GPO for Open File Security - Warning

Posted on 2009-04-16
Last Modified: 2014-01-29

A lot of my users are complaining of this dialogue box popping up whenever they are opening shortcuts to files on our server from their re-directed desktop.

I've read a few things on the net about changing settings in the GPO but I'd like someone to clarify for me exactly what settings I should change.

Many thanks in advanced,
Question by:cbsbutler
    LVL 31

    Accepted Solution

    Add file://servername used for folder redirection into local intranet IE site on clients. This can be done with site to zone mapping in GPO, but that will take out the users' ability to setup their own configuration of any zone.
    \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Site To Zone Assignment list

    To get around that, you can create an administrative template that imports the registry value directly (preference policy).
    See sample below for ADM that can be imported into GPO.

    You can also achieve this by letting logon script import the registry setting with
      reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\" /v file /t REG_DWORD /d 1 /f
    CATEGORY RootCategory
      CATEGORY SubCategory
        POLICY "Add file server to local intranet"
          KEYNAME "SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\"
        END POLICY

    Open in new window


    Author Closing Comment

    I used the first section of your answer (my users aren't savvy enough to setup their own sit to zone.)

    Thanks very much! Works a treat.

    Expert Comment

    Here's a slight variation...

    I had a similar need, for users who got that warning when running an executable from a mapped drive on a DFS (distributed file server) share.

    So, I used the reg add solution of henjoh09 above, but I did for the whole computer (HKLM) instead of just the current user (HKCU), and I did my whole internal domain (, as follows:

    reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\" /v file /t REG_DWORD /d 1 /f

    Featured Post

    How to improve team productivity

    Quip adds documents, spreadsheets, and tasklists to your Slack experience
    - Elevate ideas to Quip docs
    - Share Quip docs in Slack
    - Get notified of changes to your docs
    - Available on iOS/Android/Desktop/Web
    - Online/Offline

    Join & Write a Comment

    Suggested Solutions

    There are two modes of restricted groups GPOs. Replacing mode:   Additive mode:   How do they work? Replacing mode: Everything (users, groups, computers) that is member of the local administrators group will be cleared out. After th…
    I know all systems administrator at some time or another has had to create a script to copy file from a server share to a desktop. Well now there is an easy way to do this in Group Policy. Using Group policy preferences is not hard. The first thing …
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now