Batch o powershell to modify Internet explorer security settings

Tech Man
Tech Man used Ask the Experts™
on
Hi, I need help on creating either Batch file or Powershell script to modify security settings of the internet explorer.
What I need is to add multiple sites into trusted sites of the internet explorer.
I have done this through Group policy for domain computers but I also have 50 of non domain computers.

Please let me know if you have ideas.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Chris DentPowerShell Developer
Top Expert 2010

Commented:
Before the script a caveat. Internet Explorer has a list of top level domains built in. I can't find a way to access that. When IE creates the key it would make the trusted sites entry for "http://test.site.domain.tld" into:

ZoneMap
    domain.tld
        test.site: http (DWORD): 2

This presents a problem because the value of top level domain is extremely varied these days (not just .com, .net, and so on). The script "could" download the same list IE uses (https://publicsuffix.org/), but it would have to stick to the usage restrictions for that site. So... best effort, lets see how it gets on without splitting it up.

Usage:
Get-Content YourListOfSites.txt |C:\Somewhere\Add-ZoneMapItem.ps1 -Zone TrustedSites

Open in new window

The script, to fit usage, save as Add-ZoneMapItem.ps1
param(
    # The URL to add.
    [Parameter(Mandatory = $true, ValueFromPipeline = $true)]
    [Uri]$Url,

    # Add the entry to the specified zone
    [Parameter(Mandatory = $true)]
    [ValidateSet('MyComputer', 'LocalIntranet', 'TrustedSites', 'Internet', 'RestrictedSites')]
    [String]$Zone,

    # By default, create entries for all users.
    [Switch]$CurrentUser
)

begin {
    [Int32]$zoneNumber = switch ($Zone) {
        'MyComputer'      { 0 }
        'LocalIntranet'   { 1 }
        'TrustedSites'    { 2 }
        'Internet'        { 3 }
        'RestrictedSites' { 4 }
    }
    $regKey = '{0}:\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap' -f ('HKLM', 'HKCU')[$CurrentUser.ToBool()]
}

process {
    $domainKey = Join-Path $regKey $Url.Host
    if (-not (Test-Path $domainKey)) {
        $null = New-Item $domainKey -ItemType Key
    }

    if ($Url.Scheme) {
        $valueName = $Url.Scheme
    } else {
        $valueName = '*'
    }

    Set-ItemProperty $domainKey -Name $valueName -Value $zoneNumber -Force
}

Open in new window

Tech ManInformation Technology

Author

Commented:
Thank you Chris,
I will test this but before I have couple of questions:
- How should I structure my .txt file? Should I separate website addresses with space, comma or new line?
- Can I have my source file (.txt) located somewhere in internet. For example if I have my text file in OneDrive, that way I dont have to copy the file to each machine?

I would greatly appreciate your opinion.

Thank you
PowerShell Developer
Top Expert 2010
Commented:
Good morning,

The file can contain a simple list:
https://domain.com
test.domain.com

Open in new window

Yes you can have the text file elsewhere, the usage snippet changes. If the content were coming from a web service Invoke-WebRequest would be used:
(Invoke-WebRequest http://domain.com/content).Content -split '\r?\n' | C:\Somewhere\Add-ZoneMapItem.ps1 -Zone TrustedSites

Open in new window

By extension, you could deliver the script the same way. If a text file contained the script (as a function) along with the command to call it:
function Add-ZoneMapItem {
    <script content>
}
(Invoke-WebRequest http://domain.com/content.txt -UseBasicParsing).Content -split '\r?\n' | Add-ZoneMapItem -Zone TrustedSites

Open in new window

At that point you could use:
Invoke-WebRequest http://domain.com/script.txt -UseBasicParsing | Invoke-Expression

Open in new window

It reduces the need to distribute the script (which is great if it needs an update or bug fix).
Tech ManInformation Technology

Author

Commented:
Chris, I run the Script locally but unfortunately it does not add sites to the trusted sites list. How can I troubleshot this?

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial