I need to deploy IE 11 in my enterprise with the Trusted Sites setting "Require server verification" unchecked.
I am using IEAK 11 to build a custom IE Install. I have imported the security zones in IEAK and when the custom IE 11 is installed on a client, the correct sites are added to Trusted Sites, but the security setting doesn't work.
So, I unpacked the BRANDING.CAB file and took a look at the seczones.inf and seczrsop.inf
I noticed that while seczones.inf for HKLM listed
HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2",Flags,0x10001,43,00,00,00
HKCU showed
HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2",Flags,0x10001,47,00,00,00
Value "47" will leave the box checked. I was able to hand modify the seczones.inf file that gets baked into the BRANDING.CAB file to make sure it says "43" for both HKCU and HKLM. 43 hex corresponds to decimal value 67
Similarly, in Seczrsop.inf I needed to change the "Flags=71" to "Flags=67" for HKCU...
So now every instance of that Flags registry item in my BRANDING.CAB has been set to 67(decimal) which corresponds to the box for zone 2 (Trusted Sites) being unchecked.
When I deploy this customized IE 11 install to non-domain joined computers, I STILL have the box "Require server verification" checked. Looking in the HKCU registry for the value, I see the value set to 47(hex)/71(dec) which is incorrect.
I cannot figure out what thing is setting this value on the user account.
What's more, looking in the folder CUSTOM that gets created in the Internet Explorer program files, I can see that my desired settings are in the .INF files. They just don't get applied to the current user - or some other process comes along and overwrites
my settings.
Anyone know what is causing that one registry setting to not follow whats in the INF files?