Fix OTRS compatibility problems with Internet Explorer via Active Directory GPO

OTRS

OTRS4 just works with Firefox and Chrome/Chromium but I had a lot of trouble trying to allow people that use Microsoft Internet Explorer to work with OTRS.

Pietro Forti on flickr
Interoperability

Why? Because IE forces by default Compatibility View mode for Intranet web sites and – of course – OTRS is in my company Intranet. With this option forced by IE, OTRS don’t work. I don’t want to go deeper why IE uses Compatibility View mode for Intranet, it’s something legacy and crazy, but a solution exists (or at least works for me now).

From a single user point of view a way to fix the problem is to go under Internet Explorer settings (IE11 in my case) and uncheck the box that enable the Compatibility View for Intranet websites (Display intranet sites in Compatibility View).

Compatibility View Settings
Compatibility View Settings

But some user reported that OTRS don’t work also with this setting disabled.

After lot of testing I found a better solution that scale with hundred/thousand clients in an enterprise scenario (but you can apply to a single computer too).

I modified the default domain policy in my 2008R2 AD Domain as follow (it’s fine to create a specific GPO too).
Notice: I made these settings both for User and Computer Configuration.

First I added OTRS FQDN to “Site to Zone Assignment List” as a “Trusted Site” (value=2). I’m not sure if this is really necessary, but it’s very easy to set, so I did anyway 🙂

Policies -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page

Site to Zone Assignment List
Site to Zone Assignment List

Then I set to “Disable” following parameters:

  • “Turn on automatic detection of intranet”;
  • “Intranet sites: Include all local (intranet) sites not listed in other zones”;
  • “Intranet sites: Include all network paths (UNCs)”;
  • “Intranet sites: Include all sites that bypass the proxy server”.

The effect of these settings is to stop IE to automatically detect your Intranet; this means that IE won’t run in Compatibility Mode while browsing OTRS and all other web sites.

Policies -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page

Disabled Intranet GPOs
Disabled Intranet GPOs

After GPO is propagated and clients are updated, OTRS is in the list of Trusted Sites, Automatic Intranet detection is disabled and you shold use OTRS with IE  without problems (with Microsoft should is a must) because Compatibility View is not applied at all.

IE Intranet Sites disabled options
IE Intranet Sites disabled options

If some web site need Compatibility Mode to work (really?) you can explicity add it to the list of Intranet Web Sites via other GPO options.

[ More on OTRS: Configure OTRS to process multiple Tickets in email Subject ]

Published by merlos

Founder and president of Cyber Saiyan - www.cybersaiyan.it - a no profit organization founded to promote social initiatives to spread cyber security and ethical hacking culture; Cyber Saiyan organizes RomHack Conference and Camp romhack.camp

Published

2 thoughts on “Fix OTRS compatibility problems with Internet Explorer via Active Directory GPO

  1. Pingback: Configure OTRS to process multiple Tickets in email Subject – Scubarda

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.