A GPO is Linked at the Domain level that controls IE7 Trusted Sites Zone content via User Configuration settings but does not seem to be processing correctly to all domain accounts. Why?
Posted on 2008-10-30
We have a W2K3 Domain in Native mode. OS is W2K3 Srvr Ent. SP2 with R2. There is a GPO that is linked at the Domain level with ENFORCED enabled. The primary function of this GPO is to control the contents of the Trusted Sites Zone within IE7 via the User Configuration settings within the GPO. Within the GPO, some Computer Configuration settings have been configured however; the entire Computer Configuration settings section has been disabled. The trusted sites were implemented via the Site to Zone assignments list within the User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Site to Zone Assignment List and assigned a value of 2 which is supposed to add them to the Trusted Sites zone within IE7.
My problem comes from the fact that, on several server class machines within my domain the GPO appears to be applied (seen via the gpresult output) but in actuality the settings do not take place.
I have attempted logon with several different accounts that have Domain level administrative credentials and each reports via gpresult that the settings have been applied and yet when I go to check the contents of the Trusted Sites Zone, the assigned sites from the GPO are not there.
The exact same accounts have been used on other server and workstation class machines and have worked appropriately.
I am completely at a loss for how to proceed forward in the troubleshooting train.
Any help is appreciated.