Export (0) Print
Expand All
Expand Minimize

New group policy settings for Internet Explorer 11

Internet Explorer 11 gives you some new Group Policy settings to help you manage your company's web browser configurations, including:

 

Policy Category path Supported on Explanation

Turn off loading websites and content in the background to optimize performance

Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page

Internet Explorer 11

This policy setting determines whether Internet Explorer preemptively loads websites and content in the background, speeding up performance such that when the user clicks a hyperlink, the background page seamlessly switches into view.

If you enable this policy setting, Internet Explorer doesn't load any websites or content in the background.

If you disable this policy setting, Internet Explorer preemptively loads websites and content in the background.

If you don’t configure this policy setting, users can turn this behavior on or off, using Internet Explorer settings. This feature is turned on by default.

Allow Microsoft services to provide enhanced suggestions as the user types in the Address bar

Administrative Templates\Windows Components\Internet Explorer

Internet Explorer 11

This policy setting allows Internet Explorer to provide enhanced suggestions as the user types in the Address bar. To provide enhanced suggestions, the user’s keystrokes are sent to Microsoft through Microsoft services.

If you enable this policy setting, users receive enhanced suggestions while typing in the Address bar. In addition, users won’t be able to change the Suggestions setting on the Settings charm.

If you disable this policy setting, users won’t receive enhanced suggestions while typing in the Address bar. In addition, users won’t be able to change the Suggestions setting on the Settings charm.

If you don’t configure this policy setting, users can change the Suggestions setting on the Settings charm.

Turn off phone number detection

Administrative Templates\Windows Components\Internet Explorer\Internet Settings\Advanced settings\Browsing

Internet Explorer 11

This policy setting determines whether phone numbers are recognized and turned into hyperlinks, which can be used to invoke the default phone application on the system.

If you enable this policy setting, phone number detection is turned off. Users won’t be able to modify this setting.

If you disable this policy setting, phone number detection is turned on. Users won’t be able to modify this setting.

If you don't configure this policy setting, users can turn this behavior on or off, using Internet Explorer settings. The default is on.

Allow Internet Explorer to use the SPDY/3 network protocol

Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page

Internet Explorer 11

This policy setting determines whether Internet Explorer uses the SPDY/3 network protocol. SPDY/3 works with HTTP requests to optimize the latency of network requests through compression, multiplexing, and prioritization.

If you enable this policy setting, Internet Explorer uses the SPDY/3 network protocol.

If you disable this policy setting, Internet Explorer won't use the SPDY/3 network protocol.

If you don't configure this policy setting, users can turn this behavior on or off, using Internet Explorer Advanced Internet Options settings. The default is on.

Don't run antimalware programs against ActiveX controls

(Internet, Restricted Zones)

  • Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone

  • Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone

  • Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone

  • Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone

Internet Explorer 11

This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they're safe to load on pages.

If you enable this policy setting, Internet Explorer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control.

If you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control.

If you don't configure this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer Security settings.

Don't run antimalware programs against ActiveX controls

(Intranet, Trusted, Local Machine Zones)

  • Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone

  • Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone

  • Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone

  • Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone

  • Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone

  • Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone

Internet Explorer 11

This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they're safe to load on pages.

If you enable this policy setting, Internet Explorer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control.

If you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control.

If you don't configure this policy setting, Internet Explorer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer Security settings.

Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows

Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page

Internet Explorer 11

This policy setting determines whether Internet Explorer 11 uses 64-bit processes (for greater security) or 32-bit processes (for greater compatibility) when running in Enhanced Protected Mode on 64-bit versions of Windows.

Important: Some ActiveX controls and toolbars may not be available when 64-bit processes are used.

If you enable this policy setting, Internet Explorer 11 will use 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows.

If you disable this policy setting, Internet Explorer 11 will use 32-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows.

If you don't configure this policy setting, users can turn this feature on or off using Internet Explorer settings. This feature is turned off by default.

Turn off sending UTF-8 query strings for URLs

Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page

Internet Explorer 11

This policy setting determines whether Internet Explorer uses 8-bit Unicode Transformation Format (UTF-8) to encode query strings in URLs before sending them to servers or to proxy servers.

If you enable this policy setting, you must specify when to use UTF-8 to encode query strings:

  • 0) Never encode query strings.

  • 1) Only encode query strings for URLs that aren't in the Intranet zone.

  • 2) Only encode query strings for URLs that are in the Intranet zone.

  • 3) Always encode query strings.

If you disable or don't configure this policy setting, users can turn this behavior on or off, using Internet Explorer Advanced Options settings. The default is to encode all query strings in UTF-8.

Turn off sending URL path as UTF-8

User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\URL Encoding

At least Internet Explorer 7

This policy setting determines whether to let Internet Explorer send the path portion of a URL using the 8-bit Unicode Transformation Format (UTF-8) standard. This standard defines characters so they're readable in any language and lets you exchange Internet addresses (URLs) with characters included in any language.

If you enable this policy setting, UTF-8 is not allowed. Users won't be able to change this setting.

If you disable this policy setting, UTF-8 is allowed. Users won't be able to change this setting.

If you don't configure this policy setting, users can turn this behavior on or off.

Turn off the flip ahead with page prediction feature

Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page

At least Internet Explorer 10 on Windows 8

This policy setting determines whether a user can swipe across a screen or click Forward to go to the next pre-loaded page of a website.

Microsoft collects your browsing history to improve how flip ahead with page prediction works. This feature isn’t available for Internet Explorer for the desktop.

If you enable this policy setting, flip ahead with page prediction is turned off and the next webpage isn’t loaded into the background.

If you disable this policy setting, flip ahead with page prediction is turned on and the next webpage is loaded into the background.

If you don’t configure this setting, users can turn this behavior on or off, using the Settings charm.

Prevent deleting ActiveX Filtering, Tracking Protection and Do Not Track data

Administrative Templates\Windows Components\Internet Explorer\Delete Browsing History

At least Internet Explorer 9

In Internet Explorer 9 and Internet Explorer 10:

This policy setting prevents users from deleting ActiveX Filtering and Tracking Protection data, which includes the list of websites for which the user has chosen to disable ActiveX Filtering or Tracking Protection. In addition, Tracking Protection data is also collected if users turn on the Personalized Tracking Protection List, which blocks third-party items while the user is browsing.

With Internet Explorer 11:

This policy setting prevents users from deleting ActiveX Filtering, Tracking Protection data, and Do Not Track exceptions stored for visited website.

This feature is available in the Delete Browsing History dialog box.

If you enable this policy setting, ActiveX Filtering, Tracking Protection and Do Not Track data is preserved when the user clicks Delete.

If you disable this policy setting, ActiveX Filtering, Tracking Protection and Do Not Track data is deleted when the user clicks Delete.

If you don’t configure this policy setting, users can turn this feature on and off, determining whether to delete ActiveX Filtering, Tracking Protection, and Do Not Track data when clicking Delete.

Always send Do Not Track header

Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page

At least Internet Explorer 10

This policy setting allows you to configure how Internet Explorer sends the Do Not Track (DNT) header.

If you enable this policy setting, Internet Explorer sends a DNT:1 header with all HTTP and HTTPS requests. The DNT:1 header signals to the servers not to track the user.

For Internet Explorer 9 and 10:

If you disable this policy setting, Internet Explorer only sends the Do Not Track header if a Tracking Protection List is enabled or inPrivate Browsing mode is used.

At least Internet Explorer 11:

If you disable this policy setting, Internet Explorer only sends the Do Not Track header if inPrivate Browsing mode is used.

If you don't configure the policy setting, users can select the Always send Do Not Track header option on the Advanced tab of the Internet Options dialog box. By selecting this option, Internet Explorer sends a DNT:1 header with all HTTP and HTTPS requests; unless the user grants a site-specific exception, in which case Internet Explorer sends a DNT:0 header. By default, this option is enabled.

Let users turn on and use Enterprise Mode from the Tools menu

Administrative Templates\Windows Components\Internet Explorer

Internet Explorer 11

This policy setting lets you decide whether users can turn on Enterprise Mode for websites with compatibility issues. Optionally, this policy also lets you specify where to get reports (through post messages) about the websites for which users turn on Enterprise Mode using the Tools menu.

If you turn this setting on, users can see and use the Enterprise Mode option from the Tools menu. If you turn this setting on, but don’t specify a report location, Enterprise Mode will still be available to your users, but you won’t get any reports.

If you disable or don’t configure this policy setting, the menu option won’t appear and users won’t be able to turn on Enterprise Mode locally.

Use the Enterprise Mode IE website list

Administrative Templates\Windows Components\Internet Explorer

Internet Explorer 11

This policy setting lets you specify where to find the list of websites you want opened using Enterprise Mode, instead of Standard mode, because of compatibility issues. Users can’t edit this list.

If you enable this policy setting, Internet Explorer downloads the website list from your location (HKCU or HKLM\Software\policies\Microsoft\dep_nextref_ie\Main\EnterpriseMode), opening all listed websites using Enterprise Mode.

If you disable or don’t configure this policy setting, Internet Explorer opens all websites using Standard mode.

Removed Group Policy settings

Internet Explorer 11 no longer supports these Group Policy settings:

  • Turn on Internet Explorer 7 Standards Mode

  • Turn off Compatibility View button

  • Turn off Quick Tabs functionality

  • Turn off the quick pick menu

  • Use large icons for command buttons

Viewing your policy settings

After you've finished updating and deploying your Group Policy, you can use the Resultant Set of Policy (RSoP) snap-in to view your settings.

To use the RSoP snap-in

  1. Open and run the Resultant Set of Policy (RSoP) wizard, specifying the information you want to see.

  2. Open your wizard results in the Group Policy Management Console (GPMC).

    For complete instructions about how to add, open, and use RSoP, see Use the RSoP Snap-in

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft