In the last few weeks, I found that a lot of users were complaining about IE11 on Windows 10, and the prompt “This page wants to run the following add-on” with the add-on name, and the allow button:
However, clicking the ‘Allow’ button, or using the drop down arrow to choose ‘Allow for all sites’ did nothing, and the prompt would show again and again.
I ended up working out this was due to the Add-On List GPO to list IE add-ons that was being used to manage the add-ons I wanted disabled or enabled https://docs.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy
The policy explicitly states “The ‘Deny all add-ons unless specifically allowed in the Add-on List’ policy setting will still determine whether add-ons not in this list are assumed to be denied.”
However, since a recent update (either Windows 10 1803, or a recent security patch – unsure which!), anything not listed in the Add-On List was being blocked.
Adding an update to the list and allowing it with the ‘1’ value fixes the issue for that particular add-in, but it shouldn’t be working this way.
I even tried disabling the Group Policy setting ‘Deny all add-ons unless specifically allowed in the Add-on List’ but that made no difference. That policy also states: ‘If you disable or do not configure this policy setting, users may use Add-on Manager to allow or deny any add-ons that are not included in the ‘Add-on List’ policy setting.’
Something wacky’s going on – if I find out more I’ll update this post, but if you do use the ‘Add-On List’ GPO for Internet Explorer, be aware of this potential issue. You may need to list all your add-ins into the policy to avoid this.
I’ve also updated all my ADMX files for Win10 1803.
Update:
I believe I fixed this by auditing all the IE addins and making sure they were allowed. Somtimes an addin has a prerequisite of another adding being enabled, so you can’t always trust the message you see.