?
Solved

site to zone assignment list registry

Posted on 2016-07-22
1
Medium Priority
?
193 Views
Last Modified: 2016-08-03
I applied a site to zone assignment list using GPO. I want to verify they are being applied. When I go to a domain machine I cant scroll down to see all the sites I added. I was thinking I could go to the registry here:


http://gpsearch.azurewebsites.net/#1493

But when I go there I dont see a list of sites. Anybody have a somewhere I can look to make sure the policy is being applied to the machines correctly?
0
Comment
Question by:Thomas N
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 25

Accepted Solution

by:
Coralon earned 2000 total points
ID: 41726079
The best way to check is to run a gpresult /h <filenname>.htm on the machine with the user account that should be affected by the policy.  The resulting HTML file will show you the results of the various policies and which policy "won" each of the settings.   (Just be aware of where you set the policy -- machine level or user level; and if it is machine level, if you are using loopback processing).  

Another good way to check is to again, logon to the correct machine with the correct account, open up Internet Explorer, go to the site, and then go to Tools | Internet Options | Security, and the zone you are in will be the one highlighted.  

But there are 2 keys at each level you should be able to check for the said assignments:
Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\<domainname>
<protocol> = 0x<zone> REG_DWORD
Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\<domainname>
<protocol> = 0x<zone> REG_DWORD

Open in new window


Now.. protocol is the protocol handler you want specified, such as http, https, ftp, or even * (for all protocol handlers).
The zone number is one of 5 zones:
0 - this is the same as the local computer.. it is not visible graphically, but *is* available
1 - Local Intranet
2 - Trusted Sites
3 - Internet Zone
4 - Untrusted Sites

The domain name is specific to the name specified, and it can be wildcarded..
So, adding a domain as *.domain.tld will affect all connections going to any sub zone of domain.tld (tld meaning top level domain).  If you put in http://*.domain.tld then it will affect any subzone of tld using the http protocol, but https will remain unaffected, etc.

Coralon
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This Micro Tutorial will give you a basic overview of Windows Live Photo Gallery and show you various editing filters and touches to photos you can apply. This will be demonstrated using Windows Live Photo Gallery on Windows 7 operating system.
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question