Internet Explorer error in GPM? - about:security_mmc.exe

Joshua Martin

09 Jul 2025 — 3 min read

Internet Explorer just won't die will it?

Believe it or not, even if you completely uninstall Internet Explorer, it still sticks around as a web view for a variety of random applications.

Recently I upgraded our domain controllers to Windows 2025, and while I was busy breaking things I decided to take a crack at cleaning up our Group Policy a bit. I reset the Default Domain Policy and Default Domain Controllers policy, and added the Security Baseline GPOs from the Microsoft Security Compliance Toolkit. This includes a policy for Internet Explorer. I applied that GPO domain-wide, as it didn't seem to contain anything dangerous, and I was correct. But it did create one obnoxious behavior.

The Problem

Opening Group Policy Management and clicking the settings tab on any GPO would present the following error:

Well this seems easy enough, just click Add... to add an exception...

I guess not.

Let's try another GPO?

Well we can do this the hard way via Group Policy by going to Computer Configuration > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page > Site to Zone Assignment List
(I recommend creating a new GPO and enforcing it as opposed to directly modifying the security baseline.)

Now if we go to Control Panel > Network and Internet > Internet Options > Security > Trusted Sites > Sites

We can see the site was added as a trusted site, which should clear up the error...

Things that didn't work

So that didn't work. After a bit of research, a few options presented themselves. One was to disable Internet Explorer's Enhanced Security Configuration, which is probably a bad idea for a variety of reasons.

The other suggestion (according to danomac over on serverfault) was to add a registry entry like so:

That also didn't work.

Maybe another GPO?

Eventually through trial and error I did stumble upon the solution. Open Group policy Management, edit that GPO we made earlier and head to Computer Configuration > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page > Trusted Sites Zone Template

Enable it, and set it to Low.

Apply the thing

Now, on your domain controller, pop open a command prompt window (as Administrator) and replicate:

repadmin /syncall /A /e

And let's go ahead and apply that policy as well.

gpupdate /force

I didn't have to log off or reboot for it to apply.

Weirdly enough, within the GPO settings pane this appears as High instead of Low...

But it works nonetheless!

ELI5: ZFS, RAID, Storage, etc.

I love ZFS, and you should too. It's a filesystem with built-in support for encryption, compression, deduplication, RAID, and a whole host of other features. When I first encountered ZFS, it was as a result of working with TrueNAS and Proxmox systems. While I understood the basics, there

Connecting Proxmox Backup Server to S3 for Cloud Backups

Since, as a distinguished person of intellect and esteem, you're undoubtedly using Proxmox Virtual Environment (PVE) as your hypervisor, it's safe to assume you are also using Proxmox Backup Server (PBS) for... well, backups. Unfortunately, while S3 storage integration is on the roadmap for PBS, currently

Windows Servers Think They're on Private or Public Network Instead of Domain

Do you have a Windows environment? Are you one of us ancient dinosaurs who still have on-prem servers running Active Directory? You may, on occasion, run into an issue where your servers seem to believe they are on a Private or Public network, instead of the Domain network. This can

TrueNAS Scale & the Myth of Access-Based Enumeration

Let's imagine a world... ...where I had a Windows file share called Share with several hundred folders in it, each of which should only be accessible to one security group. To a new staff member just trying to find the files shared with their building, this could be