Wednesday, May 5, 2010

Add Trusted Sites in Internet Explorer – Keeping users’ existing list

I received a call from a colleague asking if we could add a few intranet sites to each users Trusted Sites list. I said “Sure” that should be easy, send the list of sites.

    Hmmm!! Easy!! Yea but not too easy.

    Because if I use a group policy for this, users wont be able to add any site to the list. Which might be a great thing from security point but in our environment its just not acceptable.

    So I had to think of a different method.  While changing the trusted zone settings manually I used Procmon.exe to record changes in registry and and found that the Trusted Zones are saved in the following location

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains

    Now I felt better because there are many ways to deploy these settings but I used Group Policy Preferences. Easy and Clean.

    1. Added the intranet sites to my Internet Options – Trusted Sites

    2. Opened the existing GPO for Internet Explorer

    3. Navigated to User Configuration –> Preferences –> Windows Settings –> Registry

    4. Right Click Registry and chose New –> Registry Wizard

    5. Select Local Computer –> Next and Just Chose the Domain or the sites that you added to the Registry location mentioned above.

    6. Make sure to tick/check all the values

    That’s it! It will now apply to all users while they have their own list of Trusted Zones.