Forum Discussion

HotCakeX's avatar
HotCakeX
MVP
Oct 20, 2020
Solved

Found a bug in Edge 87 policy

So whenever I enable this policy     This option in Edge which is related to secure DNS lookups, becomes unavailable and disabled     I see no relation between the 2 options.   in...
87
88
BUG
dev
edge
Feedback
policy
problem
  • Eric_Lawrence's avatar
    Eric_Lawrence
    Oct 21, 2020
    The nomenclature used in the code is a bit misleading; by "machine level policies" they mean policies set by the platform policy provider (on Windows, that's Group Policy). Basically, if you see anything listed in about:policy (even a dummy policy name that doesn't really exist) the device is considered "Managed" and you'll get the "Managed Device" banners and end-user configuration of Secure DNS will be blocked in about:settings.
HotCakeX's avatar
HotCakeX
MVP
Oct 21, 2020

Eric_Lawrence 
Thank you, that makes sense in enterprise environment,

but I only downloaded the latest policy files and installed them on my personal non-managed Windows 10 20H2

 

Eric_Lawrence's avatar
Eric_Lawrence
Icon for Microsoft rankMicrosoft
Oct 21, 2020

HotCakeX The "Your browser is managed by your organization" banner in your Settings screenshot indicates that your system is "Managed".

I misread the Chromium code-- the check falls through, so if your machine has any policies set (see about:policy), it's deemed "Managed": 

 

if (base::IsMachineExternallyManaged())  // <-- this is the domain join check 
return true;
#endif
#if !defined(OS_ANDROID) && !defined(OS_CHROMEOS)
if (g_browser_process->browser_policy_connector()
                  ->HasMachineLevelPolicies())  // <-- this is the policy check
return true;
#endif
  • HotCakeX's avatar
    HotCakeX
    MVP
    Oct 21, 2020
    By "machineLevelPolicies" you mean the policies that are under "Computer Configuration" right? then no I have nothing set under that, just 1 policy under "User Configuration"

    • Eric_Lawrence's avatar
      Eric_Lawrence
      Icon for Microsoft rankMicrosoft
      Oct 21, 2020
      The nomenclature used in the code is a bit misleading; by "machine level policies" they mean policies set by the platform policy provider (on Windows, that's Group Policy). Basically, if you see anything listed in about:policy (even a dummy policy name that doesn't really exist) the device is considered "Managed" and you'll get the "Managed Device" banners and end-user configuration of Secure DNS will be blocked in about:settings.
      • HotCakeX's avatar
        HotCakeX
        MVP
        Oct 21, 2020
        That clears up the confusion, thank you very much
  • HotCakeX's avatar
    HotCakeX
    MVP
    Oct 21, 2020

    Eric_Lawrence 

    Hi,

    okay so I just tried this, instead of using computer configuration, i used user configuration group policies,

    but I'm still getting the managed device banner and basically the same result

     

     

     

Resources