How to configure Local Intranet Sites for the entire machine, not just the user

I'm trying to remove the annoying "Open File - Security Warning" dialog that pops up when I try to run a .cmd file from a local file share.  I can do this for the *current user* by going into Control Panel..Internet Settings..Security..Local Intranet..Sites..Advanced and adding a domain name such as *  But I need to do this for *any user* that logs on to the machine.

The machines are in a windows workgroup.

I need the "mouse+click" way to do it and the registry way so I can automate the process.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Are you talking about: Disable the Annoying :This page has an unspecified potential security risk? If so, read the following attachment.
Bits ...

  1. Type gpedit.msc at the Start > Run and press Enter
  2. Under Local Computer Policy Expand Administrative Templates
  3. Expand Windows Components
  4. Expand Internet Explorer
  5. Expand Internet Control Panel
  6. Click on Security Page
  7. Double Click Site to Zone Assignement List
  8. Click Enabled and Click Show...
  9. Click Add and type your domain you want to add e.g. *
  10. In the 2nd box add the value 1 which represents Intranet Zone. (More information is on the Explain Tab (when you first go into the Site to Zone Assignement List)
  11. Click Ok and it will be listed in the Zone Assignment list. Then Click Ok until you are out of all the windows.
  12. You may need to resart the computer for the policy to take effect. Alternatively you can try running gpupdate /force at the Run command.
There is only one problem with doing it this way. If you try and add any other domain to the Intranet site though Internet explorer, the policy will override it and it won't be saved doing it through Internet explorer. This just means if you need to add any other domains, you will need to do it through gpedit rather than internet explorer. This could be a good or a bad thing, depends on your scenario.
Hope this helps.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Alternatively, if you really want to do it the mouse click way or registry way, you can browse the following registry path:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{938BFBF0-BEBF-43DA-B133-DC0C2673A779}Machine\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapKey]  and add the string value as your domain name e.g. * and the value as 1
or you can create your own registry import file with the following content and save the file as something.reg (Just change the * to what ever domain you want.

Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{938BFBF0-BEBF-43DA-B133-DC0C2673A779}Machine\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapKey]
or you can use my attached example registry file. Just save the file right click to edit and change the *.mycompany to the domain you need.

The Five Tenets of the Most Secure Backup

Data loss can hit a business in any number of ways. In reality, companies should expect to lose data at some point. The challenge is having a plan to recover from such an event.

Sorry, forgot to mention, to add the domain then to the intranet zone policy using the registry file is simply a matter of double clicking the registry file and click yes to add it to the registry.
sevzasAuthor Commented:
ydsonline - thanks for the answer
sevzasAuthor Commented:
ydsonline - "gpupdate /force" did not work.  It took a reboot to take effect.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.