Security tab for Internet Explorer 11 displays a lock key icon for Internet, Local intranet, Trusted sites, and Restricted sites zones

I received a call from a client a few weeks ago to look at an issue he had with all the computers in the domain where the security tab for Internet Explorer 11 displayed a lock key icon for Internet, Local intranet, Trusted sites, and Restricted sites zones.

He indicated that he had recently implemented a GPO policy to adjust the settings for each site and had reverted back but noticed the settings were still persistent. Reviewing the icons showed that each zone was completely locked preventing the user from clicking on the Sites or Custom level icon:

After going through all the policies in the domain and unable to locate any reference to the configuration causing this, I navigated to the registry key that contains the settings for each zones and noticed that the keys appear to be missing values:

Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\

I then attempted to use the Internet Settings in the Preferences configuration to reset all the zones to the default level:

The REG_DWORD values came back but various settings such as Flags and Icon did not get recreated:

I then decided to manually create the Flags key within the GPO:

With the Flags configuration reconfigured, I am now able to click on the Sites button:

Other registry entries were still missing:

So I compared it with another fully functional Windows 10 desktop (Not the Description, DisplayName, and Icon values):

From here I proceeded to add the missing keys to the GPO:

With all of the settings configured, I was now able to see the site icons as well as edit them:

It is a bit labour intensive to create all of these keys manually so I would suggest creating a .reg file to import into the user’s profile when they log in.