Hi,
I've had been having no end of odd problems with IE Zone Mapping through Group Policy.
Ideally, I would like to add
*.public.uk to the Trusted Sites list. ("public" here being an anonymised equivalent to a publically accessible Internet domain.)
This just doesn't seem to work with a .uk site under IE8!
So then we've had
*.sub1.public.uk added which had been working on many PCs but we've had some PCs where subdomains of this weren't going in the right zone so we even ended up having to recently add
*.sub2a.sub1.public.uk
*.sub2b.sub1.public.uk
(Sorry I'm not privy to the exact details of what worked on what sort of PC.)
The main problem is as follows:
Some of these subdomains have sites that are used to authenticate smartcards. Under IE8, we're getting the Gem Authenticate Client crash the moment we insert the smartcard. The call stack from the crash points the finger at Zone Mapping as the cause.
I was able to track it down to the entry
*.sub1.public.uk
If I delete the equivalent key:
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\public.uk\sub1
(Which contains "https"=dword:00000002)
then the problem goes away (until Group Policy puts it back), so the cause appears to be the *.sub1.public.uk entry in the Site-to-Zone assignment list in Group Policy.
Why is this causing a problem and why can't we just get *.public.uk or even *.sub1.public.uk to behave as we'd expect. These are not Intranet sites. The PC in question has no zone mapping in local group policy.
Thanks for any suggestions you can offer.