I hope Internet Explorer is not your default choice in Windows 10, but even if it isn’t you still have to struggle with 1500+ Internet Explorer group policy settings to make it “yours”. As a baseline I recommend using Microsoft Security baselines that can be found on Microsoft security guidance blog, keep an eye out for updated baselines should be coming one soon as far as we know there will be an updated baseline with every Windows 10 feature release.

I will not guide you in those 1500+ settings, but there are a couple of question that pops up every now and then, and this post is regarding the notifications. I am sure you have seen these notifications at the bottom in Internet Explorer, it may be to enable or disable an add-on/BHO, could be that a specific add-on is not compatible with Internet Explorer security features (such as Java SSV add-on and Microsoft baseline) or other reasons. You may recognize the screenshots below.

image

image

image

image

This post will help you minimize the notifications by preparing a group policy to approve or disapprove them.

First there are some obvious settings that you may consider

Disable add-on performance notifications

User|Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\

Registry key: HKU|HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\DisableAddonLoadTimeperformanceNotifications

image

Automatically activate newly installed add-ons

User|Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\

Registry key: HCU|HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\IgnoreFrameApprovalCheck

image

image

Centrally manage add-ons

The above notifications can also be handled with this setting

User|Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management\

look for the setting Add-on List make sure the enable the setting, click Show… and enter all the add-ons you want to disable (0) or enable (1)

image

Enter the CLSID for the Add-on, and that can be found in the Manage Add-ons settings, click More information and copy the information, paste it into notepad and paste the Class ID into the value name column above.

image

Add-on not compatible with enhanced security features

The last notification may seem to be a tricky to get rid of. First as always make sure you use an updated add-on version, or try with the 32/64-bit version

image

Second there is a compat count in the registry and makes sure the notification only shows up 5 times. This value is located here: HCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CLSID}

But to get rid of this notification just make sure to pre-create DWORD value with the name of Flags and value 100 hex (or 256 decimal).

image

Do this with Group Policy preferences, and a tip use Update or New to create your registry preferences.

image 

Bonus settings! In the same settings category there is a setting called Deny all add-ons unless specifically allowed in the Add-on List, this is a good key if you want to raise the security to only allow centrally managed add-ons or be sure that add-ons you only know about is able to run in the environment.

Please Share your Internet explorer settings in the comments

Advertisements