Monday, March 15, 2010

Add Site to Local Intranet Zone Group Policy

Users in a network were experiancing the following error whenever they open an access database:

Microsoft Access cannot open this file.

This file is located outside your intranet or on an untrusted site. Microsoft access will not open this file due to potential security problems.

To open this file, copy it to your machine or an accessible network location.




Microsoft KB303650 explains how to resolve this by adding the domain name to the local intranet site in internet options.

1. In Internet Explorer, click Tools, and then click Internet Options.
2. On the Security tab, click Local intranet, and then click Sites.
3. Click Advanced, and then type: *.domain.com or an IP address range (for example, 157.54.100-200.*) in the Add this Web site to the zone box, where domain.com is your company and top-level domain names.
4. Click Add, click OK, click OK, and then click OK again to close the Internet Options dialog box.


However how do you do this using group policy?

Simply perform the following actions:

Computer Configuration>Administrattive Templates>Windows Components>Internet Explorer>Internet Control Panel>Security Page...

Then here you can find the policy for "Site to Zone Assignment List"

You will need to enable it then add your url's right in there. Each zone assignment is going to have a numerical value. For entries into the trusted zone, use the value "2".

10 comments:

  1. Thanks, I have been banging my head against my screen trying to figure out where this is at...

    For ADMX files (or maybe it is 2008r2 specific, not sure) it is Comp Config -- Policies --Admin....

    ReplyDelete
  2. Thx, that did the trick.

    ReplyDelete
  3. thank you for this very easy solution of this hard nut problem.
    http://portalada.com.au/ADA_CPD/

    ReplyDelete
  4. Just be aware that when you specifically set sites in zones you prevent the end user from being able to do so. The option will be greyed-out.

    ReplyDelete
    Replies
    1. But how could you add sites to IE Local intranet zone via Group Policy and still give users the ability to add sites

      Delete
  5. so the intranet group is value 1 in the GPO

    ReplyDelete
  6. Very grateful for this helpful article of yours! This has been by far the easiest solution I have encountered to this particular problem. Here is another "how to" I have discovered on the internet that might be very helpful with intranets: http://www.simpplr.com/blogs/2015/12/how-to-run-an-ask-me-anything-session-on-your-intranet/. Give it a peek!

    ReplyDelete