none
Why can't we set the Privacy tab or Trusted Sites through GPP?

    Question

  • The privacy tab and Trusted Sites button are greyed out in Group Policy Preferences > Internet Settings.  Why is this?

    Barring IE Maintenance, which we do not want to use, the only way to set Trusted Sites are through Administrative Templates and there doesn't seem to be a way to set Privacy at all.

    Tuesday, May 5, 2015 3:34 PM

Answers

  • Hi,

    The original way to set the trust sites in the GPP doesn't work anymore.

    But if you'd like to manage them with GPP you can try below steps:

    Create a new Group Policy Object and browse to User Configuration -> Preferences -> Windows Settings and Registry. Right click and choose new Registry Item. This is where you’re configure the sites, you will need 1 registry item per site.

    This method will allow you to deploy Security Zone sites, whilst allowing the end user to modify the zones by adding or removing sites. If a user removes one of the sites deployed via this method, it will be re-added on the next Group Policy refresh.

    You can check the below link for more details:

    http://blog.thesysadmins.co.uk/group-policy-internet-explorer-security-zones.html

    Best Regards,

    Elaine


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Thursday, May 14, 2015 6:44 AM
    Moderator

All replies

  • Hi,

    Thanks for posting here, would you please let us know your domain controller's OS version?

    And also can I know which IE version you try to configure?

    Looking forward to your reply.

    Best Regards,

    Elaine


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, May 7, 2015 3:09 AM
    Moderator
  • Our DC's are all WinServer 2008 R2.

    I'm asking about IE versions 8 through 11.

    Thursday, May 7, 2015 2:07 PM
  • Hi,

    Since windows server 2008R2, there were some updates on the Internet explorer Maintenance.Now you can try to add your trust sites as following steps:

    User Configuration > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page

    “Site to Zone Assignment List” , click “Enable” and edit the list.

    Add the site and the number two for Trusted Site. (1 = Intranet, 2 = trusted sites, 3 = Internet Zone and 4 = Restricted Site Zone.

    To have a list like that (2 is for trusted site)

    *.hotmail.com 2

    *.outlook.com 2

    Also you can follow below link for more reference:

    http://blogs.msdn.com/b/microsoft_press/archive/2014/04/14/from-the-mvps-setting-internet-explorer-trusted-site-settings-via-group-policy-object-in-windows-server-2012-r2.aspx

    Hope it helps.

    Best Regards,

    Elaine


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, May 11, 2015 8:03 AM
    Moderator
  • I'm aware we can do it through Administrative Templates, but that deletes the user's current trusted sites and blocks them from adding new ones.  Also, what about privacy settings?

    I'm asking specifically why you can't do this through GPO preferences, as they are greyed out for an unknown reason.

    Monday, May 11, 2015 1:55 PM
  • Hi,

    The original way to set the trust sites in the GPP doesn't work anymore.

    But if you'd like to manage them with GPP you can try below steps:

    Create a new Group Policy Object and browse to User Configuration -> Preferences -> Windows Settings and Registry. Right click and choose new Registry Item. This is where you’re configure the sites, you will need 1 registry item per site.

    This method will allow you to deploy Security Zone sites, whilst allowing the end user to modify the zones by adding or removing sites. If a user removes one of the sites deployed via this method, it will be re-added on the next Group Policy refresh.

    You can check the below link for more details:

    http://blog.thesysadmins.co.uk/group-policy-internet-explorer-security-zones.html

    Best Regards,

    Elaine


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Thursday, May 14, 2015 6:44 AM
    Moderator