I received a call from a colleague asking if we could add a few intranet sites to each users Trusted Sites list. I said “Sure” that should be easy, send the list of sites.
-
Added the intranet sites to my Internet Options – Trusted Sites
-
Opened the existing GPO for Internet Explorer
-
Navigated to User Configuration –> Preferences –> Windows Settings –> Registry
-
Right Click Registry and chose New –> Registry Wizard
-
Select Local Computer –> Next and Just Chose the Domain or the sites that you added to the Registry location mentioned above.
-
Make sure to tick/check all the values
Hmmm!! Easy!! Yea but not too easy.
Because if I use a group policy for this, users wont be able to add any site to the list. Which might be a great thing from security point but in our environment its just not acceptable.
So I had to think of a different method. While changing the trusted zone settings manually I used Procmon.exe to record changes in registry and and found that the Trusted Zones are saved in the following location
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains
Now I felt better because there are many ways to deploy these settings but I used Group Policy Preferences. Easy and Clean.
That’s it! It will now apply to all users while they have their own list of Trusted Zones.
