none
IE11 trusted sites zone site list information (through GPO) not getting filled for some of the RDS 2012 server users

    Question

  • I'm encountering strange behaviour on an RDS server where I have IE trusted site zone’s site
    list not showing filled for some of the connected users.

    The issue is that for a trusted site URL, users keep getting popped up with a login/password popup
        
    - I’ve verified the GPO side and nothing strange found
    - comparing gpresult /Z of a ‘OK’ user session with a ‘KO’ user session shows that the below GPO settings are getting applied
    - under IE trusted site zone settings, userA has sites listed and userB don’t have them !!

    tried to enable/disable again IEESC -> with no effect
    the only way I found to let it ‘work’ for the users facing the issue is to force their session’s IE settings
    to reset once.  But as the below link shows, this isn’t a viable solution as (and I tested it) if a user’s profile gets deleted by the Admin, the issue appears again…

    Is this a known issue, is there a fix ?
    Any help would be much apreciated.

    Thanks.


    Configuration :
    - a 2012 R2 RDS Server / IE11
    - a GPO applying IE trusted zone site list + Logon Options
    - IEESC is disabled at the VM template for users and disabled manually/script post VM deployment..

      (site to zone assignment list setting path :
       *Computer Configuration>Administrative templates>Windows components>
        Internet Explorer>Internet Control Panel>Security Page)
    *.somedomain.net  assigned to zone 2 
      (Logon options setting path :
       *Computer Configuration>Administrative templates>Windows components>
        Internet Explorer>Internet Control Panel>Security Page> Trusted Sites Zone)
        set to value : automatic logon with current username and password

    Quite Similar situation :

    https://social.technet.microsoft.com/Forums/windowsserver/en-US/70b2dd7e-833c-4240-92e0-9b865e917307/trusted-sites-and-internet-zone-security-level-gpo-is-not-applying-in-windows-server-2008-r2?forum=winserverGP


    MCTS Windows Server Virtualization, Configuration



    Monday, March 16, 2015 1:50 PM

Answers

  • I noticed that for a user for whom the issue appears/happens, the issue can be worked around like following  : 

    1/ when I manually reset his IE settings,
        => he can connect to the trusted sites with no more login popups
              + I notice that on inetcpl.cpl, the trusted sites zone site list gets filled...

    BUT if for any reason the user’s roaming profile gets deleted, issue happens again

    or

    2/ when I reenable IEESC then disable it both from server manager, nothing happens      when I reenable IEESC from servermanager, then disable it using a powershell window runAs Admin
        => he can connect to the trusted sites with no more login popups
              + I notice that on inetcpl.cpl, the trusted sites zone site list gets filled...                  

    BUT if for any reason the user’s roaming profile gets deleted, issue happens again


    3/ following the following citrix KB : http://support.citrix.com/article/CTX135627 solves the issue but required me to delete the roaming profile.

    4/ the solution I’m finally following is to apply following :

    Windows Registry Editor Version 5.00

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
    @=""
    "IEHarden"=dword:00000000

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
    @=""
    "IEHarden"=dword:00000000

       
    Thanks.


    MCTS Windows Server Virtualization, Configuration

    Monday, March 16, 2015 4:48 PM

All replies

  • I noticed that for a user for whom the issue appears/happens, the issue can be worked around like following  : 

    1/ when I manually reset his IE settings,
        => he can connect to the trusted sites with no more login popups
              + I notice that on inetcpl.cpl, the trusted sites zone site list gets filled...

    BUT if for any reason the user’s roaming profile gets deleted, issue happens again

    or

    2/ when I reenable IEESC then disable it both from server manager, nothing happens      when I reenable IEESC from servermanager, then disable it using a powershell window runAs Admin
        => he can connect to the trusted sites with no more login popups
              + I notice that on inetcpl.cpl, the trusted sites zone site list gets filled...                  

    BUT if for any reason the user’s roaming profile gets deleted, issue happens again


    3/ following the following citrix KB : http://support.citrix.com/article/CTX135627 solves the issue but required me to delete the roaming profile.

    4/ the solution I’m finally following is to apply following :

    Windows Registry Editor Version 5.00

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
    @=""
    "IEHarden"=dword:00000000

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
    @=""
    "IEHarden"=dword:00000000

       
    Thanks.


    MCTS Windows Server Virtualization, Configuration

    Monday, March 16, 2015 4:48 PM
  • Thanks for sharing the solution.

    Best regards,

    Frank Shen


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, March 26, 2015 7:09 AM
    Moderator