IE 11 Server 2012 r2 Site to Zone Assignment List

I have a terminal 2012 r2 Terminal server using IE 11.  Our GPO settings are all working to manage IE settings except for the Site to Zone Assignment List.  All other servers/PCs are picking up the settings.  The settings are grayed out with no entries.

The settings are listed under User Configuration -> Policies -> Administrative Templates : Policy definitions (ADMX files) retrieved from the local computer. -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page

We recently move our GPO's to a 2012 server as well but they are still working on all other systems besides this one.
cuz74Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

LesterClaytonCommented:
You're definitely using the correct setting - but there can be numerous issues why they won't apply.

First of all, check that the GPO is being applied by doing GPRESULT /V  The policy should be listed under the User Policies.  If the policy is not being listed - then check that you have the a loopback policy where necessary.  If the policy is being listed, then check if any other policies have the same setting included - these settings AFAIK are not additive - the last one applied will overwrite the entire list.

Use the output of GPRESULT /V to be your diagnostic tool - make sure that the setting shows up.  You may have to use GPRESULT /USER <username> /V to target a specific user to see what their results are.

I use this setting, and my GPRESULT /V shows something similar to this:

            GPO: Customer - TS - IE10 Settings
                KeyName:     Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapKey\*.domain.com
                Value:       49, 0, 0, 0
                State:       Enabled

Open in new window


Look for "ZoneMapKey" in your GPRESULT /V
0
cuz74Author Commented:
Thanks for the response Lester.  I ran those tests and they are listed correctly.  I also tested the standard Policy on Server 2008 R2 with IE11 and it also is not working.

It also is the only policy applied.
0
LesterClaytonCommented:
I'm afraid I'm out of ideas - it's never not worked for me before so I've never had to find a solution to this :D  Admittedly though, our IE version is not 11, so perhaps that's the fly in the ointment?
0
Introducing the "443 Security Simplified" Podcast

This new podcast puts you inside the minds of leading white-hat hackers and security researchers. Hosts Marc Laliberte and Corey Nachreiner turn complex security concepts into easily understood and actionable insights on the latest cyber security headlines and trends.

Toni UranjekConsultant/TrainerCommented:
Check this article:

Setting Internet Explorer Trusted Site Settings via Group Policy Object in Windows Server 2012 R2
http://blogs.msdn.com/b/microsoft_press/archive/2014/04/14/from-the-mvps-setting-internet-explorer-trusted-site-settings-via-group-policy-object-in-windows-server-2012-r2.aspx
0
cuz74Author Commented:
Thanks Toni.  I found the same article when I was trying to troubleshoot the problem.  It unfortunately did not help.

I opened a ticket up with Microsoft tonight and what we did to fix it was turn on IE Enhanced Security Configuration for Administrators and Users and gpupdate /force and then turned them both off again and did another gpupdate /force.

Once I did that, the settings were applied to the server correctly.  I went back and did this to our server 2008 R2 with IE11 and it works there now as well.

Hopefully this helps someone out in the future.  

Thank you Lester and Toni.
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
LesterClaytonCommented:
Glad to hear Microsoft were able to help - out of curiosity, what was the solution?
0
cuz74Author Commented:
Got the fix directly from Microsoft.
0
Rasli RamlanCommented:
hi Lester,

I found your useful command from this forum where i'm in process to troubleshoot ZoneMapKey issue in Local Intranet Zone - IE 11.0

When run the command gpresult \v  , the output line as below

GPO: Global Internet Explorer Settings IE10 v3
                Folder Id: Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapKey\http://archivemanager
                Value:       49, 0, 0, 0
                State:       Enabled


Why the value 'http://archivemanager' not appear in setting of the zone? but it was shown in running command

thanks
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.