none
Managing Trusted Sites through Group Policy Preferences

    Question

  • Hi

    I am looking for a way to manage Trusted sites. I have tried adding them through GP Preferences but can quit get it to work. I have added the sites I need, to Trusted Sites, on the server I am managing group policies from, and tried to import them following the link I found. But the registry keys on the server, running Server 2008, isn't shown as they are in link.

    http://www.energizedtech.com/2009/07/managing-trusted-zones-with-gr.html

    Any ideas?


    /Lasse
    Wednesday, April 28, 2010 6:27 AM

Answers

All replies

  • I have seen problems adding trusted sites this way a couple of times, where the actual values with the URLs do not get added when you add a registry hive in the GPP console. In the GPO, do you see everything that you should see?

    You could also manage the trusted sites using Policies instead of Preferences, with the difference that when using policies the option to add sites to trusted sites will be greaed out for the users. This setting can be found in Computer (or User) configuration > Windows components > Internet Explorer > Internet Control panel >  Security page and then mapping URL:s to zones using "Site to zone assignment list".

     


    Blogging about Windows for IT pros at www.theexperienceblog.com
    Wednesday, April 28, 2010 6:52 AM
  • Hi Andreas

    I have seen the other option to control the Trusted Sites through Policies, but I am not interested in removing the users option to add sites to Trusted Sites.

    The registry key that the link refers to is missing when I try to run the Registry Wizard in the GPO, but this is done on our Server 2008.

    I will try to add the registry keys manually through GPP.


    /Lasse
    Wednesday, April 28, 2010 8:41 AM
  • Unfortulatly you cannot manage the trusted sites list via Group Policy Preferences...

    But here is link to a step by step post i have dont explaining how to manager security zones in IE using Native group policies... http://www.grouppolicy.biz/2010/03/how-to-use-group-policy-to-configure-internet-explorer-security-zone-sites/

    Hope it helps.

     


    Alan Burchill (MVP)
    http://www.grouppolicy.biz
    Wednesday, April 28, 2010 10:45 AM
  • Hi Andreas

    I have seen the other option to control the Trusted Sites through Policies, but I am not interested in removing the users option to add sites to Trusted Sites.

    The registry key that the link refers to is missing when I try to run the Registry Wizard in the GPO, but this is done on our Server 2008.

    I will try to add the registry keys manually through GPP.


    /Lasse


    I suspected that using regular policies was not an option but I thought I'd highlight it if you wasn't aware of it.

    In a worst case you need to add the registry values manually in the Preference > Registry section.


    Blogging about Windows for IT pros at www.theexperienceblog.com
    Wednesday, April 28, 2010 11:08 AM
  • Hi Alan

    First, congratulation :-)

    If I add the registry keys manually through GP Preferences, shouldn't that work?


    /Lasse
    Wednesday, April 28, 2010 11:39 AM
  • Doing it the manual , if everything is correct will work with 100% certainty.
    Blogging about Windows for IT pros at www.theexperienceblog.com
    Thursday, April 29, 2010 8:36 AM
  • Hi Andreas

    I just tried tried doing it manually and it works perfectly.


    /Lasse
    • Proposed as answer by DT_Freerider Thursday, November 10, 2011 6:06 PM
    Monday, May 03, 2010 7:26 AM
  • I know this thread is old but i have an answer to adding registry key values and options using GPO preferences. This may help others out there.

    I've chosen to add microsoft.com as the test preference in this example.

    1. First off create the registry entries manually, as shown below, on a reference machine. I've done this on the local machine where i need the keys to be added for all users. NOTE: The reference machine does not need to be where the keys have to be located.

    Manual Creation Steps:

         a. launch regedit and go to: hkcu/software/microsoft/windows/currentversion/internet settings/zonemap/domains/

         b.create a new key called microsoft.com. In the new key create a reg_dword(32) value called * and change the data to 2 hex.

         c. repeat for any other domains the need to be trusted

    2.  launch group policy management (again i did this from the machine where i need the keys but it is not required)

    3. go to your GPO and select edit.

    4. go to user preferences / windows settings / registry

    5. right click registry / new / registry wizard

    6. select local computer if you are on the computer where you created the reg entries and are running the GPO management gui. Otherwise choose another computer and select the reference machine from step 1.

    7. the wizard will guide you through choosing the required entries, check off all required items. These entries are the ones created in step 1.

    Location: hkcu/software/microsoft/windows/currentversion/internet settings/zonemap/domains/<your domain>/<options>

    8. Click Finish

    9. You can then go back to this GPO preference and select its properties and utilize client side targeting if only certain AD groups need the values.

    10. perform a replication to all DC's then a GP update /force on the machines in question; you will be asked to log out for the preferences to take. (or reboot)

     

    This has been tested and works.

     

    ~:)

    DT

    Thursday, November 10, 2011 7:09 PM
  • Hi, everybody.

    Trying to create the GPO with the registry setting as per DT_Freerider, but for some reason when attempting to select the registry key with the Registry Wizard, the domains key is not shown.  If I open regedit, the domains key does show up. It's only with the GPO Edit + Registry Wizard that it doesn't show up.  Any clues?

    I'm positive I'm using the same box for picking up the key than the one I used for creating it.

    Thanks,

    Mario

    Monday, February 18, 2013 9:12 PM
  • Hi Mario

    I haven't had much success creating registry settings through the wizard, I have always created them manually, and it normally works fine.

    I have had the same experience as you, I browse a remote computer it doesn't necessarily show all the settings.


    /Lasse

    Monday, March 04, 2013 9:54 AM