Tuesday, May 3, 2011

Group Policy - Changing Default Search Provider in IE 7, 8 and 9

Controlling your users Internet Explorer 7, 8 and 9 Search Providers is very easy.

There are various methods of trying to change the search provider, but thanks to the new 'AntiPhishing' component of Internet Explorer 8, non-supported methods will end up with the user having a prompt when they first launch IE.

Above: Microsoft's AntiPhishing pop-up alerting the user that an unauthorized change had been made.

So the only way to control the search providers is via Group Policy. But of course Microsoft only included half of the required policies for this to be achieved out of the box.

Above: GPMC Path to the Internet Explorer Setting

When you "Enable" this feature, in the Help text it states.

Help:
 If you enable this policy setting, the user will not be able to configure the list of 
search providers on their computer, and any default providers installed will not 
appear (including providers installed from other applications). The only providers 
that will appear will be those in the list of search provider policy keys 
(found under [HKCU or HKLM\Software\policies\Microsoft\Internet Explorer\SearchScopes]). 
Note: This list can be created using a custom administrative template file. 
For information on creating this custom administrative template file, see the 
Internet Explorer documentation on search providers.   
So they have given us half the story and the rest you have to research and code yourself! Thanks MS!

Thankfully I found it to be a lot easier than I expected and found some resources with prewritten ADM files.

Simple copy and paste the next lot of code into Notepad, and save it as an ADM file. (Remember to select Save as type: All Files (*.*))

UPDATE: I believe i've fixed the output errors on the blog. So you can either copy and paste or download from pastebin.

http://pastebin.com/3SaKmqkG


Remember to 'Download' it, not copy, as even PasteBin formats it incorrectly. However it is ok when you click download from pastebin.


(Thanks Nebulis01 for the PasteBin :) )
IE8SearchProviders.ADM

 ; Based on 'Group Policy Search Providers ADM File', provided by schema_mangler  
 ; Posted to microsoft.public.internetexplorer.general on 17 Nov 2006, 22:52  
 ; Search Google Groups for the original, and see http://support.microsoft.com/kb/918238  
 ; CRGS version changes:; Tidied up unnecessary [strings]  
 ; Changed Bing, Google, Yahoo, Ask to latest versions, added Search Suggestions  
 ; Added Amazon UK, eBay, Wikipedia via Microsoft site  
 ; Also set the Google GUID to the lowest value, so that it is default  
   
 CLASS USER  
 CATEGORY !!WindowsComponents  
 CATEGORY !!InternetExplorer  
   
 POLICY "Select search providers to be included in policy-based search list"  
     #if version >= 4  
     SUPPORTED !!SUPPORTED_IE7  
     #endif  
     EXPLAIN !!Search_Explain  
     KEYNAME "Software\Policies\Microsoft\Internet Explorer\SearchScopes"  
     PART "Ask Kids"   
     CHECKBOX VALUENAME LiveChoice     
     ACTIONLISTON     
     KEYNAME "Software\Policies\Microsoft\Internet Explorer\SearchScopes\{BF9CED03-41B4-44E9-8850-87E374BEDA17}"     
     VALUENAME DisplayName    VALUE "Ask Kids"     
     VALUENAME URL    VALUE "http://www.askkids.com/web?q={searchTerms}&search=search&qsrc=0&o=0&l=dir"   
     VALUENAME FaviconURL VALUE "http://www.askkids.com/favicon.ico"     
     END ACTIONLISTON  
     END PART  
       
     PART "Bing"   
     CHECKBOX VALUENAME BingChoice     
     ACTIONLISTON     
     KEYNAME "Software\Policies\Microsoft\Internet Explorer\SearchScopes\{A6CF48A4-CC6B-46CA-B51A-AA3B0DC46532}"     
     VALUENAME DisplayName VALUE "Bing"     
     VALUENAME URL VALUE "http://www.bing.com/search?q={searchTerms}&form=IE8SRC&src=IE-SearchBox"  
     VALUENAME ShowSearchSuggestions VALUE NUMERIC 1  
     VALUENAME SuggestionsURL VALUE "http://api.bing.com/qsml.aspx?query={searchTerms}&market={Language}&form=IE8SSC&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}§ionHeight={ie:sectionHeight}"  
     VALUENAME Codepage VALUE NUMERIC 65001  
     VALUENAME FaviconURL VALUE "http://www.bing.com/favicon.ico"     
     END ACTIONLISTON  
     END    PART  
       
     PART "Google"   
     CHECKBOX VALUENAME GoogleChoice     
     ACTIONLISTON     
     KEYNAME "Software\Policies\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}"     
     VALUENAME DisplayName     VALUE "Google"     
     VALUENAME URL      VALUE "http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}"  
     VALUENAME ShowSearchSuggestions VALUE NUMERIC 1  
     VALUENAME SuggestionsURL  VALUE "http://clients5.google.com/complete/search?q={searchTerms}&client=ie8&mw={ie:maxWidth}&sh={ie:sectionHeight}&rh={ie:rowHeight}&inputencoding={inputEncoding}&outputencoding={outputEncoding}"  
     VALUENAME FaviconURL  VALUE "http://www.google.com/favicon.ico"     
     END ACTIONLISTON  
     END    PART  
       
     END POLICY  
     END CATEGORY  
     END CATEGORY  
       
 [strings]  
 SUPPORTED_IE7="At least Internet Explorer 7.0"  
 WindowsComponents="Windows Components"  
 InternetExplorer="Internet Explorer"  
 Search_Explain="Adds registry entries to HKCU\Software\Policies\Microsoft\Internet Explorer\SearchScopes for specific search providers. Check or clear the checkbox next to each search provider.\n\n If you enable this policy setting and if the "Restrict search providers to a specific list of providers" Group Policy setting is enabled, the checked entries will be the only ones that appear in the Internet Explorer drop-down list. If the "Add a specific list of search providers to the user's search provider list" Group Policy setting is enabled, the checked entries will be added to the user's list of search providers.\n\n If you disable this policy setting or do not configure it, search will be governed by the other relevant policies in this category. See the other policies mentioned here for additional information."  
If you wish to add your own search providers, its very easy, just follow the layout of the others in the file, the only speed hump you may hit is finding the ID of the search provider, if worse comes to worse, simply add it to your own local IE browser, then pull it out of your local registry.

Now that you have the ADM file, we can load it into your Group Policy editor, and enable it!

Start by adding the newly created template into your Group Policy Object.

Above: Right clicking on 'Administrative Templates' under User Configuration.


Click Add and select your ADM file.

Once you click close, Group Policy Management Console should refresh, as you have added a new item
Note: If you get an error about

Error 62 The corresponding string was not found in the [strings] section
Found: !!windowscomponents
The file can not be loaded

Ensure in the file the line that contains [strings] has NO other spaces around it, the line must only contain "[strings]" otherwise it will fail. I have noticed some of the scripts on the internet have an extra space, which seems to have been added during the upload process.

Above: GPMC with the new Classic Administrative Templates section.

Now you may note there is a section called "Classic Administrative Templates (ADM). This is where our new policy setting has been installed into.

Above: The options in the new policy object.

Now all that's left to do is enable the search providers that you would like them to access, and apply the GPO to an Organizational Unit of your choice!

Just remember this is a USER policy, so applying it to a Computer OU isn't going to do much :)

I'm yet to test this method with IE9, but as its though the correct channels there should be no reason why it wouldn't work.
Edit: I have tested with and it works fine in Internet Explorer 9.

36 comments:

Nem said...

You are a life saver! I had spent weeks trawling the internet and on Microsoft partner forums trying to find a solution for this. Many thanks for the easy to understand guide and a ready made ADM file, very much suited to a school!

Warren

Shawn said...

Glad I was able to help somebody :)

Nebulis01 said...

I can't get this ADM to display properly in my GP Management console. other ADM display fine, any ideas?

tom12010 said...

I have the same problem as Nebulis01, this adm does not display in Win2k8 R2 SP1 GPMC, why??

Shawn said...

You need to make sure all the spaces and returns are right in the ADM, I believe blogger is stuffing with the formatting. I might try upload it as a file.

I have been using the template on Server 2008R2 SP1, so I know its compatible.

I noticed the formatting displays differently on different browsers in the code sections which is annoying.

Nebulis01 said...

http://pastebin.com/3SaKmqkG

See if that works, it does for me now. Thanks guys and gals!

W3sty said...

Thank you so much for this. By the way definately just DOWNLOAD the file from

http://pastebin.com/3SaKmqkG

DON'T copy and paste it.

ALSO - make sure you enable the GPO setting :- Windows Components>Internet Explorer>Turn Off the Security Settings Check Feature

Particularly if using mandatory profiles. If you don't IE9 will nag you about an unknown program wanting to change the search provider!! Took me a while to work that out. Hope it helps someone

Shawn said...

You're welcome :)

Thanks for the Pastebin link.

And yes, you must enable it for it to.. be enabled :) heh.

Derek said...

Does this ADM work for WIndows 2003 Server? I can't seem to find the Classic Administrative Templates.

Grandmaster Bash said...

Thanks for this. Just used in Win 2k8 R2 for IE9 - Amended to just have Google as an option. Had to save the file as ANSII though not a UTF-8 which is what notepad was defaulting too.

smokealotapotamus said...

you sir are a gentleman and a scholar.

Jon Breen said...

Excellent, well done and thank you! (you life-saver!) :)

Shawn said...

Glad it's still helping people :);

I've managed to fix the code block on the post so you can copy and paste straight out of the post again... until blogger changes something again and it breaks :P

Gary Lloyd said...

This was a great help.
Thanks very much!

Augustine said...

This looks very promising. Unfortunately our servers are 2003.

Is it possible to implement this on Windows 2003 Server / domain controller?

If yes, I would appreciate any help on that.

Many thanks
Augustine

EvilPaladin said...

is there a admx file for IE9? I tried the KB article and it doesn't work

Steven said...

Doesn't work for me, neither on Windows 2008 R2 or Windows 7, IE 9. Downloaded the adm-file, applied the policy. The policy is there (gpresult /R) but default search provider stays Bing.

FK said...

If you're trying to get this to work on 2008R2 in IE9; I changed the following lines:

KEYNAME "Software\Microsoft\Internet Explorer\SearchScopes" (took out the \Policies)

KEYNAME "Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" (took out \Policies again and changed the ID)

Note that this completely replaces the Bing entry that's there by default with Google. Doubt anyone will care but still :)

You can keep the old ID but I had issues getting IE9 to switch to Google. So in the end just replacing Bing was easier.

Works like a charm now.

Steven said...

What's the logic to set it on policies (Software\Policies\Microsoft\Internet Explorer\SearchScopes\), when the actual key is not set on policies?

Search engines are there but still Bing is the default. It always adds Bing GUID {0633EE93-D776-472f-A0FF-E1416B8B2E3A} and sets it as default.

So there are 4 GUIDS: the ones I add and the one which is added automatically.
I deleted the key (not under policies) and ran gpupdate but no key is added now.

Bujar Lushta said...

Hi there. Did anyone try this on internet explorer 10?

Florian Perez said...

Works fine with IE 11 on Windows 8.1

conofray said...

Every time I try to load the file on my Server 2008 R2 box, I get an error 51: unexpected keyword error. I've downloaded the file directly from pastebin.

error on like 2
found: odd characters
expected: class, category, [strings]

Jonas Gregersen said...

conofray,

You need to save as ANSI and not UTF-8.

Liva IT Services said...

It's very useful information, thanks for sharing with us. Liva

Gretchen Nobles said...

Any update to this for Server 2012 and IE 11 - I would LOVE an easy way to do this! I'm a bit of a Group Policy newb!

Jeet Sohpal said...

Hiya, I have implemented this without any errors since I saved as an ANSI file as per the comments in this blog.

Unfortunately the policy is not being pushed out to users and bing is still their default search provider.

The correct GPO settings are enabled as per the comments in this blog, so I am a little stuck. Any ideas?

Jeet Sohpal said...

Hi,

All my users are on a Win7x64 platform with a Win 2008 R2 STD domain controller. I am trying to set google as the default search provider for all our users via group policy.

I have followed the steps in the article.

I have gone through the whole article and have also adhered to the comments/feedback at the bottom of the blog. Despite this, after doing a gpupdate /force on my test machine and restarting it the default search provider is still Bing. I really dont want to have to go around to each machine manually and set google as the default search provider.

Just a little further information - the policy is setup with following settings -

User Configuration > Policies > Administrative Templates > Windows Components > Internet Explorer

•Add a specific list of search providers to the users search provider list (ENABLED)

•Turn off the Security Settings Check feature (ENABLED)

and



User Configuration > Policies > Administrative Templates > Classic Administrative Templates (ADM) > Windows Components > Internet Explorer

•Select search providers to be included in policy based search list (ENABLED)


After applying the policy I run gpupdate /force on the test machine and restart it. I then run RSOP on the test machine and then drill down as follows -

User Configuration > Administrative Templates > Windows Components > Internet Explorer

Neither of the settings that I have enabled above are present.

Can anyone tell me where I might be going wrong

Compstuff said...

Based on the https://social.technet.microsoft.com/Forums/windowsserver/en-US/a50e93ec-0d63-4ed0-865e-79b62605ff46/kb2988414-and-default-search-provider-via-installins?forum=ieitprocurrentver update issue will GP actually manage this from either a server or from a local GP on WIN7x64 ENT?

Donald Fool said...
This comment has been removed by a blog administrator.
Compstuff said...

OK so here is an answer from MS https://social.technet.microsoft.com/Forums/ie/en-US/23a169f9-9b7f-4b55-80b5-b3e09c50f196/lost-default-search-engine-control-due-to-kb2988414?forum=ieitprocurrentver I haven't had a chance to re-check the IEAK with a new sysprep since I'm pretty busy but I will try soon

pete j said...

i created and installed downloaded adm file as described (it puts it in classic adm files) enabling only google and enabled restrict search and this seems to have done the trick for me.

George Howarth said...

Worked like a charm - Downloaded the file, then did a "save as" saved it as .adm and changed encoding to "ANSI".

Imported the ADM as standard into GPMC
set the GPO settings as described

It is confirmed working on Server 2008R2 SP1 RDS / Citrix Xenapp 6.5 with IE11

No issues what so ever, Thanks

Sam said...

Hi,
having a bit of trouble, running server 2012 R2as DC, managed to download and add the adm successfully, but it has no effect on the end user, I've tried running a gpresult and it shows the correct policy as winning but the search engine remains Bing. any ideas?

Kind Regards
Sam

Gaurav Surati said...

Worked for me like a charm. Nothing else was required apart from above instructions and couple of other policy settings. Works fine on TS and local computers.

Paul Cussen said...

Is there any way this template can be stored in the PolicyDefinitions folder so that it's pulled on any remote GPMC session?

Lucone said...

THANK YOU SO MUCH.
Your post is the unique on the web that describes well the problem and resolves it like a charm.
Many thanks again
Cheers
Lucone