none
Internet Explorer 11 UAC and Running in elevated Mode RRS feed

  • Question

  • Hi All,

    We are in the process of upgrading from IE 8 to IE 11. I have hit a strange problem that is preventing IE 11 browsing to any web site within the "Internet" zone.

    IE 11 can access any site within the Intranet or Trusted Sites zone, regardless of their location. For example, we have some Internet sites within the Trusted Sites zone. These sites are rendered without issue and are accessed using the same proxy chain as sites that fall within the "Internet" zone.

    If the UAC is disabled or if Internet Explorer is run under elevated privileges IE 11 works as expected and renders all web sites regardless of which zone they are associated with. I believe the issue may be related to IE's "Protected Mode" which is disabled for the Intranet and Trusted Sites zone and enabled on the "Internet" zone. Running IE as Administrator, I believe, disables IE's Protected Mode feature.

    Our fleet of machines running IE 8 do not exhibit these same symptoms. For testing consistency all of the computers running IE 11 live within the same AD OU as the machines running IE 8. The same is true for our test accounts, i.e. Both IE 8 and IE 11 machines share the same Group Policy objects. The only difference is that we are using Group Policy Preferences to provide IE 11 with proxy settings.

    If anyone has a suggested it would be greatly appreciated.

    Cheers.

    Nathan


    NSutton

    Thursday, September 11, 2014 11:20 AM

Answers

  • Hi All,

    After working with Citrix support a private hotfix for UPM 5.1.1 has resolved the issue described here. I am not sure when this hotfix will be made public. However, if you contact Citrix Support with the details above you will be able to access the same hotfix.

    Cheers,

    Nathan Sutton


    NSutton

    • Marked as answer by Nathan Sutton Tuesday, September 16, 2014 8:53 AM
    Tuesday, September 16, 2014 8:53 AM

All replies

  • Hi,

    sounds like you have a dependency for a 32bit Browser Helper addon...

    Tools>Manage Addons>Show currently loaded Addons.

    By default Enhanced Protected mode is turned on for the Internet and Restricted sites zone.

    You can use GPO to turn it on or off for different security zones.

    Regards.


    Rob^_^

    Friday, September 12, 2014 2:32 AM
  • Hi Rob,

    Thanks for the reply. I have tried disabling all add-ons as part of the elimination process. Unfortunately this hasn;t yielded any results. I have found the culprit however.

    I have been trying to narrow this down as much as possible. I was able to narrow it down to the Citrix User Profile Management (UPM). The desktop in question is a virtual machine running within Citrix Xendesktop. The current version of Citrix UPM 5.1.1 had addressed a few bugs that related to IE 9+, UAC and Protected Mode. 

    I can't get to the Citrix web site right now. They must be having some issues. The Citrix eDocs outlines what has been resolved in Citrix UPM 5.1.1. Given my symptoms and these issues I dare say that this is the issue.

    We have 5.1.1 running in our XenApp environment. We also have it running on some virtual machines. Both of these, however are still running IE 8. It is only the machines running IE 11 that are affected. I removed Citrix UPM, reverted back to standard roaming profiles and I could not re-produce the problem.

    With the Citrix UPM enabled the symptoms are as follows:

    1. 1st login by user (no Citrix UPM profile yet), IE 11 starts OK and can browse any web site in any zone, including the Internet Zone.
    2. Logoff and back on (Citrix UPM profile now in play), IE 11 cannot browse any web site that is within a Protected zone

    If I reset the Citrix UPM profile and start again the process repeats exactly outlined above. I am taking this up with Citrix. I just thought I would outline the symptom here in case anyone hits a similar issue.

    Cheers


    NSutton

    Sunday, September 14, 2014 6:10 AM
  • Hi All,

    After working with Citrix support a private hotfix for UPM 5.1.1 has resolved the issue described here. I am not sure when this hotfix will be made public. However, if you contact Citrix Support with the details above you will be able to access the same hotfix.

    Cheers,

    Nathan Sutton


    NSutton

    • Marked as answer by Nathan Sutton Tuesday, September 16, 2014 8:53 AM
    Tuesday, September 16, 2014 8:53 AM