Controlling Microsoft Edge with Group Policy is pretty straight forward, you just need to ensure the msedge.admx and msedgeupdates.admx files have been added to your policy definitions store in the right folders. If you have no idea what I’m talking about, see the following article.
Not sure why, but I spend a large amount of time working on certificate problems, being asked questions about certificates, or fixing certificate problems. For certs that are web presented, back in the days of IE I could simply do this.
For those sniggering at my IE use – I typically work on client’s sites where I can’t go round installing browsers that are not terrible! Now that was all fine, now we (finally have got rid of IE (mostly)). How do I do the same with Edge?
I was losing my temper trying to fix my test Exchange server certificates today. Because I could not find the same information with Microsoft Edge. As it transpires the information is there, Microsoft have just done their best to hide it!
Edge View Certificate Information: Solution
You need to click the ‘padlock’ > Connection is Secure > Then click the small Icon at the top > the certificate details are then displayed on two tabs, the information is not as well formatted as it used to be, but it’s all there.
Related Articles, References, Credits, or External Links
In a fit of lunacy Microsoft have called ‘their’ new browser Microsoft Edge, so we can spend the next few months confusing it with Edge. Plus every Google search for GPO settings, error messages etc will all now show search results for the old Edge Browser not the new Microsoft Edge browser! Perhaps the same doofus at Microsoft who called the Exchange sync Active Sync when Microsoft already had a product called Active Sync was involved?
Anyway I got a request from a client this week to have Microsoft Edge on their Citrix environment, there was some confusion (imagine that), because Edge does not work on server 2016, (and it’s not shipped as part of server 2016), but would Microsoft Edge work?
Installing Microsoft Edge on Server 2019/2016 (With IE11)
Why is Internet explorer still alive? Anyway If you want to install Edge on a modern Windows server firstly ensure you are fully up to date with updates! Then open IE. Internet Options > Security > Custom > Scripting > Enable Active Scripting > OK > Yes > Apply > OK.
The first test was, ‘would it run on Server 2016’, it detected the OS as Windows 10 (unsurprisingly), and installed fine;
Microsoft Edge on Remote Desktop Services
Well Citrix is really just Remote Desktop Services in a leather jacket, so the next test was,’ would it work in RDS?’ I span up an RDS farm on the bench, and was pleased to see I could select Microsoft Edge as a RemoteApp, (not that I needed to deploy it using RemoteApp, but it being detected was promising).
And in an RDS session it worked faultlessly.
Deploy Microsoft Edge on Citrix (Server 2016)
Here’s where we had a problem, it installed fine, but every time I went to open it, all I got was a ‘white screen’ for about 5 minutes, after this it burst into life, which I couldn’t really ask the client to put up with!
As this was happening when I launched the browser I ‘wrongly’ assumed it was a ‘first run‘ problem (for the uninitiated, previous Microsoft browsers got an annoying ‘how do you want to set the browser up’ routine, then finally dumped you on the MSN webpage, (does anyone actually use the MSN webpage?) While it didn’t cure my problem it’s worth mentioning how I stopped the first run dialog happening);
Controlling Microsoft Edge with Group Policies
If you are used to importing ADMX and ADML files then this will be a breeze to you. If you are really interested I cover the subject in great deal in the following post;
Computer configuration > Policies > Administrative Templates > Microsoft Edge
[/box]
Microsoft Edge: Stop Importing of Bookmarks/Favourites
Locate: ‘Automatically import another browser’s data and settings at first run‘ > Enable the policy, and select ‘Disable automatic import and the import section of the first run experience is skipped‘ > Apply > OK.
Microsoft Edge: First Run
This will disable the entire first run dialog;
Locate: ‘Hide the First-run experience and splash screen‘ > Enable the policy > Apply > OK.
As it was working in RDS and not working on Citrix, then the problem was probably Citrix*. Citrix is one of my weaker subjects, so credit for the actual fix should go to my colleague (Dan Brookes).
*After I had discounted existing group policies, and other installed applications.
Running Microsoft Edge while it was ‘hanging’ and looking at what was going on in ‘Process Monitor’ showed a lot of hook64.dll entries;
This pointed to the culprit, open the registry Editor (regedit) and navigate to;
[box]
HKEY_LOCAL_MACHINE > System > CurrentControlSet > Services > CtxUvi
[/box]
Locate the UviProcesExcludes REG_SZ value, edit it and add ‘msedge.exe;‘ to the end.
Theres probably one service you can restart, but I simply rebooted the server, (problem solved).
FSLogix and Microsoft Edge
If you are running FSLogix you should also add an ‘exclusion’ to the Redirections.xml file, (located in your \\{domain-name}\NETLOGON folder).
Outlook URL: I first noticed this a few weeks ago, When copying and pasting a URL into an email it shortens the URL and gives it the pages title. At first i thought my firms Devs had changed the way our CRM works, but then I noticed it happening with SharePoint URLs as well, this is what I mean;
I don’t have a problem with it, in fact I much prefer it! However I got an email this morning from someone asking how to turn it off. As it transpires it has nothing to do with Outlook at all. It’s a feature of the Microsoft Edge browser.
Outlook URL Shortening is Really Microsoft Edge
Within Microsoft Edge > Preferences > Share, Copy, and Paste > Select your preference, if you want to disable this feature select ‘Plain Text’
And now the actual URL will be posted.
Related Articles, References, Credits, or External Links
So now theres a version of Microsoft Edge for macOS! Normally I would not bother, but I spend a lot of time in SharePoint and Azure so I thought, rather than my usual approach of playing ‘Browser Roulette’ I’d try Microsoft Edge and see what it was like.
My usual browser of choice is Safari, but the install wizard defaults to wanting to import bookmarks / favourites* from Chrome. (I do also have Chrome, but I don’t use it often!)
*Note: Wow! Microsoft have spelled Favourites correctly for once!
So how to get my Safari Bookmarks?
Solution
Firstly Edge needs full disk access to get the bookmarks > Apple Logo > System Preferences > Security & Privacy > Privacy > Full Disk Access > ‘UNLOCK’ > Tick Microsoft edge.
Not only the built in administrator account, if you try and open Microsoft Edge whilst logged in as the Domain Administrator you will also see the same error message.
To be honest this is a good thing, you shouldn’t be doing something potentially dangerous like going on the Internet as the administrator anyway. However for my test Windows 10 machine on the bench I’m not really bothered, I just want it to work,
Solution
Enable Microsoft Edge for Administrators (one machine)
1. From the Start/Run menu type and execute secpol.msc (local security policy editor).
2. Navigate to;
[box]Security Settings > Local Policies > Security Options > User Account control: Admin Approval Mode for the Built-in Administrator account[/box]
3. Set the policy to ‘Enabled’ >Apply > OK.
4. Reboot.
5. Boom! There it is.
Enable Microsoft Edge for Administrators (Multiple Domain Machines via GPO)
Warning: With great power comes great responsibility, if you have some test machines in one OU and you want to do this for them, thats fine. But REMEMBER this setting is a good thing DO NOT go linking this GPO to the root of your domain!
1. On a DC or a machine with the RSAT tool installed, Launch Group Policy Editor. Create a new GPO or edit and existing one.
2. Navigate to;
[box]Computer Configuration >Policies > Windows Settings > Security Settings > Local Policies > Security Options > User Account control: Admin Approval Mode for the Built-in Administrator account[/box]
3. Set the policy to ‘Enabled’ > Apply > OK.
4. Close the Group Policy Management Editor. If you have a Windows 2012 domain you can force the policy refresh on a particular OU, or simply run ‘gpupdate /force’ on the target machine, (or you could also wait a couple of hours, or simply reboot the target machines).
Enable Microsoft Edge for Administrators (one machines via the registry)
‘Home’ editions of windows have local policy editing options, for those you will have to edit the registry directly.
1. Open regedit.
2. Navigate to;
[box]HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft >Windows > CurrentVersion > Policies > System[/box] Locate and set the value of ‘FilterAdministratorToken’ (Note: You may need to create the 32-bit DWORD,) to 1.
3. Navigate to;
[box]HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft > Windows > CurrentVersion > Policies > System > UIPI[/box]
Locate and set the value of ‘(Default)’ to 1.
Related Articles, References, Credits, or External Links