Hey everyone, I'm having some trouble with the Windows Explorer preview feature after the October 2025 update. I read the Microsoft article which suggests that to enable file previews for files downloaded from the internet, you can add a file server to the intranet zone. It mentions using the Security tab in the Internet Options control panel to add the file share address to either the Local intranet or Trusted sites security zone. I've set up access to Windows-based file servers using FQDN and DFS, and added *.domain.local to the intranet zone via GPO for all systems. I thought this would allow previews for all files, even those marked with the "Mark of the Web (MotW)."] However, it doesn't seem to work for me. When I switch to adding *.domain.local to Trusted Sites, the preview works as expected, but that option lacks some features of the Intranet Sites, like automatic logon for Integrated Windows Auth. Has anyone encountered this issue? It feels like there might be a bug where Intranet Sites aren't correctly processed for the file preview feature.
2 Answers
Why bother with enabling the preview pane? It's been a common source of security issues over the years. We often find it safer to keep it disabled; the potential risks don’t seem to warrant the small convenience.
I get your point, but user satisfaction can take a hit with a fully disabled preview. Sometimes it’s about striking a balance between security and usability. Brenda from payroll isn't thrilled about needing to open each file to see what's inside!
Just to clarify, are the files you're trying to preview the ones downloaded after you made the changes to the local intranet or Trusted Sites? If files were downloaded before those changes, they might already have a flag that prevents the preview even if settings are adjusted accordingly.
I've tried both scenarios, but the result was the same. In Trusted Sites, previews work, but not in Intranet Sites. It’s really puzzling!
Some companies really rely on this functionality, especially in our case as an MSP. Just switching it off entirely isn't the answer; we need to manage the risks instead!