locked
Trusted sites and Windows 10 1709 RRS feed

  • Question

  • I have an issue issue with IE11 on Windows 10.
    The trusted sites are pushed out via a domain-based GPO, the ZoneMap registry entries are populated correctly on Windows 10 in
    Computer\HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xxxxxxx

    However the sites are not listed in Trusted Sites zone via IE (Tools | Internet Options | Trusted sites | Sites) and therefore the zone security settings are NOT applied. 

    The existing GPO to apply IE security/site to zone assignment works fine on Windows 7 and previous Windows 10 versions with IE 11
    Friday, March 23, 2018 10:55 PM

All replies

  • Hi,

    what does the File>Properties menu in IE say about the set Security zone? mixed zones?

    To debug blocked content and security issues (mixed content), first go Tools>Internet Options>Advanced tab, check "Always record developer console messages". Save changes.

    Open IE and navigate to a domain on your machine GPO Trusted sites list.

    Use the File>Properties menu to confirm that it is indeed mapping to the Trusted zone, or Mixed zone.

    f12>Console tab, will list the blocked content, security and xss errors and warnings. double-click on the SEC error warnings to go to the MSDN documentation for the error and warnings code.

    Machine GPO settings for zone mapping do not appear in the USERs Internet Options>Security tab>security zone domain lists. You may also like to disable the USERs access to the Security tab of Internet Options to prevent them from over-riding your lists of zone domains.

    use wildcard notation for your domain lists.... eg. *.host.com not www.host.com....

    eg. your machine GPO settings may map www.host.com to the Trusted sites list, but the site uses sub-domains, resulting in mixed content security errors.

    If possible include links to problem websites with your questions.

    Regards.


    Rob^_^

    Saturday, March 24, 2018 4:01 AM
  • Hi the file properties says unknown zone (mixed)

    I have user policy preferences not machine and I have *.host.com as you suggested...

    The F12 shows no errors only warnings

    Saturday, March 24, 2018 9:42 AM
  • In aadiction if i add a site manually, the registry is popolated but if i reopen ie the site is not in the trusted ones too.....
    Saturday, March 24, 2018 2:28 PM
  • Hi the file properties says unknown zone (mixed)

    I have user policy preferences not machine and I have *.host.com as you suggested...

    The F12 shows no errors only warnings

    see the blue warning message HTML1202: site is running in Compatibility view because "Display intranet sites in Compatibility view" is checked.

    ..that is you must have fastweb.it in your Intranet sites list...

    WTF are you doing?

    why do you have a publicly accessible website in your COMPANYs Intranet sites list? Placing it there makes your internal sites susceptible to XSS attacks.

    you should place it either

    in the Trusted Sites list (if its your company's cloud provider, and you need your Intranet websites to communicate with it. (SaaS, B2B)

    or

    Remove it from all IE security zone lists and let it default to the Internet Zone.....if you don't have dependencies with your internal (intranet LAN).

    If you are not on a company domain, and are configuring your personal development environment, your in the wrong forum.

    Regards.

    Questions regarding Internet Explorer 8, 9 and 10 and Internet Explorer 11 for the IT Pro Audience. Topics covered are: Installation, Deployment, Configuration, Security, Group Policy, Management questions. If you are a consumer looking for answers or to raise a question, it's highly recommended you head on over to http://answers.microsoft.com/en-us


    Rob^_^

    Sunday, March 25, 2018 3:03 AM