locked
Manage Java Running In IE8? RRS feed

  • Question

  • We have a set a GPO that restricts Java from running in the browser unless the site is in the Trusted Sites zone.

    This "mostly" works, but sometimes Java on the workstation fails to be detected by the website even if the domain in the address bar is in the Trusted Sites zone.

    Is adding the site *.domain.com enough or a blanket wildcard for every URL on a domain or do we need both *.domain.com and https://*.domain.com?

    Since sometimes images and other content in a website come from domains other than the domain that shows in the address bar, maybe Java is trying to run from another domain also?  Is there any way to tell if Java is trying to be accessed by a domain that is different than the domain that is showing in the address bar so we add the correct domains to the Trusted Sites Zone?  Is there a log or some other way to see which domain is trying to access Java on the workstation when Java fails to run on a trusted site due to this IE restriction policy?


    • Edited by MyGposts Friday, November 22, 2013 4:16 AM
    Friday, November 22, 2013 4:13 AM

Answers

  • Hi,

    For most sites, Java can still run when you add the domain into the Trusted Sites Zone. But for some site, Java can’t run even though this site is in Trusted Sites Zone, for this Java may run from another domain. So you should manually add this domain from which this Java run into Trusted Sites Zone.

    While you add the domain into Trusted Sites zone, both *.domain.com and https://*.domain.com are ok.

    Thanks!


    Andy Altmann
    TechNet Community Support

    • Proposed as answer by 暁北 Wednesday, December 4, 2013 12:13 PM
    • Marked as answer by 暁北 Wednesday, December 4, 2013 12:14 PM
    Tuesday, November 26, 2013 1:04 PM
  • f12>Networking tab, click the 'Play' button... refresh the page...

    all resource calls and their domains will be listed. (it will be a .class file).. copy the resource url from the networking console and paste in in a new IE address bar... from there File>Properties will show you which IE Security zone the originating domain is mapped to.

    or

    Console tab,

    type

    document.querySelectorAll('object,applet')

    a HTML Collection will be listed in the console tab, from there you can expand the collection nodes to find the data/src attribute values.

    typing

    navigator.platform will tell you if the page is using x86 or x64. Java RT comes in both x86 and x64 versions (update at java.com).

    Tools>Mangage addons>Show All addons>.... will show you what flavors of JavaRT are installed on the client and whether they are enabled or not.

    Start>Control Panel>Java RT is the Oracle control panel for Java... It has its own security zone settings. Refer to the documentation at Java.com

    Regards.


    Rob^_^

    • Marked as answer by 暁北 Wednesday, December 4, 2013 12:14 PM
    Wednesday, November 27, 2013 12:07 AM
  • I'm using IE 8 and I don't see those options.

    Correct.  Those were new features in IE9.  There is a kind of a console but only in the Script tab.

    I already know Java is enabled because it works on some sites that we have added to the IE Trusted Sites zone.

    If you enabled the Java console and full tracing in it you would "know" even more, possibly even what domain name files were being downloaded from.  Otherwise you could try using Fiddler2 to try to trace traffic.



    Robert Aldwinckle
    ---

    • Marked as answer by 暁北 Wednesday, December 4, 2013 12:14 PM
    Wednesday, November 27, 2013 6:09 PM
    Answerer

All replies

  • Hi,

    For most sites, Java can still run when you add the domain into the Trusted Sites Zone. But for some site, Java can’t run even though this site is in Trusted Sites Zone, for this Java may run from another domain. So you should manually add this domain from which this Java run into Trusted Sites Zone.

    While you add the domain into Trusted Sites zone, both *.domain.com and https://*.domain.com are ok.

    Thanks!


    Andy Altmann
    TechNet Community Support

    • Proposed as answer by 暁北 Wednesday, December 4, 2013 12:13 PM
    • Marked as answer by 暁北 Wednesday, December 4, 2013 12:14 PM
    Tuesday, November 26, 2013 1:04 PM
  • The problem with that is I can't see what domain Java is trying to run from if it is a domain that is different from the one in the address bar.

    I would have tried that already if I could see what the secret hidden domains were.

    How do you find this?  

    Tuesday, November 26, 2013 2:11 PM
  • The problem with that is I can't see what domain Java is trying to run from if it is a domain that is different from the one in the address bar.

    Have you tried using the Java Console?


    Robert Aldwinckle
    ---

    Tuesday, November 26, 2013 9:06 PM
    Answerer
  • No.  The domain restrictions are set through Internet Explorer policies.

    I don't know how to manage the Java control panel or if that would help this issue.

    Tuesday, November 26, 2013 9:11 PM
  • f12>Networking tab, click the 'Play' button... refresh the page...

    all resource calls and their domains will be listed. (it will be a .class file).. copy the resource url from the networking console and paste in in a new IE address bar... from there File>Properties will show you which IE Security zone the originating domain is mapped to.

    or

    Console tab,

    type

    document.querySelectorAll('object,applet')

    a HTML Collection will be listed in the console tab, from there you can expand the collection nodes to find the data/src attribute values.

    typing

    navigator.platform will tell you if the page is using x86 or x64. Java RT comes in both x86 and x64 versions (update at java.com).

    Tools>Mangage addons>Show All addons>.... will show you what flavors of JavaRT are installed on the client and whether they are enabled or not.

    Start>Control Panel>Java RT is the Oracle control panel for Java... It has its own security zone settings. Refer to the documentation at Java.com

    Regards.


    Rob^_^

    • Marked as answer by 暁北 Wednesday, December 4, 2013 12:14 PM
    Wednesday, November 27, 2013 12:07 AM
  • I'm using IE 8 and I don't see those options.

    After F12, there is no "Networking" tab.  It has HTML, CSS, Script and Profiler.

    I also don't see any "Console" tab where I can type anything.

    I already know Java is enabled because it works on some sites that we have added to the IE Trusted Sites zone.

    Wednesday, November 27, 2013 3:07 AM
  • I'm using IE 8 and I don't see those options.

    Correct.  Those were new features in IE9.  There is a kind of a console but only in the Script tab.

    I already know Java is enabled because it works on some sites that we have added to the IE Trusted Sites zone.

    If you enabled the Java console and full tracing in it you would "know" even more, possibly even what domain name files were being downloaded from.  Otherwise you could try using Fiddler2 to try to trace traffic.



    Robert Aldwinckle
    ---

    • Marked as answer by 暁北 Wednesday, December 4, 2013 12:14 PM
    Wednesday, November 27, 2013 6:09 PM
    Answerer