none
Site to Zone Assignment List RRS feed

  • Question

  • Hi,

    I've been reading numerous blogs and post about adding sites to local intranet or trusted sites, but none is working.
    Use created a custom policy:

    Name: SiteToZoneAssignmentList

    OMA-URI: ./User/Vendor/MSFT/Policy/Config/InternetExplorer/AllowSiteToZoneAssignmentList

    Value: <enabled/><data id="IZ_ZonemapPrompt" value="https://*.somesite.com&#xF000;2"/>

    They appear in the registry, but not in IE.
    Can't find the setting that would open the sites to users, so they can add them if they like.

    Anyone got a working solutions?

    Wednesday, May 20, 2020 6:23 AM

Answers

  • You need to be careful when you copy and paste the values.

    This is what I have and it works for me in IE:

    OMA-URI:

    ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/AllowSiteToZoneAssignmentList

    Value:

    <Enabled/>
    <Data id="IZ_ZonemapPrompt" value="https://test.domain.com&#xF000;1"/>

    • Marked as answer by Dennis-MX Monday, May 25, 2020 9:22 AM
    Wednesday, May 20, 2020 10:44 PM

All replies

  • You need to be careful when you copy and paste the values.

    This is what I have and it works for me in IE:

    OMA-URI:

    ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/AllowSiteToZoneAssignmentList

    Value:

    <Enabled/>
    <Data id="IZ_ZonemapPrompt" value="https://test.domain.com&#xF000;1"/>

    • Marked as answer by Dennis-MX Monday, May 25, 2020 9:22 AM
    Wednesday, May 20, 2020 10:44 PM
  • This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see Understanding ADMX-backed policies.

    You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to Enabling a policy.

    The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see CDATA Sections.

    Reference: https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-internetexplorer#internetexplorer-allowsitetozoneassignmentlist

    Also, when configuring this setting through the Policy CSP the entries in the list elements must be separated with the following Unicode character: 0xF000 (encoded version: &#xF000;). Another important thing is that the Policy CSP is expecting the values in ‘decoded’ XML. When working with Intune as MDM solution, Intune will take care of the encoding and decoding of XML. Through Intune you can provide ‘encoded’ XML and Intune will present this as ‘decoded’ XML to the Policy CSP. Here is an example for this scenario:

    https://www.vroege.biz/?p=3139

    Best regards,

    Cici


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, May 21, 2020 2:40 AM
  • Will give it another try today.

    When i want to add a domain including all subdomains I see people using https://*.domain.com (which is what seems most obvious), but also some people say https://domain.com

    I've assigned it to my user, is it ok to just sync and stop and start IE? or do i need to logg off and sign in?

    Monday, May 25, 2020 7:41 AM
  • I've done this a couple of times, but now suddenly it works.
    Monday, May 25, 2020 9:22 AM