By default Windows Terminal Server is quite annoying when dealing with shortcuts and applications mount from a local file server. A per usual with Windows there is quite a lot of documentation out there with information, although it not all clear.
- “Site to Zone Assignment List” GPO = trusted site?
- Site to Zone Assignment List – best method here
- Behavior of Site to Zone Assignment List
- The Site to Zone Assignment List policy prevents Internet Explorer from using other zone configuration settings when the Internet Explorer Enhanced Security Configuration feature is enabled on a Windows Server 2003 SP1-based computer
- How to lock down a Windows Server 2003 or Windows 2000 Terminal Server session
Regardless of the above I found the best way to deal in Windows 2003R2 with the GPO was:
Edit the GPO object you wish to apply these settings too. Select [User Configuration\Windows Settings\Internet Explorer Maintenance\Security]. Then double click [Security Zones and Content Ratings], click [Import the current security zones and privacy settings], and then click [Modify Settings]. It should be pretty straight-forward from there. I added my file server sites into Local Intranet, using the form file://uncserver. I found this easy than the “Site to Zone Assignment List” GPO method.