Batch o powershell to modify Internet explorer security settings

Hi, I need help on creating either Batch file or Powershell script to modify security settings of the internet explorer.
What I need is to add multiple sites into trusted sites of the internet explorer.
I have done this through Group policy for domain computers but I also have 50 of non domain computers.

Please let me know if you have ideas.
Tech ManInformation TechnologyAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Chris DentPowerShell DeveloperCommented:
Before the script a caveat. Internet Explorer has a list of top level domains built in. I can't find a way to access that. When IE creates the key it would make the trusted sites entry for "http://test.site.domain.tld" into:

ZoneMap
    domain.tld
        test.site: http (DWORD): 2

This presents a problem because the value of top level domain is extremely varied these days (not just .com, .net, and so on). The script "could" download the same list IE uses (https://publicsuffix.org/), but it would have to stick to the usage restrictions for that site. So... best effort, lets see how it gets on without splitting it up.

Usage:
Get-Content YourListOfSites.txt |C:\Somewhere\Add-ZoneMapItem.ps1 -Zone TrustedSites

Open in new window

The script, to fit usage, save as Add-ZoneMapItem.ps1
param(
    # The URL to add.
    [Parameter(Mandatory = $true, ValueFromPipeline = $true)]
    [Uri]$Url,

    # Add the entry to the specified zone
    [Parameter(Mandatory = $true)]
    [ValidateSet('MyComputer', 'LocalIntranet', 'TrustedSites', 'Internet', 'RestrictedSites')]
    [String]$Zone,

    # By default, create entries for all users.
    [Switch]$CurrentUser
)

begin {
    [Int32]$zoneNumber = switch ($Zone) {
        'MyComputer'      { 0 }
        'LocalIntranet'   { 1 }
        'TrustedSites'    { 2 }
        'Internet'        { 3 }
        'RestrictedSites' { 4 }
    }
    $regKey = '{0}:\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap' -f ('HKLM', 'HKCU')[$CurrentUser.ToBool()]
}

process {
    $domainKey = Join-Path $regKey $Url.Host
    if (-not (Test-Path $domainKey)) {
        $null = New-Item $domainKey -ItemType Key
    }

    if ($Url.Scheme) {
        $valueName = $Url.Scheme
    } else {
        $valueName = '*'
    }

    Set-ItemProperty $domainKey -Name $valueName -Value $zoneNumber -Force
}

Open in new window

0
Tech ManInformation TechnologyAuthor Commented:
Thank you Chris,
I will test this but before I have couple of questions:
- How should I structure my .txt file? Should I separate website addresses with space, comma or new line?
- Can I have my source file (.txt) located somewhere in internet. For example if I have my text file in OneDrive, that way I dont have to copy the file to each machine?

I would greatly appreciate your opinion.

Thank you
0
Chris DentPowerShell DeveloperCommented:
Good morning,

The file can contain a simple list:
https://domain.com
test.domain.com

Open in new window

Yes you can have the text file elsewhere, the usage snippet changes. If the content were coming from a web service Invoke-WebRequest would be used:
(Invoke-WebRequest http://domain.com/content).Content -split '\r?\n' | C:\Somewhere\Add-ZoneMapItem.ps1 -Zone TrustedSites

Open in new window

By extension, you could deliver the script the same way. If a text file contained the script (as a function) along with the command to call it:
function Add-ZoneMapItem {
    <script content>
}
(Invoke-WebRequest http://domain.com/content.txt -UseBasicParsing).Content -split '\r?\n' | Add-ZoneMapItem -Zone TrustedSites

Open in new window

At that point you could use:
Invoke-WebRequest http://domain.com/script.txt -UseBasicParsing | Invoke-Expression

Open in new window

It reduces the need to distribute the script (which is great if it needs an update or bug fix).
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Tech ManInformation TechnologyAuthor Commented:
Chris, I run the Script locally but unfortunately it does not add sites to the trusted sites list. How can I troubleshot this?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Batch

From novice to tech pro — start learning today.