none
Adding Sites in Trusted Sites

    Question

  • Hi All,

    I have domain controller on Windows Server 2012 R2 and in group policy i want to add some sites as INTRANET but adding site option is disable in group policy editor (see below Scree shot)

    How can i add sites at group policy level as i add manually on each system ?

    Monday, December 26, 2016 5:37 AM

Answers

  • The correct step is this way: User Configuration > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page

    Site to Zone Assignment List” , click “Enable” and edit the list.

    Add the site and the number two for Trusted Site. (1 = Intranet, 2 = trusted sites, 3 = Internet Zone and 4 = Restricted Site Zone.

    To have a list like that (2 is for trusted site)

    *.hotmail.com 2

    *.outlook.com 2

    *.bing.com 2

    The PRO of that method:

    – It standardizes all domain-joined computers as they will use the same list for everyone.

    – It blocks users from entering new trusted sites. Though this can be a con for small offices or for Power Users wanting more autonomy.

    The CON of this method:

    – It block user for entering new trusted sites. This can be considered a PRO in big offices, as the list is standardized by the IT’s team.

    After performing these steps, if your users receive this warning “The current webpage is trying to open a site on your intranet. Do you want to allow this?” when they navigate from the Internet Zone to the Trusted zone. You can tweak the behaviour with a simple registry key with the Windows preference.

    HKEY_LOCAL_MACHINE \SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2

    Value Name: 2101 Value Type: REG_DWORD Value: 0x0 (0)

    Regards, Nidhin.CK

    • Marked as answer by Osama-Mansoor Monday, January 2, 2017 5:40 AM
    Tuesday, December 27, 2016 11:32 AM

All replies

  • Hi
     
    Am 26.12.2016 um 06:37 schrieb Osama-Mansoor:
    > [..] but adding site option is disable in group policy editor
     
    It´s always disabled and can not be enabled in GPP, for security reasons.
     
    Site definitions can only be done by Administrative Templates ("Site to
    Zone Assignment List") or directly be editing the registry with GPP
    Registry.
     
    Mark
    --
    Mark Heitbrink - MVP Group Policy - Cloud and Datacenter Management
     
    Homepage:  http://www.gruppenrichtlinien.de - deutsch
     
    Monday, December 26, 2016 12:45 PM
  • I just add entries on "Zone Assignment List" but i does not reflect on client computer.

    Please see below client screen shot.

    Tuesday, December 27, 2016 11:03 AM
  • The correct step is this way: User Configuration > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page

    Site to Zone Assignment List” , click “Enable” and edit the list.

    Add the site and the number two for Trusted Site. (1 = Intranet, 2 = trusted sites, 3 = Internet Zone and 4 = Restricted Site Zone.

    To have a list like that (2 is for trusted site)

    *.hotmail.com 2

    *.outlook.com 2

    *.bing.com 2

    The PRO of that method:

    – It standardizes all domain-joined computers as they will use the same list for everyone.

    – It blocks users from entering new trusted sites. Though this can be a con for small offices or for Power Users wanting more autonomy.

    The CON of this method:

    – It block user for entering new trusted sites. This can be considered a PRO in big offices, as the list is standardized by the IT’s team.

    After performing these steps, if your users receive this warning “The current webpage is trying to open a site on your intranet. Do you want to allow this?” when they navigate from the Internet Zone to the Trusted zone. You can tweak the behaviour with a simple registry key with the Windows preference.

    HKEY_LOCAL_MACHINE \SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2

    Value Name: 2101 Value Type: REG_DWORD Value: 0x0 (0)

    Regards, Nidhin.CK

    • Marked as answer by Osama-Mansoor Monday, January 2, 2017 5:40 AM
    Tuesday, December 27, 2016 11:32 AM
  • Hi,
     
    Am 27.12.2016 um 12:03 schrieb Osama-Mansoor:
    > I just add entries on "Zone Assignment List" but i does not reflect on
    > client computer.
     
    because YOUR-IP\Something is not a valid URL. "YOUR-IP" is, but not
    \something.
     
    Mark
    --
    Mark Heitbrink - MVP Group Policy - Cloud and Datacenter Management
     
    Homepage:  http://www.gruppenrichtlinien.de - deutsch
     
    Tuesday, December 27, 2016 4:23 PM
  • > because YOUR-IP\Something is not a valid URL. "YOUR-IP" is, but not
    > \something.
     
     
    Wednesday, December 28, 2016 10:07 AM