Group Policy: Adding sites to Security Zones

I am trying to create a group policy to add a site to Intranet Zone. The only option I receive from Group Policy is to import Security settings of Internet Explorer (User Configuration - Windows Settings - Internet Explorer Maintenance - Security - Security Zones and Content Ratings)

The problem is that if I import settings it will import all security settings. How can set a single site to be added to the Intranet Zone or Trusted Sites zone?
LVL 4
Imran HashimSr. IT Infrastructure ConsultantAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jay_Jay70Commented:
Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow active content over restricted protocols to access my computer

This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Trusted Sites Zone can run active content such as script, ActiveX, Java and Binary Behaviors. The list of restricted protocols may be set in the Trusted Sites Zone Restricted Protocols section under Network Protocol Lockdown policy.  If you enable this policy setting, no Trusted Sites Zone content accessed is affected, even for protocols on the restricted list. If you select Prompt from the drop-down box, the Information Bar will appear to allow control over questionable content accessed over any restricted protocols; content over other protocols is unaffected.  If you disable this policy setting, all attempts to access such content over the restricted protocols is blocked.  If you do not configure this policy setting, all attempts to access such content over the restricted protocols is blocked when the Network Protocol Lockdown security feature is enabled.

Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Site to Zone Assignment List

This policy setting allows you to manage a list of sites that you want to associate with a particular security zone.


do the above help you at all ??


Imran HashimSr. IT Infrastructure ConsultantAuthor Commented:
The first one - No

For the second one, I tried earlier today but it did not work. I checked that when we add a site to be considered as Intranet Site, it is added to the following registry key:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mydomain.com\www]
"http"=dword:00000001

This will add http://www.mydomain.com as Intranet site. The value for http is 1 here.

I tried to make a custom ADM file to enter this registry value to registry but could not. Any clues? May be my ADM file is not correct. Any suggestions?
Thanks.
Jay_Jay70Commented:
hmm not really man - havent really played with custom ADM's

when you add the sites does the reg key not get entered?
Protecting & Securing Your Critical Data

Considering 93 percent of companies file for bankruptcy within 12 months of a disaster that blocked access to their data for 10 days or more, planning for the worst is just smart business. Learn how Acronis Backup integrates security at every stage

Imran HashimSr. IT Infrastructure ConsultantAuthor Commented:
Somehow, I figured out the solution. Created an ADM file and imported in the Group Policy and applied the Group Policy to Users OU. To see the options in the Group Policy, I had to do the following in Group Policy Editor. View --> Filtering --> Uncheck "Only show policy settings that can be fully managed". Copy the file to a new text file and save with .adm extension. To import in Group Policy, right click on Administrative Templates and select Add/Remove Templates and press Add button to add a new ADM.
;-----------------Copy from here-----------
CLASS USER
CATEGORY "Security Zone Sites"
      POLICY "Add Sites to Zone"
            KEYNAME "Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mydomain.com\www"
              EXPLAIN "Adds domain www.mydomain.com to Security Zones"
            PART "Security Zone" DROPDOWNLIST
                  VALUENAME "http"
                        ITEMLIST
                            NAME "Internet" VALUE NUMERIC  0
                            NAME "Intranet" VALUE NUMERIC  1 DEFAULT
                        NAME "Trusted" VALUE NUMERIC 2
                        NAME "Non Trusted" VALUE NUMERIC 3
                        END ITEMLIST
              END PART
      END POLICY                  
END CATEGORY
;------------------End of File----------------
Jay_Jay70Commented:
ah i c, i didnt realise you were having trouble viewing the custom policies... i have one that was written by a colleague for network drive mapping. i just meant i had no experience in writing them - that filtering option had me stumped for a while, if i'd known that was the prob i could have pointed you to it, but you've done well mate
GranModCommented:
PAQed with points refunded (500)

GranMod
Community Support Moderator

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.