Edge options force Edge into managed mode

Discussion in 'SpywareBlaster & Other Forum' started by VanguardLH, Mar 16, 2021.

  1. VanguardLH

    VanguardLH Registered Member

    Joined:
    Sep 10, 2007
    Posts:
    97
    SpywareBlaster 6.0
    Windows 10 Home x64

    Your options Cookie Protection and Script Protection for Edge will switch Edge into managed mode. Users cannot configure some settings in managed mode, like edge://settings/privacy for "Use secure DNS to specify how to lookup the network address for sites" (a ridiculous description for DNS over HTTPS). When users see Edge is in managed mode, they usually have no clue how it got that way. You need to be overt in describing those options, and that they set policies on Edge which will switch it into managed mode.

    When Cookie Protection for Edge is disabled, you delete all the data items under:

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\CookiesBlockedForUrls

    but you leave the key itself defined which forces managed mode. There may be zero data items under the key, but that the key exists forces managed mode in Edge. When Cookie Protection is disabled, delete the Edge\CookiesBlockedForUrls registry key. Don't bother removing data items under it. Just delete the key, and all those data items also disappear.

    When Script Protection for Edge is disabled, you delete all the data items under:

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\JavaScriptBlockedForUrls

    but you leave the key itself defined which forces managed mode. Zero data items under the key does NOT undefine the policy. The key by itself forces managed mode in Edge. When Script Protection is disabled, delete the Edge\JavaScriptBlockedForURLs registry key. Don't bother removing its data items. Just delete the key, and all those data items also disappear.

    You MUST remove the registry key to disable the policy! Do not leave the registry key, and only remove the data items for the key. Also, do not have options that define policies on Edge without telling users those options will set policies that force Edge into managed mode. Warn your users regarding the consequences of using your Cookie Protection and Script Protection options in SpywareBlaster.

    To find out why my Edge was managed (which blocked me from changing some settings), I went to edge://policy. There I noticed CookiesBlockedForURLs and JavaScriptBlockedForURLs were listed. I had to research these, and discover what are the policies for Edge. I had to guess SpywareBlaster was at fault, and do some testing to verify. Took me several hours to figure out why SpywareBlaster was NOT disabling those protections when the options were disabled. Your typical users won't dig that deep, or understand where to investigate. They only know Edge is in managed mode, THEY are the management, and don't know what caused Edge to go into managed mode.

    Just the presence of those keys will enforce those policies, even with no data items under them, and users won't know why disabling the options in SpywareBlaster does not get rid of those policies that force Edge into managed mode. Even if they suspect SpywareBlaster was at fault, they will disable those options, but Edge remains in managed mode, so they figure it wasn't SpywareBlaster's fault -- but it IS!

    Don't expect your users to have your expertise regarding the registry entries, and policies for Edge.
     
  2. Kindra

    Kindra Registered Member

    Joined:
    Mar 21, 2021
    Posts:
    3
    Location:
    Germany
    It's such a shame that we apparently can't have both - these policies and a non-managed browser.
     
  3. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    4,098
    Browsers continue to evolve how they handle when policies are configured, and I suspect that will continue.

    It makes very little sense for a browser to enforce empty policies, but this is something we can implement a workaround for in a future release (albeit with appropriate handling for if the user or other programs have configured policies or added values - simply deleting the keys would obliterate other settings / customizations, which obviously is not desired).

    In regards to configuring DNS over HTTPs specifically:
    There is a "managed mode" policy that may provide the functionality you seek.

    Please see:
    https://chromeenterprise.google/policies/#DnsOverHttpsMode
     
  4. Kindra

    Kindra Registered Member

    Joined:
    Mar 21, 2021
    Posts:
    3
    Location:
    Germany
    In other chromium-based Browsers such as Brave or Edge, there is no such flag (anymore). It's a mess, really.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.