I assumed that our existing GPO created for IE9 would continue to work, but quickly found out this was not the case. Proxy settings and security zone settings were some of the things that were now not working in IE11.
The first thing I did was download the IE11 Administration Templates (ADM file) from Microsoft. http://www.microsoft.com/en-gb/download/details.aspx?id=40905
I then created a new GPO specifically for Internet Explorer 11 settings. I added the ADM file by expanding User Configuration > right clicking on Administrative Templates > selecting 'Add/Remove Templates' > and selecting the ADM file to import it into the GPO.
To configure Internet settings such as home page and security zone settings, in the GPO I expanded User Configuration > Control Panel Settings > Internet Settings.
I right clicked in the main pane > New > and selected the version of IE I wished to manage. IE11 was not listed, but chose IE10 which works.
So, as tried above, I was unable to set the proxy server using the 'Internet Settings' GPO options. I also tried without success using the 'Internet Explorer Maintenance' settings, which is what I had always used in IE9 and previous versions.
I therefore had to set the proxy settings using the registry and Group Policy Preferences (GPP).
In the GPO, I expanded User Configuration > Preferences > Registry. I then created three new registry items for the following:
HKCU\Software\Microsoft\Windows\CurrentVersion\InternetSettings\ProxyEnable To enable, set the REG_DWORD to 00000001
HKCU\Software\Microsoft\Windows\CurrentVersion\InternetSettings\ProxyServer Set the REG_SZ to your proxy server’s IP or hostname:8080 (i.e proxy:8080 or 192.168.1.10:8080)
Set the REG_SZ to list all the sites which should bypass the proxy, separated by a semi-colon ‘;’. If you need to enable the option ‘Do not use proxy server for local (Intranet) addresses’ then you will need to add ‘;<local> at the end of the ProxyOverride key. There is no separate key for this setting.
As I earlier found out, although I could set security zone levels, the options for specifying sites was greyed out. To populate the sites for the different zones, I had to go somewhere else within the GPO. User Configuration > Policies > Administration Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page.
In here, I enabled 'Site to Zone Assignment list' and in the Value Name, entered the website address, and for Value, I entered the corresponding number for the zone I wanted to add the site into.
Internet Explorer has 4 security zones, numbered 1-4, and these are used by this policy setting to associate sites to zones. They are: (1) Intranet zone, (2) Trusted Sites zone, (3) Internet zone, and (4) Restricted Sites zone.