Share via


Add One URL to Intranet Zone and Another URL to a Trusted Site Zone Through GPO

Requirement: Add one URL to Intranet Zone and Another Url To trusted Site Zone.
 
The above requirement can be achieved in four ways.
Option 1: Computer Configuration ““> Administrative Tools ““> Windows Components ““> Internet Explorer ““> Internet Control Panel ““> Security Page and then zone assignment list.

This will disable the add/remove buttons.
The reason behind this is when you set GPO to manage the IE security page by default all settings (add/remove buttons) get disabled. End users will not be able to add/remove sites/urls in his computer (This is not recommended, coz end users will access different web sites and they will to add may urls in trusted sites)
 

Option 2: User Configuration>Windows Settings>Internet Explorer Maintenance>Security>Security Zone and Content Ratings>Import The Current Security Zones and Content Ratings> Click On Modify. I do not recommend this.

This will import all the security settings (of Internet Explorer) of from the computer from where you are editing the GPO. In your environment if you have a dedicated machine to edit GPO (The IE settings) , you can follow this step. In this settings end users will be able to add/remove sites to Intranet zone/Trusted zone but with GPO refresh interval all manual entry’s will be wiped out.

Option 3: Use a script. The code is given below:

On Error  Resume Next
  
Const HKEY_CURRENT_USER = &H80000001
  
strComputer = "."
 Set objReg = GetObject("winmgmts:" _
     & "{impersonationLevel=impersonate}\\"  & strComputer & _
         "\root\default:StdRegProv")
  
strKeyPath = "Software\Microsoft\Windows\CurrentVersion\Internet Settings\" _
     & "ZoneMap\EscDomains\google.com"
 objReg.CreateKey HKEY_CURRENT_USER,strKeyPath
  
strKeyPath = "Software\Microsoft\Windows\CurrentVersion\Internet Settings\" _
     & "ZoneMap\EscDomains\google.com\www"
 objReg.CreateKey HKEY_CURRENT_USER,strKeyPath
  
strValueName = "https"
 dwValue = 2
 objReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName,dwValue
  
strKeyPath = "Software\Microsoft\Windows\CurrentVersion\Internet Settings\" _
     & "ZoneMap\Domains\google.com"
 objReg.CreateKey HKEY_CURRENT_USER,strKeyPath
  
strKeyPath = "Software\Microsoft\Windows\CurrentVersion\Internet Settings\" _
     & "ZoneMap\Domains\google.com\www"
 objReg.CreateKey HKEY_CURRENT_USER,strKeyPath
  
strValueName = "https"
 dwValue = 2
 objReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName,dwValue
  
strKeyPath = "Software\Microsoft\Windows\CurrentVersion\Internet Settings\" _
     & "ZoneMap\EscDomains\hotmail.com"
 objReg.CreateKey HKEY_CURRENT_USER,strKeyPath
 strValueName = "https"
 dwValue = 1
 objReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName,dwValue
  
strKeyPath = "Software\Microsoft\Windows\CurrentVersion\Internet Settings\" _
     & "ZoneMap\Domains\hotmail.com"
 objReg.CreateKey HKEY_CURRENT_USER,strKeyPath
 strValueName = "https"
 dwValue = 1
 objReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName,dwValue

Put the code above into a user logon script. You may ask  why to add the url in "Domains" and in "ESCDomains". I have checked it in approx 200 client machine , some are supporting "Domains" reg key some support "ESCDomains" regkey

Option 4: Use a ADM Template
http://social.technet.microsoft.com/wiki/contents/articles/4469.aspx

__________________________________________________________________________________________________