You are currently offline, waiting for your internet to reconnect

Trusted Sites Settings of Internet Explorer Security Zones and Content Ratings GPO Settings May Not Apply on the Client

This article was previously published under Q293766
This article has been archived. It is offered "as is" and will no longer be updated.
When you configure the Security Zones and Content Ratings Group Policy object (GPO) setting on a domain controller to remove a previously trusted site from the trusted sites zone, the policy setting may not apply on the client computers.

For example, if you edit the Default Domain Policy GPO and configure the Security Zones and Content Ratings setting to remove a Web site from the trusted sites zone, the client computer may still treat that Web site as trusted in Internet Explorer. This behavior occurs even though the site does not appear in the list of Web sites in the Trusted sites dialog box in Internet Explorer. (To find this dialog box, click Internet Options on the Tools menu, click the Security tab, click Trusted sites, and then click Sites.)
This problem occurs because the client does not replace one of the two affected registry keys correctly. When you edit the list of trusted Web sites in the Security Zones and Content Ratings GPO on a domain controller, the settings that you configure are written to the Seczones.inf file. When the client applies the GPO, it reads the information in the Seczones.inf file and then updates the registry. The changes affect two registry keys. The new settings replace the settings that are contained in one registry key, but only adds (instead of replaces) the new settings to the other registry key. The two registry keys that are affected are:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains
To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
260910 How to Obtain the Latest Windows 2000 Service Pack
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Windows 2000 Service Pack 3.

Article ID: 293766 - Last Review: 12/06/2015 01:37:04 - Revision: 2.5

Microsoft Windows 2000 Server, Microsoft Windows 2000 Advanced Server, Microsoft Windows 2000 Professional Edition

  • kbnosurvey kbarchive kbqfe kbbug kbfix kbwin2000sp3fix KB293766