Why is SiteToZoneAssignment GPO applying, but sites not appearing in IE

Argomenti vari di carattere sistemistico
Post Reply
Posts: 339
Joined: 04 Mar 2009, 13:59

Why is SiteToZoneAssignment GPO applying, but sites not appearing in IE

Post by daniele »

ORIGINAL ARTICLE: https://serverfault.com/questions/78846 ... ring-in-ie

Fastidioso comportamento di Internet Explorer (la cui componente IMPOSTAZIONI INTERNET è ancora fondamentale per impostare le zone di sicurezza in Windows, ancora nel 2023..!!!!!), relativo alla funzione ESC (Enhanced Security Configuration) che impedisce l'applicazione di apposite group policy per impostare quali sito siano entro la zona Intranet.

I created a new user account, and when logged on for the first time, it too experienced the same issue with sites not showing in IE, even though the GPO was applied.

I found in

Code: Select all

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
, there is a key called IEHarden (remembered the name back from my 2003 days with a similar ESC kind of issue). It looks like even though the server has ESC turned off, this key is set to 1. When either deleting, or setting this to 0, the sites immediately appear in internet control panel, and works as expected.

So while I know what is causing the problem, and have enough to fudge a workaround by deleting that key for each user on login, I still don't understand why that key is set to 1, or even exists in the first place (some users who could see the sites already, don't even have that key!). Again I can only come back to an update that has messed with IE ESC in some way.


Now have the full answer;

Two of our 8 session host created profiles with the IEHarden key, while the others did not (these two were setup by our consultants, although after asking them they are clueless).

Seems under

Code: Select all

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
the IEHarden key existed, so was being given to all new profiles created on that server.

Deleted the key from both, and all now back to normal!
Post Reply