Group Policy: Adding sites to Security Zones

Posted on 2006-03-21
Last Modified: 2008-01-09
I am trying to create a group policy to add a site to Intranet Zone. The only option I receive from Group Policy is to import Security settings of Internet Explorer (User Configuration - Windows Settings - Internet Explorer Maintenance - Security - Security Zones and Content Ratings)

The problem is that if I import settings it will import all security settings. How can set a single site to be added to the Intranet Zone or Trusted Sites zone?
Question by:ImranHashim
    LVL 48

    Expert Comment

    Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow active content over restricted protocols to access my computer

    This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Trusted Sites Zone can run active content such as script, ActiveX, Java and Binary Behaviors. The list of restricted protocols may be set in the Trusted Sites Zone Restricted Protocols section under Network Protocol Lockdown policy.  If you enable this policy setting, no Trusted Sites Zone content accessed is affected, even for protocols on the restricted list. If you select Prompt from the drop-down box, the Information Bar will appear to allow control over questionable content accessed over any restricted protocols; content over other protocols is unaffected.  If you disable this policy setting, all attempts to access such content over the restricted protocols is blocked.  If you do not configure this policy setting, all attempts to access such content over the restricted protocols is blocked when the Network Protocol Lockdown security feature is enabled.

    Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Site to Zone Assignment List

    This policy setting allows you to manage a list of sites that you want to associate with a particular security zone.

    do the above help you at all ??

    LVL 4

    Author Comment

    The first one - No

    For the second one, I tried earlier today but it did not work. I checked that when we add a site to be considered as Intranet Site, it is added to the following registry key:

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\\www]

    This will add as Intranet site. The value for http is 1 here.

    I tried to make a custom ADM file to enter this registry value to registry but could not. Any clues? May be my ADM file is not correct. Any suggestions?
    LVL 48

    Expert Comment

    hmm not really man - havent really played with custom ADM's

    when you add the sites does the reg key not get entered?
    LVL 4

    Author Comment

    Somehow, I figured out the solution. Created an ADM file and imported in the Group Policy and applied the Group Policy to Users OU. To see the options in the Group Policy, I had to do the following in Group Policy Editor. View --> Filtering --> Uncheck "Only show policy settings that can be fully managed". Copy the file to a new text file and save with .adm extension. To import in Group Policy, right click on Administrative Templates and select Add/Remove Templates and press Add button to add a new ADM.
    ;-----------------Copy from here-----------
    CATEGORY "Security Zone Sites"
          POLICY "Add Sites to Zone"
                KEYNAME "Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\\www"
                  EXPLAIN "Adds domain to Security Zones"
                PART "Security Zone" DROPDOWNLIST
                      VALUENAME "http"
                                NAME "Internet" VALUE NUMERIC  0
                                NAME "Intranet" VALUE NUMERIC  1 DEFAULT
                            NAME "Trusted" VALUE NUMERIC 2
                            NAME "Non Trusted" VALUE NUMERIC 3
                            END ITEMLIST
                  END PART
          END POLICY                  
    ;------------------End of File----------------
    LVL 48

    Expert Comment

    ah i c, i didnt realise you were having trouble viewing the custom policies... i have one that was written by a colleague for network drive mapping. i just meant i had no experience in writing them - that filtering option had me stumped for a while, if i'd known that was the prob i could have pointed you to it, but you've done well mate

    Accepted Solution

    PAQed with points refunded (500)

    Community Support Moderator

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Highfive + Dolby Voice = No More Audio Complaints!

    Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

    I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
    On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…
    Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    7 Experts available now in Live!

    Get 1:1 Help Now