When you logon to Windows Server 2003 SP1 or Windows XP SP2 as a member of the local Administrators group, sites that you add to security zones in Internet Explorer are not listed when you also use the Group Policy Object Editor to add sites to the Site to Zone Assignment List policy.
NOTE: You can find the sites that you added to security zones in the registry:
Internet Explorer Enhanced Security Configuration is enabled:REG QUERY "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains" /S
Internet Explorer Enhanced Security Configuration is disabledREG QUERY "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains" /S
This behavior is by design. When you configure the Site to Zone Assignment List policy, Internet Explorer ignores sites that you add to security zones in Internet Explorer.
NOTE: The Site to Zone Assignment List policy lets you define sites to associate with a specific security zone.
To workaround this behavior, you can use the Group Policy Object Editor to define the sites you want to add to security zones at User Configuration / Windows Settings / Internet Explorer Maintenance / Security / Security Zones and Content Ratings. Alternately, do not configure the Site to Zone Assignment List policy.
NOTE: You can also block policy inheritance:
1. Open Active Directory Sites and Services to block policy inheritance in a site. Open Active Directory Users and Computers to block policy inheritance in a domain or organizational unit.
2. Right-click the domain, organizational unit, or site in which you want to block Group Policy inheritance and press Properties.
3. Select the Group Policy tab.
4. Check the Block Policy inheritance box.
5. Press OK.