Modify your Internet Explorer Settings to Reduce Potential Issues Inside and Outside Outlook
When I work with customers on their deployment, I like to review their installation guide to make sure they have a section addressing the Internet Explorer settings. You can avoid potential issues by setting your Internet Explorer in the best manner for CRM from the beginning.
You can deploy these IE settings in two ways – if you are doing a manual client install, you can check these setting individually on each machine. Alternatively, you can use Group Policy to set these values at a server level. To make the changes in Group Policy, follow these steps:
1) On the Domain Controller or a computer with dsa.msc installed, open Active Directory Users and Computers.
2) Right-click on the domain name and choose Properties
3) Click the Group Policy Tab
4) Click on the Default Domain Policy and click Edit
5) Under the Group Policy Editor, expand the User Configuration, Windows Settings, Internet Explorer Maintenance and Security folders
6) You can change the Security Zones and Privacy Settings by clicking on “Import the current security zones” and clicking Modify Settings.
7) Modify the Setting below under the Local intranet zone
8) Once you’ve made the changes, exit the Group Policy Editor
9) The changes will not take effect on the client machines until the next time they log on to their machines, so you may want to instruct them to log off and log back on.
Here are the individual settings we recommend you check and, if need be, change:
1) Tools > Pop-up Blocker Settings – add the CRM URL to the list of allowed sites. If you are using a host header, include the computer name URL and the IP address of the server for good measure. (This way in case you have DNS issues, you can pop open this window and grab the IP address and continue using CRM)
2) Add the CRM URL, the computer name (if different) and the IP address to the list of Local intranet sites by going to Tools > Internet Options, Security Tab, clicking on Local intranet, Advanced and clicking Sites. Enter the URLs and click Add.
3) On the Security tab in Internet Options, click on Custom Level when Local intranet is selected to make sure the following settings are enabled:
a. Under “ActiveX controls and plug-ins”
i. Click Enable on Download unsigned ActiveX controls
ii. Click Enable on Initialize and script ActiveX controls not marked as safe for scripting
iii. Click Enable on Run ActiveX controls and plug-ins
b. Under “Miscellaneous”
i. Click Enable on Access data sources across domains
ii. Click Enable on Use Pop-up Blocker
iii. If using host header and drill-through capability in SQL Reporting Services, click Enable on Navigate sub-frames across different domains
c. Under “User Authentication ”
i. Click Automatic logon only in Intranet zone
4) On the General Tab under Browsing History choose Settings and verify that the value for “Check for newer versions of stored pages” is set to “Automatically”. This will ensure that CRM contents can be cached and this will save round-trips to the server to pull down static content.
5) Desktop Client Users with IE7 only – you can make a registry modification to prevent users from being prompted multiple times for their Windows credentials when they click on CRM web pages within Outlook. To make this change, open the registry and go to the following subkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN. Right-click Outlook.exe and click Modify. Set the Value to 0. For more information, please review the related Knowledge Base article: http://support.microsoft.com/kb/934243.
I recommend you review these settings as you do your client installations to limit the risk of future issues.