Group policy to add trusted sites

Posted on 2009-02-11
Medium Priority
Last Modified: 2012-05-06
I just created a group policy to add websites to my trusted sites.
Computer Config --> Admin templates -->Windows components --> internet explorer --> internet control panel  --> security page  --> site to site assignment list and I added the sites i need.

This worked fine, but now users cannot add additional sites, and any sites they already had are overwritten by this policy.

I'm fine with overwriting what they have, but how can i get it so they have the ability to add additional sites as needed.

Add and remove functions are grayed out

This is a windows server 2003 environment active directory and all workstations are windows xp sp2 or sp3 with IE6 or IE7

Any assistance is appreciated
Question by:Ekuskowski
LVL 12

Expert Comment

ID: 23618550
H there

If you go to the registry of an affected machine and set the "Flags" Name to  47 (Dec 71) will it help?? (make sur eyou note what it currently is set to. maybe just add 3 to teh Dec value (see Value list below)
btw, this flag number was what was on my Server 2003 Box wiht no GPO set for Trusted sites or anything IE related, so its just a reference point for you

Key = HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\<Zone Number> 2 - Trusted Sites Zone

I got this info from

Below is a part from the above link (near the bottom)
The Flags DWORD value determines the ability of the user to modify the security zone's properties. To determine the Flags value, add the numbers of the appropriate settings together. The following Flags values are available (decimal):
   Value    Setting
   1        Allow changes to custom settings
   2        Allow users to add Web sites to this zone
   4        Require verified Web sites (https protocol)
   8        Include Web sites that bypass the proxy server
   16       Include Web sites not listed in other zones
   32       Do not show security zone in Internet Properties (default
            setting for My Computer)
   64       Show the Requires Server Verification dialog box
   128      Treat Universal Naming Connections (UNCs) as intranet

Another couple of link for reference to others having this issue and possible workarounds/solutions

Hope it helps


LVL 47

Accepted Solution

Donald Stewart earned 2000 total points
ID: 23618864
Since you used a computer configuration it applies to everyone that logs on and therefore is not configurable by  a user to user basis.

You should have configured adding sites to the trusted zone by User Configuration / Windows Settings / Internet Explorer Maintenance / Security.

How can I use Group Policy to add a site to the Trusted Sites zone?
LVL 47

Assisted Solution

by:Donald Stewart
Donald Stewart earned 2000 total points
ID: 23618879
Remove the computer gpo and apply it thru the "Internet Explorer Maintenance" policy under User configuration.
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.


Author Closing Comment

ID: 31545882
I had previously tried setting the flags in the registry but It did not work, once i followed "dstewartjr" 's instructions it worked , just had to do a gpupdate /force and all worked perfectly.
LVL 47

Expert Comment

by:Donald Stewart
ID: 23624865

Glad it worked out for you.

Expert Comment

ID: 24873315
By using this method, don't you also apply all of the customization from the security settings?  Is there a way to JUST add some sites to the trusted Zone without applying other settings as well?

LVL 47

Expert Comment

by:Donald Stewart
ID: 24873348
You'll get much more input if you were to open a new thread. Most EE experts stop monitoring already closed questions.

Expert Comment

ID: 34227810
I'm having the same problem on a Server 2008, however the User Config\Policies\Windows Settings\Internet Explorer Maintenance\Security page on this server only has two options associated with the 'Security Zones and Content Ratings' item: "Do not customize security zones and privacy" and "Import the current security zones and privacy settings", which appears to import from the current/in use profile, but still doesn't offer any options to allow users to continue adding new sites.

Author Comment

ID: 34229570
Sorry to hear you are having the same issue,  I do not know the answer,  but I do reccomend you open a new thread and ask your specific question.  The experts have helped me on numerous occasions, but I know they rarely monitor closed questions.

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question