donL,
Então eu estava curioso o suficiente sobre isso para pesquisar. Eu não tenho um ambiente de servidor 2003 para testar, então foi até "Google Fu" para verificar isso.
Acontece que é um "bug" na GUI. A política que você aplicou funcionou corretamente, ela simplesmente não aparece corretamente na GUI do IE no cliente. Estúpido, sim ... mas é verdade.
Veja um exemplo de resposta aceita no EE que espelha isso:
If you see "Some settings are managed by your system administrator" then it was applied successfully and is on Medium. You can verify this by clicking custom level and looking at each security option, they will coincide with what they should be for "Medium".
You can disregard what it says on "Security level for this zone"...it's not accurate.
For example, if you set it to low, it will still still say medium/high or high but if you click on custom level you will see "download unsigned activex controls" is enabled.....which is a option that is enabled on low and disabled on high. - Jake77444 @ EE
E este blog também confirma:
IE Modelos de zona de GPO e o "Abrir arquivo - Aviso de segurança"
In Conclusion
- Security templates are not visually reflected in the security page of Internet Explorer even though they are applied.
- Security zone settings are applied to Internet Explorer by doing a gpupdate but a log off/on is required to apply these settings to the rest of the OS
- The “Launching applications and unsafe files” setting determines whether the “Open File – Security Warning” dialog is displayed when launching applications from a given location
- The “Launching applications and unsafe files” cannot be set with a an indvidual GPO setting. (You could create a custom adm file though)
- When setting zone security via GPO I recommend making the Internet Explorer security page invisible to users to avoid confusion as they can still quite happily adjust the security level slider, it just won’t have any effect!
Espero que ajude! Foi novidade para mim!