IE site zone assignment

Posted on 2014-08-08
Last Modified: 2014-08-12
Hi all,

Server 2008 AD

I have a number of internal web address that I push out using the site to zone assignment list. This works fine but it doesn't allow the users to add sites to this zone themselves. Is there anyway of populating these zones without restricting users to append?
Question by:Matt
    LVL 23

    Expert Comment


    You could add a registry key using a preference policy. You would be adding the following key then

    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\\subdomain\http=00000002 (Reg DWORD Value).
    If you do this in the user properties of the policy and assign it to the OU were your users reside your good to go..

    Author Comment

    No way of using Group Policy?
    LVL 23

    Expert Comment

    This is a group policy :)
    Go to User Configuration --> Preferences --> Windows Settings --> Registry.
    Or do you mean set a policy that it is possible to add these?

    Author Comment

    Sure, but I was thinking more of a preference :)
    LVL 23

    Assisted Solution

    The problem with using the site to zone assignment list is that a user won't have any option left to manually do this. We use a Workplace management tool that does these things for us because of this. When a user logs on these actions are assigned to the machine.

    Look at it as a very well scripted login script (which is much easier to handle :))
    LVL 16

    Accepted Solution

    rhandels is correct. If you use group policy, then you are basically locking it so that users won't have access to add other sites in. this is done on purpose as generally you want to control what is trusted and what is not (and not give users the ability to decide). At my workplace, if users need a site added, then generally they put in a request ticket and we validate they're not trying to make youtube a trusted site and update the policy as needed.

    If you still want users to have access, (I haven't tried this) I think you can set up registry settings for this which should give the users the right to add/remove sites as needed.

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Want to promote your upcoming event?

    Is your company attending an event or exhibiting at a trade show soon? Are you speaking at a conference? Spread the word by using a promotional banner in your email signature. This will ensure your organization’s most important contacts are in the know.

    A quick step-by-step overview of installing and configuring Carbonite Server Backup.
    ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
    This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
    This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

    758 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now