Citrix XenApp

Adding websites to Microsoft IE zones on a XenApp server using local group policy

on

Sometimes when working on a XenApp server and publishing websites through Internet Explorer, you may have a need to temporarily add the website to the Local Intranet or Trusted Sites zone for testing purposes. Usually NTLM passthrough windows authentication won’t work unless the website is part of the Local Intranet zone. Your users will get a popup box asking for their credentials. In multidomain environments, things can get especially hairy sometimes with the way IE detects a Local Intranet website. You can add the site manually in IE after the website has launched but it’s per profile. If you want to add it for all users on the server, group policy is the way to go. Associating a site with a zone can be accomplished through group policy at the domain level easily but sometimes you just want to test things first and it’s quicker to edit the local group policy on the server.

So to do that on Server 2008 R2, go to Start > Run > gpedit.msc

From there you will see Computer Configuration and User Configuration. We want Computer Configuration. Drill down to:

Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page

Double click on Site to Zone Assignment List and click the “Enabled” radio button.

Then click “Show…”

A new box will pop up. For the Value name, you want to type in the name of your website. For the Value, you want to specify a number 1 through 4. These correlate to the zones which are:

1. Intranet zone
2. Trusted Sites zone
3. Internet zone
4. Restricted Sites zone

Hit OK to both windows and you’re done. You can test by launching your published IE website. It should now be associated with the zone you specified. You can verify in IE by pressing Alt to bring up the menu bar, then File > Properties and under Zone it will tell you the zone of the current website. Every user that launches the published IE app on your server will have the website in the zone you specified.

About Jason Samuel

Jason Samuel lives in Houston, TX with a primary focus on strategic advisory and architecture of end-user computing, security, enterprise mobility, virtualization, and cloud technologies from Citrix, Microsoft, & VMware. He also has an extensive background in web architecture and networking over his 20+ year career in IT. He is an Author, Speaker, and Local User Group Community Leader. He is certified in several technologies and is 1 of 63 people globally that is a recipient of the prestigious Citrix Technology Professional (CTP) award. He is 1 of 42 people in the world that has been awarded as a VMware EUC Champion and VMware vExpert. He is a featured author on DABCC which provides the latest IT Community News on Cloud, Data Center, Desktop, Mobility, Security, Storage, & Virtualization. In his spare time Jason enjoys writing how-to articles and evangelizing the technologies he works with. Disclaimer: The content and opinions expressed in articles and posts are his own and are by no means associated with his employer.

Recommended for you

6 Comments

  1. sarwan

    September 12, 2012 at 4:02 AM

    Thanks man…

  2. Adam Roybal

    December 20, 2012 at 11:22 PM

    Thank you very much for this article. This issue was bugging the heck out of me for a year now for our XenApp deployment. Already set-up in System Test and working perfectly.

  3. sandy

    January 18, 2013 at 2:53 PM

    This is not Working , When users are tying to access the published IE, If you update the trusted site zone .

  4. joy

    February 20, 2013 at 5:36 AM

    Hi this is not working users still get the pop up but when they click cancel it goes off now. but before the modifications on the IE settings when they go off if reports you dont have access to that page

  5. cbear

    October 21, 2015 at 3:14 PM

    Great stuff! Really appreciate it!!

  6. cdog

    November 21, 2015 at 6:23 PM

    Awesome article. thanks man!

Leave a Reply

Your email address will not be published.