Aug 13 2021 07:56 AM
Aug 13 2021 07:56 AM
There are several Active Directory policies governing Edge behavior that ask for a domain name, SmartScreenAllowListDomains and AutoOpenFileTypes and ExemptDomainFileTypePairsFromFileTypeDownloadWarnings for example.
In the context of a ClickOnce desktop application deployment to an intranet website, where the internal (not public facing) installer web page would be referenced as follows:
1. How would these Edge policy registry entries refer to the domain? Is it the internal domain to which myintranetwebserver belongs, i.e. *.ourdomain.net or perhaps https://*.ourdomain.net ? Or is it https://myintranetwebserver or https://*.myintranetwebserver
[SIDE NOTE: the intranet web server has a self-signed SSL certificate which is imported into the appropriate certificate store on user machines to allow for SSL encryption between user desktops and the intranet web server.]
2. When specifying AutoOpenFileTypes is there a way avoid making them global and only applicable to specified domains, as can be done with ExemptDomainFileTypePairsFromFileTypeDownloadWarnings where a file-type extension is linked to an array of domain names?
3. What is the expected combined behavior when policies for both AutoOpenFileTypes and ExemptDomainFileTypePairsFromFileTypeDownloadWarnings appear in the registry?
Are there precise definitions (rather than simple bullet-type blurbs) for the behavior of each of those settings?
Aug 16 2021 04:54 PM
@lloydmalvern Hi again!
For AutoOpenFileTypes, you can use the AutoOpenAllowedForURLs in conjunction. Here is the documentation: https://docs.microsoft.com/en-us/deployedge/microsoft-edge-policies#autoopenallowedforurls which also contains a link to the URL pattern documentation: https://docs.microsoft.com/en-us/DeployEdge/edge-learnmmore-url-list-filter%20format
If you are working on deploying MS Edge, have you heard of our FastTrack team (https://www.microsoft.com/en-us/fasttrack/microsoft-365/microsoft-edge)? They can help with configuring MS Edge for your organization and provide guidance with these policies.
Hopefully this will help with some of your questions.
Aug 17 2021 04:59 AM - edited Aug 17 2021 05:14 AM
Thanks very much for the links to the current policies. I can't get it to work. Edge is still blocking setup.exe
To confirm the domain I open Edge and type the following into the address bar
The ClickOnce publish.htm for TestApp is successfully opened in the browser.
There is a registry entry to enable ClickOnce:
In the registry the domain has been exempted from file type warnings:
exe is specified in AutoOpenFileTypes key in the registry:
And in AutoOpenAllowedForURLs in the registry I've added the path to the IIS web-application above
NOTE: The case-sensitivity matches.
Do I have to specify the full path?
When I do that, there is no change to the behavior. Setup.exe is still blocked.