Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 432
  • Last Modified:

IE site zone assignment

Hi all,

Server 2008 AD

I have a number of internal web address that I push out using the site to zone assignment list. This works fine but it doesn't allow the users to add sites to this zone themselves. Is there anyway of populating these zones without restricting users to append?
0
Matt
Asked:
Matt
  • 3
  • 2
2 Solutions
 
rhandelsCommented:
Hey,

You could add a registry key using a preference policy. You would be adding the following key then

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\domain.com\subdomain\http=00000002 (Reg DWORD Value).
If you do this in the user properties of the policy and assign it to the OU were your users reside your good to go..
0
 
MattAuthor Commented:
No way of using Group Policy?
0
 
rhandelsCommented:
This is a group policy :)
Go to User Configuration --> Preferences --> Windows Settings --> Registry.
Or do you mean set a policy that it is possible to add these?
0
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

 
MattAuthor Commented:
Sure, but I was thinking more of a preference :)
0
 
rhandelsCommented:
The problem with using the site to zone assignment list is that a user won't have any option left to manually do this. We use a Workplace management tool that does these things for us because of this. When a user logs on these actions are assigned to the machine.

Look at it as a very well scripted login script (which is much easier to handle :))
0
 
ThinkPaperIT ConsultantCommented:
rhandels is correct. If you use group policy, then you are basically locking it so that users won't have access to add other sites in. this is done on purpose as generally you want to control what is trusted and what is not (and not give users the ability to decide). At my workplace, if users need a site added, then generally they put in a request ticket and we validate they're not trying to make youtube a trusted site and update the policy as needed.

If you still want users to have access, (I haven't tried this) I think you can set up registry settings for this which should give the users the right to add/remove sites as needed.

http://social.technet.microsoft.com/Forums/windowsserver/en-US/3a6d9a15-1fee-4b2b-a18d-0d838f356f2c/alternative-to-site-to-zone-assignment-gpo

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now