Trusted site Group Policy Issue
Posted on 2011-04-21
I'm having an issue with Group Policy and adding trusted sites to internet explorer. For over a year, I've used the "Internet Explorer Maintenance" and "Security Zones" method and I've had good luck. I'm always prompted to import the settings of my browser and it always seems to work once I modify the settings like I want. Users could modify trusted sites as well if they like.
Today that all stopped working. I used the Group policy tool from RSAT on my Windows 7 machine (a new build as my older Windows 7 workstation was retired). Everything seemed normal until I tried to add the new site to trusted sites. Whether an http or https prefix was added (it's actually an http site) it refused to let me add it with "There was an unexpected error with your zone settings. Unable to add this site."
Feeling stupid about this now, I opened the GPO admin tool on Windows 2008R2 server directly and tried to edit the policy. I clicked on the "import" popup, looked around and then cancelled. Not sure if this cause part of my problem or not.
So I tried again with another Windows 7 machine, thinking whatever it imported was fine, because I could just add the 10 or so sites I needed back. Well, it added the new site fine, but the other sites (that were in the policy before) cannot be re-added. I'm told something like "This site is already in the trusted sites". So now it's busted. I can't add all the sites I need back to it, and what I have is basically empty.
I backed it up and then deleted the policy. I recreated a new policy with a different name and tried again from my workstation (WIndows 7 SP1, IE9). I'm no longer prompted to import settings. I have to click on the "import" radio button before I can modify the policy. When I look at the policy, all my old sites are there (minus the new one I was trying to add). I still can't add the new site to the list and when I exit, the policy still shows unconfigured. No sites listed. Huh?
I've made it work using another method (Site to Zone Mapping), but users now can't modify trusted sites. Not sure if that will be a problem or not, but I'm concerned about the oddness of the other policies. Where is the new policy getting it's data from? My local machine doesn't have any trusted sites in the list (in IE) and the original policy has been deleted? Can I somehow clean this up?
Thanks, I know that was long winded.