Internet Explorer

“This page wants to run the following add-on…” won’t go away in Internet Explorer

In the last few weeks, I found that a lot of users were complaining about IE11 on Windows 10, and the prompt “This page wants to run the following add-on” with the add-on name, and the allow button:

This webpage wants to run the following add-on ‘Adobe Flash Player’ from Microsoft Windows Third Party Application Compon…

However, clicking the ‘Allow’ button, or using the drop down arrow to choose ‘Allow for all sites’ did nothing, and the prompt would show again and again.

I ended up working out this was due to the Add-On List GPO to list IE add-ons that was being used to manage the add-ons I wanted disabled or enabled

The policy explicitly states “The ‘Deny all add-ons unless specifically allowed in the Add-on List’ policy setting will still determine whether add-ons not in this list are assumed to be denied.”

However, since a recent update (either Windows 10 1803, or a recent security patch  – unsure which!), anything not listed in the Add-On List was being blocked. 

Adding an update to the list and allowing it with the ‘1’ value fixes the issue for that particular add-in, but it shouldn’t be working this way.

I even tried disabling the Group Policy setting ‘Deny all add-ons unless specifically allowed in the Add-on List’ but that made no difference. That policy also states: ‘If you disable or do not configure this policy setting, users may use Add-on Manager to allow or deny any add-ons that are not included in the ‘Add-on List’ policy setting.’

Something wacky’s going on – if I find out more I’ll update this post, but if you do use the ‘Add-On List’ GPO for Internet Explorer, be aware of this potential issue. You may need to list all your add-ins into the policy to avoid this.

I’ve also updated all my ADMX files for Win10 1803.


I believe I fixed this by auditing all the IE addins and making sure they were allowed. Somtimes an addin has a prerequisite of another adding being enabled, so you can’t always trust the message you see.

Disable Internet Explorer Add-ons via Group Policy


I’ve discovered an issue with the Skype for Business add-ons to Internet Explorer which causes pages with large amounts of text to freeze briefly when scrolling.

As part of a Skype for Business install, two add-ins get loaded. They use the same Class ID and DLL File, and provide options such as click to call links on phone numbers on a page:

With these addons loaded though, some sites lag and freeze that have large amounts of text; here’s a good example. Scrolling through the page for several seconds either through mousewheel or sidebar should result in a brief freeze lasting a second or two. Other browsers are fine (such as Chrome or Edge), and Internet Explorer is fine without the above add-ons.

I had a few people confirm this experience, including @CliffordKennedy (Thank you!)


This seems to be a problem that was around a while ago, and possibly only occurs in less common circumstances. If you can live without the IE addin, the solution is to disable it. However for me, I couldn’t do this as the option was greyed out – plus that solution doesn’t work at scale.

Other solutions like disabling via the registry didn’t seem to work for this add-in either, it came back. Even removing the OCHelper.DLL file didn’t stop it loading! Uninstalling Skype for Business altogether worked, but that’s a bit too drastic.

There is a Group Policy however, called ‘Add-on List’ located under Computer Configuration\Policies\Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management. Here, you can add the Class ID and set the value to 0 for disabled, 1 for enabled, and 2 for enabled but users can disable/enable. More instructions from Microsoft here.

For this one I’ve chosen to disable, but the ‘enable and let users disable’ option is quite nice – it’d be even better if there was a ‘disable but let users enable’!

This worked for me, and the add-in is now disabled, and the scrolling issue is gone. In the meantime, I have a case open with Microsoft and can hopefully have the root cause resolved too.


Update 21st September 2019

Microsoft Support have told me there is no fix planned for this issue. With that in mind, if you need to use IE I’d recommend disabling the addins:

Skype for Business add-ins for Internet Explorer 11 Disabled

Hide Edge Button from IE11 Tab

A feature that’s popped up in IE11, is the little Edge icon next to the new tab icon. Not something I’d want in the enterprise space:

Thankfully, it’s easy to disable. There’s a group policy policy called “Hide the button (next to the New Tab button) that opens Microsoft Edge” which can be found in User Configuration\Administrative Templates\Windows Components/Internet Explorer\Internet Settings\Advanced Settings\Browsing\ . 

If you can’t see this policy, make sure you have the latest ADMX files from Microsoft – Windows 10 1703. If you haven’t had much to do with adding ADMX files to your environment before – they should be centralised, and Microsoft have a great guide you can follow.

Bonus tip – If you have internal sites that use a single word (e.g. intranet) you can enable the policy “Go to an intranet site for a one-word entry in the Address bar” which will check for an internal site starting with that name before using the word in your default search engine. This one’s actually an old policy that I hadn’t noticed before!


Websites Timing Out – This Page Can’t Be Displayed


I came across this issue where a particular user was getting lots of timeouts for websites via Internet Explorer. The problem didn’t follow the user to other PCs, and I couldn’t see any firewall issues. The websites were random, but I did notice they were generally slow to load websites.

Another symptom was getting this same error when signing up for things or processing payments – all processes that can take a while to respond. Even loading pictures on emails sometimes timed out this way!

I did find a 3rd party search engine had been added to IE and removed that, but that made no difference.

After a bunch of testing and research being convinced it was a local profile issue, probably around IE timeout settings, I found this article which gave a registry setting around timeouts. I adjusted the value for KeepAliveTimeout in HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings but it made no difference.

What I did notice though, was another registry value in the same spot – ReceiveTimeout. This was set to 5000 which would equate to 5 seconds converted from milliseconds, similar to the KeepAliveTimeout setting.

Comparing it to another computer, that registry setting didn’t even exist. I tried upping the value to 60000 for a minute, and after lots more testing, the problem appeared to be fixed! I then deleted the registry key and the problem didn’t reoccur.

My assumption is that the 3rd party search engine (which seemed a bit dodgy) added certain registry settings under the user’s profile for their own purposes, and removing it didn’t clear it up.

Of course, deleting the profile would have had the same result, but then we wouldn’t understand why it broke!



Windows 8.1 Uptake Will Be Slow for Enterprise

Opinion: Windows 8.1 was officially released on the 18th October 2013. Many people had their hands on it a few weeks earlier, due to Microsoft releasing the RTM version to Technet and MSDN subscribers. People have been waiting for this release, especially with the mixed press around Windows 8. Windows 8.1 seems to address a lot (but not all) of the general complaints out there in consumer land, but for Enterprise it’s a different story.

Windows 8.1 fixes several key complaints – The start button is back to try and lessen the blow in changing how stuff works for users, the Windows App Store now supports a proxy using NTLM Authentication (yes, TMG/ISA!) and many other benefits.

The big show stopper is going to be Internet Explorer. This is one of the main reasons XP has lasted so long in the Enterprise space, when so many companies were stuck with IE6 and couldn’t jump to Vista (OK, nobody really wanted to for other reasons too) as Vista came with IE7 and couldn’t be downgraded. Windows 7 had the same issue, out of the box you get IE8. All it takes is one key Enterprise application that doesn’t support anything above IE6, and you’re stuck on XP until that issue goes away. Now maybe the application works on something newer, but if you run into any issues your huge support dollars are useless, as you’re now running it in an unsupported way.

IE6 finally started to die off and everyone’s now been jumping to Windows 7. The Windows 7 jump forced IE8 onto everyone, and most Enterprise applications touted IE8 as the new standard browser they supported. All was well for a while, and in the meantime IE9 and IE10 were released.

Software developers have been getting better at this overall, and usually IE10 will now be a supported browser. IE10 had been coming since April 2011 and was released September/October 2012 for Windows Server 2012/Windows 8 respectively, and then Windows 7 February 2013. That’s a long window for software developers to start getting on board and supporting it.

Often for support, a product upgrade is required. This can set back a company a reasonable amount, depending how complicated, costly and time consuming the upgrade is – and how other projects are affected.

Windows 8 was brand new when IE10 came out, but Enterprise generally held off due to the major UI change for users, waiting for Windows 8.1 to fix it.

Jump forward to June 2013, and IE11 is first released as a developer preview. Only 3 months from that, and it’s now bundled in with Windows 8.1 and Windows Server 2012 R2. This is an incredibly small window in comparison to IE10, so hardly any developer will support this for quite some time (many are still catching up to IE10).

So where does this leave the SOE for an Enterprise? Stuck on Windows 7. They don’t want to jump to Windows 8 because 8.1 fixes so much, but they can’t jump to 8.1 either because hardly any Enterprise applications will support the default IE11.

Why not just use another browser? Firstly, you need to use one that all the software developers support, and then you’ll run into similar issues around version support and control. Just because Google Chrome does lots of little updates doesn’t make it more stable, you don’t know which next update could potentially break a function, and again you’re stuck with no support by running a version higher than what’s officially recognised.

Why not just use a different software developer? Enterprise applications are often aimed at particular industries, and often there’s a single leader. That generally means you have to start losing functionality, spend huge dollars and time to move away from the product you’ve used, get all your staff retrained and so on. From someone up top, this just seems like a waste of money if you’ve got something that works now.

So, what’s the real solution here? Hopefully competition will play a factor where more versatile software developers can make great products and beat the slower moving ones, but that often takes a long time to occur (the speed of a glacier comes to mind). Solutions like Citrix XenApp or Microsoft App-V for deploying a sandboxed browser to run the app virtually/hosted is a decent workaround, but adds extra complexity.

I think out of necessity, existing software developers will start to adapt faster. Microsoft’s model is moving towards yearly updates for all their products, and that will keep getting shorter and quicker to keep up with the newer players to the industry. Customers will start making this sort of support as high up on the list of demands, rather than asking and accepting what they’re given.

Windows 7 will still be seen as the new XP for a while, but we shouldn’t see such a huge % of Windows 7 PCs out there when it’s life span comes to an end (2020 if you were wondering).

It is still a long way off, but compared to where we are now versus several years ago, we’re doing a lot better. Windows 8.1 will get there, but not until all the legacy apps support IE11.

Update 04/11/2013 – Interesting writeup from Michael Stum, from his website ‘Not Rocket Science’ called “Google Chrome is not usable in a corporate Windows environment” – thanks @nickstugr for the link!