Publishing Enterprise Vault server details to FDCC-compliant computers

If you have applied Federal Desktop Core Configuration (FDCC) Group policy objects (GPO) to Windows XP and Vista computers, then users cannot change local intranet zone settings. This restriction is because the mandatory FDCC group policy, "Security Zones: Use only machine settings", ignores all user-based settings on the local intranet zone in Internet Explorer. As a result, users need to enter authentication credentials each time they access Enterprise Vault. For example, users would be prompted for credentials when they archive, or retrieve an item, or open Archive Explorer.

This section describes how to add the Enterprise Vault server details to the FDCC Internet Explorer GPO. When the GPO is refreshed, the Enterprise Vault server details are added to the local intranet zone on users' computers. You must ensure that the Enterprise Vault server details are correct, because settings in the GPO take precedence over user settings.

To publish Enterprise Vault server details to FDCC-compliant computers

  1. Log on to the domain controller computer using an administrator account with permission to modify and publish GPOs.

  2. Open the Group Policy Object Editor.

  3. Select the FDCC group policy object that applies Internet Explorer settings to the Windows XP and Vista computers.

  4. In the Group Policy Object Editor, navigate to the following section:

    Computer Configuration > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page

  5. Right-click Site to Zone Assignment List, and select Properties.

  6. Select Enabled, if it is not already selected, and then click Show to enter the required zone assignments.

  7. Click Add.

  8. In the box Enter the name of the item to be added, type the name of the Enterprise Vault server.

    In the box Enter the value of the item to be added, type 1.

    This maps the server name to the intranet zone.

    In the same way, add all the Enterprise Vault server names to the list and map them to the intranet zone. The list should include all Enterprise Vault server aliases. For an Enterprise Vault server that has the name SRV1 and the alias EVSERVER1, you would add the following to the site to zone assignment list:

    Value Name: evserver1.mycorp.local

    Value: 1

    Value Name: srv1

    Value: 1

  9. When you have finished adding Enterprise Vault server names to the list, click OK.

  10. On the Site to Zone Assignment List Properties page, click Apply.

  11. When the policy is next refreshed, the changes to the GPO are applied to the Windows XP and Vista computers.

  12. On one of the users' computers, you can verify that the Enterprise Vault server names have been added to the local intranet sites:

    • Log on to the computer as a standard user.

    • Open Internet Explorer.

    • Click Tools > Internet options > Security > Local Intranet > Sites > Advanced.

    • The Enterprise Vault server names should be listed in the Web sites.