We have created a GPO to handle all the trusted sites for our company. The place where we placed the trusted sites in the GPO is: Computer Config >>>> policies >>> windows components >>> Internet Explorer >>> Internet Control panel >>> security page. The setting is “Site to Zone Assignment List” and we made #2 for internet sites, and #1 for internal sites. We notice when the GPO took effect, it took control and the uses were unable to add any sites on there own.
Now the question: Is there a flag, where this GPO could be one that ADDs additional sites to the user & and still allow the user to add their own.