You can apply Zone Security one of two ways. 1) the old way --> Using IE Maintenance Policy under User Configuration > Windows Settings > Internet Explorer Maintenance. Works but is very problematic. Still required for things like setting the home page, favorites, etc. 2) the new way (since XP SP2) --> Using the ADM template settings for IE under Computer/User Configuration > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page. This method is preferred as it is much easier to maintain and more reliable. Gives you much more flexibility also because the settings are more granular and can be applied at the machine level instead of just to a user account. Doing zone security this way is nice also, because your zone URL lists are merged together instead of one list replacing the other. You can find a nice overview of the settings here: http://technet.microsoft.com/en-us/library/bb457144.aspx. If you have some policies using method #1 and some using method #2 you are going to see a lot of issues. I would personally scrap any GPOs using method #1 and convert everything over to the newer ADM template settings. Additionally I recommend enforcing the "Security Zones: Use only machine settings" policy and only configure zone security on the computer side for uniformity throughout your organization, unless of course you need the flexibility of users having different zone settings. Jamie Nelson | Systems Engineer | Systems Support, Information Technology | I N T E G R I S Health | Phone 405.552.0903 | http://www.integrisok.com -----Original Message----- From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Clemson, Chris (IHG) Sent: Monday, January 28, 2008 9:51 AM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: Trusted sites addition not showing in IE > [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Nelson, Jamie R > Sent: 25 January 2008 18:53 > To: gptalk@xxxxxxxxxxxxx > Subject: [gptalk] Re: Trusted sites addition not showing in IE Thanks for the quick reply, > Is it possibly already defined for the computer in the corresponding > HKEY_LOCAL_MACHINE area of the registry? Yes, it is defined there, yet it seems to be defined in both places on my machine, and everything is working fine. > If you're configuring Zone settings in Computer Configuration > there may Not as far as I can tell via GPO, but maybe I am missing something. > be some conflict there. Since you're using the ADM template > settings to > configure your zones, I would also make sure that IE > Maintenance Policy > is not applying. What exactly do you mean by maintenance policy? When browsing the settings of my policy, my changes are listed under Windows Settings Internet Explorer Maintenance Security/Security Zones and Content Ratings Security Zones and Privacy Trusted Sites .... Is this what you mean? Thanks, Chris *********************** You can unsubscribe from gptalk by sending email to gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by logging into the freelists.org Web interface. Archives for the list are available at //www.freelists.org/archives/gptalk/ ************************ ********************************************************************** This e-mail may contain identifiable health information that is subject to protection under state and federal law. This information is intended to be for the use of the individual named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited and may be punishable by law. If you have received this electronic transmission in error, please notify us immediately by electronic mail (reply). This e-mail may contain identifiable health information that is subject to protection under state and federal law. This information is intended to be for the use of the individual named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited and may be punishable by law. If you have received this electronic transmission in error, please notify us immediately by electronic mail (reply). *********************** You can unsubscribe from gptalk by sending email to gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by logging into the freelists.org Web interface. Archives for the list are available at //www.freelists.org/archives/gptalk/ ************************