?
Solved

site to zone assignment list registry

Posted on 2016-07-22
1
Medium Priority
?
276 Views
Last Modified: 2016-08-03
I applied a site to zone assignment list using GPO. I want to verify they are being applied. When I go to a domain machine I cant scroll down to see all the sites I added. I was thinking I could go to the registry here:


http://gpsearch.azurewebsites.net/#1493

But when I go there I dont see a list of sites. Anybody have a somewhere I can look to make sure the policy is being applied to the machines correctly?
0
Comment
Question by:Thomas N
1 Comment
 
LVL 25

Accepted Solution

by:
Coralon earned 2000 total points
ID: 41726079
The best way to check is to run a gpresult /h <filenname>.htm on the machine with the user account that should be affected by the policy.  The resulting HTML file will show you the results of the various policies and which policy "won" each of the settings.   (Just be aware of where you set the policy -- machine level or user level; and if it is machine level, if you are using loopback processing).  

Another good way to check is to again, logon to the correct machine with the correct account, open up Internet Explorer, go to the site, and then go to Tools | Internet Options | Security, and the zone you are in will be the one highlighted.  

But there are 2 keys at each level you should be able to check for the said assignments:
Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\<domainname>
<protocol> = 0x<zone> REG_DWORD
Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\<domainname>
<protocol> = 0x<zone> REG_DWORD

Open in new window


Now.. protocol is the protocol handler you want specified, such as http, https, ftp, or even * (for all protocol handlers).
The zone number is one of 5 zones:
0 - this is the same as the local computer.. it is not visible graphically, but *is* available
1 - Local Intranet
2 - Trusted Sites
3 - Internet Zone
4 - Untrusted Sites

The domain name is specific to the name specified, and it can be wildcarded..
So, adding a domain as *.domain.tld will affect all connections going to any sub zone of domain.tld (tld meaning top level domain).  If you put in http://*.domain.tld then it will affect any subzone of tld using the http protocol, but https will remain unaffected, etc.

Coralon
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's recap what we learned from yesterday's Skyport Systems webinar.
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
This Micro Tutorial will teach you how to change your appearance and customize your Windows 7 interface to your unique preference. This will be demonstrated using Windows 7 operating system.
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.
Suggested Courses

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question