Having trouble with my group-policy assigned site-to-zone mappings not applying for users (either seamless or full desktop) on our 2008 R2 terminal server / remote desktop server environment that are in a non-USA locale.
Scenario overview:
We assign sites to zones for IE using administrative templates (our central store has the latest admin template for IE 9, and all policy editing is done on win 7 machines with IE 9). Specifically, the user side > admin templates > windows components> ie > internet control panel > security page.
I've used client side extensions to change IEHarden (per user) to "0".
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
I've also adjusted the following keys to have IsInstalled equal to "0" for 2008 and 2008 R2 boxes.
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}]
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}]
I've set [runOnce.exe /alternateShellStartup] as a login script item via local GPO on all citrix servers (2003, 2008, and 2008 R2).
With all this done, GPO for IE seems to work great on all OS platforms - but...I'm having trouble with a few 2008 R2 RD servers using the hebrew locale.
I'm avoiding using IE maintenance to import site-zone assignments, as that can cause other issues and prefer to centralize all my zone assignments in one area for our company.
I'm open to suggestion - if i assign sites to the trusted sites zone, they are not "respected" in this instance. Any thoughts would be appreciated.