Expand | ||
---|---|---|
| ||
Browser like Chrome, Edge and Internet Explorer requires the user to be logged into the computer with a domain account. These browsers will only send Kerberos tickets to sites that are in the Local Intranet Security Zone. Edge and Google Chrome will also allow Kerberos to sites in the Local Intranet Zone. |
Expand | ||
---|---|---|
| ||
For testing purposes, you might be able to configure Zone settings locally in Internet Explorer. Go to Tools / Internet Options / Security / Local Intranet / Sites / Advanced However, in most organizations, the zone assignment is done centrally through the use of Group Policy Objects. For Internet Explorer, ensure "Display company intranet sites in compatibility view" is disabled. Jira/Confluence will not work properly in compatibility mode. See the following for further details. |
Expand | ||
---|---|---|
| ||
In this example, we create a new policy to hold the settings. Create the new Group Policy and edit it after creation |
Expand | ||
---|---|---|
| ||
Right- |
...
click and select Edit your Policy (see screenshot below):In Group Policy Management Editor that comes up, navigate to: Computer Configuration / Policies / Administrative Templates / Windows Components / Internet Explorer / Internet Control Panel / Security Page / Site to Zone Assignment List. And press the "Show" button on the left to edit the list. Place the site host from the URL (e.g., issues.example.com) in zone 1, Intranet Zone. The address can be specified with a wildcard (*.example.com), or with a FQDN (issues.example.com)
|
Expand | ||
---|---|---|
| ||
Choose the newly created policy and Settings to the right. Verify that the Site to Zone Assignment List is correct. If the settings are applied to Computer Configuration, the policy must be placed on an OU with computers or placed so that the policy is inherited.
|
...
Expand | ||
---|---|---|
|
...
| |
On the client machine open a PowerShell or Command Prompt window and run the command Navigate in Windows to Control Panel - Internet Options - Security - Local Intranet - Sites - Advanced Verify that the settings from Group Policy are applied. "Automatically detect intranet network" should be left unchecked as we have seen unstable conditions for Kerberos if this is checked. Verifying whether the site has been added to the Local Intranet Zone can also be checked in Internet Explorer by accessing https://issues.example.com and checking the Zone value. |
...