A week ago Microsoft released Internet Explorer 7 and ever since then I have had a rash of security issues pop up as a result of the ?enhanced? security in IE7. I have solved all but one of them and this last one has got me absolutely boggled.
I have 50 ? 60 workstations running Windows XP SP2, Office XP with Access XP, and are all part of an AD domain. So naturally I control the security of the machines with Group Policies. The problem relates to zone security (Internet Zone, Intranet Zone etc) and mapped drives. Below is some info about the network environment so that I can give examples of my problem. This is only for explanation purposes and are not FQDN?s.
Domain:
mydomain.com
Primary Domain Server:
server.mydomain.com
Shares:
ADMIN, MY_DOCS
Mapped Drives:
M:\ is mapped to \\server.mydomain.com\MY_DOCS\username
Q:\ is mapped to \\server.mydomain.com\ADMIN
When I specifically go to \\server.mydomain.com\ADMIN through Start>Run it says in the bottom right corner that I am currently on my ?Local Intranet? (which is right) but when I goto Q:\ it says I am currently on the ?Internet?. Now through a GPO I have set all the zones to their defaults (Medium-High for the Internet, Low for Intranet etc) and I have got all the checkmarks checked by default for ?Automatically detecting the Intranet? as well an a specific setting of ?*.mydomain.com? in the sites for Local Intranet. With these settings I can run MS Access files (as well as batch files, login scripts in VB etc.) if I go through the UNC path to get to the file but if I browse through the mapped drive I can?t. I get an error that says ?This file is located outside your Intranet or on an untrusted site. Blah blah blah.?
I have seen many people have this issue in my searches on the internet but they all refer to this issue when going through the UNC path and the solution is obviously to place the domain in the list of intranet sites. As I said above, that is what I did and it does work for UNC paths, but I HAVE to have it working for Mapped drives. There is no way I can go through the code in every one of my access databases and fix links that were originally created for the mapped drive, and not the UNC path. That would take me months. Believe me, if I had been the IT guy that originally setup this network, there would have been no Mapped Drives and everyone would be using My Network Places with policy enforced locations already there for the network shares. Unfortunately Mapped Drives is how everyone has accessed network files for 10 years on this network and training them to use UNC paths would be an administrative nightmare LOL
I still have a couple of computers that have not upgraded to Internet Explorer 7 and they work perfectly fine. It has only been since the release of 7 that this started. I have also tried altering the entries in the sites list in various ways (file://*.mydomain.com, server.mydomain.com, file://*.server.mydomain.com etc) but they all have the same result as *.mydomain.com so I can only assume that *.mydomain.com would cover all the bases. I have also tried various configurations between Intranet Sites, and Trusted sites, but I get the same result no matter which one I use so I decided to keep it under Intranet Sites because that is what it is. I will also mention that this is not an issue for Access 2000 or Access 2003, but downgrading to access 2000 is not an option and Access 2003 is not in the budget until next year (which will most likely be Access 2007 by then).
Does anyone know of another way to force the system to treat a mapped drive as an Intranet Site? Keep in mind, I really need it to be a User Policy as opposed to a Computer Policy since Computer policies can?t be updated over my VPN connection, but User Policies can. I currently have all my remote users, logging in remotely over VPN and updating their Group Policy once a month. I can simply email them and tell them to update their policy after I get it fixed. Adding it to a vb script as part of the login process would work but still would require manual intervention for remote users, which normally don?t run the login script unless they are local.
I am praying someone here can help me with this problem.