locked
Enhanced Protected Mode problem in Windows 10 RRS feed

  • Question

  • Hi,

    I posted a message several months ago about a credential prompt problem when activating EPM on Windows 10.

    After investigation, I finally found that, in Windows 10, when EPM is activated, Internet Explorer pages are sandboxed in AppContainers. These AppContainers doesn't have access to the local network, which seems great but not for me actually.

    The proxy server's custom error pages are hosted on the secure intranet site.
    When a user browse an Internet page which contains a frame trying to access a blacklisted site, he is prompted to enter his credentials to display a page telling that this has been blocked by the proxy, because of the AppContainer security.

    So for our tests I diabled EPM in Windows 10.
    Now, I need to enable EPM. This is a requirement and cannot be bypassed if we want to do more tests.

    Except by publishing the custom pages on Internet, which will be also refused, is there a way to handle this kind of problem?

    Gerald

    Tuesday, February 2, 2016 12:40 PM

Answers

  • Seems I found a workaround...

    Using Sites to zone assignments, I flagged the intranet site as an Internet site and I don't have credentials prompts...

    I'll see with my client how we can implement a viable solution with another server here.

    Gerald

    Thursday, February 4, 2016 10:08 AM

All replies

  • Hi Gerald,

    have a look in this registry key....

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\TabProcConfig

    add the unprefixed domain with a value of 47b

    eg. chemaxon.com 47b

    what proxy software are you using? WebSphere?

    Regards.


    Rob^_^

    Wednesday, February 3, 2016 1:34 AM
  • Hi,

    Already tried that but thanks...

    The proxy is a BlueCoat appliance.

    For me, it's because the AppContainer doesn't have enterpriseAuthentication and it seems correct because I'm on an Internet page.

    I'm surprised that I can't find another person that was facing this kind of problem because AppContainers were already present in Windows 8 but maybe it's because there's a high security level for my environment.

    Gerald

    Wednesday, February 3, 2016 8:31 AM
  • Hi,

    Enhanced Protected Mode is designed as a security feature which makes your PC safer.

    As your test and mentioned, when activated, the pages are in "AppContainer" which improve the security and that is by designed. We do not have a better way to edit the AppContainer Security.

    Thank you for your understanding.

    Best Regards,

    Simon


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Thursday, February 4, 2016 7:10 AM
  • Hello Simon,

    I don't want to edit the security of the AppContainer, just to find a way to use EPM correctly behind a proxy server.

    Do you have any suggestion for this kind of problem, except publishing the error pages on the Internet?

    If they are hosted on an internal server with Anonymous access, can I make it work ?
    I suspect that I will also be blocked but I can't ask my client to change this just for a PoC.

    Gerald


    Thursday, February 4, 2016 7:46 AM
  • Seems I found a workaround...

    Using Sites to zone assignments, I flagged the intranet site as an Internet site and I don't have credentials prompts...

    I'll see with my client how we can implement a viable solution with another server here.

    Gerald

    Thursday, February 4, 2016 10:08 AM