Sometimes when working on a XenApp server and publishing websites through Internet Explorer, you may have a need to temporarily add the website to the Local Intranet or Trusted Sites zone for testing purposes. Usually NTLM passthrough windows authentication won’t work unless the website is part of the Local Intranet zone. Your users will get a popup box asking for their credentials. In multidomain environments, things can get especially hairy sometimes with the way IE detects a Local Intranet website. You can add the site manually in IE after the website has launched but it’s per profile. If you want to add it for all users on the server, group policy is the way to go. Associating a site with a zone can be accomplished through group policy at the domain level easily but sometimes you just want to test things first and it’s quicker to edit the local group policy on the server.
So to do that on Server 2008 R2, go to Start > Run > gpedit.msc
From there you will see Computer Configuration and User Configuration. We want Computer Configuration. Drill down to:
Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page
Double click on Site to Zone Assignment List and click the “Enabled” radio button.
Then click “Show…”
A new box will pop up. For the Value name, you want to type in the name of your website. For the Value, you want to specify a number 1 through 4. These correlate to the zones which are:
1. Intranet zone
2. Trusted Sites zone
3. Internet zone
4. Restricted Sites zone
Hit OK to both windows and you’re done. You can test by launching your published IE website. It should now be associated with the zone you specified. You can verify in IE by pressing Alt to bring up the menu bar, then File > Properties and under Zone it will tell you the zone of the current website. Every user that launches the published IE app on your server will have the website in the zone you specified.
Jason Samuel is a visionary product leader and trusted advisor with a proven track record of shaping strategy and driving technology innovation. With extensive expertise in enterprise end-user computing, security, cloud, automation, and virtualization technologies, Jason has become a globally recognized authority in the IT industry. His career spans consulting for hundreds of Fortune 500 enterprises across diverse business sectors worldwide, delivering cutting-edge digital solutions from Citrix, Microsoft, VMware, Amazon, Google, and NVIDIA that seamlessly balance security with exceptional user experiences.
Jason’s leadership is amplified by his dedication to knowledge-sharing as an author, speaker, podcaster, and mentor within the global IT and technology community. Recognized with numerous prestigious awards, Jason’s contributions underscore his commitment to advancing technology and empowering organizations to achieve transformative results. Follow him on LinkedIn.
sarwan
September 12, 2012 at 4:02 AM
Thanks man…
Adam Roybal
December 20, 2012 at 11:22 PM
Thank you very much for this article. This issue was bugging the heck out of me for a year now for our XenApp deployment. Already set-up in System Test and working perfectly.
sandy
January 18, 2013 at 2:53 PM
This is not Working , When users are tying to access the published IE, If you update the trusted site zone .
joy
February 20, 2013 at 5:36 AM
Hi this is not working users still get the pop up but when they click cancel it goes off now. but before the modifications on the IE settings when they go off if reports you dont have access to that page
cbear
October 21, 2015 at 3:14 PM
Great stuff! Really appreciate it!!
cdog
November 21, 2015 at 6:23 PM
Awesome article. thanks man!