Article ID: 293766 - View products that this article applies to.
This article was previously published under Q293766
When you configure the Security Zones and Content Ratings Group Policy object (GPO) setting on a domain controller to remove a previously trusted site from the trusted sites zone, the policy setting may not apply on the client computers.
For example, if you edit the Default Domain Policy GPO and configure the Security Zones and Content Ratings setting to remove a Web site from the trusted sites zone, the client computer may still treat that Web site as trusted in Internet Explorer. This behavior occurs even though the site does not appear in the list of Web sites in the Trusted sites dialog box in Internet Explorer. (To find this dialog box, click Internet Options on the Tools menu, click the Security tab, click Trusted sites, and then click Sites.)
This problem occurs because the client does not replace one of the two affected registry keys correctly. When you edit the list of trusted Web sites in the Security Zones and Content Ratings GPO on a domain controller, the settings that you configure are written to the Seczones.inf file. When the client applies the GPO, it reads the information in the Seczones.inf file and then updates the registry. The changes affect two registry keys. The new settings replace the settings that are contained in one registry key, but only adds (instead of replaces) the new settings to the other registry key. The two registry keys that are affected are:
To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/260910/EN-US/ )How to Obtain the Latest Windows 2000 Service Pack
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Windows 2000 Service Pack 3.