Windows 2008 wont use Trusted Sites – Jocha

Today I ran into an issue with Internet Explorer on a Windows 2008 R2 server.
I have a GPO that pushes Local Intranet and Trusted sites but they would not be visible through the GUI in Internet Options.
I double checked that the GPO was applying and the properties got entered into the Registry, which it did.

The problem was not the GPO but rather that the IE Enhanced Security Configuration feature was turned on for Administrators..

The default security level for the “Internet” in Windows Server 2008 is set to “High”. This is the effects of IE Enhanced Security Configuration. With IE Enhanced Security Configuration, Internet Zone has the same security settings as the Restricted sites zone.

You may perform the following steps to turn off IE Enhanced Security Configuration to adjust security settings of Internet Zone,

1. Exit any instances of Internet Explorer.

2. Start Server Manager.

3. In the details pane, locate the Security Information area that appears under the Server Summary area.

4. In the Security Information area, click Configure IE ESC.

5. In the Internet Explorer Enhanced Security Configuration dialog box, click one of the following options:
If your user account is a member of the Administrators group, click Off under Administrators.
If your user account is a member of a standard users group, click Off under Users.
We recommend that you do not turn off Internet Explorer Enhanced Security Configuration for a group for which that you are not a member.

6. Click OK.

If this issue remains, please check whether the “IEHarden” registry value remains. If so, please delete it.

1.Click Start, and then click Run.

2.In the Open box, type “regedit.exe” (without the quotation marks), and then click OK.

3.Locate:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zonemap]

And delete the “IEHarden” registry value.

4.Locate:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zonemap]

And delete the “IEHarden” registry value for each user.

5. Locate the registry key and modify them

[HKEY_LOCAL_MACHINE\software\microsoft\windows\CurrentVersion\Internet Settings\Zones\3\MinLevel]

[HKEY_CURRENT_USER\software\microsoft\windows\CurrentVersion\Internet Settings\Zones\3\MinLevel]

adjust the value of “MinLevel” to 10000(Hexadecimal)

6. Re-launch IE to test if you can adjust the security setting of “Internet” zone.