IE7 Group Policy Settings

After when deploying Internet Explorer 7 around your site through a service such as WSUS, there are immediate considertaions that have to be dealt with. The main one being configuring settings for IE7.

It is possible to download the Internet Explorer Administration Toolkit (IEAK), but when dealing with IE7 that has been installed on computers automatically – that’s not what you want to hear.

After installing IE7 on one of our servers, I went to the group policy to see if there were any new settings. As such, the important ones didn’t seem to exist:

  • Configure the phishing filter
  • Disable the ‘First run’ Page

Obviously, there are a number of settings that administrators would want to take control of.

Thankfully, there are two ways of getting these settings in group policy. The first is to simply install Windows Vista as a workstation and use the Group Policy Management Console (GPMC.MSC) which is bundled with Vista. This has all of the IE settings.

If you don’t have a Vista system, you can download an up-to-date MSI of the Administrative Templates for Internet Explorer 7 for Windows. This will install the inetres.adm file in the specified folder.

To apply it to the machine you are working on (pre-Vista, of course), copy the ADM file to %systemroot%\inf. Run gpedit.msc and navigate to User Configuration > Administrative Templates > Windows Components > Internet Explorer.

Some of the useful settings are:

  • Prevent Performance of First Run Customized settings to disable the first run page
  • Turn of Managing Phishing filter to enable the phishing filter and configure its actions
  • Turn on the menu bar by default to stop people asking you where the menu bar is
  • Prevent Participation in the Customer Experience Improvement Program, another default from the first run page
  • Moving the menu bar above the navigation bar to put the menu bar in its proper place, above the address bar

Using the group policy configuration is a much more practical way of configuring IE7 than the registry hacks that I’ve seen floating around where people are struggling to find the group policy settings for IE7.

There are there! Honest!

Open File Dialog Appears when you Click on Links after installing Internet Explorer 7

After upgrading to IE7 in Windows XP, we found that non-admin users were once again seeing the Open File Security warning dialog box.

Once again, the issue can be resolved by visiting the group policy. Open up the appropriate policy file, and follow the path to:

User Configuration > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page

  • Double-click on Site to Zone Assignment and then click ‘Show…
  • Click ‘Add…
  • In the Add Item dialog, type in the FQDN of your domain (eg. mydomain.local) in the first field, and the number ‘2’ in the second field.
  • Click ‘OK’ until the dialogs are closed.
  • Now log a user onto a workstation to check that the changes have taken effect.

All we have done here is added your domain to the Trusted Sites zone, which removes the file security dialog.

Well done, you.

Adding Your Blog as a Search Provider

In IE7, adding your own custom search is beautifully simple now that Microsoft have added the Create Your Own to the ‘Find More Providers…’ link in IE7

Create Your Own Search Provider screenshot

So, it seems sensible that your blog would want a piece of the action.

To that end, here’s a quick example of my own search provider. As IE7 uses the OpenSearch Specification, an XML document can be linked in your site which will make the search box glow. Users can then either use the search specification to carry out a search on the site, or additionally add the search to their list of search providers.

IE7 Search Bar in Vista

First of all, either create your XML file on Microsoft’s Add Search Providers page, or check out my XML file. The opens are documented on the website, I think that they are quite self explanatory.

Edit the XML file to include your site’s details and add any additional bits you’d like.

Upload the file to your website and then open the header.php file that your theme uses (or just your default webpage for non-Wordpress sites).

Within the < head> tag, add the following line (making the appropriate adjustments):

Now visit your website, and you should see that you can be added in Internet Explorer’s search list. If it doesn’t work, check that the XML file syntax is correct, and then restart Internet Explorer. After spending about 30 minutes trying to work out why my XML file wasn’t working, it turned out it was.

And now, if you click on the top right (you IE users, you!), then you’ll see bloggingIT in all its glory! Click on the Add Provider option, and you are greeted with:

Add Search Provider dialog

All users have to do now, is click ‘Add Provider’.

Non-intrusive and easy to use. Great!

Inline Search for Internet Explorer

Inline search

For people fed up with the CTRL+F search function in IE, there’s a handy addon that acts (almost) in the same manner as the Firefox find bar.

It’s now on version 1.3, which has resolved some tiny bugs that used to get me wound up.

It doesn’t integrate as nicely into IE7 as I would have hoped (visually, that is). But it is a vast improvement over the standard Find dialog box.

If you want a quick way to find content in webpages, this is the bad boy.

Making SSL Certificates for your IIS Server

With IE7 on the prowl, I’m having to look at self-signing certificates again to make them work properly.

I found a nice straight-forward how-to on Eric Longman’s blog, which keeps it simple using a Linux box and Windows Server IIS.

Check it out

Although I’ve fixed my certificates, there is still the problem with IE7 showing a big, bad, red page. As a resolution, I’ve found a blog with instructions for valid SBS certificates, but nevertheless puts me in the direction of GoDaddy for reasonable certificate prices.