The other day I was trying to modify some logon scripts in SYSVOL using Windows Explorer on Windows Server 2003 R2 SP2 with IE 7. Whenever I tried to right click and "Edit" the batch files, I got "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item", as shown below.
I found this perplexing, as I was a domain Administrator and verified the permissions on the file. Why could I not edit the batch file? As it turns out, this is a problem with IE, not my permissions. IE? Why on earth IE? Well apparently IE 7 on Windows Server 2003 has increased security for accessing certain content.
In Explorer I was navigating to \ozsysvoloz.netscripts, which IE apparently thought was a dangerous zone and disabled editing script files. Once I figured out IE was the problem, the solution was simple. I needed to "tell" IE that \oz was "safe" by putting it in the local intranet zone. But I’m not accessing it via HTTP, so what should I do?
The solution is to put file://oz (not http://oz) in the local intranet zone, as shown below. After performing this simple IE change, I could now directly edit scripts in SYSVOL via Explorer like I could with IE 6.
The other solution is to simply copy the script to the desktop, edit it, and copy it back. Performing the IE zone modification is more work up front, but allows all future script modifications to be seamless. A GPO could be configured to make this change as well, but I find making IE zone changes via GPO a bit cumbersome and not always reliable.
