Trusted Sites Settings of Internet Explorer Security Zones and Content Ratings GPO Settings May Not Apply on the Client

Article translations Article translations
Article ID: 293766 - View products that this article applies to.
This article was previously published under Q293766
Expand all | Collapse all

SYMPTOMS

When you configure the Security Zones and Content Ratings Group Policy object (GPO) setting on a domain controller to remove a previously trusted site from the trusted sites zone, the policy setting may not apply on the client computers.

For example, if you edit the Default Domain Policy GPO and configure the Security Zones and Content Ratings setting to remove a Web site from the trusted sites zone, the client computer may still treat that Web site as trusted in Internet Explorer. This behavior occurs even though the site does not appear in the list of Web sites in the Trusted sites dialog box in Internet Explorer. (To find this dialog box, click Internet Options on the Tools menu, click the Security tab, click Trusted sites, and then click Sites.)

CAUSE

This problem occurs because the client does not replace one of the two affected registry keys correctly. When you edit the list of trusted Web sites in the Security Zones and Content Ratings GPO on a domain controller, the settings that you configure are written to the Seczones.inf file. When the client applies the GPO, it reads the information in the Seczones.inf file and then updates the registry. The changes affect two registry keys. The new settings replace the settings that are contained in one registry key, but only adds (instead of replaces) the new settings to the other registry key. The two registry keys that are affected are:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains

RESOLUTION

To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
260910 How to Obtain the Latest Windows 2000 Service Pack

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Windows 2000 Service Pack 3.

Properties

Article ID: 293766 - Last Review: March 1, 2007 - Revision: 2.5
APPLIES TO
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Professional Edition
Keywords: 
kbqfe kbbug kbfix kbwin2000sp3fix KB293766

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com