Windows – Stop the Welcome to Internet Explorer from launching via GPO

KB ID 0000459

Problem

If your’e logging on as a new user and Internet Explorer has not yet been ran, then it wants to run the “Setup Windows Internet Explorer Wizard”.

On just one machine with one user that’s fine, but if you are logging in all over the place, with multiple credentials, this can get quite annoying. Also you might not want your domain users having to do this at all, for security reasons.

Solution

On a Single (stand alone) machine.

1. Click start and in the run/search box type gpedit.msc{enter}

2. Navigate to > Computer Configuration > Administrative Templates > Windows Components > Internet Explorer > Prevent Running First Run wizard.

Note: In older versions of Windows its called, ‘Prevent Performance of First Run Customize settings

3. If you enable the policy you can set it to either:

a. Go directly to home page.
b. Go to the “Welcome to Internet Explorer” Web page.

4. Reboot the PC or Force a Group Policy Refresh.

In a Windows Domain Environment

1. On one of your domain controllers > Start > Administrative Tools > Group Policy Management Console > Either select and existing policy or create and link one to the COMPUTERS you want this policy to affect. Then edit the policy.

2. Navigate to > Computer Configuration Policies > Administrative Templates > Windows Components > Internet Explorer > Prevent Running First Run wizard.

Note: On older Windows Platforms this is called ‘Prevent Performance of First Run Customize settings.

3. If you enable the policy you can set it to either:

a. Go directly to home page.
b. Go to the “Welcome to Internet Explorer” Web page.

4. Reboot the PC or Force a Group Policy Refresh.

Related Articles, References, Credits, or External Links

Group Policy Preferences and Client Side Extensions

Windows – Cannot Delete Thumbs.db

KB ID 0000683

Problem

Thumbs.db is a small hidden system file that gets generated when you view media in a folder, you know when you look at all your MP3 songs and you can see the album cover as a thumbnail? Or you can see what all your photos are as a tiny thumbnail before you open them, well thats what the thumbs.db file is doing. It’s a tiny cache of all that information so next time someone visits this folder it displays those pictures quicker. Well that’s great! But when you try and delete a folder with one in (particularly a folder on another machine) you can see the error below.

The file Thumbs.db is a system file if you remove it, Windows or another program may no longer work correctly.

Then it won’t let you delete it, and if you persist, you end up with a folder with just this file in it, that you cant delete.

Solution

First Step – Delete the Thumbs.db file

OK, lets solve the initial problem first and get rid of the one thats annoying us at the moment.

1. In Windows 8/2012 whilst in the folder > File > Open command prompt as administrator. (With older versions of windows hold down SHIFT and right click).

2. Issue the following commands;

[box] attrib -s -h thumbs.db del thumbs.db [/box]

Stop your PC Generating Thumbs.db Files

Option 1

Open Windows Explorer > View Options > Change folder and Search Options > View > Enable ‘always show icons, never thumbnails’ > Apply > OK.

Option 2 (Use the Local Policy of the Machine)

1. Press Windows Key+R to launch the run menu > gpedit.msc > OK.

2. Navigate to;

[box] User Configuration > Administrative Templates > Windows Components > File Explorer {or Windows Explorer} [/box]

Locate the ‘Turn off caching of thumbnail pictures’ policy.

3. Enable > Apply > OK.

Option 3 (Use the Registry)

You can simply run the following command;

[box] REG ADD “HKCUSoftwarePoliciesMicrosoftWindowsExplorer” /v “DisableThumbsDBOnNetworkFolders” /t REG_DWORD /d 1 /f [/box]

Or to do it manually,

1. Press Windows Key+R to launch the run menu > gpedit.msc > OK.

2. Navigate to;

[box] HKEY_CURRENT_USER > Software > Microsoft > Windows > CurrentVersion > Explore > Advanced [/box]

Create a New DWORD Value.

3. Call it DeleteThumbnailCache and set its value to 1.

Remove all Thumbs.db Files

Finally lets tidy up any remaining thumbs.db files.

Option 1

1. Open Windows Explorer (Windows Key+E) > Right click the drive > Properties > Disk Cleanup.

2. Select Thumbnails > OK.

Option 2

1. From command line, issue the following commands;

[box] cd del thumbs.db /s /q [/box]

 

Related Articles, References, Credits, or External Links

NA

Defining / Locking and Managing Proxy Settings

KB ID 0000181 

Problem

If you have a proxy server at your corporate/home location, then there a few methods you can use to ensure that your clients use it. Before you start running though this, remember if you have a proxy server then it’s common sense that your firewall/router will block web access for your clients, and only allow the Proxy server (and any other servers/machines) that need direct web access out. If you are forcing your users out through one machine, for either caching, URL filtering, monitoring usage or just because it’s part of your corporate security strategy, then locking down Internet access around the proxy server should be your first consideration.

Once that’s done you can install your proxy and deploy the settings to the client PC’s

Solution

How you do this depends on your circumstances.

It’s a single stand alone machine. (Option 1)

To manually configure one machine simply open internet explorer (other browsers are also available) Tools > Internet Options > Connections > Tick Use a proxy server for your LAN > Enter the IP address of the Proxy server > Enter the port number > Tick Bypass proxy server for local addresses (If you have web servers on your local network). > OK >OK > restart Internet Explorer.

It’s a single stand alone machine. (Option 2)

Optionally you can set the proxy with local policy – this is preferable if lots of people use the same computer and you don’t want to configure each user separately. Click start > In the search/run box type gpedit.msc {enter}

The Group Policy Editor window will open > Navigate to User Configuration > Windows Settings > Internet Explorer Maintenance > Connection > Proxy Settings.

Double click proxy settings > Tick Enable Proxy settings > Enter the IP address(es) > Enter the Port(s) > Tick Do not use proxy server for local (intranet) addresses, (If you have web servers on your local network). > Apply > OK > Close the policy editor > Reboot. (or run gpupdate /force).

Note: Using this method a technically savvy user can simply get into the settings and change them in the browser – to stop this happening you can hide the tab that displays the proxy settings.

It’s a single stand alone machine. (Option 3)

You can also set the proxy options by directly editing the registry (Warning editing the registry can cause earthquakes and lead to teenage pregnancy!). Click start > In the search/run box type regedit {enter}.

Navigate to HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings. The keys that look after your proxy settings are,

ProxyEnable set 0 for disabled and 1 for enabled
ProxyOverride set <local> for bypass proxy for local addresses (Note:you can also add domains seperated by a semi colon ; that you don’t want to use the proxy for).
ProxyServer Sets the IP address and Port i.e. 192.168.99.1:808 (Note this setting WONT BE THERE if there’s never been a proxy set), you will need to create it as a new string value (REG_SZ).

Or you can simply run the following .reg file

[box]

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings]
"ProxyEnable"=dword:00000001
"ProxyOverride"=""
"ProxyServer"="192.168.99.1:808"

[/box]

It’s On a Network with DHCP

You can lease proxy settings with your DHCP scope, its known as DHCP option 252.

To add Option 252 to a Server 2008 DHCP scope, On the Server Click Start > Administrative tools > DHCP > Expand your Server name> Right Click IPv4 > Select Set Predefined Options.

In the Predefined Options and Values dialog box, click Add In Name type WPAD >In Code, type 252 > In Data type, select String, and then click OK > In String, type http://192.168.99.1:808/wpad.dat, (change as appropriate).

Then You need to ad that option to your existing scope > Expand the scope > Right click server options > Select Configure Options > Advanced > Scroll down top option 252 and select > Apply > OK.

Now you need to create a wpad.dat file (simply create it in notepad) and serve it from the URL you entered above.

Sample wpad.dat file (simply change the URL’s and port numbers as applicable).

[box]

function FindProxyForURL(url, host)
{
// variable strings to return
var proxy_yes = "PROXY 192.168.99.1:808";
var proxy_no = "DIRECT";

if (shExpMatch(url, "http://www.petenetlive.com*")) { return proxy_no; }
if (shExpMatch(url, "http://www.dont_want_to_proxy.com*")) { return proxy_no; }
if (shExpMatch(url, "http://192.168.99.5*")) { return proxy_no; }
if (shExpMatch(url, "https://subdomain.dont_want_to_proxy.com*")) { return proxy_no; }

// Proxy if PC is on local LAN
if (isInNet(myIpAddress(), "192.168.99.0", "255.255.255.0"))
return "proxy_yes";
else
return "DIRECT";
}

[/box]

Once that’s done you need to allow .dat as a MIME extention on your IIS Server > Start Administrative tools > Internet Information Services (IIS) Manager > Select The Server name > Select MIME Types.

In the right hand column > Click Add > Put in the file extension as .dat and the MIME Type as “application/x-ns-proxy-autoconfig” > OK.

Then either reboot or run “iis /restart”

It’s on a Windows Domain

You can set the proxy settings for your USERS (Note: its a user policy so it CANT be applied to computers). On your Server Click Start > Administrative Tools > Group Policy Management > Right click Your domain (if you want the policy to apply at domain level) > Select Create a GPO in this domain and link it here > Give it a sensible name > OK.

 

Right Click your new Policy and select Edit > Navigate to User Configuration > Policies > Windows Settings > Internet Explorer Maintenance > Connection > Proxy Settings.

Note: In modern domains this policy has been removed, see the following article;

Managing IE Settings via GPO

 

Double click proxy settings > Tick Enable Proxy settings > Enter the IP address(es) > Enter the Port(s) > Tick “Do not use proxy server for local (intranet) addresses”, (If you have web servers on your local network). > Apply > OK > Close the policy editor > Reboot. (or run gpupdate /force).

Note: Using this method a technically savvy user can simply get into the settings and change them in the browser – to stop this happening you can hide the tab that displays the proxy settings.

 

My Users complain that their Laptops don’t work when they go home since I set the proxy?

 

Well that’s to be expected? While at home they can’t see your proxy server, some companies like this option, as it stops their users surfing the internet from their home internet connection. For other people this is a big problem, there are essentially three ways to solve this problem. 1) Send out your proxy settings Via DHCP. Then while your users are offsite they wont get any proxy settings (see above). Or 2) feel free to use the script I wrote (below), this can be applied via policy (Local or Domain), or simply put in the startup folder of your users laptops. Finally you can use a “Proxy.pac” file to autoconfigure the clients proxy settings.

How it works: It pings an IP address on your corporate network, (in this case the router) which is always on, if it gets a reply – then it must be on the corporate network so it enables the proxy Server, If it gets no reply, then it must not be connected to the corporate network and turns off the proxy server.

[box]

::-----------------------Begin Script------------------------------------
@ECHO OFF
:: Check LAN connectivity

PING 192.168.99.254 | FIND "TTL" > NUL
IF NOT ERRORLEVEL 1 GOTO ON_LAN
GOTO OFF_LAN

:ON_LAN
::**************Proxy ON**************

::Enable the Proxy Server (ticks the box "user a proxy server for your LAN...")
REG ADD "HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings" /v ProxyEnable /t REG_DWORD /d 1 /f

:: SET the proxy (fills in the Address and port values)
REG ADD "HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings" /v ProxyServer /t REG_SZ /d "192.168.99.1:808" /f

:: Set the bypass proxy server for local addresses option -  ticks the box each subsequent entry is additional domains to bypass for
REG ADD "HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings" /v ProxyOverride /t REG_SZ /d ";*.local;www.dontproxy.com" /f

GOTO END

:OFF_LAN
::**************Proxy OFF**************

REG ADD "HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f

:END
::-----------------------End Script------------------------------------

[/box]

Or to use a proxy.pac file

1. Create a file on your PC in notepad and call it proxy.pac change the relevant network details, proxy IP address, and port number from the example below.

[box]

function FindProxyForURL(url, host)
{
if (isInNet(myIpAddress(), "192.168.99.0", "255.255.255.0"))
return "PROXY 192.168.99.1:808";
else
return "DIRECT";
}
[/box]

2. Save the file in your C:windowssystem32 directory.

3. On the client open Internet Explorer > Tools > Options > Connections > LAN Settings > Tick “Use an automatic configuration script” and enter the following

file://c:/windows/system32/proxy.pac

Note: this can be done with a registry file see below.

[box]

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings]
"AutoConfigURL"="file://c:/windows/system32/proxy.pac"

[/box]

Note: This can be set in Policy as well, the policy lives in User Configuration > Windows Settings > Internet Explorer Maintenance > Automatic Browser Configuration> Configure as below.

Related Articles, References, Credits, or External Links

NA