locked
IE security message - Protected mode is turn-off for the local intranet zone RRS feed

  • Question

  • Hi,

    When I launch IE from a Windows 2012 RDS server, I am seeing this message "Protected mode is turn-off for the local intranet zone". Click either "Dont show this message again" or "Turn on Protected mode". 

    I then enable enhance protected mode in a group policy: User Configuration/Windows Components/Internet Explorer/Internet Control Panel/Advanced Page. 

    After that, when I launch IE again, I still see that message.  

    Please advise how I could Turn on Protect mode for Local Intranet Zone and when a user login to the server and launch IE, he will not see that message at the bottom.  

    Thanks, 

    Ed


    Monday, July 18, 2016 4:55 PM

Answers

  • Hi Ed,
    Have you tried running gpupdate /force command on client or rebooting clients to take effect group policy?
    And if it doesn’t work, please run gpresult /h to see more information for GPO not applying.

    Alternatively, this message is controlled by registry key, you could set its value as below via group policy and try again to see if it works
    HKCU - Software - Microsoft - Internet Explorer - Main
    New DWORD
    NoProtectedModeBanner
    Decimal value of 1
    Regarding to configure a registry item, you could follow:
    https://technet.microsoft.com/en-us/library/cc753092%28v=ws.11%29.aspx?f=255&MSPPError=-2147217396
    Regards,
    Wendy


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by Wendy Jiang Tuesday, July 26, 2016 9:16 AM
    • Marked as answer by Wendy Jiang Thursday, July 28, 2016 8:50 AM
    Tuesday, July 19, 2016 6:48 AM
  • Hi,
    If you choose to use registry, Internet Explorer will now no longer prompt this message for all zones.
    If you enable enhance protected mode in a group policy, please have a try setting it in computer configuration node and remember running GPUPDATE /FORCE or rebooting computer to have this COMPUTER policy take effect.
    Regards,
    Wendy

    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by Wendy Jiang Tuesday, July 26, 2016 9:16 AM
    • Marked as answer by Wendy Jiang Thursday, July 28, 2016 8:50 AM
    Friday, July 22, 2016 2:36 AM

All replies

  • Hi Ed,
    Have you tried running gpupdate /force command on client or rebooting clients to take effect group policy?
    And if it doesn’t work, please run gpresult /h to see more information for GPO not applying.

    Alternatively, this message is controlled by registry key, you could set its value as below via group policy and try again to see if it works
    HKCU - Software - Microsoft - Internet Explorer - Main
    New DWORD
    NoProtectedModeBanner
    Decimal value of 1
    Regarding to configure a registry item, you could follow:
    https://technet.microsoft.com/en-us/library/cc753092%28v=ws.11%29.aspx?f=255&MSPPError=-2147217396
    Regards,
    Wendy


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by Wendy Jiang Tuesday, July 26, 2016 9:16 AM
    • Marked as answer by Wendy Jiang Thursday, July 28, 2016 8:50 AM
    Tuesday, July 19, 2016 6:48 AM
  • Thanks.

    If protected mode is turned on, I should not see the pop-up again, right?

    If yes, I'd like to turn on protect mode.  

    Do you see anything missing in the steps I have performed?

    enable enhance protected mode in a group policy: User Configuration/Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Advanced Page. 

    Tuesday, July 19, 2016 5:14 PM
  • Also, is the NoProtectedModeBanner reg value hide banner "Protected mode is turn-off" for the local intranet zone only or this hides all the zones?

    Tuesday, July 19, 2016 5:17 PM
  • Hi,
    If you choose to use registry, Internet Explorer will now no longer prompt this message for all zones.
    If you enable enhance protected mode in a group policy, please have a try setting it in computer configuration node and remember running GPUPDATE /FORCE or rebooting computer to have this COMPUTER policy take effect.
    Regards,
    Wendy

    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by Wendy Jiang Tuesday, July 26, 2016 9:16 AM
    • Marked as answer by Wendy Jiang Thursday, July 28, 2016 8:50 AM
    Friday, July 22, 2016 2:36 AM