Tuesday, March 05, 2013 10:58 AM
I have enabled trusted sites via policy in Windows Components->IE->Secuirity Page->Site to Zone Assignment List.
When the policy is applied users cannot add their own trusted sites via IE ->Tools->Internet Options ->Secuirty->Select Trusted sites and then click sites
Add and Remove are greyed out. (the same also applied to intranet)
Is there another policy that i need when the above is applied ?
Tuesday, March 05, 2013 11:52 PM
What's the point?
Allowing them to do that also allows them to remove sites from the list. They will do stupid things like add google and facebook to the list.
Once you have established your IE Security Zones policy with GPO... disable user access to the Security tab.... the most common scenario is that users will 'try to fix things' by tweaking with IE's security zone settings... perhaps making one site working but breaking security.
There should be absolutely no reason why a user requires a public site to be listed in the Trusted Sites zone in IE.
The Trusted sites list is commonly used in corporate networks to allow external business partner sites to be at the same (IE Security) integrity as internal Intranet sites.
After IE8 the IETeam removed the Security Zone Icon/button from the Status bar to stop users willy-nilly adding sites to different zones... IE8 and onwards has a security setting to prevent navigation into zones of lower integrity.