Discussion:
Which Policy Setting Preventing Addition of Trusted Sites?
(too old to reply)
WaltB123
2006-10-10 21:33:01 UTC
Permalink
This used to work well as a Local GPO, but since attempting same as a Domain
GPO, its not working as expected.

To prevent any old website from being able to install Active X controls,
while at the same time allowing my user base to specify a site as Trusted
where needed, I made 3 basic changes to a GPO and linked it to the user group.

Those changes were all made in-
Computer Config/Admin Templates/Windows Components/Internet Explorer

And consisted of-
Security Zones: Use only machine settings
Internet Zone Template: ENABLED: High
Trusted Sites Zone Template: ENABLED: Medium

The problem is, users can add sites to the Trusted Sites list, but only if
the sites are prefaced with https://.

Users can uncheck the box on the window to disable the https:// requirement
but even with that box unchecked, they are prompted that sites in this zone
must have the https:// prefix.

Normally I teach users to enter an address as follows:
*.microsoft.com

So that any page associated with that site is now trusted.

Does anyone know what GPO setting might be forcing them use https addresses
despite unchecking that box?
--
He has half the deed done who has made a beginning ~ Horace
Vincent Xu [MSFT]
2006-10-11 02:29:35 UTC
Permalink
Hi,

Please check following registry key:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2]

flags =0x47(71) --- enable
=0x43(67) --- disable

This registry key indicates "require server verification (https:) for all
sites in this zone"

thanks.




Best regards,

Vincent Xu
Microsoft Online Partner Support

======================================================
Get Secure! - www.microsoft.com/security
======================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others
may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties,and confers no rights.
======================================================



--------------------
Thread-Topic: Which Policy Setting Preventing Addition of Trusted Sites?
thread-index: Acbss6mKCVWoqlMZRnKEkCuuNBFfRg==
X-WBNR-Posting-Host: 64.80.206.2
Subject: Which Policy Setting Preventing Addition of Trusted Sites?
Date: Tue, 10 Oct 2006 14:33:01 -0700
Lines: 34
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
Newsgroups: microsoft.public.windows.group_policy
Path: TK2MSFTNGXA01.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.group_policy:23342
NNTP-Posting-Host: TK2MSFTNGXA01.phx.gbl 10.40.2.250
X-Tomcat-NG: microsoft.public.windows.group_policy
This used to work well as a Local GPO, but since attempting same as a Domain
GPO, its not working as expected.
To prevent any old website from being able to install Active X controls,
while at the same time allowing my user base to specify a site as Trusted
where needed, I made 3 basic changes to a GPO and linked it to the user group.
Those changes were all made in-
Computer Config/Admin Templates/Windows Components/Internet Explorer
And consisted of-
Security Zones: Use only machine settings
Internet Zone Template: ENABLED: High
Trusted Sites Zone Template: ENABLED: Medium
The problem is, users can add sites to the Trusted Sites list, but only if
the sites are prefaced with https://.
Users can uncheck the box on the window to disable the https:// requirement
but even with that box unchecked, they are prompted that sites in this zone
must have the https:// prefix.
*.microsoft.com
So that any page associated with that site is now trusted.
Does anyone know what GPO setting might be forcing them use https addresses
despite unchecking that box?
--
He has half the deed done who has made a beginning ~ Horace
Loading...