office365 - disabling protected view on trusted locations - not working with gpo network drives

Question

hi there,

we have a Windows Server 2016 Standard (let us name it serverx), who serves as local AD- and File-Server.
we use to map the network drive for the clients via GPO as drive A.
problem ist here, i cant deactivate the protected view on Office documents located on this server.
server is listed in Trusted Locations of the Trust Center, also Allow trusted locations on my network (not recommended) is checked, but this has no effect.

i placed an entry in the hosts file for serverx, too, to bypass any naming issues. no effect.

if i map the same location manually with
net use b: \\serverx\sharex
it is working flawless on B, but still not on A.

i think it has something todo with the recognition of this network drive by the client, because in the explorer it is shown like this:
sharex (A:)
sharex (\\serverx) (B:)
System (C:)

couldnt find anything to this problem. hope someone can help
thanks in advance

Answer 1

Hi there,

I would also suggest adding your file server as a 'trusted location' .Also when you have finished modifying the GPO on your DC you will need to run gpupdate /force on your DC and all the PC's on your network.

Here is a thread as well that discusses the same issue and you can try out some troubleshooting steps from this and see if that helps you to sort the Issue.

Protected View for Networked Drives?
https://social.technet.microsoft.com/Forums/en-US/f4c993e6-e226-4e39-8964-8f3a4b3dcf21/protected-view-for-networked-drives?forum=officeitproprevious

Turn off Protected View via GPO in Office 365
https://answers.microsoft.com/en-us/msoffice/forum/all/turn-off-protected-view-via-gpo-in-office-365/45a5f4d6-c4da-4770-9906-7839a3bd5f4c

---

--If the reply is helpful, please Upvote and Accept it as an answer--

Answer 2

hi limitlessT,
thank you for your answer, but i am not sure if you read my question carefully.

I would also suggest adding your file server as a 'trusted location'.

thats already done, as you can see in my first post. but if you mean 'trusted sites' in internet explorer, as your first link suggests. this isn't necessary, as the client is integrated in the domain. DC is by default trusted from the client OS. trying to add it there anyway is acknowledged with a corresponding message.

Also when you have finished modifying the GPO on your DC you will need to run gpupdate /force on your DC and all the PC's on your network.

i didnt modify GPO. GPO setting for the network drive are since years up and running (seems, it fires on every login). any new user got always correctly the network drive assigned.

Here is a thread as well that discusses the same issue

not exactly
the first one is about lowering security in general and editing registry.. thats all not really recommended.
the second one is really handy, thanks, for if i ever want to distribute Office365 settings domain wide, but wasnt questioned here.

but anyway..
the mentioning in the first link about file:///Z:/ got me to test some other ways.
so instead of the name ( \serverx ) i use the drive letter to add it for trusting:
trying to add A: to the trusted locations, Office converts it to \serverx\sharex
trying to add B: to trusted locations was denied for security reasons.
but trying the same in trusted sites, B: adding was working, and was converted to \192.x.x.x ...so here was the problem (which was hidden in the file explorer).
drive was asigned over ip, not name. crosscheck the GPO, it was using name. ..confusing!?!
debugging microsoft products is a thankless work, so.. best solution, start from begin.
i removed all changes, i did on the client (no hosts edit, no trusted locations, no trusted sites) and recreated (del+new) the GPO on the server with the same settings.
restarted the client, and everything was fine. problem solved.

this shows us again, try&error is always better with another pair of eyes.
thank you for your fast answer and for unconsciously pointing me to the right direction ;)