Article ID: 823616
Article Last Modified on 7/24/2007
APPLIES TO
- Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
- Microsoft Windows Server 2003, Standard Edition (32-bit x86)
SYMPTOMS
When you try to use the System Preparation tool (Sysprep.exe) that is included with Windows Server 2003 to add Web sites to the Trusted sites zone or the Local intranet zone in Microsoft Internet Explorer, you cannot do so as expected.
RESOLUTION
Hotfix Information
A supported hotfix is now available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next service pack that contains this hotfix.
To resolve this problem, submit a request to Microsoft Online Customer Services to obtain the hotfix. To submit an online request to obtain the hotfix, visit the following Microsoft Web site:
Note If additional issues occur or any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. To create a separate service request, visit the following Microsoft Web site:
Prerequisites
No prerequisites are required.
Restart Requirement
You do not have to restart your computer after you apply this hotfix.
Hotfix Replacement Information
This hotfix does not replace other hotfixes.
File Information
The English version of this hotfix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.
For x86-based platforms: Date Time Version Size File name ---------------------------------------------------------- 24-Jul-2003 18:28 5.2.3790.71 118,784 Sysprep.exe 30-Jul-2003 19:44 5.2.3790.71 1,012,224 Syssetup.dll 24-Jul-2003 17:30 (Advanced) 742 Minioc.inf 24-Jul-2003 17:30 (Web) 737 Minioc.inf 24-Jul-2003 17:30 (DataCenter) 811 Minioc.inf 24-Jul-2003 17:30 (Small Business) 750 Minioc.inf 24-Jul-2003 17:30 (Standard) 740 Minioc.inf
For ia64-based platforms: Date Time Version Size File name -------------------------------------------------------------- 24-Jul-2003 18:28 5.2.3790.71 269,312 Sysprep.exe 30-Jul-2003 19:45 5.2.3790.71 1,833,984 Syssetup.dll 30-Jul-2003 19:44 5.2.3790.71 1,012,224 Wsyssetup.dll 24-Jul-2003 17:31 (Advanced) 742 Minioc.inf 24-Jul-2003 17:31 (DataCenter) 811 Minioc.inf 24-Jul-2003 17:31 (Professional) 694 Minioc.inf
Note When you run the hotfix installation package, only Syssetup.dll (and Wsyssetup.dll for ia64 computers) and the applicable edition of Minioc.inf are installed. To obtain the updated Sysprep.exe file from the package, run the installation package with the -x switch to extract the contents to a selected folder.
WORKAROUND
To work around this issue, use one of the following methods:
- Use the [IEHardening] section of the Unattend.txt file to add the sites during an unattended installation.
-or-
- Manually add the trusted sites after Windows Server 2003 is installed.
-or-
- Use a Group Policy setting to add the trusted sites.
MORE INFORMATION
The Windows Server 2003 OEM Preinstallation Kit (OPK) documents a new section in Unattend.txt that is named [IEHardening]. You can use this section to automatically add URLs to both the Trusted sites zone and the Local intranet zone. With the Internet Explorer Enhanced Security Configuration feature turned on, sites can be automatically added to these zones during Setup only by using the Unattend.txt file to run an unattended setup.
With this hotfix installed and with IEHardening functionality enabled, you can add trusted sites through Sysprep by following these steps:
- Add the following sections and entries to your Sysprep.inf file:
[Components]
IEHardenUser = ON
IEHardenAdmin = ON
[IEHardening]
TrustedSites = some URL[; some other URL]...
LocalIntranetSites = some URL[; some other URL]... - Run Sysprep in Factory mode (by using the -factory switch) to process the Winbom.ini file with these settings (together with any other directives that are specified on the Sysprep command line and in the Winbom.ini file).
Previously, there was no method to add trusted sites during a factory preinstallation by using Sysprep.exe and Sysprep.inf.
The Internet Explorer Enhanced Security Configuration feature configures several security settings that define how you access Internet and intranet Web sites. This configuration also helps to reduce the exposure of your server to Web sites that may pose a security risk. To log on to a Web site that requires Internet Explorer functionality that is disabled by the Internet Explorer Enhanced Security Configuration feature, add that Web site to the Trusted sites zone in Internet Explorer.
For more information about Internet Explorer Enhanced Security Configuration, see the Internet Explorer "Enhanced Security Configuration" Help topic. To do this on a Windows Server 2003-based computer, follow these steps:
- Start Internet Explorer.
- On the Help menu, click Enhanced Security Configuration.
For additional information about the Enhanced Security Configuration, click the following article number to view the article in the Microsoft Knowledge Base:
815141 Internet Explorer Enhanced Security Configuration Changes the Browsing Experience
STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.
Keywords: kbhotfixserver kbqfe kbwinserv2003presp1fix kbsyssettings kbupgrade kbqfe kbfix kbbug KB823616
