to provide web proxy services with varying degrees of access control for Internet sites. The users logon credentials are supposed to be passed to the ironport for SSO and based on the AD security group the user belongs to determines the proper access.
I created a Computer group policy object that added the Ironport urls to the trusted sites list in addition to the self signed certificate to the servers Trusted Root Certification Store and the Trusted Publishers Store.
We also turned off Enhanced IE security for the Administrators.
I test with an Administrator and my credentials get passed to the Ironports and in this case I am not part of any groups so it prompts me for alternate credentials. I figure great everything is working to specification. I also confirm that the web urls are in the trusted sites zone in both I.E and the registry in:
But when I tested with a regular user that user would get prompted to provide credentials to the Ironports and single sign on was not working. Internet explorer also showed the zones had none of the urls being pushed down by the group policy. Gpresult showed the zones assignments were being applied.
Solution: Well to make a long story short the zone settings for regular users are stored in a different Registry Key that is blocked when IE Enhanced security is enabled for users on Terminal servers.
For more info about Terminal services and IE settings read: http://support.microsoft.com/kb/815141
There is a section in it called: Internet Explorer Enhanced Security Configuration and Terminal Services, where it is mentioned as follows:
**During the manual Terminal Services installation, you are prompted to disable Internet Explorer Enhanced Security Configuration for users. This allows users to run a Terminal Services session without restrictions.
For a better experience when Terminal Services is enabled, it is a good idea to remove the enhanced security configuration from members of the Users group. These users have fewer permissions on the server, so they present a lower level of risk if they are victims of an attack.