none
MDT 2010 - Unattend.xml Trusted sites does not populate the ZoneMap\Domains in Registry to install Win7x64sp1

    Question

  • When using Microsoft Deployment Toolkit one can add trusted sites to the unattend.xml (see below). This adds this to the

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Unattend   and not to the

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains

     

    Can we find out about this behavior – not sure why this would not add to the  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains

     

    - <component name="Microsoft-Windows-IE-InternetExplorer" processorArchitecture="amd64" publicKeyToken="***********" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

      <Home_Page>aww.ecology</Home_Page>

      <IEWelcomeMsg>false</IEWelcomeMsg>

      <CompatibilityViewDomains>aww.ecology</CompatibilityViewDomains>

      <DisableFirstRunWizard>true</DisableFirstRunWizard>

      <ShowLeftAddressToolbar>false</ShowLeftAddressToolbar>

      <TrustedSites>http:\\site.com; http:\\aww.site.com; http:\\aww.site.com; http:\\site.com; http:\\aww.site</TrustedSites>

      <FilterLevel>Medium</FilterLevel>

      <BlockPopups>no</BlockPopups>

      <AllowedSites />

      </component>



    • Edited by kkra461 Friday, October 28, 2011 4:16 PM
    Friday, October 28, 2011 4:10 PM

Answers

  • Hi

    A question why don't you use GPO to do this for you?


    Best Regards Chris Steding MCTS Windows 7 Configuration www.compit.se
    • Marked as answer by kkra461 Friday, November 18, 2011 6:48 PM
    Saturday, October 29, 2011 8:52 AM

All replies

  • Hi

    A question why don't you use GPO to do this for you?


    Best Regards Chris Steding MCTS Windows 7 Configuration www.compit.se
    • Marked as answer by kkra461 Friday, November 18, 2011 6:48 PM
    Saturday, October 29, 2011 8:52 AM
  • The GPO process is not matured here in the sence of the committee's that would oversee and manage the what, when,where and how. So I plan on doing these at the machine level until such time that would pass to such a planning process. So unfortunately my question would still stand. To be honest your reply is the most common one that is out there in the bloggest world on such question. The fact that it gets written to the regestry is good but I do not understand the location that it gets written to and if there is a solution. I can write scripts to load these after the fact, but why have a location in the Windows System Image Manger to enter in the first place????
    Monday, October 31, 2011 3:31 PM
  • Hi KKra461.

    You are 200% right. When someting is not working, MSFT supposed to fix rather than giving workaround.

    BTW, Did you get this fixed?

    I am facing the same issue...

    TIA


    saravanan rajappa

    Tuesday, April 17, 2012 11:32 AM
  • I still use a script to write to the registry. This and other configurations have finally push our organization to pursue using GPO. We are proceding cautiously. My desktop team wanted to see the sites within the users profile and want to be able to add on the fly. The issue still stands as to why it is included in MDT and it does not do what is advertised.
    Tuesday, April 17, 2012 4:20 PM
  • Thank you. I am plnning to open a premier case with the MSFT.

    saravanan rajappa

    Wednesday, April 18, 2012 7:14 AM
  • Wednesday, April 18, 2012 4:10 PM
  • Hi,

    Could you please share your script. MSFT is going to take some more time to get it resolved through RFI.

    TIA


    saravanan rajappa

    Tuesday, April 24, 2012 6:30 AM
  • here is the basis of what I use.  Hope this helps.

    http://blogs.technet.com/b/heyscriptingguy/archive/2005/02/14/how-can-i-add-a-web-site-to-the-trusted-sites-zone.aspx

    The Security zones are stored in the registry path [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]

    Another way you can accomplish this is by adding the trusted site on your local computer and then

    go to the registry and “export” that key and save it as .reg file. Then just run the .reg file.

    Tuesday, April 24, 2012 4:06 PM