• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 836
  • Last Modified:

GPO for Open File Security - Warning

Afternoon,

A lot of my users are complaining of this dialogue box popping up whenever they are opening shortcuts to files on our server from their re-directed desktop.

I've read a few things on the net about changing settings in the GPO but I'd like someone to clarify for me exactly what settings I should change.

Many thanks in advanced,
Antonio
0
cbsbutler
Asked:
cbsbutler
1 Solution
 
Henrik JohanssonSystems engineerCommented:
Add file://servername used for folder redirection into local intranet IE site on clients. This can be done with site to zone mapping in GPO, but that will take out the users' ability to setup their own configuration of any zone.
\User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Site To Zone Assignment list

To get around that, you can create an administrative template that imports the registry value directly (preference policy).
See sample below for ADM that can be imported into GPO.

You can also achieve this by letting logon script import the registry setting with
  reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\servername.domain.com" /v file /t REG_DWORD /d 1 /f
CLASS USER
CATEGORY RootCategory
  CATEGORY SubCategory
    POLICY "Add file server to local intranet"
      KEYNAME "SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\servername.domain.com"
      VALUENAME file VALUE NUMERIC 1
    END POLICY
  END CATEGORY
END CATEGORY

Open in new window

0
 
cbsbutlerAuthor Commented:
I used the first section of your answer (my users aren't savvy enough to setup their own sit to zone.)

Thanks very much! Works a treat.
0
 
JohnValueCommented:
Here's a slight variation...

I had a similar need, for users who got that warning when running an executable from a mapped drive on a DFS (distributed file server) share.

So, I used the reg add solution of henjoh09 above, but I did for the whole computer (HKLM) instead of just the current user (HKCU), and I did my whole internal domain (domain.com), as follows:

reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\domain.com" /v file /t REG_DWORD /d 1 /f
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now