• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 57504
  • Last Modified:

Group policy to add trusted sites

I just created a group policy to add websites to my trusted sites.
Computer Config --> Admin templates -->Windows components --> internet explorer --> internet control panel  --> security page  --> site to site assignment list and I added the sites i need.

This worked fine, but now users cannot add additional sites, and any sites they already had are overwritten by this policy.

I'm fine with overwriting what they have, but how can i get it so they have the ability to add additional sites as needed.

Add and remove functions are grayed out

This is a windows server 2003 environment active directory and all workstations are windows xp sp2 or sp3 with IE6 or IE7

Any assistance is appreciated
Thanks
0
Ekuskowski
Asked:
Ekuskowski
2 Solutions
 
Krys_KCommented:
H there

If you go to the registry of an affected machine and set the "Flags" Name to  47 (Dec 71) will it help?? (make sur eyou note what it currently is set to. maybe just add 3 to teh Dec value (see Value list below)
btw, this flag number was what was on my Server 2003 Box wiht no GPO set for Trusted sites or anything IE related, so its just a reference point for you

Key = HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\<Zone Number> 2 - Trusted Sites Zone

I got this info from
http://support.microsoft.com/default.aspx?kbid=182569

Below is a part from the above link (near the bottom)
The Flags DWORD value determines the ability of the user to modify the security zone's properties. To determine the Flags value, add the numbers of the appropriate settings together. The following Flags values are available (decimal):
   Value    Setting
   ------------------------------------------------------------------
   1        Allow changes to custom settings
   2        Allow users to add Web sites to this zone
   4        Require verified Web sites (https protocol)
   8        Include Web sites that bypass the proxy server
   16       Include Web sites not listed in other zones
   32       Do not show security zone in Internet Properties (default
            setting for My Computer)
   64       Show the Requires Server Verification dialog box
   128      Treat Universal Naming Connections (UNCs) as intranet
            connections
                  


Another couple of link for reference to others having this issue and possible workarounds/solutions
http://www.pcreview.co.uk/forums/thread-179147.php
http://web2.minasi.com/forum/topic.asp?TOPIC_ID=26106


Hope it helps

Regards
Krystian

0
 
DonNetwork AdministratorCommented:
Since you used a computer configuration it applies to everyone that logs on and therefore is not configurable by  a user to user basis.

You should have configured adding sites to the trusted zone by User Configuration / Windows Settings / Internet Explorer Maintenance / Security.


How can I use Group Policy to add a site to the Trusted Sites zone?
0
 
DonNetwork AdministratorCommented:
Remove the computer gpo and apply it thru the "Internet Explorer Maintenance" policy under User configuration.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
EkuskowskiAuthor Commented:
I had previously tried setting the flags in the registry but It did not work, once i followed "dstewartjr" 's instructions it worked , just had to do a gpupdate /force and all worked perfectly.
0
 
DonNetwork AdministratorCommented:
Great!!!

Glad it worked out for you.
0
 
JeffesmiCommented:
By using this method, don't you also apply all of the customization from the security settings?  Is there a way to JUST add some sites to the trusted Zone without applying other settings as well?

Thanks.
0
 
DonNetwork AdministratorCommented:
Jeffesmi,
You'll get much more input if you were to open a new thread. Most EE experts stop monitoring already closed questions.
0
 
ajahnkeCommented:
I'm having the same problem on a Server 2008, however the User Config\Policies\Windows Settings\Internet Explorer Maintenance\Security page on this server only has two options associated with the 'Security Zones and Content Ratings' item: "Do not customize security zones and privacy" and "Import the current security zones and privacy settings", which appears to import from the current/in use profile, but still doesn't offer any options to allow users to continue adding new sites.
0
 
EkuskowskiAuthor Commented:
ajahnke,
Sorry to hear you are having the same issue,  I do not know the answer,  but I do reccomend you open a new thread and ask your specific question.  The experts have helped me on numerous occasions, but I know they rarely monitor closed questions.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now