How to configure Local Intranet Sites for the entire machine, not just the user

I'm trying to remove the annoying "Open File - Security Warning" dialog that pops up when I try to run a .cmd file from a local file share.  I can do this for the *current user* by going into Control Panel..Internet Settings..Security..Local Intranet..Sites..Advanced and adding a domain name such as *  But I need to do this for *any user* that logs on to the machine.

The machines are in a windows workgroup.

I need the "mouse+click" way to do it and the registry way so I can automate the process.
Who is Participating?
ydsonlineConnect With a Mentor Commented:
  1. Type gpedit.msc at the Start > Run and press Enter
  2. Under Local Computer Policy Expand Administrative Templates
  3. Expand Windows Components
  4. Expand Internet Explorer
  5. Expand Internet Control Panel
  6. Click on Security Page
  7. Double Click Site to Zone Assignement List
  8. Click Enabled and Click Show...
  9. Click Add and type your domain you want to add e.g. *
  10. In the 2nd box add the value 1 which represents Intranet Zone. (More information is on the Explain Tab (when you first go into the Site to Zone Assignement List)
  11. Click Ok and it will be listed in the Zone Assignment list. Then Click Ok until you are out of all the windows.
  12. You may need to resart the computer for the policy to take effect. Alternatively you can try running gpupdate /force at the Run command.
There is only one problem with doing it this way. If you try and add any other domain to the Intranet site though Internet explorer, the policy will override it and it won't be saved doing it through Internet explorer. This just means if you need to add any other domains, you will need to do it through gpedit rather than internet explorer. This could be a good or a bad thing, depends on your scenario.
Hope this helps.
Are you talking about: Disable the Annoying :This page has an unspecified potential security risk? If so, read the following attachment.
Bits ...

ydsonlineConnect With a Mentor Commented:
Alternatively, if you really want to do it the mouse click way or registry way, you can browse the following registry path:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{938BFBF0-BEBF-43DA-B133-DC0C2673A779}Machine\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapKey]  and add the string value as your domain name e.g. * and the value as 1
or you can create your own registry import file with the following content and save the file as something.reg (Just change the * to what ever domain you want.

Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{938BFBF0-BEBF-43DA-B133-DC0C2673A779}Machine\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapKey]
or you can use my attached example registry file. Just save the file right click to edit and change the *.mycompany to the domain you need.

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Sorry, forgot to mention, to add the domain then to the intranet zone policy using the registry file is simply a matter of double clicking the registry file and click yes to add it to the registry.
sevzasAuthor Commented:
ydsonline - thanks for the answer
sevzasAuthor Commented:
ydsonline - "gpupdate /force" did not work.  It took a reboot to take effect.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.