Local Intranet Problems with Internet Explorer 7 and Novell

Open File - Security Warning When you install Internet Explorer 7 (IE7) on Windows XP or Windows Server 2003 it may display a security warning when you access applications and files stored on Novell drive mappings if it does not consider them part of your local intranet.
It may also prevent MS Access from opening databases from the network as they are considered a security threat.

To see if your mapped drive is considered as either Internet or Local Intranet: first make sure Status Bar is on (View -> Status Bar), then browse to a sub folder of drive and look in lower right hand corner. Zone Internet or Zone Intranet

Testing Security Settings or Configure for Individual PC

  1. Open the “Internet Options” control panel
  2. Click Security Tab, Local Intranet, Sites
  3. Untick Automatically detect intranet network then tick Include all local (intranet) sites not listed in other zones and Include all network paths (UNC). Local Intranet Detection settingsI find these are the minimum required. However I find these still occasionally don’t work so I add the server names and server IP range to intranet list.
  4. Click Advanced and add the names and IPs of your servers. This should be in form MyServer, and IP ranges as 10.1.1.2-10.Local Intranet Add Sites to Zone
  5. Browse to network location and check if Explorer shows Local Intranet in lower right of screen.
    Check if files and applications now open without requiring verification.

Deploying Settings using Group Policies

If performing the above has fixed the problem you probably need to deploy these settings to all users, which can be done using Group Policies.

  1. Open the Group Policy for machines affected (this may just be local GPEdit.msc on a terminal server or the Zenworks Workstation Policy in ConsoleOne).
  2. Make sure the IE7 version of inetres.adm is loaded (~2.3MB). If not it can be download from MS IE7 ADM.
  3. Go to Computer Configuration -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page and set the following:
    • Site to Zone Assignment List:Group Policy Zone Assignments
      Add your server names with a value of 1 to list.
      You can add your server IP range with name “10.x.y.1-30” and value of 1.
      You may want to add the Windows Update entries with a value of 2.

      http://*.windowsupdate.microsoft.com
      http://windowsupdate.microsoft.com
      *.windowsupdate.com
      update.microsoft.com
    • Note: Adding items to the Zone Assignment List prevents desktop users adding trusted sites themselves.
    • Disable Turn on Automatic detection of intranet as this only works with Active Directory.
    • Enable Include all local (intranet) sites not listed in other zones and Include all network paths (UNC)
  4. Exit Group Policy editor

Other resources:

About James Rudd

Network Administrator at Sydney Boys High School
This entry was posted in Novell, Windows and tagged , , , , , , , . Bookmark the permalink.

Leave a Reply