Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Adding a site in Trusted Sites, even though the FQDN wildcard is in Local Intranet sites

Posted on 2015-02-10
Medium Priority
Last Modified: 2015-02-11
I am curious what takes precedence, we have a site that is internal and external with the same FQDN.  It is recommended by the vendor to add the site to Trusted Sites, however the wildcard is setup in local Intranet Sites in IE 10.  What I am curious which takes precedence?  Is it the local intranet sites in IE since the policies are more restrictive or is it trusted sites?  Or does it depend if the device is connected in the office where the intranet sites will take over, until they connect outside the office and trusted sites take over?  Any explanation would be helpful!
Question by:mystikal1000
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 500 total points
ID: 40601243
There is really no "ordering" when it comes to these zones. The local intranet zone is anything with a flat name space like http://servername. The Trusted sites are sites that you are trusting which has a lower security setting. Some applications require you to use the FQDN in that you will need to use trusted sites for this . You cannot have a single entry in both places at once. It will either be local intranet or trusted sites.

Take a look at the link below which outlines each zone with more detail.


LVL 38

Assisted Solution

Mahesh earned 1500 total points
ID: 40601366
As far as I know, there is no thing called precedence between intranet zone and trusted site zone as purpose of both is different.
These zones are used to distinguish security levels for script/code execution.

Sites in trusted zone are secure (most of the time) external sites and will be accessed with minimum security checks

Site place in local intranet zone are always trusted because they are internal sites and use integrated windows authentication
Ex: logon user credentials are passed to ADFS server automatically if ADFS URL is added to local intranet zone.
To specify categories of URLs to include in the zone from the browser
1.On the Tools menu in Internet Explorer, click Internet Options, and then click the Security tab.
2.Click the Local Intranet zone, and then click Sites.
3.Select the following check boxes that apply:
Include all local (intranet) sites not listed in other zones
Include all sites that bypass the proxy server
Include all network paths (UNCs)

For intranet zone precedence check below link

Author Comment

ID: 40601400
Btw the intranet zone is setup using a wildcard vs the trusted site is specified with the fully FQDN, sorry I didn't mention that.  Not sure if it helps or not, but want to point that out there.
LVL 38

Accepted Solution

Mahesh earned 1500 total points
ID: 40602559
The real comparison \ precedence will take place between {intranet zone vs internet zone) and (Trusted sites vs restricted sites) if I am not wrong.

Whenever IE opens any web site, it will try to segregate site as intranet zone or internet zone.
If you add any site to intranet zone specifically (split dns - having same url in internal \ external), that site should be accessible from intranet , meaning its should be resolvable from local DNS server and if proxy is mentioned in IE, you need to make exception (no matter you enter as wildcard or FQDN).
Because If proxy is defined, IE will try to access required web site through proxy 1st rather than DNS
If proxy exception is not defined, it will try to go out on the internet through proxy to access the web site and essentially this will consider site belongs to internet zone
I believe, Your trusted site part will be started from here and if site is belongs to internet zone and only if its having some security implications (like SSL enabled or certificate based authentication), then you need to add that site in trusted sites so that security checks would be minimized.

Now suppose if proxy is not defined, then DNS will try to resolve site itself, if found site will automatically considered as intranet zone.

One more possibility would be if exception is defined in proxy, IE will try to get that URL resolved via local DNS instead of proxy and if get resolved, again site will be considered as intranet zone.

Note that if you enter www.website.com in intranet zone, it will be applicable to http, https and ftp as well (all web protocols), however if you defined http://www.website.com, then this would be applicable to http protocol only.

There is no direct relation between trusted sites and intranet zone. You need to make sure that either local DNS should resolve it when in corporate network and if proxy is defined ensure that appropriate exception is defined (wild card is also acceptable exception)
No need to add intranet sites to trusted sites unless required by web site for its correct functioning and to minimize security checks because trusted sites relax security prompts

When user is working from internet, the site would be considered as belongs to internet zone and if its added to trusted sites, security checks would be minimized.

Intranet \ internet zone is there to segregate web traffic to either internal \ external
Trusted sites are there to minimize security checks by trusting that site no matter if site place in which zone.

I hope this will answer your query

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A small collection of useful tips and tricks for Windows 10 users that I decided to write as a result of recent questions that were asked and answered at Experts Exchange. Two short video tutorials included. Enjoy..
Know the reasons and solutions to move/import EDB to New Exchange Server. Also, find out how to recover an Exchange .edb file and to restore the file back.
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question