I love working with Active Directory on my Windows network because it makes my life so much easier. Active Directory is the directory service used on Windows based networks to administer large groups of computers easily. You use Active Directory to push
out group policies.
Group policy is the magic behind Active Directory. Group policies are rules that either allow or deny – well pretty much anything on a machine. As a network administrator I get to use group policy to push out rules and regulations to my networked computers.
These rules can tell the machine what applications are allowed to run, or in this case what sites are “trusted” in Internet Explorer.
Today I will show you how to add trusted sites to Internet Explorer using the group policy, without ever visiting the actual desktops. If you are new to group policy don’t worry, I will make this as easy and pain free as possible. If you do not know what
the benefits of group policy are, let me give you an example. I have 278 computers on my network. I can either walk to each of them manually and add a trusted site list or I can push it out to all of them in one quick swoop.
For those of you who already know group policy I am sure you can just take a look at the screenshots below to find what you need.
You can open your Active Directory users and computers’ control panel by navigating to it on your Start menu by going to
Program Files ““> Administrative Tools ““> Active Directory Users and Computers.
That will open a console that looks something like this:
If you want the policy to apply to your entire domain, right click at the top of the console. The domain is specified by three computers. If you want to apply the policy to another group or organizational unit right click on that instead. I will be using
the organizational unit called editors. Choose properties from the context menu and then you will see the screen below:
Click on the Group Policy tab and then click the Open button. This will take us into the wonderful world of group policy. This is called the group policy management tool. The organizational unit will already be highlighted. Right click on
it and choose Create And Link A GPO Here.
That will take us to the place where we can name the policy. Name it something that will make it easily identifiable. I chose
AddTrustedSites for mine. Then click OK.
You have just created your policy. Now we need to define the settings that we want to trickle down to our clients. Locate your policy in the right pane and right click on it. Choose
Edit to get started.
Now we need to drill down to the settings that we want to set. We need to go to the Computer Configuration ““> Administrative Tools ““> Windows Components ““> Internet Explorer ““> Internet Control Panel ““> Security Page and then double click to the
zone assignment list in the right pane as you can see below.
After you double click on site to the zone assignment list you will see a window to enable the settings and configure it. Click
enabled. Then click show. On the show contents screen click
By clicking add we can add URLs and specify what zone we want them to be placed in like so:
The number 2 denotes the number of the zone. In this case it is the trusted zone. Microsoft breaks down the settings as follows:
After clicking OK you can wait for your default refresh of Group Policy which is 15 minutes by default or you can run
gpupdate.exe from any workstation to see if it worked. You can also restart the workstations to force the update.
Content taken from
Disadvantage: If you add the URLs like above way end users are not able add the trusted sites. To avoid that issue you can use
You have to modify the VBS/ADM as per your requirement.
This not work for:
-DC on 2003R2 and WIndows Terminal 2008R2 users