Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

internet explorer trusted sites on domain computers with LOCAL LOGIN

Posted on 2010-08-19
7
Medium Priority
?
981 Views
Last Modified: 2013-12-08
Hi,
Unusual request that i need an answer to.

One of our sites has a few computers that allow local logins, not domain logins. The computers are still on the 2008 domain.
What they want to do is to be able to push internet trusted sites down to the machine but still allow domain users to change the settings when logged in to the domain.
Is there a way with group policies to push JUST trusted sites to a machine, not to individual users, and affect no other IE setting or restrict changes?
0
Comment
Question by:Neil Russell
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 8

Expert Comment

by:TheMak
ID: 33473898
Computer Config --> Admin templates -->Windows components --> internet explorer --> internet control panel  --> security page  --> site to zone assignment list and add the sites. This group policy will apply to the computer configuration not to an individual users.
 
Regards,
0
 
LVL 37

Author Comment

by:Neil Russell
ID: 33474239
OK, If i manually add a site, before the ploicy is enabled, it allows me to enter *.domain.com as a valid secure zone site. If I try to set *.domain.com in zone 2 via GPO i get a policy error when applying stating that a parameter is incorrect. If i change that to just domain.com then the policy applies but doesnt treat blogs.domain.com as being secure.
Make sense?
0
 
LVL 8

Expert Comment

by:TheMak
ID: 33475154
If I try to set *.domain.com in zone 2 ...Zone 2?
Regards,
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
LVL 37

Author Comment

by:Neil Russell
ID: 33475339
yes in zone 2 (Trusted sites)  Have you ever done this in group policies yourself?
0
 
LVL 8

Expert Comment

by:TheMak
ID: 33475601
There are only two things when you double click "site to zone assignment list "
1) Enter the name of the item to be added= you can enter anything here, just for identification
2) Enter the value of the item to be added= here is the real web site name you need to enter..
I don't see Zone 2...
0
 
LVL 37

Accepted Solution

by:
Neil Russell earned 0 total points
ID: 33475974
Hello? Site to Zone Assignment....
Please read before commenting

This policy setting allows you to manage a list of sites that you want to associate with a particular security zone. These zone numbers have associated security settings that apply to all of the sites in the zone.
Internet Explorer has 4 security zones, numbered 1-4, and these are used by this policy setting to associate sites to zones. They are: (1) Intranet zone, (2) Trusted Sites zone, (3) Internet zone, and (4) Restricted Sites zone. Security settings can be set for each of these zones through other policy settings, and their default settings are: Trusted Sites zone (Low template), Intranet zone (Medium-Low template), Internet zone (Medium template), and Restricted Sites zone (High template). (The Local Machine zone and its locked down equivalent have special security settings that protect your local computer.)
If you enable this policy setting, you can enter a list of sites and their related zone numbers. The association of a site with a zone will ensure that the security settings for the specified zone are applied to the site.  For each entry that you add to the list, enter the following information:
Valuename – A host for an intranet site, or a fully qualified domain name for other sites. The valuename may also include a specific protocol. For example, if you enter http://www.contoso.com as the valuename, other protocols are not affected. If you enter just www.contoso.com, then all protocols are affected for that site, including http, https, ftp, and so on. The site may also be expressed as an IP address (e.g., 127.0.0.1) or range (e.g., 127.0.0.1-10). To avoid creating conflicting policies, do not include additional characters after the domain such as trailing slashes or URL path. For example, policy settings for www.contoso.com and www.contoso.com/mail would be treated as the same policy setting by Internet Explorer, and would therefore be in conflict.
Value - A number indicating the zone with which this site should be associated for security settings. The Internet Explorer zones described above are 1-4.
If you disable this policy setting, any such list is deleted and no site-to-zone assignments are permitted.
If this policy is not configured, users may choose their own site-to-zone assignments.
0
 
LVL 8

Expert Comment

by:TheMak
ID: 33477933
Sorry for the wrong guidence... anyhow after you pointed me with the explanation I did some testing on Windows 2008 enterprise server but could not see any problem in adding and no error while applying.
I will try to test some more and update you. Meanwhile Please have a look to below links related to your work,
 site to zone assignment list  

http://blogcastrepository.com/blogs/mattbro/archive/2006/09/07/2183.aspx 

How To Configure Trusted Sites In Internet Explorer For A Group Policy

http://www.makeuseof.com/tag/configure-trusted-sites-internet-explorer-group-policy/ 

Internet Explorer Policy Settings

http://technet.microsoft.com/en-us/library/bb457144.aspx 
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Google currently has a new report that is in beta and coming soon to Webmaster Tool accounts. This Micro Tutorial will highlight new features for Google Webmaster Tools.
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question