We have a set a GPO that restricts Java from running in the browser unless the site is in the Trusted Sites zone.
This "mostly" works, but sometimes Java on the workstation fails to be detected by the website even if the domain in the address bar is in the Trusted Sites zone.
Is adding the site *.domain.com enough or a blanket wildcard for every URL on a domain or do we need both *.domain.com and https://*.domain.com?
Since sometimes images and other content in a website come from domains other than the domain that shows in the address bar, maybe Java is trying to run from another domain also? Is there any way to tell if Java is trying to be accessed by a domain that is different than the domain that is showing in the address bar so we add the correct domains to the Trusted Sites Zone? Is there a log or some other way to see which domain is trying to access Java on the workstation when Java fails to run on a trusted site due to this IE restriction policy?