cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Example of well-formed local network domain name in relevant ActiveDirectory policies governing Edge

lloydmalvern
Copper Contributor

‎Aug 13 2021 07:56 AM

‎Aug 13 2021 07:56 AM

Example of well-formed local network domain name in relevant ActiveDirectory policies governing Edge

There are several Active Directory policies governing Edge behavior that ask for a domain name,  SmartScreenAllowListDomains and AutoOpenFileTypes  and ExemptDomainFileTypePairsFromFileTypeDownloadWarnings for example.

 

In the context of a ClickOnce desktop application deployment to an intranet website, where the internal (not public facing) installer web page would be referenced as follows:

 

https://myintranetwebserver/apps/appname/publish.htm

 

1. How would these Edge policy registry entries refer to the domain? Is it the internal domain to which myintranetwebserver belongs, i.e. *.ourdomain.net  or perhaps https://*.ourdomain.net ? Or is it https://myintranetwebserver  or https://*.myintranetwebserver

 

[SIDE NOTE: the intranet web server has a self-signed SSL certificate which is imported into the appropriate certificate store on user machines to allow for SSL encryption between user desktops and the intranet web server.]

 

2. When specifying AutoOpenFileTypes is there a way avoid making them global and only applicable to specified domains, as can be done with ExemptDomainFileTypePairsFromFileTypeDownloadWarnings   where a file-type extension is linked to an array of domain names?

 

3. What is the expected combined behavior when policies for both AutoOpenFileTypes and ExemptDomainFileTypePairsFromFileTypeDownloadWarnings appear in the registry?

 

Are there precise definitions (rather than simple bullet-type blurbs) for the behavior of each of those settings?

 

 

560 Views
0 Likes
2 Replies
Reply
2 Replies
Kelly_Y

‎Aug 16 2021 04:54 PM

‎Aug 16 2021 04:54 PM

Re: Example of well-formed local network domain name in relevant ActiveDirectory policies governing

@lloydmalvern Hi again! 

 

For AutoOpenFileTypes, you can use the AutoOpenAllowedForURLs in conjunction. Here is the documentation: https://docs.microsoft.com/en-us/deployedge/microsoft-edge-policies#autoopenallowedforurls which also contains a link to the URL pattern documentation: https://docs.microsoft.com/en-us/DeployEdge/edge-learnmmore-url-list-filter%20format

 

If you are working on deploying MS Edge, have you heard of our FastTrack team (https://www.microsoft.com/en-us/fasttrack/microsoft-365/microsoft-edge)? They can help with configuring MS Edge for your organization and provide guidance with these policies.  

 

Hopefully this will help with some of your questions.

 

-Kelly

0 Likes
Reply
lloydmalvern

‎Aug 17 2021 04:59 AM - edited ‎Aug 17 2021 05:14 AM

‎Aug 17 2021 04:59 AM - edited ‎Aug 17 2021 05:14 AM

Re: Example of well-formed local network domain name in relevant ActiveDirectory policies governing

Thanks very much for the links to the current policies. I can't get it to work. Edge is still blocking setup.exe

To confirm the domain I open Edge and type the following into the address bar

https://MYDEVMACHINENAME/ClickOnce/TestApp/publish.htm

The ClickOnce publish.htm for TestApp is successfully opened in the browser.

There is a registry entry to enable ClickOnce:

Policies->Microsoft->Edge
ClickOnceEnabled.............REG_DWORD........................0x00000001 (1)

 

In the registry the domain has been exempted from file type warnings:

 

Policies->Microsoft->Edge->ExemptDomainFileTypePairsFromFileTypeDownloadWarnings

1.............REG_MULTI-SZ  {"file_extension":"exe","domains":["https://MYDEVMACHINENAME"]}
ClickOnceEnabled.............REG_DWORD........................0x00000001 (1)


exe is specified in AutoOpenFileTypes key in the registry:

Policies->Microsoft->Edge->AutoOpenFileTypes
1.......REG_SZ................exe

And in AutoOpenAllowedForURLs in the registry I've added the path to the IIS web-application above

Policies->Microsoft->Edge->AutoOpenAllowedForURLs
1.......REG_SZ................https://MYDEVMACHINENAME/ClickOnce

NOTE: The case-sensitivity matches.

Do I have to specify the full path?

https://MYDEVMACHINENAME/ClickOnce/TestApp

When I do that, there is no change to the behavior. Setup.exe is still blocked.

0 Likes
Reply