content top

How to add web site to Compatibility View List via GPO

How to add web site to Compatibility View List via GPO

Usually, we add web site to Compatibility View List from IE windows: Click “Tools -> Compatibility Settings” and input web site address in below windows: It can also be applied from GPO for domain users. Here are several popular methods to achieve this task: Solution 1 (Recommended as it exactly displays the result in client machine) ======   If you are on Windows 2008 DC, this policy can be deployed by Group Policy Preference that is new feature in Windows 2008. Group Policy Preferences: Getting Started http://technet.microsoft.com/en-us/library/cc731892(WS.10).aspx   In Windows 2008 DC, open IE and add the web site to the Compability View Settings list You can verify the setting in the registry key path HKEY_CURRENT_USER\Software\Microsoft\Internet  Explorer\BrowserEmulation\ClearableListData\UserFilter Open Group Policy Management Editor for Domain Policy that you want to edit. You can open it from mmc and then Add or Remove Snap-ins Choose Group Policy Management Editor Choose path from either Computer configuration or User Configuration as below Computer or User Configuration->Preference->Windows Setting->Registry Right click New->Registry Wizard Select local machine and then check HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\BrowserEmulation\ClearableListData\UserFilter as below.   Note: If use Computer Configuration, check registry HKEY_LOCAL_MACHINE 8. Finish the change 9. Run gpupdate /force in DC 10.Run gpupdate /force in client machine or re-login 11.You can check the registry key value in client machine and test in IE Solution 2 (Workaround) ========== Deploy from Administrative Templates via GPO. However, it does not get reflected in IE user interface, we see the sites loading in the compatibility mode by opening the developer tool bar (press F12) and checking the browser mode. Also, we can verify the setting in the client machine registry. The configuration is written to registry under HKCU(HKLM)\Software\[Wow6432Node]\Policies\Microsoft\Internet Explorer\BrowserEmulation\PolicyList. 1. Open Group Policy Management Editor for Domain Policy that you want to edit. You can open it from mmc and then Add or Remove Snap-ins Choose Group Policy Management Editor 2. Choose path from either Computer configuration or User Configuration as below Computer or User Configuration-> Policies-> Administrative Templates-> Windows Components ->Internet Explorer -> Compatibility View Use Policy List of Internet Explorer 7 sites = Enabled and sites added to the list 3. The syntax needs to be bing.com. There is no preface of http or www needed for the site and should add the second top domain. 4. Run gpupdate /force in DC More Information ======== IE8 determines document mode by below rules: A Diagram on How IE8 Determines Document Mode There are four rules that you can remember about how IE handles doctype, X-UA-Compatible meta tag and header, Developer Tools, and Compatibility View Settings. These rules follow the diagram below from top to bottom: 1. The Developer Tools settings override all...

Read More

ADMT: Configure Trusts for SIDhistory

ADMT: Configure Trusts for SIDhistory

When users and groups are migrated using the Active Directory Migration Tool (ADMT), there is an option to copy the SID’s of the objects in the source domain to the target domain. The reason for this is to allow migrated users to access resources which are still located in the source domain, and hence are secured with SID’s of the source domain. By default a trust doesn’t allows users to access resources by using SID’s from their SID history. This is security feature. When creating a trust the following message is shown: SIDhistory can be temporarily enabled until all resources are migrated from the source domain. SID history should be enabled on the outgoing trust of the trusting domain. The following example will explain the roles of the domains in the commands: Source domain contains the user & group objects before migration contains the resources to be accessible during the migration is called the “trusting” domain Target domain contains the user & group objects after they are migrated is called the “trusted” domain Which command to use depends on the type of the trust: External trust: netdom trust trustingDomain /domain:trustedDomain /quarantine:no Forest trust: netdom trust trustingDomain /domain:trustedDomain /enableSIDhistory:yes It might seem contradictory that one command requires yes and the other no, but in fact these both enable the use of SIDhistory across the trust. If you want to determine the current state, simply execute the command without the “:no” or “:yes” behind them. An example: Depending from which side of the trust you launch this command, you might have to specify additional credentials, you can specify (optional) credentials for both the trusting and the trusted domain. The commandline options for netdom trust are explained atTechNet. Today I received “access is denied” both at trying to enable SIDhistory or simply trying to determine the current setting. The reason? “Network access: Allow anonymous SID/Name translation” has to be enabled on the domain controllers. This settings can be found in the domain controllers GPO’s (either the default or your custom ones) at “Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options”. On a Windows 2003 domain this is not disabled by default, but in my Windows 2008 R2 target domain, the Microsoft Enterprise Client security model is implemented and this disables the anonymous SID/Name translation. if you want additional information about this setting, checkKB823659 I think it might actually be necessary to enable this when configuring or reading the current setting concerning the SIDhistory. I don’t think this has to be enabled for SIDhistory to actually work. If it does, I’ll post an update in the following weeks. My source: sid-filtering access is denied In the end all is fine:...

Read More

Where do I find an autoclicker?

Where do I find an autoclicker?

If you play idle / click games like Clicker Heroes, you might decide life is easier with a clickbot. Get one here!   All thanks to ShayDeeZ!    

Read More

How to access youtube from Turkey (Türkiye’den Youtube’a nasıl erişilir)

How to access youtube from Turkey (Türkiye’den Youtube’a nasıl erişilir)

Sources in Turkey reports that some proxies work for routing around the country’s block on YouTube, which was instituted at the direction of a court after it found that a Greek video hosted on the site violated a law against ridiculing the country and its leaders. “Apparently, only Turk Telekom has enacted the ban so far, which is a bit deceptive, since all other providers have to route through Turk Telekom to get out of the country…so it’s an effective country-wide ban,” the source said. Things that seem to work now: – YouTube videos embedded in a web page or blog work fine – A proxy, specifically http://youtubeproxy.org/ works well. Just visit that page and then find the video you want to watch. – TOR – The Onion Router — Commenter says it works, but is slow. – The TORPARK browser – OperaTor (after setting it to allow Javascript and plug-ins). It works, but it is slow. – OpenDNS in combination with OperaTor. OperaTor with OpenDNS seemed to be more responsive than using TT’s DNS. Others proxies to try include: http://www.proxymy.com http://www.proxysmurf.com/ http://www.worksurfing.com/ http://unblockfacebook.com/ http://www.bypassfilter.net/ http://www.ibypass.org/ http://www.ipzap.com/ https://proxify.com/ https://proxify.us/ https://proxify.biz/ http://kproxy.com/index.jsp http://www.attackcensorship.com/attack-censorship.html http://mrnewguy.com/ http://www.unblockwebsites.com/ http://spysurfing.com/ https://www.the-cloak.com/anonymous-surfing-home.html http://www.stupidcensorship.com/ http://www.evilsprouts.co.uk/defilter/ http://www.bypassbrowser.com/ http://www.proxymouse.com/ http://www.fsurf.com/ http://www.browseatwork.com/ http://www.surfonym.com/ http://www.iamnewguy.com/ http://www.ninjaproxy.com/ Find updated proxies here: http://myspaceblockedproxies.com/ Untested possibilities: – Evade DNS lookups for YouTube by installing the lookup on your local machine. Instructions from Slashdot reader AKAlmBatman are here. – BoingBoing’s longstanding guide to evading censorware  ...

Read More

Ungracefully demote a 2008 R2 domain controller

Ungracefully demote a 2008 R2 domain controller

One of our domain controllers crashed harder than the NYSE. Couldn’t decommission it, so I had to manually demote it. Here’s what I did: 1. Open the Command Prompt 2. Type “ntdsutil” (all the commands will be entered via this command prompt) 3. Type “metadata cleanup” 4. Type “connections” 5. Type “connect to server ” and replace with the name of a functional DC in your environment…even if you are logged in locally. This step is not needed post W2K3 SP1. 6. Type “quit” 7. Type “select operation target” 8. Type “list sites” 9. Type “select site <#>” where <#> is the site where the failed or offline DC resided 10. Type “list servers in site” 11. Type “select server <#>” where <#> is the DC that is failed or offline 12. Type “list domains” 13. Type “select domain <#>” where <#> is the domain where the failed or offline DC resided (at this point you should verify that the site, server and domain are all selected) 14. Type “quit” (this should set you back to the metadata cleanup menu) 15. Type “remove selected server” ( a warning message will pop up…verify that this is the correct DC.) 16. Click Yes 17. Open Active Directory Sites and Services 18. Expand out the site that the failed or offline DC resided in 19. Verify the DC cannot be expanded out (no connection objects and such) 20. Right Click the DC and select Delete 21. Close Active Directory Sites and Services 22. Open Active Directory Users and Computers 23. Expand the Domain Controllers OU 24. Delete the failed or offline DC from the OU (if it even exists) 25. Close Active Directory Users and Computers 26. Open DNS Manager 27. Expand the zones where this DC was also a DNS server and perform the following steps 28. Right click the zone and select Properties 29. Click the Name Servers tab 30. Remove the failed or offline DC from the Name Servers tab 31. Click OK to also remove the HOST (A) or Pointer (PTR) record if asked 32. Verify the zone no longer has a DNS record for the failed or offline DC And that’s it. Once you’re to this point, you can start reinstalling your OS on your server, and go through the domain controller process again....

Read More

Windows Update Error – 80243004

Windows Update Error – 80243004

Problem Seen on Server 2008, when attempting to run Windows update. Code 80243004 Windows Update encountered an unknown error Solution Without a doubt the strangest fix I’ve ever seen! 1. Right click the Taskbar > Properties > Taskbar Tab > Customize. 2. Tick the box that says “Always show all icons and notifications on the taksbar” > OK. 3. Retry your Windows updates.  ...

Read More

List of Package Sources Synology

List of Package Sources Synology

Here’s an overview of alternative package sources for your Synology: Synocommunity http://packages.synocommunity.com Missile Hugger http://packages.missilehugger.com PC Load Letter http://packages.pcloadletter.co.uk E-Remonty http://e-remonty.info/spkrepo/packages CPHub http://www.cphub.net Superzebulon http://synopkg.superzebulon.org/spkrepo/packages 10Trum http://update.10trum.de/packageupdate/getpackages.php MdeVries http://synology.mdevries.org/spkrepo/packages Sysco http://synology.sysco.ch Hoel http://packages.hoel.dk q14six http://spk.q14six.de Quadrat4 http://packages.quadrat4.de Christoph Papke http://www.christoph-papke.de/spkrepo/spkrepo/packages   More info on how to add sources / packages to your Synology: Clickerdeclick!...

Read More
content top
Visit Us On TwitterVisit Us On Google PlusVisit Us On Facebook