I'm attempting to remove all restricted sites from the default domain policy. This list was previously imported and contains about 1000 websites. On a DC, navigating to <User Configuration, Windows Settings, Internet Explorer Maintenance, Security, Security Zones and Content Ratings>, I am able to remove the list of sites. However, the policy update is only applying to this DC and any client workstations authenticating to it. I'm finding this policy change is not replicating out to any other DC's.
I've verified the seczones.inf and seczrsop.inf files are being updated and replicated to other DC's sysvol folder, however the default domain policy still contains the list of restricted sites. Adding sites to the trusted/restricted list is not an issue, they replicate ok...the issue seems to be specific to removing websites from either list.
In a newly created lab, I've been able to replicate the issue. This leads me to believe it may not be an issue with our domain/replication, however a Windows setting. This is a Windows 2000 domain environment with XP clients