none
Sites to Zone entry stops IE/Command Prompt/Event Viewer....

    Question

  • Hi

    Have implemented IE11 Computer Security Compliance template in preparation for a new Windows 10 environment using Microsoft's recommended settings.  I have created a separate policy to manage Sites to Zones.  Using Computer Configuration, if I add google.co.uk (as a test) to the Trusted Sites (2), update and reboot the target client I can't get into anything.

    Clicking the IE icon on my Win 10 Taskbar brings up a dialog box that informs me:

    "These files can't be opened.
    Your internet security settings prevented one or more files from being opened
    C:\Program Files\Internet Explorer\iexplore.exe"

    The same happens if I use the Start menu or cortana.  It also happens with my Command Prompt and Event Viewer shortcuts.

    Strangely, if I open IE from C:\Program Files\Internet Explorer\iexplore.exe everything works.

    Any suggestion as to why?

    Thanks
    Tony

    Friday, May 20, 2016 3:11 PM

Answers

All replies

  • Hi Tony,
    >> Using Computer Configuration, if I add google.co.uk (as a test) to the Trusted Sites (2), update and reboot the target client I can't get into anything.
    It may be caused by IEM which has been removed from IE10. Client machine with IE10+ installed cannot get the content configured in IEM from DC GPO.
    Here is official reference: http://technet.microsoft.com/en-us/library/jj890998.aspx

    Regarding to manage Sites to Zones, please follow the blog as below to have a try again.
    https://blogs.msdn.microsoft.com/asiatech/2014/08/19/how-to-add-web-sites-to-trusted-sites-via-gpo-from-dc-installed-ie10-or-higher-ie-version/

    >>These files can't be opened.
    Your internet security settings prevented one or more files from being opened
    C:\Program Files\Internet Explorer\iexplore.exe"
    Regarding this error, Please choose a problematic client and follow this:
    1. Create another user (admin)
    2. Switch to log on with the new user account
    3. Run regedit and navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    5. Right-click -> export to a folder
    6. Switch back to your original account
    7. Remove the above keys
    8. Run the exported .reg
    Please Note: backup the registry before performing the any modification.

    Regards,
    Wendy


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, May 23, 2016 5:55 AM
    Moderator
  • Thanks Wendy.

    This is a domain joined, brand new, out of the box Window 10 laptop with a clean install and custom written GPOs in an OU where everything else is blocked.  The DC's are Windows 2012 R2.  As there is no previous GPO's to affect it (such as IEM settings) and I am using Second method: “Site to the zone assignment list” in Administrative Templates the above shouldn't have this affect, should it?

    In the next month I will have 150 computers to apply this to and I don't want to have to export a .reg file to al of them.

    Cheers

    EDIT: Tried exporting the reg to a file and then running it...still the same

    EDIT2: Forgot to mention...if I add a site to the user configuration untoward nothing happens, but the sites doesn't show in Trusted Zone or the registry.

    Monday, May 23, 2016 10:52 AM
  • Hi,
    After you apply GPO to Window 10 laptop, did you confirm that GPO is applied successfully on it? Before we go further, please run gpresult /h to see if any error is showed.
    And here is an article step by step for Internet Explorer Security Zones, you could take a look:
    https://blog.thesysadmins.co.uk/group-policy-internet-explorer-security-zones.html
    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
    Regards,
    Wendy

    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, May 30, 2016 2:34 AM
    Moderator