by MS
Note
The custom title also appears in Microsoft Outlook Express if this is installed and used on the affected computer or computers.
Creating Custom Logos
Internet Explorer displays two standard logos in the upper right corner of the Internet Explorer window: a static logo and an animated logo. The static logo is displayed when the browser isn't performing an action. The animated logo is displayed when the browser is downloading pages or performing other actions. These logos are produced in one of two sizes, 22 × 22 pixels or 38 × 38 pixels, and they are formatted as bitmap images.
Using the Custom Logo policy, you can replace the standard logos with logos specifically created for your organization. If you want to use custom logos, you can work with your organization's design or art department to create the necessary image files. Images in 256 colors should be indexed to the Windows halftone palette; 15-color images should be indexed to the 15-color Windows palette. The animated bitmap should consist of numbered bitmaps that are vertically stacked into one bitmap. The first bitmap appears static when no action is taking place and the remaining bitmaps appear in sequence when the browser is in use, producing the animation effect. You'll find two tools, the Animated Bitmap Creator (MakeBMP.exe) and the Animated Bitmap Previewer (AnimBMP.exe), in the Internet Explorer Administration Kit (IEAK), available for download from http://www.microsoft.com/technet/prodtechnol/ie/ieak/downloads/default.mspx. These tools will help you create and preview animated logos.
Once you finish creating the image files, test the files on your local system before using Group Policy to update other computers in the organization. The logo files become part of Group Policy and are stored with the Group Policy files. Because the files are imported before use, they don't need to reside on the local computer initially. In fact, it might be best to put the logos on a network drive so that you can test them locally and then incorporate them into Group Policy using the same file paths.
To add custom logos to Internet Explorer, follow these steps:
Access User ConfigurationWindows SettingsInternet Explorer MaintenanceBrowser User Interface in Group Policy and then double-click Custom Logo. This displays the Custom Logo dialog box, shown in Figure 14-4.
Figure 14-4: Once you create custom logos for Internet Explorer, you can use the Custom Logo dialog box to configure them to be used through Group Policy.
If you want to set a static logo and have created static logos that are 22 × 22 pixels and 38 × 38 pixels, select Customize The Static Logo Bitmaps. Then perform the following tasks, in any order:
q In the Small (22 × 22) Bitmap text box, type the path to the small logo that you want to use or click Browse to use the Browse dialog box to find the image that you want to use.
q In the Large (38 × 38) Bitmap text box, type the path to the large logo that you want to use or click Browse to use the Browse dialog box to find the image that you want to use.
Note
In all cases, the images must be the appropriate size or they won't be imported and set as the default logos. If you see a warning message that says the specified bitmap is too large, you'll need to select a different logo file to continue.
If you want to set an animated logo and have created animated bitmap images that are 22 × 22 pixels and 38 × 38 pixels, select Customize The Animated Bitmaps. Then perform the following tasks, in any order:
q In the Small (22 × 22) Bitmap text box, type the path to the small animated logo that you want to use or click Browse to use the Browse dialog box to find the image that you want to use.
q In the Large (38 × 38) Bitmap text box, type the path to the large animated logo that you want to use or click Browse to use the Browse dialog box to find the image that you want to use.
Click OK. The logo files are then imported and stored in Group Policy.
Creating Custom Buttons for Internet Explorer
Just as you can customize the title bar and logos in Internet Explorer, you can also customize the toolbar. The most common task you'll need to perform is adding a custom button that performs a specific task, such as launching a custom application. Before you can use a custom button, you'll need to do the following:
Create a script file containing the commands that you want to run, or know the path to an executable file that you want to use. The script file can be a batch file (.cmd or .bat) or a Windows Script Host (WSH) file (.js, .vbs, and so on).
Create (or work with your design or art department to create) a color icon file for the button. The color icon file, saved with an .ico extension, contains images for when the toolbar button is active. The icon file must contain three separate bitmaps: one 20 × 20 256-color, one 20 × 20 15-color, and one 15 × 15 15-color. The bitmaps must be indexed to either the 256-color Windows halftone palette or the 15-color Windows palette as appropriate.
Create (or work with your design or art department to create) a grayscale icon file for the button. The grayscale icon file, saved with an .ico extension, contains images for when the toolbar button is in the default or inactive state. The icon file must contain three separate bitmaps: one 20 × 20 grayscale image using the 256-color Windows halftone palette, one 20 × 20 grayscale image using the 15-color Windows palette, and one 15 × 15 grayscale image using the 15-color Windows palette.
When you are ready to proceed, you can add a custom button to the Internet Explorer toolbar by following these steps:
Access User ConfigurationWindows SettingsInternet Explorer Maintenance Browser User Interface in Group Policy and then double-click Browser Toolbar Customizations. This displays the Browser Toolbar Customizations dialog box.
On the Buttons panel, click Add to display the Browser Toolbar Button Information dialog box, shown in Figure 14-5.
Figure 14-5: Use the Browser Toolbar Button Information dialog box to add custom buttons to the toolbar.
In the Toolbar Caption (Required) text box, type the button caption, which should be short—no more than one or two words. The button caption appears to the right or below the button when users display both the text and the icon on toolbar buttons.
In the Toolbar Action, As Script File Or Executable (Required) text box, type the path to the script or executable file that you want to run when the button is clicked. If you don't know the file path, click Browse and use the Browse dialog box to find the file.
Tip
When setting the toolbar action, think carefully about the file path you use. It should be accessible to all users who will be affected by the policy you are creating. If necessary, you can use environment variables, such as %SystemDrive%, to ensure file paths are consistent for different users. You can also use network file paths, provided they are automatically mapped for users.
In the Toolbar Color Icon (Required) text box, enter the path to the color icon file that you created for the button or click Browse to locate the file using the Browse dialog box.
In the Toolbar Grayscale Icon (Required) text box, enter the path to the grayscale icon file that you created for the button or click Browse to locate the file using the Browse dialog box.
If you want the custom button to be displayed on the toolbar by default, select This Button Should Be Shown On the Toolbar By Default. If you don't select this check box, users will need to display the button manually using the Customize Toolbar dialog box. This dialog box is accessed in Internet Explorer by selecting View, pointing to Toolbars, and selecting Customize.
Click OK. If you later decide not to use the button, you can remove it by selecting the button on the Buttons list and then clicking Remove.
Setting Default Internet Programs
You can set default Internet programs using the Programs tab of the Internet Properties dialog box or through Group Policy. The procedures are very similar. To set default programs through Group Policy, follow these steps:
Access User ConfigurationWindows SettingsInternet Explorer MaintenancePrograms in Group Policy and then double-click Programs in
the right pane. The Programs dialog box is displayed.
If you want to stop using custom program settings, select Do Not Customize Program Settings and then click OK. Skip the remaining steps.
If you want to start using custom program settings, select Import The Current Program Settings and then click Modify Settings. This displays the Internet Properties dialog box, shown in Figure 14-6.
Figure 14-6: In the Internet Properties dialog box, specify the default programs to use.
Default Web Browser options are used to provide notification if Internet Explorer isn't the default Web browser or to make Internet Explorer the default browser. When you install additional browser software, the software might be set as the default Internet browser during installation. To have Internet Explorer check to make sure that it is still registered as the default Internet browser when Internet Explorer is started, select Tell Me If Internet Explorer Is Not The Default Web Browser. If your organization uses a Web browser other than Internet Explorer as the default browser, clear Tell Me If Internet Explorer Is Not The Default Web Browser.
HTML Editing options are used to set the default program for editing HTML files. Select Microsoft Notepad as the default if other HTML editors, such as Microsoft FrontPage, are not routinely configured.
Note
Additional options might be available if other applications are installed on a system. Furthermore, in some cases (such as with the default HTML editor), you can select a blank value to specify that you don't want to use a default program for this service.
If you want to configure other default program options, click Set Programs. You can then configure other default programs as discussed in the "Designating Default Programs" section of Chapter 5, "Installing and Maintaining Programs."
When you install additional browser software, the software might be set as the default Internet browser during installation. To have Internet Explorer check to make sure that it is still registered as the default Internet browser when Internet Explorer is started, select Internet Explorer Should Check To See Whether It Is The Default Browser.
Click OK twice when you are finished.
Managing Connection and Proxy Settings
Internet connection settings and proxies can be two of the biggest problems for administrators. When you deploy new computers, you must configure the connection and proxy settings manually or rely on an image build of a machine that might not be up to date. When you make changes to the network, you might need to update the connection settings as well. Performing these procedures manually takes a lot of time that can be better spent performing other tasks. Fortunately, Group Policy provides a better way to manage connection and proxy settings, and the related techniques are examined in this section.
Managing Connection Settings Through Group Policy
Connection settings for dial-up, broadband, and virtual private network (VPN) access can be managed through Group Policy. You can use Group Policy to deploy new configurations, to update existing configurations when you need to make changes, and to delete existing configurations and replace them with new ones. Local area network (LAN) settings for automatic detection and proxy servers are also imported with the connection configuration settings. The address for automatic configuration scripts is not imported, however. These settings are managed with the Automatic Browser Configuration policy.
Real World
Whenever you manage connection settings through Group Policy, you should create the necessary connections on a test system following the techniques discussed in Chapter 13, "Managing Mobile Networking and Remote Access," and then check the connections by dialing in to the network, connecting through broadband, or using VPN as necessary. Then import the settings into the Connection Settings policy from the test system. Be sure to import settings at the appropriate level in Group Policy. In most cases, you won't want to roll these settings out to the entire domain and instead will want to apply these settings only to the appropriate Microsoft Active Directory directory service organizational units.
To import connection settings into Group Policy, follow these steps:
Log on to the system where you created the connection settings that you want to use.
Access the Group Policy object you want to work with following the techniques discussed in the "Group Policy Essentials" section of Chapter 8, "Configuring User and Computer Policies," and then access User ConfigurationWindows SettingsInternet Explorer MaintenanceConnection in Group Policy.
Double-click Connection Settings in the right pane. This displays the Connection Settings dialog box.
Select Import The Current Connection Settings From This Machine. To view or modify the settings that will be imported, click Modify Settings and then use the Connections tab of the Internet Properties dialog box to work with the settings as necessary. The options available are the same as those for the Connections tab of the Internet Properties dialog box.
Note
Existing connections with the same names as the imported connections are updated with the new settings, so you don't need to delete the existing settings to make these updates. You need to delete existing settings only if you are concerned that users or other administrators have created connections that might no longer be valid and you want to ensure they are removed to prevent connectivity problems.
If you are replacing previously configured connections, you might want to specify that existing connections should be deleted. To do this, in the Connection Settings dialog box, select Delete Existing Dial-Up Connection Settings.
Caution
All previously configured connections are deleted if you elect to delete existing connection settings. This means that previous connections created by both administrators and users are permanently removed.
Click OK.
Enabling and Configuring Proxy Settings
When you enable proxy settings, Internet Explorer acts as a Web proxy client. In this configuration, Internet Explorer requests can be directed to a proxy service to determine whether access to this protocol is allowed. If the protocol is allowed, the proxy server sends the request on behalf of the client and returns the results to the client securely. Because the proxy server uses network address translation (NAT) or a similar protocol, the actual Internet Protocol (IP) address of the client making the request isn't revealed to the target server. You can configure proxy servers for Hypertext Transfer Protocol (HTTP), Secure Sockets Layer (SSL), File Transfer Protocol (FTP), Gopher, and Socks (the Microsoft proxy service protocol).
You can manage settings for proxy servers in several different ways. One of those ways is to use the Local Area Network (LAN) Settings dialog box, which is accessible in the Internet Properties dialog box. On the Connections tab, click LAN Settings to access the dialog box. When you want to use Group Policy, the preferred technique is to configure standard proxy servers using the Proxy Settings policy. Using this policy, you can configure unique proxy servers for each Web service (HTTP, SSL, FTP, Gopher, and Socks) or you can use one or more proxy servers to handle all types of requests. You can also configure exceptions so that a proxy isn't used for specific servers, IP address ranges, and the local network.
To configure proxy settings through Group Policy, follow these steps:
Access User ConfigurationWindows SettingsInternet Explorer MaintenanceConnection in Group Policy and then double-click Proxy Settings in the right pane.
In the Proxy Settings dialog box, shown in Figure 14-7, select Enable Proxy Settings.
Figure 14-7: If your organization has proxy servers, you can configure Internet Explorer proxy settings using the Proxy Settings policy.
Set the IP address for proxies using the text boxes on the Proxy Servers panel. You'll find two columns of text boxes:
q Address Of Proxy Sets the IP address of the related proxy server or servers. Type the IP address for each service. If multiple proxies are configured for a particular service, type the IP addresses for each proxy server in the order in which y
ou want the Web client to attempt to use them. Each address must be separated by a semicolon. If a proxy isn't configured for a service, don't fill in the related field.
q Port Sets the port number on which the proxy server responds to requests. Most proxies respond to port 80 for all requests. That said, however, the standard ports are port 80 for HTTP, port 443 for SSL (listed as Secure), port 21 for FTP, port 70 for Gopher, and port 1081 for Socks. Check with your organization's Web administrator for the proper settings.
The Use The Same Proxy Server For All Addresses check box is selected by default. This setting enables you to use the same IP address and port settings for the HTTP, SSL, FTP, Gopher, and Socks services. You have two options:
q If your organization has proxy servers that handle all requests, select Use The Same Proxy Server For All Addresses and then type the IP address or addresses that you want to use as well as the port number on which the server or servers respond.
q If you want to use a unique proxy server or servers for each type of service, clear the Use The Same Proxy Server For All Addresses check box and type the necessary IP addresses and port numbers in the text boxes provided.
The Do Not Use Proxy Server For Local (Intranet) Addresses check box is selected by default. The default value is a good setting, in most cases, because you won't want to use a proxy for requests made to servers on the same network segment. However, this setting doesn't work well when your internal network uses multiple network segments. In this case, you'll need to specify the IP address range for each network segment on the exception list. An example is shown in Figure 14-7. Here you don't want a proxy to be used when accessing servers on the same network segments as the proxy servers, so you configure the IP addresses on these network segments as exceptions.