IE - Add Trusted Site through gROUP pOLICY

I'm trying to add a trusted site to all pc's using Group Policy.  I already have existing sites being pushed to workstations with this policy.  When I view the Settings tab for my existing policy I see the current entries listed as:
"Sites in this zone" under
User Config\Policies\Win. Settings\IE Maint.\Sec/Security Zones and Ratings\Security Zones and Privacy\Trusted Sites (Security Level:Custom)

I've made a copy of this policy for testing.  When I attempt to edit the copy I do not see my current trusted sites entries.

I think this is related to IE ESC importing the current settings for the logged on user.  Is there a way to edit the GPO directly without importing?

I am administering on a Server 2008 R2 box.
EncinitasAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Premkumar YogeswaranSr. Analyst - System AdministratorCommented:
I would suggest to use Computer configuration for Trusted sites setting instead of user conf.

Step in the link below
http://www.makeuseof.com/tag/configure-trusted-sites-internet-explorer-group-policy/

Regards,
Prem
0
EncinitasAuthor Commented:
Thanks Prem.  That method does seem to add sites into client browser's more comprhensively.  With this method though users are not able to add there own trusted sites.  Do you know if there is a seperate setting that would allow users to still edit those?
0
Premkumar YogeswaranSr. Analyst - System AdministratorCommented:
Hi Encinitas,

I that case, you need to go for user configuration in GPO, as you mentioned in your question.

You can use with out importing. Use do not customize ratings.

refer this link:
http://sgwindowsgroup.org/blogs/bernard/archive/2010/03/03/adding-trusted-sites-to-internet-explorer-using-gpo.aspx

Regards,
Prem
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

EncinitasAuthor Commented:
"You can use with out importing. Use do not customize ratings."

I'm not able to do this.  When "Do not customize security zones and privacy" is selected, the "Modify Settings" button is greyed out.

This is true with IE ESC both enabled and disabled.
0
EncinitasAuthor Commented:
I've also tried to administer GPO using a Win 7 box with RSAT installed.  Same limitation with greyed out Modify Settings button.
0
EncinitasAuthor Commented:
In the end, I configured the browser on the Windows7 w/ RSAT machine to have the settings that I wanted deployed via GPO.  Imported those into Group policy.  Not ideal for long term administration but did the trick.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
EncinitasAuthor Commented:
Offered solutions did not provide resolution.  End result was based on my own further investigation and experimentation.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.