Unable to access DFS Links in MS Edge and Chrome

Question

Hello.

We have an intranet site that contains both external web links and internal DFS share links. The external links work fine. When clicking on an internal link, nothing happens. No errors, warnings, or popups. If I right click on a link and try to open it in a new window, I get a blank page error " about:blank#blocked" I cannot seem to figure out what is blocking it. I have added it to the intranet and trusted sites. This happens with Chrome and Edge but with Internet Explorer, it works just fine. If I inspect the page there are some errors in Chrome:

Failed to load resource: net::ERR_NAME_NOT_RESOLVED
null:1 Failed to load resource: the server responded with a status of 404 (Not Found)
null:1 Failed to load resource: the server responded with a status of 404 (Not Found)
(index):1 Not allowed to load local resource: file://XXXX.XXX/dfsshares/GlobalFolders/Intranet/Codes%20&%20Standards/Code%20Links%20Spreadsheet/XXX%20Code%20Page%20-%20V20%20-%202021-01-03.pdf
(index):1 Not allowed to load local resource: file://XXXX.XXX/dfsshares/GlobalFolders/Intranet/Codes%20&%20Standards/Code%20Links%20Spreadsheet/XXX%20Code%20Page%20-%20V20%20-%202021-01-03.pdf
(index):1 Not allowed to load local resource: file://XXXX.XXX/dfsshares/GlobalFolders/Intranet/Codes%20&%20Standards/Code%20Links%20Spreadsheet/XXX%20Code%20Page%20-%20V20%20-%202021-01-03.pdf

So what I don't understand is, why IE can access the links just fine, but Chrome and Edge can't seem to. Are there specific permissions that need to be applied to the DFS folder for Edge? Thank you

Answer 1

After an insane amount of trial and error, I was able to get it to work. Here is what I have done. I hope it saves someone some time.

My sitelist.xml

<site-list version="4">
<created-by>
<tool>EMIESiteListManager</tool>
<version>12.0.0.0</version>
<date-created>03/03/2021 17:03:56</date-created>
</created-by>
<site url="XXXX.XXXX.com">
<compat-mode>IE8Enterprise</compat-mode>
<open-in>MSEdge</open-in>
</site>
</site-list>

My GPO Settings.

Computer Config\Policies\Admin Templates\Microsoft Edge

Configure Internet Explorer integration - Enabled

Configure Internet Explorer integration - Internet Explorer mode

Configure the Enterprise Mode Site List - Enabled

Configure the Enterprise Mode Site List \XXXXX\SYSVOL\XXX.XXX\scripts\sitelist.xml

Open local files in Internet Explorer mode file extension allow list - Enabled

Open local files in Internet Explorer mode file extension allow list - *

Computer Config\Policies\Admin Templates\Windows Components \ Internet Explorer

Send all sites not included in the Enterprise Mode Site List to Microsoft Edge - Enabled

Answer 2

For security reasons, Edge 76+ and Chrome impose a number of restrictions on file:// URLs, including forbidding navigation to file:// URLs from non-file:// URLs.

See the article (by a senior Edge PM) that quote was taken from for a detailed explanation: https://textslashplain.com/2019/10/09/navigating-to-file-urls/

Answer 3

I'm glad you managed to navigate through that jungle. Don't you find it really satisfying once you get there?

It's clear that Edge needs some sort of mechanism like IE's Intranet zone to make this sort of common scenario easy to manage without compromising security. Perhaps we can get Eric Lawrence to comment ...

Answer 4

Generally speaking, yes, we're aware of the compat request here, and our enterprise team is looking at what it would take to improve this experience without significantly reducing security.

In terms of the "Intranet Zone" notion: I explore this a bit in https://textslashplain.com/2020/01/30/security-zones-in-edge/ but generally we (and Chromium) are reluctant to increase the use of Zones in the browser.