Site to zone assignment will not apply in Terminal Server

Hello All,

This is a very challenging one, so for all you it goeroes out there, here goes nothing.... ;)

I have a Citrix Terminal Server farm. They are located within their own OU and a policy is applied on this OU only. Off course the "local loopback processing" option is enabled. Now i have to add a site to the trusted sites, because ther's a Java applet that needs to be loaded. Users, while logged into the TS session, are not able to add their own sites to trusted sites, due to policies applied on the OU. So, policy freakisch as i am, i went to the user configuration --> Administrative Templates --> Windows Components --> Internet Explorer --> Internet Control Panel --> Security Page and added the site to the option "Site to Zone Assignment list" with a value of 2 (Trusted site value).

After doing a gpupdate /force on the TS and logging with a user, nothing happended, so unfortenately, it looks like the policy isn't applied. Does anybody have any idea why this doesn't work?? Or does anybody know why this happens (or does not happen??)
LVL 23
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Try setting it also for the computer configuration part. If you configure the Site to Zone Assignment List policy setting for both Computer Configuration and User Configuration, both of these lists are used. If you set this policy setting for either computers or users, lists that are stored as preferences are ignored.

If this doesn't help, log on to the server and run RSoP (start->run->rsop.msc) to see whether the policy is applied correctly.

Enable debug logging, reboot and look in the event logs for relevant errors:

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
rhandelsAuthor Commented:
Hi CoccoBill,

Thanx for your reply, but unfortenately i allready tried all the above things.. Running RSOP shows that it should be applied but it just isn't.. My idea is (didn't want to encourage anyone. ;:) that this is some sort of bug in the Microsoft GPO's.. I've tried all the obvious stuff to no avail.. Even got an MVP to have a look at the problem, but nobody seems to know what is going wrong here... I hoped that somebody encountered the same problem and had some sort of fix or workaround for the problem.. EVen creating a new OU and just setting these options does't work..

So if anybody ever encountered this problem, please please let me know....
rhandelsAuthor Commented:
Stupid stupid me..

I figured it out, problem was that we didn't have SP1 on our TS servers. So after installing it, zone assignemnt worked.. Only pronblem is, you don't want SP1 in your Metaframe XP Citrix server, so we ended up importing a reg key into the logon script... This did the trick ...

And CocoBIll, thanx for the help.. I'll give you the points..
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.