Forum Discussion
Microsoft Edge Group Policies for lists like Pop-ups do NOT combine -they replace unlike IE?
Microsoftlforbes Hello! Can you clarify/explain a little about the root group policy and lower group policy you mentioned?
We had a previous discussion here about the ExtensionInstallForcelist policy, I think it is the same or very similar question to yours. Basically in that case MS Edge always applies the device policies after the user policies, so device will always win when there is a conflict between them.
-Kelly
Here is the structure.
All Health authorities = OU = Tier 1
Group Policy linked to OU = "User and IE Edge Settings All"
User Configuration - Admin templates
Microsoft Edge (latest ADMX) = Pop up blocker = Allow = *.domain1.com *.domain2.com *.domain3.com
IE Settings = Pop up blocker = Allow = *.domain1.com *.domain2.com *.domain3.com
Child OU = Health Authority A (so this OU is inside the above one) = Tier 2
"Health Authority A User and IE Edge Settings All"
User Configuration
Microsoft Edge (latest ADMX) = Pop up blocker = Allow = *.siteextra1.com *.siteextra2.com *.siteextra3.com
IE Settings = Pop up blocker = Allow = *.siteextra1.com *.siteextra2.com *.siteextra3.com
Group Policies with Lists are SUPPOSED to be "cumulative" so if you add a Trusted site or a popup for IE in the Parent OU and different ones in the child OU they "merge" together.
End result for computer inside Child OU.
IE Settings = Pop up blocker = Allow = *.domain1.com *.domain2.com *.domain3.com *.siteextra1.com *.siteextra2.com *.siteextra3.com
Microsoft Edge = Pop up blocker = Allow = *.siteextra1.com *.siteextra2.com *.siteextra3.com
So instead of Edge "appending" the registry key like IE does, the policy deletes the Tier 1 settings and applies only the Tier 2 settings.
Note we have thousands of group policies with lists like Applocker, IE settings, Office settings in multiple policies. Lists in ALL those policies are always combined for the end result.
Edge Policies are the only one where a list is blown away entirely and not appended to if another policy adds to the list.
Note that Computer settings for IE always overwrite the same User settings. That is 100% expected.
However, if we set computer settings for Edge with lists in multiple policies the lists are not merged regardless if it is extensions, or anything else.
Hello,
GPOs are applied on Windows Level independent from the application they are dealing with. When a GPO is applied registry keys are simply created. Besides processing order there is afaik no further logic involved.
My assumption is:
For Edge registry keys may be created in the form of
Pop up blocker Allow\1\*.siteextra1.com
Pop up blocker Allow\2\*.siteextra2.com
Pop up blocker Allow\3\*.siteextra3.com
When a gpo for the same policy is applied on a different level the numbering will start from 1 and will overwrite existing values.
Maybe for IE the naming of the registry keys was different, for example like
Internet Settings\ZoneMap\Domains\siteextra1.com\*\
Internet Settings\ZoneMap\Domains\siteextra2.com\*\
Internet Settings\ZoneMap\Domains\siteextra3.com\*\
If i’m right this name schema would lead to no conflicting registry values and the settings will appear as combined/merged.
But please don‘t take this for granted it has been a while since i dealt with GPOs...The ADMX needs to be fixed with the later version so that it doesn't overwrite lists.
There should be no 1, 2, 3 etc it should just be keys.
Therefore the ONLY Overriding should be if the key is identical.
That is just the way group policies are supposed to work.
With IE there is a standard processing process for policies and it worked great. If Edge is supposed to replace IE as the standard browser then they need to fix it so that it works well in Group Policy in the same way as IE does.- Kelly_Y
lforbes I've just talked to the team that manages MS Edge policies and got some information.
Right now the experience is by design and aligns with Chrome and other Chromium based browser policies. The team has heard from other customers moving from IE to MS Edge and I have also passed along your scenario.
This is something they plan to investigate and try to improve but right now there is no ETA. Once more information is available we can follow up here. Thank you for your feedback!
-Kelly
