Recently, we ran a pilot where FIPS-compliance mode was enabled on Windows 7 Enterprise SP1 32-bit computers.  Specifically, the "System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing" security option was set to Enabled.  The pilot is over and we turned off FIPS-compliance mode.

Since doing that, I have noticed that the SSL/TLS settings in Internet Explorer 9 are disabled on computers that were part of the pilot.  I know the defaults are:

• SSL 2.0 : off
• SSL 3.0 : on
• TLS 1.0 : on
• TLS 1.1 : off
• TLS 1.2 : off

Now, all of these settings are disabled (grayed out) and the following settings are set:

• SSL 2.0 : on
• SSL 3.0 : on
• TLS 1.0 : on
• TLS 1.1 : off
• TLS 1.2 : off

This affects all user accounts on the system.

The test GPO we used to turn on FIPS mode for these computers has been verified to only be enforcing that FIPS setting.  It was not controlling any Internet Explorer settings.

Here is the troubleshooting I have done so far:

• Reset Internet Explorer via the Reset button on the Advanced tab in Internet Options.
• Put computer in an OU that had Group Policy inheritance blocked, performed gpupdate, and rebooted to ensure no GPOs were affecting the computer.
  
• Verified that local policy was not enforcing the Internet Explorer SSL/TLS settings.
• Ran msconfig, disabled non-Microsoft services, and rebooted.
• Removed the Internet Explorer feature, rebooted, re-added it, and rebooted.
• Installed all available important and recommended Windows Updates.
• Installed Internet Explorer 11.
• Created a new local account and set it to Administrator and logged in as that.
• Removed the computer from the domain.
• Created another local account (with Administrator rights) and logged in as that while the computer was not on a domain.
• Ran the command from an elevated command prompt:  secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose
• As a last-ditch effort, I ran CCLeaner and performed all the Clean and Registry fixes available.

Does anyone have any other ideas?

To fix an issue with MS14-051, MS released Hotfix KB2991509 (http://support.microsoft.com/kb/2991509/en-us). In this article I can only find a download link for Windows 8x86. The download link for the Windows 8 x64 version is missing. For other OS-Versions there is a link for both architecture versions.

Where is the Windows 8 x64 hotfix?

Hi,

I've enabled IE11 Enterprise Mode and setup an XML-file on a fileshare which I've created using "Enterprise Mode Site List manager". 

When I logon with my test-user and launc IE, after aprox 65 seconds I get the HKCU\Software\Microsoft\internet explorer\Main\EnterPriseMode\ CurrentVersion string updated to the current version of my XML-file. I can then browse the sites and verify that Enterprise Mode is enabled for the sites that I have specified in my XML-file

The problems I'm facing is that if I logout my user and then log back on again to the server and start IE and brwose the sites Enterprise Mode is no longer enabled for them. Also if my user has manually specified some sites for enterprise mode this does not live between sessions. 

Where in the profile does IE EM store the data over which websites that are supposed to be in entprise mode? I've found under AppData\Local\ EmieSiteList and EmieUserList but theese 2 catalogs only contains "container.dat" which is 0 KB?

Anyone know? Has anyone gotten IE EM to work in RDS?

Regards

Jonas

hi,

I Used the tool Internet Explorer Administration Kit (IEAK) to create  a self-extracting DPInst installation package.  when I double click the created installation package, pop-up an error message(see the below picture), but can success installed by right click, run as administrator. My account has the administrator privilege.

But I want to install the installation package by double click, not just Run as administrator, how can I do that?

Best Regards,

Trista.Gao

answer to my question of answer file

I'm working with a client trying to solve a problem that just started on a site I built for her.  The problem started about three weeks ago.

It's a really simple ASP.NET site: http://nancyjoart.com/  One master page loads a common CSS bundle and JS bundle on all pages, however I used to have then unbundled and only bundled them to try to limit the problem.  It didn't work, but I left the bundles as they do speed the site up.

One machine on her network constantly fails, a surface pro 2, Windows 8.1, IE11, all updates installed.  Short story:  On four pages, two public and two privately accessed, IE doesn't apply a CSS or run the javascript in the bundle.

Here are the two public pages that fail:

• http://nancyjoart.com/default.aspx and
• http://nancyjoart.com/gallery.aspx

If the NAV bar at the top has blue links instead of grey/black, the CSS didn't load.  If the page has no art and shows the loading GIF, or no images, the JS didn't load.

Now the fun and amazing part: the CSS that doesn't work on these four pages, is successfully used and works on every other page.

The CSS and JS files do actually get requested and downloaded by IE, as evidenced by a Network Monitor trace session and the F12 tools, but don't get applied (CSS) or loaded(JS) on these pages.

Now it gets weirder:  I can run the site fine on my Surface RT and my Pro2 from anywhere else without fail.  However, if I'm on her wifi - only half the time I can't get the scripts to run or that one CSS to apply.  I press CTRL+R and they work fine when the page reloads, but only half the time.  In fact, it took me about a half an hour to experience the failure.  Once it happened, my dev machine would exhibit the problem, then it would work, then it would fail.

In terms of the JS - When it fails, the debugger indicates a class isn't found.  IE has parsed and downloaded that JS file, and shows the file in the debugger file list dropdown  - but doesn't seem to use it.

Even more odd, the request and responses all appear to happen quickly, all have 200 OK/Success results and the request and response headers look completely normal.  I've even saved the JS file itself and binary compared it to what I have on the server, and it matches, so it isn't somehow getting mangled in-transit.  Even more odd than this little oddity is that once the files are requested and "fail", even if you switch to a cellular connection, the next page loads, and IE doesn't NOT load the files correctly either.  CTRL+R eventually will get it to work on this new connection type though.

Other things I've tried:

1. Works on her wifi on:  iPhone, Windows Phone 8.1, Windows Phone 8, Windows Phone 7, Blackberry (Bold and Playbook) and her Windows 7 desktop.  I've put Firefox on her machine, and it works fine every time.   Anything in this list never fails, ever except ie11 on the surfaces.
2. Her surface is pretty much OOB in terms of apps.  Just Modern apps installed.
3. My surface pro 2 dev machine is OOB too. used daily for development - Again, site works everywhere but her wifi.
4. Minifying the CSS or JS doesn't seem to help,
5. Chkdsk reports nothing,
6. Windows Defender is the only AV installed,
7. all Windows updates are installed,
8. Bundling the css and JS with webgrease didn't help,
9. I've reset the IE advanced settings, security settings, cleared the cache, tried inPrivate, tried making it trusted, nothing worked.
10. even reset the wifi router

She reports other websites all work fine. (** caveat: not sure how complicated these sites are, or how frequently she does this...)

Does anyone have any suggestions that they'd try next if they were in my sad shoes?

Darin R.

Hello,

we have imported the Microsoft Security Compliance Policys for IE10. Nowwehaveunfortunately found that, IE is blocking content on the for the "local computer".

We have installed some software which calls a index.html with some flash and java content, but nothing gets displayed. We`ve already enabled the setting "active content to run in files on my computer", but that doesnt help.

I have copied the files on a file server which is member in the local intranet sites, an there everything is working perfect. My question is, how can I find out which setting is causing that?

Hope somebody have a clue.

Hi all, 

First off sorry if this is not the best place for this question, i was unsure where to ask it.

Recently i have accidentally remove a website from my favorites while giving my computer a clean up. 

Im hoping you can help me find one of the websites i lost from my favorites. 

The website is a Microsoft one but i cant remember what it was called or its URL. This website you can only sing up to if you work in a like a shop that sells computer software and hardware. When your logged in to the website there are a lot of like quiz/surveys to take. Each one has some information before it to help you learn more about features and products for Microsoft Hardware and Software. Once you successfully complete one of these quiz/surveys it rewards you with some points. Each rewarded points depends on the difficulty of the quiz/survey you complete. 

Once you build up enough points you can spend these points on products from Microsoft like Hardware or Software for computers or Xbox. I think the website also allowed you to get discounts on some products as well. 

Anyway if you know what website im talking about please can you remind me of its name or its URL as i have a good handful of points and i have spent the last day or so reading up and preparing for one of the more harder quiz/survey. 

So i really hope you can help me. 

Thanks Joe.

Hi Guys,

In our org. recently the intranet portal is being launched having webpages built using Html5 & CSS3, everything seemed to be working fine until we had this issue of printing via all Internet Explorer browser version.

Issue Description:

Couple of symptoms of the issues when trying to print.

1. The printer name is invalid (res://ieframe.dll/preview.js)
2. The remote server machine does not exist or is unavailable (res://ieframe.dll/preview.js)
3. Whenever print is fired the printer goes in hung state, we have to power off and power on the same

Observation:

1. The same webpage when we try to print using Mozilla firefox / Google chrome there is no issue
2. The print model is HP LaserJet M4345 MFP series
3. The printer is installed using TCP configuration on member server and the printer is shared for client PCs(Windows7/8.1)
4. As soon as the print is fired on the server where printer is configured observe event ID 10 which states print was successful
   1. Document 161, URL - website owned by UserA was printed on HP LaserJet 4345 mfp - IT PCL 6 via port IP_10.14.1.132. Size in bytes: 499992; pages printed: 1
5. We also tested the print on several other printer model like Lexmark and the issue is same.
6. If the printer is configured locally using USB and tried to print – print is successful
7. If we print to XPS doc, it prints properly using IE for that page
8. Tried to trace what’s happening using netmon when print is fired using IE and below is the screenshot

1. Came across this registry thing while troubleshooting and didn’t know how it could relate to the issue while deep diving into netmon logs   (ms724884)
   1. REG_DWORD_LITTLE_ENDIAN

Action Taken:

1. KB 2511250 / 308260 / 2652062  - didn’t worked
2. Installed hotfixes on windows 7 PC KB2028560 / KB2454826 / KB2028551 – didn’t worked
3. logged case with HP Support – updated the drivers UPD PS – didn’t worked (still working on it)
4. enabled / disabled script debugging on IE advanced settings – didn’t worked
5. turned on / off protected mode – didn’t worked
6. tried running in 32/64bit version – didn’t worked
7. tried running in run as administrator mode – didn’t worked
8. registered IE dlls with regards to print – didn’t worked
9. reinstalled IE – didn’t worked

It seems when print is fired the job is sent to server and as soon as the server spooled the print job in to printer, the printer used to get hung.

Printer queue would show the status as printing but won’t print, if we don’t cancel the job the printer after powered ON would again go into hung state.

Would appreciate for your prompt response on the above issue mentioned and do revert for more queries, any points/step if I have missed.

I am using Windows 8.1 single language edition which is pre-installed in my laptop. Now I need to downgrade IE 11 to IE 10. How is it possible? Have tried using compatibility options, but still facing problems with IE version 11.

contact: 9841809585

I'm really surprised that after all these years IE is still incapable of displaying Unicode characters properly although all other major browsers can.  Just to give you an example browse this web site with all browsers and you get what I mean:

www.al-islam.com/Loader.aspx?pageid=1192&FolderID=622

Only IE shows the Unicode characters as squares and on all PCs with Windows XP, 7, 8, 8.1 and Server 2008 and Server 2012.  No matter what you do to fiddle with the encoding, install fonts or change font substitutes, nothing works.

Hello there,

I have a question. At our firm, we used to enroll windows policies from Novell. Nowadays, we use the marvelous MS AD.

Since we use AD to enforce our windows policies some differences in the effect of certain settings have come to my attention. 

We have a site to zone assignment list, in which we state that certain sites belong to a certain zone. Before we used AD we had a site called awtuing01 which was in the Intranet zone. Since we use AD GPO, in which we also put that same zone assignment, things started to fail. It (the webapplication) started to prompt for permissions while these prompts where disabled in that specific zone. So it seemed as if the site was no longer in that zone. After some searching I found out that the pages that where causing these prompts where from a server also called awtuing01 but with an exotic port like 8891. So i started wondering if it could be that only ports 80 (in case of http) and 443 (in case of https) where allowed to be in that zone, and not that exotic port. So I added awtuing01:8891 to the intranet zone in the site to zone assignment list and voila, things worked normal again.

Now my question is, is the assumption correct that when you manually set a site in the Intranet zone, it allows different ports and when you enforce this with a GPO it doesnt? Or is this a setting I am overseeing?

Any help would be greatly appreciated!

Greetings from the Netherlands.

Marijn Wijbenga

We have a sharepoint site from where we publish Office documents as a reporting tool.

Since upgrading from from IE8 to IE 10 we have had problems in the way that these documents are opened from a certain group of application servers.

We have a policy applied to all our Application servers.

If I disable the policy the files open in the normal way with out the option to save the file.

As soon as I add the policy back the first interaction changes and looks as follows

I believe the difference to be that on the first example the file is directly opened from the site and not downloaded to temporary files where as in the second example it actually shows a message stating that the file is being downloaded

Hi,

I have a simple anchor tag like <a href=http://www.google.com></a>

Using a mouse there is no problem but when I use a touch device (windows 8.1/windows Phone 8.1), all that will happen when people touch it is that the link will be highlighted.I don't want to highlight it, I just want the link to open.

Double clicking the link will zoom in the page. It takes several attempts tapping the link to actually open it... this is VERY frustrating.

How can I remove this highlighting non-sense?

I found an article that seems to indicate this was done on purpose:

http://blogs.msdn.com/b/ie/archive/2013/07/31/ie11-touch-browsing-for-today-s-web-and-beyond.aspx

It's a total failure if you ask me and it is very frustrating to use my site on a touch device.

Anyone has any idea on how to make links behave normally?

Best Regards,

Peter

I have a Windows application which opens a web application at a certain point which gives back the control to the Windows app with a custom protocol handler call (myprot://xy/continue) as source of a hidden iframe that I create and remove again when it's loaded.

Everything works fine when the user finishes correctly but I also want to handle an abortion when the user closes the browser. In Chrome and Firefox it works perfectly fine to make the protocol handler call in the onbeforunload event but in IE the iframe is not created. If I use other protocols like http or ftp it is created and works perfectly. I also tried just setting the src attribute of an existing iframe. The source is changed in the DOM but agin for the custom protocol nothing is executed - only http or ftp calls are made.

This seems a bit odd that only my custom protocol isn't executed. Does anybody has a clue what I could do or is there a security setting so that my protocol is declared as safe?

got a large number of machines running IE8. Is there an offline installer for IE 11.0.11 which includes the ability to enable enterprise mode, or are you stuck downloading the version released in November 2013, rebooting, patching to get enterprise mode available, then rebooting again?

thanks in advance for any guidance.

I have setup a proxy wpad.dat file on our web server but having problems with it not working.

The web server is in the head office. If I point my IE browser Lan Setting> use automatic script tohttp://hs-database.hh.com/wpad.dat on a local system in the same location as the hs-database server the file works fine.

If change the same entry in IE for someone in a remote branch office to the same settings as above it does not work, but if I go to the web browser and typehttp://hs-database.hh.com/wpad.dat it is able to download the file.

My wpad.dat file is configured properly. I need to understand why this is not working as I would like to use dhcp to push out the proxy setting to all my workstations  in all locations as we are moving to IE 11 and the proxy setting cannot be pushed down to IE 11 via GPO using windows server 2008 R2.

Hi! I was just wondering if anyone has an idea on how to remove malware links in key words in a web browser (ex. IE11 or chrome)?

Everytime I open a web page, keywords are highlighted with a link to a product or website that is unrelated to the one I am in. For instance I went to technet.microsoft.com and in the search bar when I search for a subject a separate pop up or Tab is displayed. 

Very annoying and dangerous.

Your help is appreciated.

alfredo.