locked
IE Enhanced Security Configuration TP4 RRS feed

  • Question

  • While doing some scripting tests I noticed that the "IE Enhanced Security Configuration" seems to be not-(yet-)configurable.

    Server Manager shows "Unknown" as the current state. If the settings are changed manually (by clicking on the status "Unknown" and set the two options to "On") I can refresh the Server Manager but the status is still "Unknown". When clicking again on the status the settings are reverted to "Off".

    In previous versions it was also possible to set this Option in the Registry under "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}". However, this key does not exist in TP4 and is not generated when changing this manually (as described above).

    Is this a bug, a feature that is not yet completely implemented or is there a new way to configure this setting?

    Thanks and best regard
    Mike

    Tuesday, March 8, 2016 3:14 PM

Answers

  • Hi Andy

    Thanks for your suggestion!

    I have just installed another five (5) test machines, also with a brand new downloaded ISO-file. I got the message "Unknown" on all of these machines. I have used Windows Server 2012 R2 with Hyper-V, Windows 8.1 Client Hyper-V and ESX 6 to ensure that it is not a hypervisor related issue.srv2srv3

    However, after some more researching, I realized that, after the initial installation via ISO, the OS build was 10586.0.
    On the working system (which I have installed earlier) the build number was 10586.164. It seems that this newer build (actually KB3140768) fixed the issue.

    Our basic scripts include some IE-ESC configuration as well as WSUS settings. And as of yet missing updates we found that ESC issue...

    I assume that your system has been updated prior to check if this issue exists, correct? So you'll most likely also be on 10586.164?

    • Marked as answer by migo99 Wednesday, March 30, 2016 3:36 PM
    Wednesday, March 16, 2016 3:46 PM
  • I vaguely remember having an issue with IE-ESC on my first attempt with TP4 months ago.  But I haven't seen it in any build I have used in the last couple months.  So, I would tend to agree with you that a patch resolved it.  I am using the latest build released to partners on 3/3 and it does not have the issue.

    . : | : . : | : . tim

    • Proposed as answer by Hello_2018 Thursday, March 17, 2016 1:59 AM
    • Marked as answer by migo99 Wednesday, March 30, 2016 3:36 PM
    Wednesday, March 16, 2016 10:25 PM

All replies

  • Hi Mike,

    Thanks for posting here.

    >>Is this a bug, a feature that is not yet completely implemented or is there a new way to configure this setting?

    I have deployed a new 2016TP4 in my environment and found out everything was ok.

    You could try to download this OS from the following link and try again:

    https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-technical-preview

    Besides, I could find this key on my machine:"HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}".

    So, please use another version to install on your machine.

    Additional resource about GPO related settings for IE:

    https://technet.microsoft.com/en-us/library/cc775996(v=ws.10).aspx

    Best regards,


    Andy_Pan

    • Proposed as answer by Hello_2018 Monday, March 14, 2016 9:10 AM
    • Unproposed as answer by Hello_2018 Thursday, March 17, 2016 2:00 AM
    Wednesday, March 9, 2016 8:24 AM
  • Hi Andy

    Thanks for your suggestion!

    I have just installed another five (5) test machines, also with a brand new downloaded ISO-file. I got the message "Unknown" on all of these machines. I have used Windows Server 2012 R2 with Hyper-V, Windows 8.1 Client Hyper-V and ESX 6 to ensure that it is not a hypervisor related issue.srv2srv3

    However, after some more researching, I realized that, after the initial installation via ISO, the OS build was 10586.0.
    On the working system (which I have installed earlier) the build number was 10586.164. It seems that this newer build (actually KB3140768) fixed the issue.

    Our basic scripts include some IE-ESC configuration as well as WSUS settings. And as of yet missing updates we found that ESC issue...

    I assume that your system has been updated prior to check if this issue exists, correct? So you'll most likely also be on 10586.164?

    • Marked as answer by migo99 Wednesday, March 30, 2016 3:36 PM
    Wednesday, March 16, 2016 3:46 PM
  • I vaguely remember having an issue with IE-ESC on my first attempt with TP4 months ago.  But I haven't seen it in any build I have used in the last couple months.  So, I would tend to agree with you that a patch resolved it.  I am using the latest build released to partners on 3/3 and it does not have the issue.

    . : | : . : | : . tim

    • Proposed as answer by Hello_2018 Thursday, March 17, 2016 1:59 AM
    • Marked as answer by migo99 Wednesday, March 30, 2016 3:36 PM
    Wednesday, March 16, 2016 10:25 PM
  • Hi migo99,

    Thanks for your feedback.

    >>I assume that your system has been updated prior to check if this issue exists, correct? So you'll most likely also be on 10586.164?

    When I type msinfo32 command in my cmd prompt, I found my server version was:10586.0.

    So, I'm agree with Tim's suggestion:  " I am using the latest build released to partners on 3/3 and it does not have the issue."

    Best regards,


    Andy_Pan


    • Edited by Hello_2018 Thursday, March 17, 2016 1:59 AM
    Thursday, March 17, 2016 1:59 AM
  • Hi Tim & Andy

    Thanks for your feedback!

    I was looking to the OS build number via settings > system > about (see screenshot below; after installing the patch). It seems to me that this location would be a bit more specific about the version / build.

    Tim, unfortunately I was not able to locate the partner-specific download of TP4. Do you have a link or can you tell me how to navigate through which part of the partner-sites?

    Best regards,
    Michael

    Thursday, March 17, 2016 10:52 AM
  • "Do you have a link or can you tell me how to navigate through which part of the partner-sites?"

    You should know if you have access to those builds.  These are the interim builds that OEMs use to validate their systems and drivers or software on.  If you don't have access, talk with your engineers who are validating your hardware or software components.

    I think they may also be available if you are part of the Windows Wizards - basically get access to Microsoft's connect site.


    . : | : . : | : . tim

    Thursday, March 17, 2016 3:10 PM
  • Hi Tim

    It seems that we don't have access to these specific OEM builds for whatever reason. As of that I have marked my earlier post with the update as an answer because that would be the general fix for the public (which does not have access to newer builds yet).

    Many thanks for all your assistance and best regards,

    Michael

    Wednesday, March 30, 2016 3:36 PM
  • Hi migo99,

    Thanks for your sharing and I'm glad to hear that your issue was solved.

    >>I assume that your system has been updated prior to check if this issue exists, correct? So you'll most likely also be on 10586.164?

    Yes, it was on 10586.164, please see the figure below:

    Best regards,


    Andy_Pan

    Thursday, March 31, 2016 2:44 AM