Hi. In previous posts I talked about the IE8 IEAK and new event logging for IE8 in the Application Compatibility Toolkit. Today, I’m going to discuss the improvements we made to Group Policy support for Internet Explorer 8.
For those of you who might be new to Group Policy, here is a quick background. Let’s first assume you use an Active Directory environment to administer the computers in your corporate network. If that is the case, Group Policy provides a wide set of policy settings to manage IE8 after you have deployed it to your users' computers. These settings are locked down and cannot be changed by users, as they are always written to a secure tree in the registry.
The IE Group Policy node in GPEdit.msc (GPEdit.msc is one of the tools used to configure Group Policies):
Group Policy allows you to create IE (and other software) configurations as a part of Group Policy objects (GPOs). The GPOs are linked to hierarchical Active Directory containers such as sites, domains, or organizational units. A client-side extension ensures that your policies are applied and refreshed regularly.
You might be wondering how to configure Group Policy? All the tools to configure create, manage, view, and troubleshoot GPOs are provided in your Windows operating system. Please check the Windows Server Group Policy site to find a list of the tools that are built into your OS.
The IE8 Deployment Guide, a very important resource itself, is now updated to include content for IE8 Beta 2. For instance, as there are more than a thousand IE GPs, configuring these policies for the first time may seem like a daunting task for a new IT Professional. For this very reason, the Group Policy section of the Deployment Guide has been updated to include recommended Group Policy settings for security, performance and compatibility with IE6 and IE7.
Group Policy support in IE8
In IE8, we have added more than 100 new Group Policies, bringing the total Group Policies supported in IE8 to 1300! Virtually all new IE8 features have Group Policy support, whether it is Compatibility View, Accelerators, or InPrivate Browsing Mode. These policies allow administrators to fully control IE8 features: hide the feature completely, preset the default, lock the user to only use the defaults, etc. For example, an administrator could turn off InPrivate Browsing by enabling the Turn off InPrivate Group Policy.
We understand that organizations have different needs. We provided extra granularity in the form of additional policies, so that features can easily be configured to best suit your needs. For instance, Compatibility View has five Group Policies:
As an example, if you are confident all your internal line of business applications and web sites work best with IE8, you can enable Turn on Internet Explorer Standards Mode for Local Intranet Group Policy. This will overwrite the intranet standards mode to be IE8. As usual, each policy comes with descriptive explain text that allows you to fully understand what the policy has been designed to do.
The Explain Text for Turn on Internet Explorer Standards Mode for Local Intranet Group Policy:
IE8 plays an important role in helping protect users against a range of attacks by offering new security features like the SmartScreen Filter, Data URI and Encryption support. All of these security features are GP enabled so the administrator can ensure their users are safe and secure in corporate environments.
Based on the feedback we received from customers, we have Group Policy enabled some of the legacy settings like secondary home pages, something that wasn’t available in IE7. We’ve also given extensive Group Policy support for the Favorites Bar and Command Bar; an administrator now has firm control over how the IE UI will look.
We have refined our Group Policy support in this release and look forward to your feedback once you’ve had a chance to try it out.
Jatinder Mann Program Manager