Modify Logon Setting in IE When Group Policy Doesn't Allow It

Recently I needed to "Prompt for user name and password" when logging into my Local Intranet zone so that I could test as multiple users.  A colleague of mine made me aware of the registry settings for these option so you can modify.  These settings will be overwritten next time Group Policy is applied but they provide a good temporary workaround.

Default Settings for Local Intranet Zone Locked Out
The specific key for the Local Intranet Zone is located at HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1. The key name is 1A00

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\1A00

Just update this value to 20000 and your setting will now be switched to "Prompt for user name and password"

Prompt for user name and password is not selected.




Here is the listing of the other Zones:

Value    Setting
   ------------------------------
   0        My Computer
   1        Local Intranet Zone
   2        Trusted sites Zone
   3        Internet Zone
   4        Restricted Sites Zone


Here is the listing of all the Logon settings you can use:


Value    Setting
   ---------------------------------------------------------------
   0x00000000 Automatically logon with current username and password
   0x00010000 Prompt for user name and password
   0x00020000 Automatic logon only in the Intranet zone
   0x00030000 Anonymous logon





Also here is a powershell script which first makes sure Powershell is running as an administrator then sets the value for the Local Intranet Zone..




if (!([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) { Start-Process powershell.exe "-NoProfile -ExecutionPolicy Bypass -File `"$PSCommandPath`"" -Verb RunAs; exit }

Set-Itemproperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1' -Name '1A00' -value '0x00010000'







These settings tables were taken from the Microsoft support article describing these settings which can be found here: https://support.microsoft.com/en-us/help/182569/internet-explorer-security-zones-registry-entries-for-advanced-users

















































Comments











Post a Comment



















Popular posts from this blog









Add User As Local Administrator On Domain Controller





















I recently was settting up a new Microsoft SharePoint 2010 machine and had promoted the machine to a domain controller before creating my SharePoint admin accounts.  I needed to add several of my accounts to the local Administrators group.  Unfortunately after you promote a server to a domain controller you can no longer access the GUI for Local Users and Groups.  Instead I had to use the command line to add the users.   Open a command promt using the "Run as administrator" function and then run the following command.   net localgroup Administrators /add {domain}\{user}   Note: do not include the {} brackets.








Read more










Calling Dataverse Web API in PowerShell using Client Credentials




















Image







 Connecting to Dataverse using PowerShell can be very helpful for data migrations and use within Azure DevOps. Connecting to an instance in a non-interactive way can be tricky though. This article will provide you the links you need for creation and App registration and adding the app user to your environment. You can then utilize the script provided to call Web API requests including ones you define using the new Custom API  functionality now available.  The script was written so that it is not dependent on any outside libraries such as the Microsoft.Xrm.Tooling connector. This is helpful in situation where involving an outside library will slow down your deployment time by having to be approved in a change control board.  If utilizing an outside code library is not a concern you can create a connection to Dataverse utilizing the Microsoft.Xrm.Tooling  connector Get-CrmConnection cmdlet.  Create App Registration  The first thing to do is create an App Registration within Azure AD for 








Read more










Windows Server 2008R2 VMs Shut Down After 1 to 2 Hours




















Image







When created a lab environment to test ADFS 2.0 I utilized the Windows 2008R2 VM baselines distributed by Microsoft.  After a few days I was told that I had to activate.  The VMs included a 180 day license for use but I didn't feel like adding another network adapter into Hyper-V to connect them to the internet.  I started having issues though where the servers would shut down every hour or so.  I though that maybe there was a memory issue and Hyper-V was shutting them down in order to free up RAM.  Turns out that if Server 2008R2 is not activated it automatically shuts down after a period of time.  After connecting the server to the internet and activating them the problem went away.     Finally the madness of the unknown shut downs has ended :)  








Read more