Edge Chromium weird GPO behavior

[Gordon Pegue]

Scenario:

 

New Dell PC on the bench;

 

Some simple GPO settings defined that among other things open a specific set of pages when Edge starts here:

Computer Configuration\Administrative Templates\Microsoft Edge\Startup home page and new tab page

 

First user setup on the PC is the administrator;

No changes made to Default profile;

Second user setup (with temp admin perms as I try and figure this out);

 

Logon as first user;

Make sure that all policies are applied: gpupdate /force;

Launch Edge and my three pages are opened properly.

All good so far;

Run a gpresult /H C:\admin.html as a baseline;

 

Logon as second user;

As insurance, make sure that all policies are applied: gpupdate /force;

Launch Edge and ONLY the edge://newtab page opens. WTF?

Run a gpresult /H C:\user.html.

 

Compare and contrast the two gpresult reports and both reports have the SAME content for the Edge stuff. Holy WTF?

 

If I open the Edge settings when I’m logged on as the second user and drill down to Start, Home & New Tabs,

I see my GPO settings there for my 3 startup pages, all greyed out as expected but yet when I launch Edge, only the newtab page is displayed.

 

If I log in as the first user, all is fine and dandy!

 

With an identical set of GPO settings defined for Chrome, it of course, works just fine for both users. All 3 pages presented when browser is launched.

 

There is nothing in either of the gpresult reports that indicates that anything else is mucking with Edge, so I’m baffled.

Nothing in the GroupPolicy\Operational event log.

No clue where other Edge logging might be.

 

 

Anyone seen this Edge behavior lately?

 

Anyone with some suggestions on things to try?

 

 

TIA

Gordon

[Michael B. Smith]

Verify the settings in the registry, not just in the GPO.

--
You received this message because you are subscribed to the Google Groups "ntsysadmin" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ntsysadmin+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/CY4PR07MB31445D7B71CE924FF3C5BE1BD3769%40CY4PR07MB3144.namprd07.prod.outlook.com.

[Gordon Pegue]

That’s a great tip MBS.

 

The HKLM\Software\Policies\Microsoft\Edge contains all my basic Edge GPO settings;

The HKLM\Software\Policies\Microsoft\Edge\RestoreOnStartupURLs contains 3 properly defined REG_SZ entries for my startup pages, each value named 1 thru 3.

 

There’s no HKCU\Software\Policies\Microsoft\Edge key at all, which is expected since I have no user-level settings defined in my GPO.

 

Even though the gpresult report says nothing is stopping these startup page settings from being applied, they fer darn sure are getting blocked by something for the 2^nd user….

 

Gordon

 

From: ntsys...@googlegroups.com <ntsys...@googlegroups.com> On Behalf Of Michael B. Smith
Sent: Wednesday, December 15, 2021 3:42 PM
To: ntsys...@googlegroups.com

Subject: [ntsysadmin] RE: Edge Chromium weird GPO behavior

 

  [EXTERNAL]

To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/f296879da9534b0f861d51b56daa358b%40smithcons.com.

[Michael B. Smith]

Do they map directly to entries for chrome?

 

Below is what I have in my user-configuration script. Check the value for RestoreOnStartup.

 

## add homepage default location

## Ensure Edge key exists

$key = 'HKCU:\Software\Policies\Microsoft\Edge'

createIfMissing $key

$IPHT =

    @{

        Path   = $key

        Name   = 'RestoreOnStartup'

        Value  = 4

        Type   = 'DWORD'

    }

## Set RestoreOnStartup value entry

Set-ItemProperty @IPHT -EA 0

check $? $error[ 0 ] "Set-ItemProperty $key RestoreOnStartup 4 DWord"

 

$subKey = "$key\RestoreOnStartupURLs"

createIfMissing $subKey

 

## Create a single URL startup page

$HomeURL = 'https://duckduckgo.com'

Set-ItemProperty -Path $subkey -Name '1' -Value $HomeURL

To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/CY4PR07MB31445B7E16A655E5DD27A8A3D3769%40CY4PR07MB3144.namprd07.prod.outlook.com.

[Gordon Pegue]

Yessir.

One to one correspondence.

DWORD 4 for both Chrome and Edge RestoreOnStartup values.

To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/186a9b8f253e40f1befebe79a2acd2dd%40smithcons.com.

[Michael B. Smith]

Try it in HKCU instead of HKLM. My script below works, but I’ve not tried it as a machine policy.

To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/CY4PR07MB31441998426765D6DE6C9AB2D3769%40CY4PR07MB3144.namprd07.prod.outlook.com.

[Gordon Pegue]

I’ll give that a try in the morning MBS and report back.

I’ve got a bunch of older machines with this GPO in play and it just works for any user that logs on… That’s what’s baffling about it.

To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/4bcc11c4444746d4a1d2c51bd80c8d78%40smithcons.com.

[Gordon Pegue]

Nope, no luck.

Still refuses to open my 3 pages when logged in as 2^nd user.

If I change the NewTabPageLocation to point to my 1^st webpage URL (instead of about:blank), at least THAT page displays when I start Edge.

1^st user works fine.

 

Gordon

To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/CY4PR07MB3144AE0A42E05072E00AC7D8D3769%40CY4PR07MB3144.namprd07.prod.outlook.com.

[Michael B. Smith]

☹

 

Sorry. I’m out of ideas.

To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/CY4PR07MB31446A28C185AD7ECB0D0C3FD3779%40CY4PR07MB3144.namprd07.prod.outlook.com.

[Gordon Pegue]

Yeah, me too.

It’s just flat out bizarre that the policy works fine for the first user defined on the box but not for subsequent users…

 

What I’m starting to suspect is a very subtle OS issue but how that would effect policy processing is above my expertise.

The box on my bench was one of a batch of 11 identical machines I bought for our department recently from Dell.

I begin to wonder if some of the other weird behavior (last weeks “missing” CD/DVD drive) I’ve seen on the batch is because the Dell factory OS image is subtly borked…

 

I’ve got a 20H2x64 ISO from MS, maybe I’ll install it as an upgrade to protect my installed police stuff and see if that fixes things.

But first, an SFC scan and a DISM scan! Haven’t tried those quick checks.

 

Thanks Michael. If I get a positive resolution to this baffling situation, I’ll post back.

 

Gordon

 

From: ntsys...@googlegroups.com <ntsys...@googlegroups.com> On Behalf Of Michael B. Smith
Sent: Thursday, December 16, 2021 9:36 AM
To: ntsys...@googlegroups.com
Subject: [ntsysadmin] RE: Edge Chromium weird GPO behavior

 

  [EXTERNAL]

To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/7784a15e6af140b494182017d33a640c%40smithcons.com.

[Gordon Pegue]

SFC scan found and fixed something (didn’t look at CBS log) but that made no difference.

DISM scan didn’t find anything.

20H2 upgrade in progress….

 

Gordon

To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/CY4PR07MB3144D36A5386547032B865A4D3779%40CY4PR07MB3144.namprd07.prod.outlook.com.

[James Iversen]

Would it be possiblet

Would it be possibly purely a "profile" issue?

Copy the first user profile to the Default User profile and try a subsequent logon to see if the issue persists...

2cents

From:        "Gordon Pegue" <gpe...@unm.edu>
To:        "ntsys...@googlegroups.com" <ntsys...@googlegroups.com>
Date:        12/16/2021 12:23 PM
Subject:        [ntsysadmin] RE: Edge Chromium weird GPO behavior

Sent by:        ntsys...@googlegroups.com

---

---

ATTENTION: This email was sent from someone outside of NYCM.

---

.
To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/CY4PR07MB3144ACA17F49A9CD8FB771C7D3779%40CY4PR07MB3144.namprd07.prod.outlook.com.









Join us on Facebook at www.facebook.com/NYCMInsurance.


***CONFIDENTIALITY NOTICE***

This email and any attachments to it are confidential and intended solely for the individual or entity to whom it is addressed. Any unauthorized review, use, disclosure or distribution is prohibited. If you have received this email in error, please contact the sender by reply email and destroy all copies of the original message.

[Gordon Pegue]

That’s sorta what I’m trying now James.

 

The in-place upgrade from 20H2 to 20H2 is just about done.

When it is, I’m going to delete the second user profile, then recreate a fresh one from the supposedly updated Default profile.

If that doesn’t cure it, I’ll backup Default and use the ForesnsIT Defprof tool to update Default with the stuff from the 1^st user.

 

Gordon

To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/OF8E5BF014.9909C62B-ON852587AD.0066CAA7-852587AD.0066E9B9%40nycm.com.

[Hammer, Erich F]

My question is about what is different with the user accounts and/or profiles.

Are they both local or domain accounts?
Does User3 also get the same behavior as User2?
If you delete the User1 profile and log back in as User1, does Edge work like it should (like before) or like it does for User2?

Erich


On Wednesday, December 15, 2021 at 17:30, Gordon Pegue eloquently inscribed: