How do I add a URL with a Windows Group Policy into a client's "Local Intranet Zone"?

windows group-policy internet-explorer
33,747

Solution 1

You need a policy that applies to Authenticated Users, and in that policy you need to set the following option:

User config | Administrative Templates | Windows Components | Internet Explorer | Internet Control Panel | Security Page

Enable the option Site to Zone Assignment List and then enter the site, and the zone you want to assign it to, eg.

http://www.fabrikam.com
1

(1 = Intranet Zone, 2 = Trusted Sites Zone, 3 = Internet Zone, 4 = Restricted Sites Zone)

Solution 2

Add one URL to Intranet Zone and Another Url To trusted Site Zone through GPO Requirement: Add one URL to Intranet Zone and Another Url To trusted Site Zone.

The above requirement can be achieved in three ways. Option 1: Computer Configuration ““> Administrative Tools ““> Windows Components ““> Internet Explorer ““> Internet Control Panel ““> Security Page and then zone assignment list.

This will disable the add/remove buttons. The reason behind this is when you set GPO to manage the IE security page by default all settings (add/remove buttons) get disabled. End users will not be able to add/remove sites/urls in his computer (This is not recommended, coz end users will access different web sites and they will to add may urls in trusted sites)

Option 2: User Configuration>Windows Settings>Internet Explorer Maintenance>Security>Security Zone and Content Ratings>Import The Current Security Zones and Content Ratings> Click On Modify. I do not recommend this.

This will import all the security settings (of Internet Explorer) of from the computer from where you are editing the GPO. In your environment if you have a dedicated machine to edit GPO (The IE settings) , you can follow this step. In this settings end users will be able to add/remove sites to Intranet zone/Trusted zone but with GPO refresh interval all manual entry’s will be wiped out.

Oprion 3: Use a script. Code is Given below 

On Error Resume Next



Const HKEY_CURRENT_USER = &H80000001



strComputer = "."

Set objReg = GetObject("winmgmts:" _

    & "{impersonationLevel=impersonate}\\" & strComputer & _

        "\root\default:StdRegProv")



strKeyPath = "Software\Microsoft\Windows\CurrentVersion\Internet Settings\" _

    & "ZoneMap\Domains\Contoso.com"

objReg.CreateKey HKEY_CURRENT_USER,strKeyPath

strValueName = "http"

dwValue = 2

objReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName,dwValue



strKeyPath = "Software\Microsoft\Windows\CurrentVersion\Internet Settings\" _

    & "ZoneMap\EscDomains\Contoso.com"

objReg.CreateKey HKEY_CURRENT_USER,strKeyPath

strValueName = "http"

dwValue = 2

objReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName,dwValue



strKeyPath = "Software\Microsoft\Windows\CurrentVersion\Internet Settings\" _

    & "ZoneMap\Domains\BenefitsWeb"

objReg.CreateKey HKEY_CURRENT_USER,strKeyPath

strValueName = "*"

dwValue = 1

objReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName,dwValue



strKeyPath = "Software\Microsoft\Windows\CurrentVersion\Internet Settings\" _

    & "ZoneMap\EscDomains\BenefitsWeb"

objReg.CreateKey HKEY_CURRENT_USER,strKeyPath

strValueName = "*"

dwValue = 1

objReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName,dwValue

Put this into user logon script.

http://social.technet.microsoft.com/wiki/contents/articles/add-one-url-to-intranet-zone-and-another-url-to-trusted-site-zone-through-gpo.aspx

Solution 3

I do this with a login script that is attached to a group policy. See this KB for details about how the settings are stored.

Option Explicit

Dim oShell Set oShell =
WScript.CreateObject("WScript.Shell")

' http://support.microsoft.com/kb/182569
Dim sSite, sDValue, sZone, sKey, sZonesPath, aKeys, aKey
sZonesPath="HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"
sSite=0
sDvalue=1
sZone=2
' create key
aKeys = array( _
    array(sZonesPath & "\internet-zone.example.org\","","2"), _
    array(sZonesPath & "\intranet-zone.example.org\","","1") _
)
For Each aKey in aKeys
    ' create key for sSite
    oShell.RegWrite akey(sSite), akey(sDvalue)

    ' add * dword under the site's key and set the sonze
    sKey=akey(sSite) & "*"
    oShell.RegWrite sKey, akey(sZone), "REG_DWORD"
Next

With the group policy preferences you could adjust the registry, see the kb for details. Of course this only works if you have the client side extensions installed on all the machines.

I find that using a script tends to be the most reliable method.

Share:
33,747

Related videos on Youtube

Admin
Author by

Admin

Updated on September 17, 2022

Comments

  • Admin
    Admin over 1 year

    I'm trying to add a specific web server URL into the local Intranet Zone on my client PCs using a Group Policy. Any ideas what policy to apply?

    I can do it via the Internet Explorer Internet Options... GUI dialog and it works great, but I need to push this policy out to a number of PCs.

    Thanks in advance, Dan

  • aeroshock
    aeroshock over 14 years
    Isn't this the proverbial sledgehammer to crack a nut?
  • Zoredache
    Zoredache over 14 years
    Keep in mind that using this policy prevents the user from adding things to zones on their own. Perhaps you may want that in some environments, but if you just want to add something to a zone without removing the users ability to add things themselves you'll probably need to use a script.
  • Zoredache
    Zoredache over 14 years
    I don't think so. I still need to allow people to add things to things on their own.
  • bgmCoder
    bgmCoder over 11 years
    In the GPO configuration panel, at the bottom of the description for this setting, it says, "If you disable or do not configure this policy, users may choose their own site-to-zone assignments." @Zordache, I am wondering if your tests were still positive after a few days?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Configuring group policy to bypass proxy server for local addresses and adding a domain to trusted root certificate authorities
Internet Explorer: How to block executable files (exe/com/pif/scr/bat/ps1) from being 'Run' on download
Windows Server 2012 Missing Internet Explorer Maintenance in Group Policy
Default Search provider in Internet Explorer 8 Via GP?
Changing IE Home Page through GPO?
How to disable autocomplete for passwords in IE8 via GPO?
What URLs must be in IE's Trusted Sites list to allow Windows Update?
Can I deny "Internet Explorer" via GPO and use Google Chrome as a default and the only Browser?
How to unblock the program from the group policy in Android Studio for a Flutter application?
How can I run a local Windows Application and have the output be piped into the Browser