We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now


Group policy to add trusted sites

Medium Priority
Last Modified: 2012-05-06
I just created a group policy to add websites to my trusted sites.
Computer Config --> Admin templates -->Windows components --> internet explorer --> internet control panel  --> security page  --> site to site assignment list and I added the sites i need.

This worked fine, but now users cannot add additional sites, and any sites they already had are overwritten by this policy.

I'm fine with overwriting what they have, but how can i get it so they have the ability to add additional sites as needed.

Add and remove functions are grayed out

This is a windows server 2003 environment active directory and all workstations are windows xp sp2 or sp3 with IE6 or IE7

Any assistance is appreciated
Watch Question

H there

If you go to the registry of an affected machine and set the "Flags" Name to  47 (Dec 71) will it help?? (make sur eyou note what it currently is set to. maybe just add 3 to teh Dec value (see Value list below)
btw, this flag number was what was on my Server 2003 Box wiht no GPO set for Trusted sites or anything IE related, so its just a reference point for you

Key = HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\<Zone Number> 2 - Trusted Sites Zone

I got this info from

Below is a part from the above link (near the bottom)
The Flags DWORD value determines the ability of the user to modify the security zone's properties. To determine the Flags value, add the numbers of the appropriate settings together. The following Flags values are available (decimal):
   Value    Setting
   1        Allow changes to custom settings
   2        Allow users to add Web sites to this zone
   4        Require verified Web sites (https protocol)
   8        Include Web sites that bypass the proxy server
   16       Include Web sites not listed in other zones
   32       Do not show security zone in Internet Properties (default
            setting for My Computer)
   64       Show the Requires Server Verification dialog box
   128      Treat Universal Naming Connections (UNCs) as intranet

Another couple of link for reference to others having this issue and possible workarounds/solutions

Hope it helps


Network Administrator
Since you used a computer configuration it applies to everyone that logs on and therefore is not configurable by  a user to user basis.

You should have configured adding sites to the trusted zone by User Configuration / Windows Settings / Internet Explorer Maintenance / Security.

How can I use Group Policy to add a site to the Trusted Sites zone?

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
DonNetwork Administrator
Remove the computer gpo and apply it thru the "Internet Explorer Maintenance" policy under User configuration.


I had previously tried setting the flags in the registry but It did not work, once i followed "dstewartjr" 's instructions it worked , just had to do a gpupdate /force and all worked perfectly.
DonNetwork Administrator


Glad it worked out for you.

By using this method, don't you also apply all of the customization from the security settings?  Is there a way to JUST add some sites to the trusted Zone without applying other settings as well?

DonNetwork Administrator

You'll get much more input if you were to open a new thread. Most EE experts stop monitoring already closed questions.

I'm having the same problem on a Server 2008, however the User Config\Policies\Windows Settings\Internet Explorer Maintenance\Security page on this server only has two options associated with the 'Security Zones and Content Ratings' item: "Do not customize security zones and privacy" and "Import the current security zones and privacy settings", which appears to import from the current/in use profile, but still doesn't offer any options to allow users to continue adding new sites.


Sorry to hear you are having the same issue,  I do not know the answer,  but I do reccomend you open a new thread and ask your specific question.  The experts have helped me on numerous occasions, but I know they rarely monitor closed questions.
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.