none
"Require server verification (https:) for all sites in this zone - Internet Explorer 8 Group Policy RRS feed

  • Question

  • Can anyone tell me where I can find the setting within Group Policy to disable/untick the following setting:

    Tools | Internet Options | Security | Local Intranet | Sites | Advanced | Require server verification (https:) for all sites in this zone

    The only way I can find to do this is to use "Internet Explorer Maintenance" and import the settings from my machine which I really want to avoid - much rather use the IE8 Admin Templates.

    There must be a way of doing this surely?!


    Jonathan Conway | MCITP: Enterprise Administrator • MCP • MCSE 2003 • MCTS • VCP
    Tuesday, July 26, 2011 10:47 AM

Answers

  • Hi - I know I can do this via registry but as per above I just want to know one way or the other if there is a native GPO setting - I'm assuming not as I can't find it/haven't heard of it (I'm very experienced in GPO myself) and nobody else seems to know.

    I'll inform my customer that we'll need to set this setting via a method other than native GPO.

    Thanks for your help everyone - much appreciated.


    Jonathan Conway | MCITP: Enterprise Administrator • MCP • MCSE 2003 • MCTS • VCP
    Wednesday, July 27, 2011 11:07 AM

All replies

  • بسم الله الرحمن الرحيم

    what's the problem with this way?

     


    Mohamed Abd Elhamid Abd Elaziz Microsoft System Administrator Abdul Samad Al Qurashi Co.
    Tuesday, July 26, 2011 11:23 AM
  • There is no entry in Group Policy to set this setting other than using Internet Explorer Maintenance - all other settings are done using the Admin Templates so we want ALL setting to be done this way to move away from the deprecated IE Maintenance method.

    It seems strange that all settings apart from this one have been migrated to the admin templates so am assuming it is hidden somewhere else or has been renamed.


    Jonathan Conway | MCITP: Enterprise Administrator • MCP • MCSE 2003 • MCTS • VCP
    Tuesday, July 26, 2011 12:26 PM
  • Hi Jonathan,

     

    Please clarify your concerns. Do you just want to uncheck “Require server verification (https:) for all sites in this zone” for Local Intranet zone and let the users to add website to this zone? If so, please check whether the following registry helps:

     

    With the option unchecked:

    HKU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\Flags: 0x00000143(323)

     

    With the option checked:

    HKU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\Flags: 0x00000147(327)

     

    I have confirmed the registry on Windows 7 with IE 8, if your client OS version is not Windows 7, please let me know.

     

    Best Regards,

     

    Nina

    Forum Support

    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Wednesday, July 27, 2011 10:11 AM
    Moderator
  • My question relates to GPO settings rather than registry - I know how this can be done via the registry but unless I use the Internet Explorer Maintenance section of GPO I can't find a way of doing this unless using the IE8 ADM unless I write my own Custom ADM file and configure through that.

    The problem I have is that ALL my other IE settings are configured using the IE8 Admin Templates and NOT Internet Explorer Maintenance. Group Policy Preferences don't offer a solution here either as this setting is not configurable. I don;t want to use the IEM at all if possible as I don't like relying on importing settings from a machine.


    Jonathan Conway | MCITP: Enterprise Administrator • MCP • MCSE 2003 • MCTS • VCP
    Wednesday, July 27, 2011 10:18 AM
  • My question relates to GPO settings rather than registry - I know how this can be done via the registry but unless I use the Internet Explorer Maintenance section of GPO I can't find a way of doing this unless using the IE8 ADM unless I write my own Custom ADM file and configure through that.

    The problem I have is that ALL my other IE settings are configured using the IE8 Admin Templates and NOT Internet Explorer Maintenance. Group Policy Preferences don't offer a solution here either as this setting is not configurable. I don;t want to use the IEM at all if possible as I don't like relying on importing settings from a machine.


    Jonathan Conway | MCITP: Enterprise Administrator • MCP • MCSE 2003 • MCTS • VCP

    بسم الله الرحمن الرحيم

    you can do edit registry with group policy

    If you want it for computers

    Computer Configuration - Preferences - Windows Settings - right click Registry - New - Registry Item

    Action = Update

    Hive = HKey_Current_Users

    Key Path = HKU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\Flags

    If you want it for Users

    User Configuration - Preferences - Windows Settings - right click Registry - New - Registry Item

    Action = Update

    Hive = HKey_Current_Users

    Key Path = HKU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\Flags


    Mohamed Abd Elhamid Abd Elaziz Microsoft System Administrator Abdul Samad Al Qurashi Co.
    Wednesday, July 27, 2011 10:40 AM
  • Hi - I know I can do this via registry but as per above I just want to know one way or the other if there is a native GPO setting - I'm assuming not as I can't find it/haven't heard of it (I'm very experienced in GPO myself) and nobody else seems to know.

    I'll inform my customer that we'll need to set this setting via a method other than native GPO.

    Thanks for your help everyone - much appreciated.


    Jonathan Conway | MCITP: Enterprise Administrator • MCP • MCSE 2003 • MCTS • VCP
    Wednesday, July 27, 2011 11:07 AM
  • Hi Jonathan,

     

    Thanks for your update. As far as I know, there is no group policy to control this setting directly, you need to set it via registry or build your own ADM or ADMX file.

     

    Thanks.

    Nina


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Thursday, July 28, 2011 3:58 AM
    Moderator
  • It's totally doable using the Group Policy Editor.  I have snapped in the USGCB ADM files and well, it's a part of the IE 8.  The setting is under Administrative Templates Policy Definitions: Windows Components > Internet Explorer > Internet Control Panel > Security Page > Intranet Zone.  Go to the Setting called "Logon Options".

    Wednesday, November 28, 2012 9:23 PM