Booker- How about adding the UNC to the site-to-zone assignment list policy? That's under User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Site to Zone Assignment list Darren -----Original Message----- From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Washington, Booker Sent: Wednesday, May 30, 2007 7:04 AM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: Internet Explorer security flaw box pops up on redirected folder shortcut (My Documents) Yes, I know where the setting is, local to the box, but I don't want to have to make the change individually on each and every computer in my environment. I posted to this list to find out, how in Grop Policy, I can change the settings that I need to change. I did not make any special changes. Just joined a new domain, and now when I click on the My Documents shortcut, I get the pop up. So I was trying to determine, what about joining the new domain, did I pick up all of a sudden that when I click on the My Docs shortcut, I get the pop up box Thanks. And again, if I add the UNC path to the trusted list, everything is fine. So even with that work around, how could I add that through Policy? Thanks -----Original Message----- From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of tools@xxxxxxxxxx Sent: Tuesday, May 29, 2007 6:30 PM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: Internet Explorer security flaw box pops up on redirected folder shortcut (My Documents) Booker- I had a hard time following your report below, but my guess is that somehow IE security zone restrictions think that something about My Documents is unsafe. Do you have a zone restriction for the MY Computer or Intranet zones? -----Original Message----- From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Washington, Booker Sent: Tuesday, May 29, 2007 2:49 PM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Internet Explorer security flaw box pops up on redirected folder shortcut (My Documents) This has to be a GPO setting, but not sure which one. I have the My documents folder redirected to a network location. When a user clicks on the My documents folder on the desktop, which is a system generated shortcut, the user gets a pop up box that has in the title of the box: Internet Explorer The contents of the box state: This page has an unspecified potential security flaw. Do you want to continue. Yes or No Any idea why this would happen? The only policy settings outside of the folder redirect GPO show the following: Print Close No explanation is available for this setting. Supported On: Not available Default Domain Policy Data collected on: 5/29/2007 5:33:38 PM hide all Generalhide Detailshide Domain test.domain.edu Owner test\Domain testmins Created 10/1/2001 2:15:58 PM Modified 7/30/2006 8:08:30 PM User Revisions 1 (test), 1 (sysvol) Computer Revisions 21 (test), 21 (sysvol) Unique ID {31B2F340-016D-11D2-945F-00C04FB984F9} GPO Status Enabled Linkshide Location Enforced Link Status Path test No Enabled test.domain.edu This list only includes links in the domain of the GPO. Security Filteringhide The settings in this GPO can only apply to the following groups, users, and computers:Name NT AUTHORITY\Authenticated Users WMI Filteringhide WMI Filter Name None Description Not applicable Delegationhide These groups and users have the specified permission for this GPOName Allowed Permissions Inherited test\Domain testmins Edit settings, delete, modify security No test\Enterprise testmins Edit settings, delete, modify security No NT AUTHORITY\Authenticated Users Retest (from Security Filtering) No NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS Retest No NT AUTHORITY\SYSTEM Edit settings, delete, modify security No Computer Configuration (Enabled)hide Windows Settingshide Security Settingshide Account Policies/Password Policyhide Policy Setting Enforce password history 3 passwords remembered Maximum password age 90 days Minimum password age 0 days Minimum password length 7 characters Password must meet complexity requirements Enabled Store passwords using reversible encryption Disabled Account Policies/Account Lockout Policyhide Policy Setting Account lockout threshold 0 invalid logon attempts Account Policies/Kerberos Policyhide Policy Setting Enforce user logon restrictions Enabled Maximum lifetime for service ticket 600 minutes Maximum lifetime for user ticket 72 hours Maximum lifetime for user ticket renewal 7 days Maximum tolerance for computer clock synchronization 5 minutes Public Key Policies/Autoenrollment Settingshide Policy Setting Enroll certificates automatically Enabled Renew expired certificates, update pending certificates, and remove revoked certificates Disabled Update certificates that use certificate templates Disabled Public Key Policies/Encrypting File Systemhide Propertieshide Policy Setting Allow users to encrypt files using Encrypting File System (EFS) Enabled Certificateshide Issued To Issued By Expiration Date Intended Purposes testministrator testministrator 9/30/2004 2:25:46 PM File Recovery For testditional information about individual settings, launch Group Policy Object Editor. Public Key Policies/Trusted Root Certification Authoritieshide Propertieshide Policy Setting Allow users to select new root certification authorities (CAs) to trust Enabled Client computers can trust the following certificate stores Third-Party Root Certification Authorities and Enterprise Root Certification Authorities To perform certificate-based authentication of users and computers, CAs must meet the following criteria Registered in Active Directory only testministrative Templateshide System/Group Policyhide Policy Setting Allow Cross-Forest User Policy and Roaming User Profiles Enabled User Configuration (Enabled)hide Windows Settingshide Remote Installation Serviceshide Client Installation Wizard optionshide Policy Setting Custom Setup Disabled Restart Setup Disabled Tools Disabled *********************** You can unsubscribe from gptalk by sending email to gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by logging into the freelists.org Web interface. Archives for the list are available at //www.freelists.org/archives/gptalk/ ************************ *********************** You can unsubscribe from gptalk by sending email to gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by logging into the freelists.org Web interface. Archives for the list are available at //www.freelists.org/archives/gptalk/ ************************ *********************** You can unsubscribe from gptalk by sending email to gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by logging into the freelists.org Web interface. Archives for the list are available at //www.freelists.org/archives/gptalk/ ************************ *********************** You can unsubscribe from gptalk by sending email to gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by logging into the freelists.org Web interface. Archives for the list are available at //www.freelists.org/archives/gptalk/ ************************