Avatar of Tech Man
Tech Man
Flag for United States of America asked on

Batch o powershell to modify Internet explorer security settings

Hi, I need help on creating either Batch file or Powershell script to modify security settings of the internet explorer.
What I need is to add multiple sites into trusted sites of the internet explorer.
I have done this through Group policy for domain computers but I also have 50 of non domain computers.

Please let me know if you have ideas.
Windows BatchPowershellWindows 8

Avatar of undefined
Last Comment
Tech Man

8/22/2022 - Mon
Chris Dent

Before the script a caveat. Internet Explorer has a list of top level domains built in. I can't find a way to access that. When IE creates the key it would make the trusted sites entry for "http://test.site.domain.tld" into:

        test.site: http (DWORD): 2

This presents a problem because the value of top level domain is extremely varied these days (not just .com, .net, and so on). The script "could" download the same list IE uses (https://publicsuffix.org/), but it would have to stick to the usage restrictions for that site. So... best effort, lets see how it gets on without splitting it up.

Get-Content YourListOfSites.txt |C:\Somewhere\Add-ZoneMapItem.ps1 -Zone TrustedSites

Open in new window

The script, to fit usage, save as Add-ZoneMapItem.ps1
    # The URL to add.
    [Parameter(Mandatory = $true, ValueFromPipeline = $true)]

    # Add the entry to the specified zone
    [Parameter(Mandatory = $true)]
    [ValidateSet('MyComputer', 'LocalIntranet', 'TrustedSites', 'Internet', 'RestrictedSites')]

    # By default, create entries for all users.

begin {
    [Int32]$zoneNumber = switch ($Zone) {
        'MyComputer'      { 0 }
        'LocalIntranet'   { 1 }
        'TrustedSites'    { 2 }
        'Internet'        { 3 }
        'RestrictedSites' { 4 }
    $regKey = '{0}:\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap' -f ('HKLM', 'HKCU')[$CurrentUser.ToBool()]

process {
    $domainKey = Join-Path $regKey $Url.Host
    if (-not (Test-Path $domainKey)) {
        $null = New-Item $domainKey -ItemType Key

    if ($Url.Scheme) {
        $valueName = $Url.Scheme
    } else {
        $valueName = '*'

    Set-ItemProperty $domainKey -Name $valueName -Value $zoneNumber -Force

Open in new window

Tech Man

Thank you Chris,
I will test this but before I have couple of questions:
- How should I structure my .txt file? Should I separate website addresses with space, comma or new line?
- Can I have my source file (.txt) located somewhere in internet. For example if I have my text file in OneDrive, that way I dont have to copy the file to each machine?

I would greatly appreciate your opinion.

Thank you
Chris Dent

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Tech Man

Chris, I run the Script locally but unfortunately it does not add sites to the trusted sites list. How can I troubleshot this?
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.