Solved

Group Policy and IE Site to Zone Assignment List issues

Posted on 2013-11-14
2
6,654 Views
Last Modified: 2013-11-16
Hello Experts,

We are getting frustrated with using Group Policy to push out standard sites to zones for our Intranet and trusted Internet sites.  The Group Policy works but locks down the ability for users to add additional sites (in other words adding sites additional to the ones pushed down via GPO).  BTW, we're at Windows Server 2012 forest/domain functional level.

Is there a way to push out site to zone assignments to IE via GPO and also allow users to add site to zone assignments on their own?

The GPO settings I'm talking about are under User Configuration > Policies > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page.

The link below outlines the strategy we're attempting to follow.

http://www.grouppolicy.biz/2010/03/how-to-use-group-policy-to-configure-internet-explorer-security-zone-sites/

The problem is this:  We configure the GPO with the assignments that we know of.  A user then gets a certificate error or otherwise blocked for a new web site.  They know it's legitimate (like our bank) and they want to add it to their trusted Internet zone and can't (locked down by administrator if GPO is in place).  Now IT has to get involved and add the site to the GPO.  User is mad by the time that happens.
0
Comment
Question by:cambo84
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 13

Accepted Solution

by:
Jaihunt earned 500 total points
ID: 39648262
Its default behavior if you configure GPO user cant able to add. Also configure the active X control also. which will enable to run any active X scripts run.

Please check the below link to configure trusted sites, Intranet sites in GPO

http://www.windowstricks.in/2010/11/configuring-trusted-website-and-activex.html

Note: The value field can take the following values:
• (Value = 1) Intranet zone,
• (Value = 2) Trusted Sites zone,
• (Value = 3) Internet zone
(Value = 4) Restricted Sites zone
0
 
LVL 1

Author Closing Comment

by:cambo84
ID: 39653405
Not really a solution to the problem but the reality we forced to live with apparently.
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Windows Task Scheduler: Access to an Executable File 5 38
DSRM password 5 42
Inspect Elements on iPad 19 54
Domain User is unable to see any drives in her "My Computer" 9 48
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial will demonstrate how to add subdomains to your content reports. This can be very importing in having a site with multiple subdomains.

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question