none
Adding site to Trusted sites on old system running IE8

    Question

  • My domain controllers are all Server 2012, and unfortunately I have some old XP systems I have to keep due to some legacy software that are running IE8.  Could I use Group Policy to add a site into the Trusted sites in IE8 for all users on the machine somehow?  Or will Server 2012 GPO not work right with XP at this point?  if it won't, any other ideas?
    Tuesday, June 14, 2016 2:04 AM

Answers

  • Hi,
     
    Am 15.06.2016 um 04:35 schrieb Jay Gu:
    > You could also configure IE site mappings with Group Policy Registry
    > Preferences. This will assign sites to IE Security Zones without
    > interfering with the user’s ability to manage their own site lists.
     
    I would never recomand that. Never.
    Doing so, you can disable Protected Mode and UAC aswell, because it does
    not take efect in Intranet and Truted Sites.
    If the user is able to decide himself, if a website is trusted, you do
    not need to implement security ideas, they will all fail.
     
    Thats the reason, why maintaining this list was never implemented in GPP
    IE. They (DesktopStandard baught in 2006) could have easily done it, but
    they didn´t, because of security.
     
    It´s your job as an admin, to maintain this list.
     
    Mark
    --
    Mark Heitbrink - MVP Group Policy - Cloud and Datacenter Management
     
    Homepage:  http://www.gruppenrichtlinien.de - deutsch
     
    Wednesday, June 15, 2016 7:16 AM

All replies

  • Hi
     
    Am 14.06.2016 um 04:04 schrieb RJO22:
    > Could I use Group Policy to add a site into the Trusted
    > sites in IE8 for all users on the machine somehow?
     
    It´s the same policy since IE7:
     
    User or Computer:
    "site to Zone Assignment list"
    .\Administrative Templates\Windows Components\Internet Explorer\Internet
    Control Panel\Security Page\
     
    within the same object: settings are additiv
    if settings in computer and user settings, user settings are ignored.
    (overruled, simply not read ..)
     
    Mark
    --
    Mark Heitbrink - MVP Group Policy - Cloud and Datacenter Management
     
    Homepage:  http://www.gruppenrichtlinien.de - deutsch
     
    Tuesday, June 14, 2016 6:19 AM
  • Hi,

    Thanks for your post.

    You could also configure IE site mappings with Group Policy Registry Preferences. This will assign sites to IE Security Zones without interfering with the user’s ability to manage their own site lists.

    The policy setting is User Configuration>Preferences>Windows Settings>Registry

    For example, if you want to add contoso.com as a trusted site, you need to create the registry below:
     
    Key Path: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\contoso.com
    Value Name: https
    Value Type: REG_DWORD
    Value Data: 2

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, June 15, 2016 2:35 AM
    Moderator
  • Hi,
     
    Am 15.06.2016 um 04:35 schrieb Jay Gu:
    > You could also configure IE site mappings with Group Policy Registry
    > Preferences. This will assign sites to IE Security Zones without
    > interfering with the user’s ability to manage their own site lists.
     
    I would never recomand that. Never.
    Doing so, you can disable Protected Mode and UAC aswell, because it does
    not take efect in Intranet and Truted Sites.
    If the user is able to decide himself, if a website is trusted, you do
    not need to implement security ideas, they will all fail.
     
    Thats the reason, why maintaining this list was never implemented in GPP
    IE. They (DesktopStandard baught in 2006) could have easily done it, but
    they didn´t, because of security.
     
    It´s your job as an admin, to maintain this list.
     
    Mark
    --
    Mark Heitbrink - MVP Group Policy - Cloud and Datacenter Management
     
    Homepage:  http://www.gruppenrichtlinien.de - deutsch
     
    Wednesday, June 15, 2016 7:16 AM