Solved

site to zone assignment list registry

Posted on 2016-07-22
1
157 Views
Last Modified: 2016-08-03
I applied a site to zone assignment list using GPO. I want to verify they are being applied. When I go to a domain machine I cant scroll down to see all the sites I added. I was thinking I could go to the registry here:


http://gpsearch.azurewebsites.net/#1493

But when I go there I dont see a list of sites. Anybody have a somewhere I can look to make sure the policy is being applied to the machines correctly?
0
Comment
Question by:Thomas N
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 25

Accepted Solution

by:
Coralon earned 500 total points
ID: 41726079
The best way to check is to run a gpresult /h <filenname>.htm on the machine with the user account that should be affected by the policy.  The resulting HTML file will show you the results of the various policies and which policy "won" each of the settings.   (Just be aware of where you set the policy -- machine level or user level; and if it is machine level, if you are using loopback processing).  

Another good way to check is to again, logon to the correct machine with the correct account, open up Internet Explorer, go to the site, and then go to Tools | Internet Options | Security, and the zone you are in will be the one highlighted.  

But there are 2 keys at each level you should be able to check for the said assignments:
Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\<domainname>
<protocol> = 0x<zone> REG_DWORD
Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\<domainname>
<protocol> = 0x<zone> REG_DWORD

Open in new window


Now.. protocol is the protocol handler you want specified, such as http, https, ftp, or even * (for all protocol handlers).
The zone number is one of 5 zones:
0 - this is the same as the local computer.. it is not visible graphically, but *is* available
1 - Local Intranet
2 - Trusted Sites
3 - Internet Zone
4 - Untrusted Sites

The domain name is specific to the name specified, and it can be wildcarded..
So, adding a domain as *.domain.tld will affect all connections going to any sub zone of domain.tld (tld meaning top level domain).  If you put in http://*.domain.tld then it will affect any subzone of tld using the http protocol, but https will remain unaffected, etc.

Coralon
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This Micro Tutorial will teach you how to the overview of Microsoft Security Essentials. This is a free anti-virus software that guards your PC against viruses, spyware, worms, and other malicious software. This will be demonstrated using Windows…
This Micro Tutorial will give you basic overview of the control panel section on Windows 7. It will depth in Network and Internet, Hardware and Sound, etc. This will be demonstrated using Windows 7 operating system.

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question