Preface: Any programs, ips, usernames, etc. used in this that are site specific are completely made up. This is for a work project. I tend to get a bit wordy, so I'll try to keep this as short as possible. I'll be watching the thread, should anyone require more information to help me out.
I'm trying to resolve an issue with our RDS (Remote Desktop Server). Our users connect via a specific website while connected to our VPN. They then log in with window credentials and are presented with "RemoteApps" (as named by Windows Server 2012 R2). Luckily for me, all of our remoteapps are made by a company that made the software in the 80s and has yet to join us in the 21st century.
As determined by the sarcasm provided in the last sentence, the RemoteApps are junk. One "app" (We will call Alpha) is literally a frame for IE 10. You open the app, it locks to the center of your main monitor, removes access to any buttons/bars (can't change websites, options, ect.), and works like a poorly made website (as this is what it technically is.) Another app (We will call Beta) literally opens in IE 10, and then proceeds to open in Java, which will occasionally open a new window made in html. It almost goes without saying, the "software" is extremely sensitive. Our Alpha app can only be opened without compatibility mode except when accessing certain pages (Another program, call it Charlie). Beta requires compatibility mode at all times.
The software provider has updated. They now support IE 11. Well, they do for Alpha and Charlie, just not Beta. So now every user I've set up has the wrong compatibility settings. Let's go ahead and provide our current setup:
Compatibility View websites now:
10.1.1.2 - "Beta"
10.1.1.3 - "Charlie"
Compatibility View websites - what it should be:
10.1.1.2 - "Beta"
My current work around (As pressured by C-level) has been to allow users to adjust compatibility settings themselves by following very specific instructions I provided. I refuse to allow it to stay this way for any longer (so far, less than 24 hours.) I would like to create a GPO that will remove the "Charlie" IP from compatibility view. In my test environment, I have a newly generated user. It works perfectly fine, as it grabs the new policy and assigns only the correct websites. On "old" users, they will keep all old websites that were in compatibility view. I have yet to find any settings in group policy that will clear out compatibility view enabled websites without disabling it altogether (which currently isn't feasible since the software provider still provides the aforementioned broken software. Yes, I'd change providers if I could, but the cost would be more than I'll see in my lifetime.)
I've tried using a registry edit in HKCU\Software\Microsoft\Internet Explorer\BrowserEmulation, IntranetCompatibilityMode and AllSitesCompatibilityMode. My attempt was to specifically assign all sites to not use compatibility mode while only intranet sites used it, then move the Alpha/Charlie sites from "Intranet" to "Trusted" site zone. The "Charlie" site still sticks in the compatibility view settings.