• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2789
  • Last Modified:

Trusted site Group Policy Issue

Hello,
I'm having an issue with Group Policy and adding trusted sites to internet explorer. For over a year, I've used the "Internet Explorer Maintenance" and "Security Zones" method and I've had good luck. I'm always prompted to import the settings of my browser and it always seems to work once I modify the settings like I want. Users could modify trusted sites as well if they like.

Today that all stopped working. I used the Group policy tool from RSAT on my Windows 7 machine (a new build as my older Windows 7 workstation was retired). Everything seemed normal until I tried to add the new site to trusted sites. Whether an http or https prefix was added (it's actually an http site) it refused to let me add it with "There was an unexpected error with your zone settings.  Unable to add this site."

Feeling stupid about this now, I opened the GPO admin tool on Windows 2008R2 server directly and tried to edit the policy. I clicked on the "import" popup, looked around and then cancelled. Not sure if this cause part of my problem or not.

So I tried again with another Windows 7 machine, thinking whatever it imported was fine, because I could just add the 10 or so sites I needed back. Well, it added the new site fine, but the other sites (that were in the policy before) cannot be re-added. I'm told something like "This site is already in the trusted sites".  So now it's busted. I can't add all the sites I need back to it, and what I have is basically empty.

I backed it up and then deleted the policy. I recreated a new policy with a different name and tried again from my workstation (WIndows 7 SP1, IE9). I'm no longer prompted to import settings. I have to click on the "import" radio  button before I can modify the policy. When I look at the policy, all my old sites are there (minus the new one I was trying to add). I still can't add the new site to the list and when I exit, the policy still shows unconfigured. No sites listed. Huh?

I've made it work using another method (Site to Zone Mapping), but users now can't modify trusted sites. Not sure if that will be a problem or not, but I'm concerned about the oddness of the other policies. Where is the new policy getting it's data from? My local machine doesn't have any trusted sites in the list (in IE) and the original policy has been deleted? Can I somehow clean this up?

Thanks, I know that was long winded.
-Tim
0
timmr72
Asked:
timmr72
  • 2
1 Solution
 
timmr72Author Commented:
Okay. Nevermind. Turns out my registry still had the "Trusted Site" list from the original group policy. Internet explorer was not displaying these sites, but there were there. When I tried to add an "old" site back into the policy, it must have been reading my local registry and telling me the site already existed in the "Trusted Sites". Once I cleared the registry of these entries, all worked fine again.

I'm not a fan of the "import your browser settings before you can edit/modify" policy though. Too bad it's the only way to do this and still allow users to edit trusted sites on their own.
0
 
timmr72Author Commented:
Was able to figure this out on my own. Thanks.
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now