Hello everyone. 

I'm posting here because I'm out of ideas...

I have encountered what I think is a Bug in windows.

I'm working with a big company that aren't very found of tweaking their GPO or the AD.

But, they have special settings they want in the internet options trusted zones to be enabled.

So I found a way to do it with NTUSER.DAT file.

Which means, every time a new user is created it will pull the data from this "default" user configuration which is tweaked from the registry.

We have created such file, and it works great. Unless we install 3.5 .Net Framework.

Sounds odd, but hear me out.

I created a new naked image. with installed 4.X .Net framwork.

Created new user. Went to internet options - trusted sites - custom level.

Most of it are set to the default settings, but 3 of them are set to enable(example Registry entry name - dword 1004 set to 0)

Then. I go back to administrator. -> Install the 3.5 .Net framwork through control panel. ->Restart PC

Create new local user. -> Log in it. -> check the same trusted site, but all I get is the default settings. 

Checking the registry confirms it didn't transfer the settings correctly. But other locations like popup blocker addresses/ Trusted sites addresses are configured correctly(Same script)

So Now I'm confused. Why with only .net 3.5 does this?

I changed the HKEY_LOCAL_MACHINE's dword 1004 to 0 as well. Didn't help.

I even deleted the 3.5 net framework and created a new user. when logged in. all behold, it works again... Any insight is much appreciated  

Adding here a similar registry data that is located in the NTUSER.DAT which is called "Defuser"

It works only when 4.X .NET framework is installed alone. If I install it together with 3.5, this data is not pulled to a new user that the windows is creating.(Windows is in Japanese)

[HKEY_USERS\Defuser\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2]
"2001"=dword:00000000
"2004"=dword:00000000
@=""
"DisplayName"="信頼済みサイト"
"PMDisplayName"="Trusted sites [Protected Mode]"
"Description"="このゾーンには、お使いのコンピューターやデータに問題を起こさないと信頼しているサイトが含まれています。"
"Icon"="inetcpl.cpl#00004480"
"LowIcon"="inetcpl.cpl#005424"
"CurrentLevel"=dword:00000000
"Flags"=dword:00000047
"1200"=dword:00000000
"1400"=dword:00000000
"1001"=dword:00000001
"1004"=dword:00000000
"1201"=dword:00000000
"1206"=dword:00000003
"1207"=dword:00000000
"1208"=dword:00000000
"1209"=dword:00000003
"120A"=dword:00000003
"120C"=dword:00000000
"1402"=dword:00000000
"1405"=dword:00000000
"1406"=dword:00000003
"1407"=dword:00000001
"1408"=dword:00000000
"1409"=dword:00000000
"140A"=dword:00000000
"140C"=dword:00000000
"1601"=dword:00000000
"1604"=dword:00000000
"1605"=dword:00000000
"1606"=dword:00000000
"1607"=dword:00000003
"1608"=dword:00000000
"1609"=dword:00000001
"160A"=dword:00000000
"160B"=dword:00000000
"1802"=dword:00000000
"1803"=dword:00000000
"1804"=dword:00000001
"1809"=dword:00000000
"1812"=dword:00000000
"1A00"=dword:00020000
"1A02"=dword:00000000
"1A03"=dword:00000000
"1A04"=dword:00000003
"1A05"=dword:00000001
"1A06"=dword:00000000
"1A10"=dword:00000001
"1C00"=dword:00010000
"2000"=dword:00000000
"2005"=dword:00000000
"2007"=dword:00010000
"2100"=dword:00000000
"2101"=dword:00000000
"2102"=dword:00000003
"2103"=dword:00000000
"2104"=dword:00000000
"2105"=dword:00000000
"2106"=dword:00000000
"2107"=dword:00000000
"2108"=dword:00000003
"2200"=dword:00000003
"2201"=dword:00000000
"2300"=dword:00000001
"2301"=dword:00000000
"2302"=dword:00000003
"2400"=dword:00000000
"2401"=dword:00000000
"2402"=dword:00000000
"2600"=dword:00000000
"2700"=dword:00000003
"2701"=dword:00000000
"2702"=dword:00000000
"2703"=dword:00000000
"2704"=dword:00000000
"2708"=dword:00000003
"2709"=dword:00000003
"270B"=dword:00000000
"270C"=dword:00000003
"270D"=dword:00000000
"1806"=dword:00000001
"2500"=dword:00000003
"2707"=dword:00000000
"120B"=dword:00000000