Since re-installing our Domain Controller (Windows Server 2008R2) and re-creating all of our group policies I have stumbled across an strange issue.
When a user logs in and goes no the internet, their javascript is disabled because the security zones are set to high. The user then has to reset the zones to the default security level and then refresh the page. They need to do this pretty much every time IE loads.
I have set a DC up before an enforced a security zone setting by GPO and I remember that IE wouldn't let the user reset the zones to default. That paired with the fact that I haven't set any security zones options up on any of the new GPO's leads to the conclusion that maybe I need to explicitly set the security settings to default via GPO?
Is there a way of doing that? Maybe by using GP Preferences? All workstations are running a minimum of IE7 and Windows XP Pro SP3.
To help explain the problem, this is the screen used to reset the security settings:
Best Answer
Why don't you use the IE administrative templates to set zone security as you want it?
The key thing to remember here is GPO processing order. I have no idea if you have done a gpresult at client side or using GPMC's "group policy results" viewed the RSOP data for an affected user on a computer. This would have shown the combined net result of all group policies effective for the user and show if any GPOs are currently responsible for disabling javascript.
If you link your policy to process before any other existing GPO disables javascript the above will not help. You need to ensure this GPO is processed last. Depending on whether you use loopbacked policies (and their mode) this may mean linking to a path where the user is located or where the computer is located.