none
Site to Zone Assignment List RRS feed

  • Question

  • So, we're attempting to use the Site to Zone Assignment List, but are running into the following error when Group Policy is updated:

    Windows failed to apply the Internet Explorer Zonemapping settings.

    Here are the only patterns we're currently using within our S2Z list...

    #.#.#.#
    *.domain.ext
    *.subdomain.domain.ext
    *://subdomain.domain.ext

    Does anyone know if any of these four patterns would be causing the issue?

    Thanks.


    • Edited by StMaSi Monday, July 24, 2017 2:33 PM
    Monday, July 24, 2017 2:32 PM

All replies

  • Hi,

    To find answers to questions about computer error messages, copy and paste the error message text into your favorite search engine.

    eg. https://www.bing.com/search?q=Windows+failed+to+apply+the+Internet+Explorer+Zonemapping+settings

    suggested answers:

    https://social.technet.microsoft.com/Forums/windowsserver/en-US/c8ffbd30-6ef0-4ae5-a2c7-b0b11effb379/windows-failed-to-apply-the-internet-explorer-zonemapping-settings-the-data-was-invald-event-id?forum=winserverGP

    https://support.microsoft.com/en-us/help/184456/how-to-use-wild-cards-when-you-add-web-sites-to-security-zones

    or, manually enter the domain templates into your IE Trusted Zone list first. (Tools>INternet Options>Security tab>Trusted Sites icon, Sites button......

    If you try to enter an invalid wildcard domain template, you will see the following guide....

    Copy and paste the validated domain templates into your GP Editor.

    Don't forget to remove the entries from the test clients' list.

    Warning: do not place public access domains like facebook, Microsoft, google, yahoo etc. In the Trusted Sites list... The trusted sites zone has a lower security setting. Public access sites should be designed to work with the security level of the Internet zone..https works in any IE security zone. some public web sites use sub domains for credential validation. eg account.google.com.... IE has a security setting preventing navigation into a zone of lower integrity.... Only use the Trusted sites list for domains of business partners which are linked to your intranet assets... eg. say Bloomberg. IF you are placing public access domains in the Trusted Sites list (in order to get them to work or to use https only), then you are doing something wrong with your internet zone settings... accept the default Internet zone settings from MS... they are designed to work for the majority of public access domains.

    You would only use zone mapping lists for the Intranet or Restricted sites zones. Check your settings for the Intranet zone.... generally the auto-detect should work. Only use the Trusted sites list where one of you intranet domains' link to a third-party website/intranet that has XSS scripting errors.

    To detect blocked content, security or XSS (cross site scripting) errors in IE, first go Tools>Internet Options>Advanced tab, check "Always record developer console messages". Save changes..... when you open the dev tool (f12), the Console tab will now list markup, scripting, security and XSS errors, which are otherwise suppressed. (all modern web browsers do not break on exceptions unless their dev tool is opened.)

    Regards.


    Rob^_^



    Monday, July 24, 2017 9:51 PM