User shortcuts asking for permission to open file after folders redirected in GPO

We have a Windows Server 2012 R2 Hyper-V host, running several Server 2012 R2 VMs (e.g. DC, File Server, apps server, etc.).
We have recently migrated from SBS 2003 to Server 2012 R2.
As part of this I had removed the SBS GPO that redirected user documents to the SBS server, so that all users' 'My documents' folders were back on each users' local hard drive. Last week I added anew GPO to redirect the users' documents folders back to a new server. I didn't include the Pictures, Videos and Music folders (because they are large and mostly personal rather than business-related).
A few days later, I also redirected AppData, Desktop, Favorites and Start Menu.

Since then users are complaining about a dialogue box that appears when a shortcut is opened.

The message says:
Open File
Do you want to open this file?
It shows the name, type and location of the file.
Options are 'Open' or 'Cancel' and there is a security warning/explanation at the bottom of the dialogue box.

Clicking on 'Open' works as it should, but it adds an extra click to every shortcut.

Can someone tell me how to overcome this?

Cheers,
Greg
gregmiller4itAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Joseph MoodyBlogger and wearer of all hats.Commented:
Add your UNC path to the list of internal sites in Internet Explorer.
0
gregmiller4itAuthor Commented:
Can I use Group Policy to do this for all users?
0
CoralonCommented:
You can absolutely do that.  In your GPO, go into the Computer Configuration\Policies\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page and the SiteToZone Assignment List setting is there.
Enable the policy, and click the Show button.
In the subsequent dialog box you'll enter the sites that you want to set.  BTW.. this also overrides the ability of the user to set their own security zones.  
You'll put in the dns names plus the zone assignment by number.

Zone 0 - this is undocumented, but does exist, and it tells IE that the file is running on the local computer.
Zone 1 - this is the Local Intranet zone
Zone 2 - this is the Trusted Sites zone
Zone 3 - this is the Internet zone -- by default, IE treats all URLS that contain periods as being Internet zones, unless it is overridden
Zone 4 - this is the Untrusted Sites zone

In addition, you can include handlers and wildcards in the zone names you enter.
Example:
if you put in domain.local = 2, then everything that presents itself as domain.local will be trusted.. it could be ftp, http, https, etc.
If you put in http://*.domain.local = 2, then only the http protocol for all subdomains of domain.local will be trusted

Coralon
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
gregmiller4itAuthor Commented:
Ok. That's sorted.
At first it didn't seem to make a difference...but I eventually worked out that if I added the following UNC path as Zone 0, it worked:
\\domain.local\Public\UserDocs\%Username%\AppData\Roaming
It didn't seem to work at first, but I redirected the 'Start Menu' back to the local computer and the links in the Start Menu stopped giving the security warning. The Task Bar links still gave the warning.
I put the Start Menu redirection back in and tested it and the Start Menu still didn't give the warning, so then I checked the Task Bar and the warning had disappeared.
I suspect that it actually took more than one logoff/on for the Zone 0 addition to take effect...otherwise I can't explain it.
But anyway it is sorted now.
Thanks,
Greg
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.