0

I'm using this GPO in a windows domain to distribute the "Internet Zones" Internet Explorer settings. Domain users apply that GPO, but the entry is wrong:

example.com is mapped as Zone Type 1 (Intranet)

Clients apply this rule as *.example.com

I've also added a mapping for *.example.com to troubleshoot, but the second level domain entry example.com just won't be applied on clients' machines. Locally, adding example.com in IE settings works just fine.

My GPO settings (German)

Is there any syntax or rule-checks I'm issing? Programs run from the network share \\example.com\ still show a security warning because the second-level domain example.com isn't included with that *.example.com entry

NoMad
  • 312
  • 1
  • 4
  • 14
  • 1) Can you provide more detail on how your GPO is configured? A screenshot would be great. 2) Exactly what entry do you want to appear on the client? `file://example.com'? Something else? – I say Reinstate Monica Jan 07 '17 at 04:35
  • Added a picture and Link to the GPO I'm using. Expected result for this GPO is an entry "example.com" in the IE Intranet Site list. However, this GPO is applied as "*.example.com", so that doesn't include "example.com"... Finally, this entry is to suppress a warning dialogue when executing something from the network share \\example.com, which should work fine having "Include all UNC Paths" selected (default). – NoMad Jan 09 '17 at 11:57
  • `Programs run from the network share \\example.com\ still show a security warning`. What security warning? – Greg Askew Jan 09 '17 at 12:19
  • @NoMad: You also need to provide how you are confirming the setting is not going into effect on the computers. Typically this is done using gpresult /h gpresult.html to display the settings. – Greg Askew Jan 09 '17 at 12:25
  • @GregAskew gpresult /h confirms what I see in the AD Group Policy window, there the entry is still shown as `example.com`, but in the actual Settings, there only is `*.example.com` after applying the GPO. The warning is the Windows dialog to confirm you want to run a file coming from an unknown location. – NoMad Jan 09 '17 at 12:44
  • That's the expected behavior. If you enter domain.com, Internet Explorer displays it as *.domain.com. The group policy is just a delivery vehicle for the setting, and is working as expected. This isn't an issue with group policies or Internet Explorer settings. – Greg Askew Jan 09 '17 at 13:17
  • How can this be expected behavior? As you can read above, setting it locally in the IE settings does not expand/interpret the entry `domain.com` as `*.domain.com` which excludes `domain.com` itself. Something in the process of applying the GPO modifies the value that I entered. And I can't find any documentation on why and when the string is parsed and modified, so I can't verify that this is expected behavior. – NoMad Jan 09 '17 at 16:40

0 Answers0