Navigation:  Traditional SoftExpert Suite installation > Additional procedures > Workstations configuration >

Configuration for using Internet Explorer

 Previous  Top  Next

This section displays the configurations that must be performed in the workstations that will use one or more SE Suite components. It is possible to perform these configurations automatically through GPO configurations.

 

Safe Sites

 

Automatic Mode (GPO)

 

1.Open Group Policy Management and access "User Configuration arrowrgray Administrative Templates arrowrgray Windows Components arrowrgray Internet Explorer arrowrgray Internet Control Panel arrowrgray Security Page".

 

2.On "Site to Zone Assignment List", switch to "Enable".

 

3.Click on "Show" and on "Add".

 

4.Type the URL to access SE Suite in the first line. For example, https://sesuite.softexpert.com.

616000-01

 

5.Type 2 in the second line and click on "OK" to finish.

 

6.Open "Group Policy Management" and access "User Configuration arrowrgray Administrative Templates arrowrgray Windows Components arrowrgray Internet Explorer arrowrgray Internet Control Panel arrowrgray Security Page".

 

7.On "Site to Zone Template", switch to "Enable".

 

8.On "Options", switch "Trusted Sites" to "Low".

616000-02

 

9.Click on "OK" to finish.

 

Manual mode

 

1.Open Internet Explorer and access the SE Suite login screen.

 

2.Access "Tools arrowrgray Internet Options".

 

3.On the "Security" tab, select "Trusted sites".

 

4.On "Security level for this zone", switch to "Medium-low".

 

5.Click on "Sites";

 

6.On "Add this website to the zone", click on "Add".

 

7.Click on "Close" and on "OK" to finish.

616000-03

 

Compatibility Mode

From version 2.0 onwards, the compatibility mode must be disabled for the system access URL. If you used SE Suite in a previous version, follow the steps below to disable it:

 

Automatic Mode (GPO)

 

1.Open "Group Policy Management" and access "User Configuration arrowrgray Administrative Templates arrowrgray Windows Components arrowrgray Internet Explorer arrowrgray Compatibility View".

 

2.Double-click on "Use Policy List of Internet Explorer 7 sites" and click on "Show".

 

3.Check if the system access URL is on the list. If so, remove the line.

616000-04

 

4.Click on "OK" to finish.

 

If this item is not enabled, skip this step.

 

Manual mode

 

1.Open Internet Explorer and access "Tools arrowrgray Compatibility View settings".

 

2.On "Websites you're added to Compatibility View", locate the system access URL and click on "Remove".

 

3.Click on "Close" to finish.

616000-05

 

Java Security

Java performs a connection with the certification body to confirm the validity of the HTTPS certificate. When the workstation does not have access to the internet, the execution of java programs may be slow. To fix that, follow the guidelines below:

 

1.Clear in the proxy the access of the workstations to the following URLs:

https://secure.comodo.com/CPS

http://crl.comodoca.com/COMODORSADomainValidationSecureServerCA.crl

http://crt.comodoca.com/COMODORSADomainValidationSecureServerCA.crt

http://ocsp.comodoca.com

 

2.If it is not possible to clear the proxy, configure Java not to try to verify the certificate. See below how to perform this operation.

 

Automatic Mode (GPO)

 

1.Create a ".bat" file with the following commands:

616000-06

 

@ECHO OFF

 

FOR /F "delims==" %%i in ('SET USERPROFILE') do SET soft00=%%i%%

SET soft01=%%

echo deployment.security.level=MEDIUM >> %USERPROFILE%\AppData\LocalLow\Sun\Java\Deployment\deployment.properties

echo deployment.user.security.exception.sites=%soft01%%soft00%\\AppData\\LocalLow\\Sun\\Java\\Deployment\exception.sites >> %USERPROFILE%\AppData\LocalLow\Sun\Java\Deployment\deployment.properties

echo deployment.security.sandbox.awtwarningwindow=FALSE >> %USERPROFILE%\AppData\LocalLow\Sun\Java\Deployment\deployment.properties

echo deployment.security.revocation.check=NO_CHECK >> %USERPROFILE%\AppData\LocalLow\Sun\Java\Deployment\deployment.properties

echo deployment.security.mixcode=DISABLE >> %USERPROFILE%\AppData\LocalLow\Sun\Java\Deployment\deployment.properties

echo deployment.security.tls.revocation.check=NO_CHECK >> %USERPROFILE%\AppData\LocalLow\Sun\Java\Deployment\deployment.properties

echo https://sesuite.softexpert.com > %USERPROFILE%\AppData\LocalLow\Sun\Java\Deployment\exception.sites

 

Note: Replace sesuite.softexpert.com with the URL to access SE Suite.

 

2.Open "Group Policy Management" and access "User Configuration arrowrgray Windows Settings arrowrgray Scripts (Login/Logoff)".

 

3.Double-click on "Logon" and click on "Add".

 

4.Click on browse and then select the previously created .bat file:

616000-07

 

5.Click on "OK" to finish.

 

Manual mode

 

1.Go to "Star Menu arrowrgray Run".

 

2.Type in "javaws -viewer" and click on "OK".

 

3.On the "Security" tab, switch to "High".

616000-08

 

4.Click on "Edit Site List" and add the URL to access SE Suite:

616000-09

 

5.Click on "OK".

 

6.Access the "Advanced" tab and check the options:

Mixed code (sandbox vs. Trusted) security verification arrowrgray Disable verification

Perform signed code certificate revogation checks on arrowrgray Do not check

Perform TLS certificate revogation checks on arrowrgray Do not check

616000-10

 

7.Click on "OK" to finish.

 

Security Recommendations

To avoid the proxy and antivirus blocking parts of the system or slowing down access, we request the system access URL to be configured as an exception in the proxy (bypass) and the ".jar" files to be configured as exceptions in the antivirus.

Automatic cleaning routines of the user "temp" may also cause the first access to be slow.