Resources For IT Professionals
Post an article
Wikis - Page Details
  • First published by
  • When: 13 Jun 2011 12:31 AM
  • Last revision by (eMicrosoft Community Contributo)
  • When: 27 Jan 2013 12:30 AM
  • Revisions: 17
  • Comments: 6
Options
RSSSubscribe to Article (RSS)
Can You Improve This Article?
Positively! Click Sign In to add the tip, solution, correction or comment that will help other users.

Report inappropriate content using these instructions.
Wiki  >  TechNet Articles  >  Add One URL to Intranet Zone and Another URL to a Trusted Site Zone Through GPO

Add One URL to Intranet Zone and Another URL to a Trusted Site Zone Through GPO

Add One URL to Intranet Zone and Another URL to a Trusted Site Zone Through GPO

Requirement: Add one URL to Intranet Zone and Another Url To trusted Site Zone.
 
The above requirement can be achieved in four ways.
Option 1: Computer Configuration ““> Administrative Tools ““> Windows Components ““> Internet Explorer ““> Internet Control Panel ““> Security Page and then zone assignment list.

This will disable the add/remove buttons.
The reason behind this is when you set GPO to manage the IE security page by default all settings (add/remove buttons) get disabled. End users will not be able to add/remove sites/urls in his computer (This is not recommended, coz end users will access different web sites and they will to add may urls in trusted sites)
 


Option 2: User Configuration>Windows Settings>Internet Explorer Maintenance>Security>Security Zone and Content Ratings>Import The Current Security Zones and Content Ratings> Click On Modify. I do not recommend this.

This will import all the security settings (of Internet Explorer) of from the computer from where you are editing the GPO. In your environment if you have a dedicated machine to edit GPO (The IE settings) , you can follow this step. In this settings end users will be able to add/remove sites to Intranet zone/Trusted zone but with GPO refresh interval all manual entry’s will be wiped out.

Option 3: Use a script. The code is given below:
On Error Resume Next
  
Const HKEY_CURRENT_USER = &H80000001
  
strComputer = "."
 Set objReg = GetObject("winmgmts:" _
     & "{impersonationLevel=impersonate}\\" & strComputer & _
         "\root\default:StdRegProv")
  
strKeyPath = "Software\Microsoft\Windows\CurrentVersion\Internet Settings\" _
     & "ZoneMap\EscDomains\google.com"
 objReg.CreateKey HKEY_CURRENT_USER,strKeyPath
  
strKeyPath = "Software\Microsoft\Windows\CurrentVersion\Internet Settings\" _
     & "ZoneMap\EscDomains\google.com\www"
 objReg.CreateKey HKEY_CURRENT_USER,strKeyPath
  
strValueName = "https"
 dwValue = 2
 objReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName,dwValue
  
strKeyPath = "Software\Microsoft\Windows\CurrentVersion\Internet Settings\" _
     & "ZoneMap\Domains\google.com"
 objReg.CreateKey HKEY_CURRENT_USER,strKeyPath
  
strKeyPath = "Software\Microsoft\Windows\CurrentVersion\Internet Settings\" _
     & "ZoneMap\Domains\google.com\www"
 objReg.CreateKey HKEY_CURRENT_USER,strKeyPath
  
strValueName = "https"
 dwValue = 2
 objReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName,dwValue
  
strKeyPath = "Software\Microsoft\Windows\CurrentVersion\Internet Settings\" _
     & "ZoneMap\EscDomains\hotmail.com"
 objReg.CreateKey HKEY_CURRENT_USER,strKeyPath
 strValueName = "https"
 dwValue = 1
 objReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName,dwValue
  
strKeyPath = "Software\Microsoft\Windows\CurrentVersion\Internet Settings\" _
     & "ZoneMap\Domains\hotmail.com"
 objReg.CreateKey HKEY_CURRENT_USER,strKeyPath
 strValueName = "https"
 dwValue = 1
 objReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName,dwValue

Put the code above into a user logon script. You may ask  why to add the url in "Domains" and in "ESCDomains". I have checked it in approx 200 client machine , some are supporting "Domains" reg key some support "ESCDomains" regkey

Use a ADM Template
http://social.technet.microsoft.com/wiki/contents/articles/4469.aspx

__________________________________________________________________________________________________
, , , [Edit tags]
Leave a Comment
  • Please add 3 and 8 and type the answer here:
  • Post
Wiki - Revision Comment List(Revision Comment)
Sort by: Published Date | Most Recent | Most Useful
Comments
  • 29 Aug 2011 3:06 AM

    Ed Price - MSFT edited Revision 6. Comment: tags

  • 29 Aug 2011 3:08 AM

    Ed Price - MSFT edited Revision 9. Comment: Spelling correction

Page 1 of 1 (2 items)
Wikis - Comment List
Sort by: Published Date | Most Recent | Most Useful
Posting comments is temporarily disabled until 10:00am PST on Saturday, December 14th. Thank you for your patience.
Comments
  • Posted by
    on 29 Aug 2011 3:06 AM

    Ed Price - MSFT edited Revision 6. Comment: tags

  • Posted by
    on 29 Aug 2011 3:08 AM

    Ed Price - MSFT edited Revision 9. Comment: Spelling correction

  • Posted by
    on 16 Aug 2012 9:37 PM

    After importing the above template into the GPO, I see just a blan folder without any settings for IE.

  • Posted by
    on 21 Aug 2012 8:43 PM

    Hi Avijit,

    Did you checked "Disabling GPO settings filtering" option. Follow the below link and you will see the settings

    www.petri.co.il/adding_new_administrative_templates_to_gpo.htm

    Please let me know in case you face any issue

  • Posted by
    on 8 May 2013 12:09 AM

    Tanmoy is my ex colleague & we have implemented this successfully without any issue.

  • Posted by
    on 11 Jul 2013 2:20 PM

    What version of Windows and what version of Internet Explorer was this tested on?

Page 1 of 1 (6 items)