Solved

site to zone assignment list registry

Posted on 2016-07-22
1
125 Views
Last Modified: 2016-08-03
I applied a site to zone assignment list using GPO. I want to verify they are being applied. When I go to a domain machine I cant scroll down to see all the sites I added. I was thinking I could go to the registry here:


http://gpsearch.azurewebsites.net/#1493

But when I go there I dont see a list of sites. Anybody have a somewhere I can look to make sure the policy is being applied to the machines correctly?
0
Comment
Question by:Thomas N
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 25

Accepted Solution

by:
Coralon earned 500 total points
ID: 41726079
The best way to check is to run a gpresult /h <filenname>.htm on the machine with the user account that should be affected by the policy.  The resulting HTML file will show you the results of the various policies and which policy "won" each of the settings.   (Just be aware of where you set the policy -- machine level or user level; and if it is machine level, if you are using loopback processing).  

Another good way to check is to again, logon to the correct machine with the correct account, open up Internet Explorer, go to the site, and then go to Tools | Internet Options | Security, and the zone you are in will be the one highlighted.  

But there are 2 keys at each level you should be able to check for the said assignments:
Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\<domainname>
<protocol> = 0x<zone> REG_DWORD
Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\<domainname>
<protocol> = 0x<zone> REG_DWORD

Open in new window


Now.. protocol is the protocol handler you want specified, such as http, https, ftp, or even * (for all protocol handlers).
The zone number is one of 5 zones:
0 - this is the same as the local computer.. it is not visible graphically, but *is* available
1 - Local Intranet
2 - Trusted Sites
3 - Internet Zone
4 - Untrusted Sites

The domain name is specific to the name specified, and it can be wildcarded..
So, adding a domain as *.domain.tld will affect all connections going to any sub zone of domain.tld (tld meaning top level domain).  If you put in http://*.domain.tld then it will affect any subzone of tld using the http protocol, but https will remain unaffected, etc.

Coralon
0

Featured Post

Free Webinar: AWS Backup & DR

Join our upcoming webinar with experts from AWS, CloudBerry Lab, and the Town of Edgartown IT to discuss best practices for simplifying online backup management and cutting costs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In-place Upgrading Dirsync to Azure AD Connect
Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question