Recently I was working at a customer (you know how your are…) and the discussion on IE 11 popped up, we talked about the new Enterprise Mode (which is great). It ended up with one question…
So, how to implement this in the real world then?
I have to admit, that is a very valid question, but before we dive into the nitty-gritty stuff, what is Internet Explorer Enterprise Mode (if I’m wrong Fred at Microsoft is going to give me a hard time next we see each other). To make a very long story short, it is a way to present Internet Explorer in an old style for the web server, so instead of being “like Gecko”, it present it self as “MSIE” (like old IE version would do) and and the same time the rendering engine is working more or less the same way as Internet Explorer 8. The purpose is to be able to access old style internal websites, making business and users happy. Download for all the scripts IF you know this stuff – http://1drv.ms/1rkSxrN
If you want to read more about this and see other solutions around this:
- http://msdn.microsoft.com/en-us/library/dn640687.aspx
- http://channel9.msdn.com/Events/Build/2014/2-559
- http://www.grouppolicy.biz/2014/04/setup-internet-explorer-11-enterprise-mode-logging
- https://github.com/InternetExplorer/EMIE-Data-Collection-Sample
- http://blogs.msdn.com/b/ie/archive/2014/04/02/stay-up-to-date-with-enterprise-mode-for-internet-explorer-11.aspx
Step 1 – Deploy Internet Explorer in the Reference Image using IEAK
Installing IE 11 can be installed manually, but please that is for consumers and non IT Pros, just don’t do that. It is also possible to deploy using Windows Update, but that is not correct way IMHO. Using IEAK is by far the best way. Download IEAK, create a package including all the settings you should have, try them out and include that as an app in the reference image.
- Download IEAK from here – http://www.microsoft.com/en-us/download/details.aspx?id=40903
- Creating a Ref images the correct way – http://technet.microsoft.com/library/dn744290.aspx
Step 2 – Install/Configure a Website to host the global response file and the global host list
This is very easy, you just need a web server that has the “feature” of running an .ASP site. That means basically ANY webserver with .ASP install and enabled.
– Create a folder structure, in this example we will use E:\IEEM, E:\IEEM\Root and E:\IEEM\Logs
– Add support for .ASP in IIS in Windows Server 2012 R2
Support for .ASP is added to IIS.
– Create a new site that uses a port 8000 (or something else or even a hostname, as long as you can reach it..) in a folder (I’m using E:\IEEM\Root), like this.
The IEEM site is using E:\IEEM\Root as root folder and an application pool called IEEM(It will be created for you when you create the site).
The IEEM site created using port 8000.
Step 3 – Create the .ASP page to let users automatically post when Enterprise Mode is used
– Open your favorite text file creator and create the reportieem.asp file like this (You can download this from: http://1drv.ms/1rkSxrN )
————————————————
<% @ LANGUAGE=javascript %>
<%
var objFSO, objTextFile;
var DateTime, URL, EnterpriseMode, REMOTE_ADDR;
var ForReading = 1, ForWriting = 2, ForAppending = 8;
objFSO = new ActiveXObject("Scripting.FileSystemObject");
objTextFile =objFSO.OpenTextFile("E:\\IEEM\\Logs\\UserSelectedIEMode.log", ForAppending, true);
objTextFile.WriteLine("IE Mode Change," + (new Date()) + "," + Request.Form("URL") + "," + Request.Form("EnterpriseMode") + "," + Request.ServerVariables("REMOTE_ADDR"));
objTextFile.Close();
%>
———————————————–
– Save the file in E:\IEEM\Root as reportieem.asp
– Note: If you have another folder structure, you need to modify reportieem.asp accordingly.
– Modify the permissions in the E:\IEEM\Logs for IUSR, since that is the process that will create AND update the log file. The Modify permissions should be enough.
Permissions for the Logs folder modified.
– Test it before you continue, by browsing to that page. If everything is correct you should se NOTHING in your web browser, but if you open the log file (E:\IEEM\Logs\UserSelectedIEMode.log) you should see something very similar to this:
Reading the log file to test the web servers capability to execute .ASP pages as well as testing the permissions for the webserver to write in the log folder.
Step 4 – Install the Enterprise List Manager
The Enterprise List Manager is a editing/import/export tool from Microsoft that has the ability to import lists of website that should be in Enterprise mode and save that to an XML file that Internet Explorer 11 will read and use to set each URL in the correct mode that we have defined as either Default or Enterprise Mode. You download it from here: http://www.microsoft.com/en-us/download/details.aspx?id=42501
– Install the Enterprise List Manager using the “next-next” method.
The Enterprise List Manager installed and started.
Step 5 – Create a Group Policy to configure Enterprise Mode
– Create a Group Policy that will affect users/computers (I prefer users for this kind of policy) that you would like to configure. As a best practices you should a a small pilot group that you test on first. Enable the following policy’s:
– Enable: Turn on menu bar by default (since the Enterprise Mode selection is on the menu bar it make sense to have it enabled…)
Turn on menu bar by default – Enabled.
– Enable: Let users turn on and use Enterprise Mode from the Tools menu (They really need to see it.) and type in the URL to the webpage you created in step number 3. In my demo case it is: http://srvmgt01.network.local:8000/reportieem.asp
Let users turn on and use Enterprise Mode from the Tools menu – Enabled.
– Enable: Use the Enterprise IE website list (this XML file will be read by IE, stored locally and used as a global list for all URL’s that needs to run in Enterprise mode). In my case that is: http://srvmgt01.network.local:8000/ieem.xml
– Note: This file is empty, but you will soon add content to it using the Enterprise List Manager.
Use the Enterprise IE website list – Enabled.
Step 6 – Run GPUpdate /force (or wait until it runs automatically) and verify that you can see the menu bar and the Enterprise Mode settings in Internet Explorer 11
– Test browsing to http://www.bing.com and on the tools bar you should now be able to switch into Enterprise Mode
Running Bing.com in Enterprise Mode.
Step 7 – Read the E:\IEEM\Logs\UserSelectedIEMode.log using CMTrace.
Since you selected to run Bing.com in Enterprise Mode, that was POST:ed to the ASP webpage and therefore recored in the UserSelectedIEMode.log file.
– Open the UserSelectedIEMode.log using CMtrace.exe (or Notepad.exe) and you will see something like this:
The UserSelectedIEMode.log opened in CMtrace.exe.
Step 8a – Examine the log file using PowerShell
Using PowerShell we can make the log file a bit better by removing duplicates and such. So, if you open an elevated PowerShell prompt or PowerShell Integrated Environment you can run this PowerShell commands to get a better output.
IIEM-LogAnalyzer.ps1 (You can download this from: http://1drv.ms/1rkSxrN )
——————————————-
$IEEMFileSource = "E:\IEEM\Logs\UserSelectedIEMode.log"
$IEEMData = Import-Csv -Delimiter "," -Path $IEEMFileSource -Header Event,Time,URL,Mode,Client
$IEEMDataSorted = $IEEMData | Group-Object URL,Mode | ForEach-Object {$_.group | Sort-Object Mode | Select-Object -last 1}
$IEEMDataSorted | Sort-Object Time | Format-Table Time,URL,Mode
——————————————-
Running IIEM-LogAnalyzer.ps1 to get a better understanding what is needed to be running in Enterprise Mode.
Step 8b – Convert the log file to a csv file so that we can Bulk import to the Enterprise List Manager.
Using PowerShell we can convert the log file into a CSV so we can import that into the Enterprise List manager and then Create the XML file with the central configuration for Internet Explorer to read in. Use the same PowerShell prompt or Integrated Scripting Environment and execute this:
IIEM-LogToCSVConverter.ps1 (You can download this from: http://1drv.ms/1rkSxrN )
——————————————-
$IEEMFileSource = "E:\IEEM\Logs\UserSelectedIEMode.log"
$IEEMUrlSource = "E:\IEEM\Logs\UserSelectedIEMode.csv"
$IEEMData = Import-Csv -Delimiter "," -Path $IEEMFileSource -Header Event,Time,URL,Mode,Client
$UrlList = foreach ($Item in $IEEMData){If ($Item.Mode = "On"){$Item.URL}}
$UrlList | Select-Object -Unique | Out-File $IEEMUrlSource
——————————————-
Running IIEM-LogToCSVConverter.ps1 to get a CSV for import to Enterprise List Manager.
Step 9 – Import the CSV file into the Enterprise List Manager and save to the XML file
– Start the Enterprise Mode Site List Manager and select to “Bulk add from file”. Browse to E:\IEEM\Logs\UserSelectedIEMode.csv and follow the instructions (You can read more on how to perform a bulk import here http://technet.microsoft.com/en-us/library/dn640696.aspx)
Performing an Bulk Import.
– View, edit, modify and play around.
Editing a entry in the Enterprise Mode List Manager.
– Save the XML file as E:\IEEM\Root\ieem.xml
Step 10 – The Final Test
– Logon to a machine that is affected by the policy and have Internet Explorer 11, restart IE (just to make sure) and the net result should be this if you visit www.bing.com
As you can see, Enterprise is now pre-selected and cannot be changed, since the Super Cool IT Pro has discovered that many users have selected Enterprise mode to solve an issue and therefore the Super Cool IT Pro decided to help the rest of the organization and therefore he/she will be the employee of the months and wins a new Ferrari.
Step 11 – Drive the Ferrari
Congratulations!
/mike
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
Share this:
Categories: Deployment, IEAK, Internet Explorer
The Deployment Bunny 
Hi Mikael,
I also created a list for em, but users still can change the mode even the site is listed. How did you make sites running mandatory in em and user can not change the mode himself?
Cheers
Alex
The sites will be mandatory for everybody expect the user that submits it.
If I enable EM on a site that is not contained in the central site.xml file -where is that information logged locally? In other words, when you enable users to be able to enable/disable EM for any site that information must be contained somewhere locally, be an xml file or registry key. This must be true because when not connected to a LAN and the “additional EM site” is visited, IE brings it up in EM.
Any ideas where these “additional” EM enabled site information is recorded?
The version of Internet Explorer 11 for Windows 7 that ships with the IEAK appears to be the RTM version 11.0.9600.16428, but Enterprise Mode is not enabled as an IE feature until at least the April 2014 cumulative update (Update Version 11.0.03) is installed. This update is conveniently included in KB2919355 for Windows 8.1, but the relevant updates for Windows 7 are not applicable until IE11 is installed.
If the computers install updates through WSUS and group policy, additional steps may not be necessary since a gpupdate is included. But in other environments, administrators may have to ensure that either a cumulative update is deployed in the process (possibly slipstreamed into IEAK, or installed later via script), or that whatever automatic deployment mechanism is in use (Microsoft Update, or SCCM, for instance) gets triggered to install the latest updates. The GPO to enable Enterprise Mode also depends on update version 11.0.03 or later before you can see it enabled in RSOP.msc.