IE site zone assignment

Hi all,

Server 2008 AD

I have a number of internal web address that I push out using the site to zone assignment list. This works fine but it doesn't allow the users to add sites to this zone themselves. Is there anyway of populating these zones without restricting users to append?
MattAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

rhandelsCommented:
Hey,

You could add a registry key using a preference policy. You would be adding the following key then

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\domain.com\subdomain\http=00000002 (Reg DWORD Value).
If you do this in the user properties of the policy and assign it to the OU were your users reside your good to go..
0
MattAuthor Commented:
No way of using Group Policy?
0
rhandelsCommented:
This is a group policy :)
Go to User Configuration --> Preferences --> Windows Settings --> Registry.
Or do you mean set a policy that it is possible to add these?
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

MattAuthor Commented:
Sure, but I was thinking more of a preference :)
0
rhandelsCommented:
The problem with using the site to zone assignment list is that a user won't have any option left to manually do this. We use a Workplace management tool that does these things for us because of this. When a user logs on these actions are assigned to the machine.

Look at it as a very well scripted login script (which is much easier to handle :))
0
ThinkPaperIT ConsultantCommented:
rhandels is correct. If you use group policy, then you are basically locking it so that users won't have access to add other sites in. this is done on purpose as generally you want to control what is trusted and what is not (and not give users the ability to decide). At my workplace, if users need a site added, then generally they put in a request ticket and we validate they're not trying to make youtube a trusted site and update the policy as needed.

If you still want users to have access, (I haven't tried this) I think you can set up registry settings for this which should give the users the right to add/remove sites as needed.

http://social.technet.microsoft.com/Forums/windowsserver/en-US/3a6d9a15-1fee-4b2b-a18d-0d838f356f2c/alternative-to-site-to-zone-assignment-gpo

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.