To see if your mapped drive is considered as either Internet or Local Intranet: first make sure Status Bar is on (View -> Status Bar), then browse to a sub folder of drive and look in lower right hand corner. or

Testing Security Settings or Configure for Individual PC

1. Open the “Internet Options” control panel
2. Click Security Tab, Local Intranet, Sites
3. Untick Automatically detect intranet network then tick Include all local (intranet) sites not listed in other zones and Include all network paths (UNC). I find these are the minimum required. However I find these still occasionally don’t work so I add the server names and server IP range to intranet list.
4. Click Advanced and add the names and IPs of your servers. This should be in form MyServer, and IP ranges as 10.1.1.2-10.
5. Browse to network location and check if Explorer shows Local Intranet in lower right of screen.
   Check if files and applications now open without requiring verification.

Deploying Settings using Group Policies

If performing the above has fixed the problem you probably need to deploy these settings to all users, which can be done using Group Policies.

1. Open the Group Policy for machines affected (this may just be local GPEdit.msc on a terminal server or the Zenworks Workstation Policy in ConsoleOne).
2. Make sure the IE7 version of inetres.adm is loaded (~2.3MB). If not it can be download from MS IE7 ADM.
3. Go to Computer Configuration -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page and set the following:
   • Site to Zone Assignment List:
     Add your server names with a value of 1 to list.
     You can add your server IP range with name “10.x.y.1-30″ and value of 1.
     You may want to add the Windows Update entries with a value of 2.

     http://*.windowsupdate.microsoft.com
     
     http://windowsupdate.microsoft.com
     
     *.windowsupdate.com
     update.microsoft.com

   • Note: Adding items to the Zone Assignment List prevents desktop users adding trusted sites themselves.
   • Disable Turn on Automatic detection of intranet as this only works with Active Directory.
   • Enable Include all local (intranet) sites not listed in other zones and Include all network paths (UNC)
4. Exit Group Policy editor

Other resources:

• MS Admin Templates for Internet Explorer 7
• IE7 and Intranets | Vexentricity

You need to use the Security Template editor to create a template restricting rights to the C drive and deploy it with your group policies. The same procedure can be used to create a Security Template for use with Active Directory.

Instructions:

1. Open MMC from run
2. Add Remove Snap-in
3. Add Security Templates and Close
4. By default this only shows C:\Windows\security\templates. I prefer to store mine on the network so add a new network folder.
5. Right click (RC) Security Templates and add a New Template Search Path to network folder
6. You can then either copy an existing template using RC on template and Save As to network folder or start from scratch.
7. Expand chosen template then File System folder
8. RC either on File System object or in right hand pane and Add File
9. Click C: and OK and it should expand to %SystemDrive%
10. You can now adjust the permissions for the default groups.
11. When finished make sure to RC on the template and click Save. You can also set a description before saving.

I recommend going into Advanced and removing the two entires for Users allowing them to Create Folders and Create Files. This will prevent students and users creating files on C: drive.

You can create similar entires for other folders such as program files, etc. You can also allow students access to folder if required by certain programs or groups. Remember under Novell, because computers are not part of domain you can not use items you have added such as groups or individual users.

Adding to Group Policy in ConsoleOne

1. Open up the WS Policy Package, Windows XP tab and the Windows Group Policy item.
   If you are using Zen 7 continue, if using Zen 6.5 click Edit and jump to point 3 in AD below.
2. Click Import Policies
3. Click Import Security Settings File and browse to the security template you created and import.
4. Make sure Security Settings is ticked under Applied Settings Types
5. Click OK to save

Adding to Group Policy in Active Directory

1. Open Group Policy Management console
2. Browse to chosen GPO or create a new one, and go to Edit mode.
3. Expand Computer Config -> Windows Settings -> Security Settings
4. RC on Security Settings and choose Import Policy
5. Browse to the security template you created and Open. You may also wish to clear any existing settings in GPO.
6. Exit Edit mode

Multiple Security Templates can be created for different machines.
We allow staff to create files on C: (mainly to keep personal photos and music off network) so we have separate Security Template for Staff and Student PCs.