How do I use Group Policy to Control Trusted Sites and https verification in internet explorer

In my organization, we have a domain level group policy that disallows adding trusted websites in internet explorer. Additionally," the requires server verification (https;) for all sites in this zone", is checked. We have a group in our organization that needs this setting to go away. How do I create a sub group policy  that take precedence over the domain level group policy. I will include some screen shots about what I am talking about as to give you guys a better idea of what I am trying to achieve.

I would appreciate a step by step if possible.
screen1.bmp
screen2.bmp
screen3.bmp
screen4.bmp
BLACK THANOSAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Mike KlineCommented:
how is this group setup, are they in a separate OU or are they spread out all over the place.
Several ways to handle this.
1.  put them in an OU and link the new trusted policy to that OU.  Group policies are applied using the LSDOU methodology.
Local applied then site then domain then OU so the OU policy will win
http://technet.microsoft.com/en-us/library/cc785665(WS.10).aspx
2.  You could also create a group and put those users in the group and use security filtering on that GPO.  more on security filtering here
http://adisfun.blogspot.com/2009/04/security-filtering-and-group-policy.html
If you use security filtering it must be above the domain level policy, but it will only apply to that group.
Thanks
Mike
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
BLACK THANOSAuthor Commented:
If I use security filtering, then you are saying that the group policy that I create, must be above the default domain policy>??
0
BLACK THANOSAuthor Commented:
also, based upon the screen shots I attached, where are the gpo locations for them.
0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

BLACK THANOSAuthor Commented:
okay mkline71,

I am tentatively leaning towards giving all the points to you since you have come he closest to answering my questions (actually, you are the only one), but could you view my last two posts and help just a little bit more
0
Mike KlineCommented:
can't tell about the location from the screenshots.  I'll take some screenshots from my lab later today and post them for you.
Thanks
Mike
0
BLACK THANOSAuthor Commented:
I am most interested in how to uncheck the "Require server verification (https) for all sites in this zone"check box
0
Mike KlineCommented:
When you set the new policy the precedence has to be higher.  In the screenshot I have an "original" trusted sites GPO.  Notice how the new one has been moved link order 2 so it will take precedence, in your case it will only apply to that group because you are going to filter.
I'm not sure if you import a new trusted sites GPO if that will uncheck that box.  I haven't tested that part out.
 

GPO-Processing.jpg
0
BLACK THANOSAuthor Commented:
kudos mkline71
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Browsers

From novice to tech pro — start learning today.