Internet Explorer> the Security Zone: Do not allow users to change policies to set to Enabled.

    This actually prevent users from being able to change the "Custom Level" in Internet Options > Security > Local Intranet > Custom Level. Where the Custom Level button is greyed out:

     This actually prevent users from being able to download font.

    However,

    In Computer Configuration > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page > Intranet Zone: The Allow font downloads is set to Enabled

    Does these two settings kind of contradicting each other or these two settings are referring to something totally different?


    Best Regards,

    Wednesday, August 31, 2016 3:30 AM

All replies

  • Hi,

    to debug your intranet web pages first,

    Tools>Internet Options>Advanced tab, check "Always record developer console messages". Save your changes.

    Open IE and navigate to your intranet site, then press the f12 to display the IE Dev tool. On the console tab it will list any blocked content, embeded font downloads or scripting errors.

    (Embeded Fonts )

    the Allow fond downloads security setting refers to (the depreciated) HTML fonts.

    <quote>

    This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box users are queried whether to allow HTML fonts to download.If you disable this policy setting HTML fonts are prevented from downloading.If you do not configure this policy setting HTML fonts can be downloaded automatically.This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box users are queried whether to allow HTML fonts to download.If you disable this policy setting HTML fonts are prevented from downloading.If you do not configure this policy setting HTML fonts can be downloaded automatically.

    </quote>

    so if your intranet site is using HMTL fonts, then those font files will have already been installed to the users {windows}/fonts folder.

    You can also over-ride a web page's font styles with IE settings...

    Tools>Internet Options>General tab, 'Accessibility' button

    "Always ignore font sizes specified on web pages" (default unchecked)

    "Always ignore font styles specified on web pages" (default unchecked)

    "Include this stylesheet" (default none)

    so

    1. first check the dev tools console output for blocked content or fails to load. Check the Netork tab of dev tools to see any failed requests.

    2. Open Internet Options and check the users Accessibility settings.

    If possible include with your questions any output from the IE dev tools' console tab.

    Regards.


    Rob^_^

    Thursday, September 1, 2016 2:20 AM
  • Hi,

    Based on your description, I found an article may help you, please refer to the link:

    "Sites" button and "Custom Level" slider are grayed out in Internet Options - Security tab?

    When you open Internet Options - Security tab and click on any Zone (except Internet Zone), the Sites button may be grayed out.

    As a result, you may be unable to add or remove a website to the specified Zone. Additionally, you may also notice that the Custom level slider is grayed out.

    This prevents you from customizing the Security level for that particular Zone.

    http://windowsxp.mvps.org/ie/flags.htm

    Please Note: Since the websites are not hosted by Microsoft, the links may change without notice. Microsoft does not guarantee the accuracy of this information.

    Best Regards,

    Tao


    Please remember to <b>mark the replies as an answers</b> if they help and <b> unmark</b> them if they provide no help.<br/> If you have feedback for TechNet Subscriber Support, contact <a href="mailto:tnmff@microsoft.com"> tnmff@microsoft.com</a>.

    Monday, September 5, 2016 1:21 AM
    Moderator
  • Hello,
    But...whats the security risc when  Allow fonts downloads  is enabled ?
    there is a CVE item : 2006-0010

    In the security base IE 11 on W8.1 this setting is disabled...This  is our preferred setting.

    But now we see all kind of webpages that are shown in very strange fonts...


    Friday, March 16, 2018 10:55 AM
  • @Ben,

    which web sites? are they your company websites or other websites on the public internet?

    ... the GPO settings you asked about (for font downloads) are only for intranet sites that were developed using windows XP. To avoid the problem you should have your programmers remove the font-families from the source pages, so that client web browsers will default to the factory installed fonts for the current windows version your company is using.

    Installable font(s) families is old technology, that has been replaced with HTML5 web fonts.

    also....

    Users can customize which fonts are used on all web pages from: Tools>Internet Options>General tab,

    1. Accessibility button>check/uncheck "Ignore font styles specified on web pages"

    2. Fonts button.... users can specify the DEFAULT font family for web pages and text files opened in the browser.

    Including the address of problem website with your questions enables us to visit the exact same site to investigate possible causes.

    Also,

    your intranet sites should not use code page charactersets. eg. ISO-1234

    f12>Console tab,

    document.charset

    should return utf-8

    ...if not, then either your servers have content type headers with text/html only or your intranet web pages are missing a charset meta....

    <meta charset="utf-8"/>

    To avoid encoding issues with legacy intranet sites (pages that do not specify utf-8 character sets)

    Open your IIS console at the root website and click the mime-types button.

    locate the .htm and .html and .xhtml file types and change their mime-types from

    text/html to text/html;charset=utf-8 for htm(l) file types.

    application/xml-xhtml to application/xml-xhtml;charset="utf-8"

    When applied to the root web folder... IIS settings are inherited in all sub webs.


    Rob^_^


    Monday, March 19, 2018 3:50 AM