Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Site to zone assignment will not apply in Terminal Server

Posted on 2006-04-06
Medium Priority
Last Modified: 2012-06-22
Hello All,

This is a very challenging one, so for all you it goeroes out there, here goes nothing.... ;)

I have a Citrix Terminal Server farm. They are located within their own OU and a policy is applied on this OU only. Off course the "local loopback processing" option is enabled. Now i have to add a site to the trusted sites, because ther's a Java applet that needs to be loaded. Users, while logged into the TS session, are not able to add their own sites to trusted sites, due to policies applied on the OU. So, policy freakisch as i am, i went to the user configuration --> Administrative Templates --> Windows Components --> Internet Explorer --> Internet Control Panel --> Security Page and added the site to the option "Site to Zone Assignment list" with a value of 2 (Trusted site value).

After doing a gpupdate /force on the TS and logging with a user, nothing happended, so unfortenately, it looks like the policy isn't applied. Does anybody have any idea why this doesn't work?? Or does anybody know why this happens (or does not happen??)
Question by:rhandels
  • 2
LVL 19

Accepted Solution

CoccoBill earned 1500 total points
ID: 16390759
Try setting it also for the computer configuration part. If you configure the Site to Zone Assignment List policy setting for both Computer Configuration and User Configuration, both of these lists are used. If you set this policy setting for either computers or users, lists that are stored as preferences are ignored.

If this doesn't help, log on to the server and run RSoP (start->run->rsop.msc) to see whether the policy is applied correctly.

Enable debug logging, reboot and look in the event logs for relevant errors:
LVL 23

Author Comment

ID: 16395028
Hi CoccoBill,

Thanx for your reply, but unfortenately i allready tried all the above things.. Running RSOP shows that it should be applied but it just isn't.. My idea is (didn't want to encourage anyone. ;:) that this is some sort of bug in the Microsoft GPO's.. I've tried all the obvious stuff to no avail.. Even got an MVP to have a look at the problem, but nobody seems to know what is going wrong here... I hoped that somebody encountered the same problem and had some sort of fix or workaround for the problem.. EVen creating a new OU and just setting these options does't work..

So if anybody ever encountered this problem, please please let me know....
LVL 23

Author Comment

ID: 16541445
Stupid stupid me..

I figured it out, problem was that we didn't have SP1 on our TS servers. So after installing it, zone assignemnt worked.. Only pronblem is, you don't want SP1 in your Metaframe XP Citrix server, so we ended up importing a reg key into the logon script... This did the trick ...

And CocoBIll, thanx for the help.. I'll give you the points..

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …
Screencast - Getting to Know the Pipeline

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question