Active Directory/Documentation/Phishing Filter

From WolfTech
Jump to navigation Jump to search

(need to turn this into an article)

Josh Gira: Good morning Dan... we would like to turn to off the phishing filter in IE. It is currently being forced in the domain policy. Would it be possible to turn back on in the domain policy and enforce it per college OU?

ECE Dir IT: I'm surprised its enforced. I'll have a look and get back to you

ECE Dir IT: hrm... its a part of the DDP... though that's not enforced. You sure you can't already override at your level?

Josh Gira: As it stands, none of our users have the ability to turn off the filter. We complained once before... patrick turned it off... but then later turned it back on. Although users can add the exceptions list... they cannot turn it off... and page load times are rediculous.

Josh Gira: and the worst part... is no indication that the filter is the problem... at least from a basic user's standpoint

ECE Dir IT: ok, one sec, reading the policy

ECE Dir IT: Jsut to make sure we're talking about the same policy... "Turn off Managing Phishing filter" yes?

"This policy setting allows the user to enable a phishing filter that will warn if the Web site being visited is known for fraudulent attempts to gather personal information through "phishing." 

If you enable this policy setting, the user will not be prompted to enable the phishing filter. You must specify which mode the phishing filter uses: manual, automatic, or off. 

If you select manual mode, the phishing filter performs only local analysis and users are prompted to permit any data to be sent to Microsoft. 

If the feature is fully enabled, all website addresses not contained on the filter's whitelist will be sent automatically to Microsoft without prompting the user. 

If you disable or do not configure this policy setting, the user will be prompted to decide the mode of operation for the phishing filter."

ECE Dir IT: so I'm still not seeing that its forced... why not simply change the policy in your CNR-OU GPO?

ECE Dir IT: think the reason its on by default is that it eliminates a load of prompts to the enduser.

ECE Dir IT: the reason we don't enforce is to allow each of the colleges to make this kind of decision themselves.

ECE Dir IT: you're more than welcome to change the way the filter reacts.

ECE Dir IT: your setting will overrule the domain one.

ECE Dir IT: for your computers

Josh Gira: fair enough. i'll give it a whirl and make sure it removes the settings currently in place.

ECE Dir IT: well, it won't go back to "not set" -- you'll just have to choose a different setting.

ECE Dir IT: even if I were to change the DDP to "not configured' nothing would change on all of hte computers deployed.

ECE Dir IT: let me know if the alternatives are better. later, -d-

[17:46] Josh Gira: well.. initially... i attempted to disable the setting in both sides... computer and user... but that seemed to adopt whatever the main setting was to begin with... which was on... so it basically removed the user from being able to change it. i then went the other direction... enabled it on both sides... and set it to off. The user doesn't have the option to turn it back on... but its off by default. so... we're good. if i would have played a little longer... i would probably end up setting it to manual and allow the user to decide. But at least this way... the user is never prompted... and my pages open up as they should

[17:47] ECE Dir IT: sounds like a good wiki article. :-)

[17:48] Josh Gira: yeah.. the annoying part of the phishing filter... is that doesn't tell you that it's delaying the pages from opening up... and you wouldn't have a clue... were it not for a tiny little icon at the bottom of your browser... with an exclamation mark over it