Group Policy and IE Site to Zone Assignment List issues

Posted on 2013-11-14
Medium Priority
Last Modified: 2013-11-16
Hello Experts,

We are getting frustrated with using Group Policy to push out standard sites to zones for our Intranet and trusted Internet sites.  The Group Policy works but locks down the ability for users to add additional sites (in other words adding sites additional to the ones pushed down via GPO).  BTW, we're at Windows Server 2012 forest/domain functional level.

Is there a way to push out site to zone assignments to IE via GPO and also allow users to add site to zone assignments on their own?

The GPO settings I'm talking about are under User Configuration > Policies > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page.

The link below outlines the strategy we're attempting to follow.


The problem is this:  We configure the GPO with the assignments that we know of.  A user then gets a certificate error or otherwise blocked for a new web site.  They know it's legitimate (like our bank) and they want to add it to their trusted Internet zone and can't (locked down by administrator if GPO is in place).  Now IT has to get involved and add the site to the GPO.  User is mad by the time that happens.
Question by:cambo84
LVL 13

Accepted Solution

Jaihunt earned 1500 total points
ID: 39648262
Its default behavior if you configure GPO user cant able to add. Also configure the active X control also. which will enable to run any active X scripts run.

Please check the below link to configure trusted sites, Intranet sites in GPO


Note: The value field can take the following values:
• (Value = 1) Intranet zone,
• (Value = 2) Trusted Sites zone,
• (Value = 3) Internet zone
(Value = 4) Restricted Sites zone

Author Closing Comment

ID: 39653405
Not really a solution to the problem but the reality we forced to live with apparently.

Featured Post

The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

The article explains the process to deploy a Self-Service password reset portal I developed a few years ago. Hopefully, it will prove useful to someone.  Any comments, bug reports etc. are welcome...
Seizing the Operation Master Roles in Windows Server 2016 in case of FSMO holder failure.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question