Zones assignment fails in IE with ESC

Okay, this pretty much bugged me out: We had IE8 running on a Windows Server 2008 R2 RDS server (yes, Terminal Server for all you OldFolks). We had certain sites assigned to specific Internet Explorer zones (some backing sites to "Trusted", some internal stuff to "Intranet", etc). Everything worked hanky danky when logged on locally - but users connecting with REmote Desktop Services do not get the site-to-zone assignment lists applied.


We had IE ESC (you know, the "nice" Internet Explorer ENHANCED Security) already disabled on the machine (using the policy I discrobed in another article) - but no dice.


AS it turns out, there's ANOTHER key that's messing stuff up. To be precise, HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zonemap\IEHarden is the culprit.


So you can do 2 things: Manually delete the key - for every user... - or have a policy do that for you. Obviously, we went for the second option.

So: in a policy which applies to your user(s) or RDS server (and, in this case, has loopback processing enabled), you set a Preference in thE User Configuration part of the policy. Have this preference apply to the [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zonemap key and let it update the "IEHarden" registry value to "0".

In other words, this is what the group policy preference setting should look like:

GPO Preference settings