locked
logon script to add sites to trusted zone RRS feed

Answers

  • http://nefaria.com/2009/10/adding-trusted-sites-for-ie-via-the-registry/

    i followed this guide and was able to add it to the resgistry, but it wont show up in IE trusted sites. After addind i did restart/log off and still nothing.

    This means that the domain GPO has been set to block additions to trusted sites.  This is normal for a domain.  What you are doing is abnormal and useful only for stand alone systems.

    When a domain level policy for IE has beem set then the sites will be locked to what the domain allows.  In many domains no sites are allowed in Trusted sites for most users.  Many of my domains are required to be set this way.  Some have a process where a manager can request a site to be added if they can make a business case for it and IT determines the site meets some basic standards. Companies worry about security alot these days.


    ¯\_(ツ)_/¯


    Friday, May 25, 2012 9:53 PM

All replies

  • Why without GPO?

    Bill

    Friday, May 25, 2012 4:09 PM
  • i have no clue my boss just told me without GPO

    Friday, May 25, 2012 4:22 PM
  • The answer was right in the post. Just build REG file folloing the instructions.  If GP is mangaing sites then this or any other method will fail.  GP takes precedence over all local scripts and changes.

    Create a registry file and execute it during logon. ->

    It seemed you misunderstood  the registry. The following sample shows the entries in a .reg file that are used to add the URL "http://www.msdn.microsoft.com" to the Trusted sites zone.

     

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\microsoft.com]

    @=""

     

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\microsoft.com\www.msdn]

    "http"=dword:00000002


    ¯\_(ツ)_/¯

    Friday, May 25, 2012 4:25 PM
  • im sorry but i have no idea how to create a reg file. Do i just add the extension .reg? Any guides i can be pointed to? Thanks for the help by the way
    Friday, May 25, 2012 4:35 PM
  • im sorry but i have no idea how to create a reg file. Do i just add the extension .reg? Any guides i can be pointed to? Thanks for the help by the way

    The link to the instructions is in the other thread.

    This is not a scripting issue.  It is a basic Windows management issue.


    ¯\_(ツ)_/¯

    Friday, May 25, 2012 4:49 PM
  • http://nefaria.com/2009/10/adding-trusted-sites-for-ie-via-the-registry/

    i followed this guide and was able to add it to the resgistry, but it wont show up in IE trusted sites. After addind i did restart/log off and still nothing.

    Friday, May 25, 2012 8:24 PM
  • Hi,

    This is not the recommended way of doing this, as the registry format for how these are stored may change in future versions of Internet Explorer and/or the Windows OS. This is the reason for the setting in Group Policy, which is the officially supported way of making these changes.

    Bill

    • Proposed as answer by Bill_Stewart Friday, May 25, 2012 9:15 PM
    Friday, May 25, 2012 8:34 PM
  • So do yo have any other suggestions or am i just following a dead end?

    Friday, May 25, 2012 8:36 PM
  • My advice would be not to pursue trying to do this via the registry and just use the supported method (GPO).

    Bill

    Friday, May 25, 2012 8:47 PM
  • Thanks for the help and the quick replies, unforunately my boss doesnt want to use GPO.
    Friday, May 25, 2012 8:53 PM
  • http://nefaria.com/2009/10/adding-trusted-sites-for-ie-via-the-registry/

    i followed this guide and was able to add it to the resgistry, but it wont show up in IE trusted sites. After addind i did restart/log off and still nothing.

    This means that the domain GPO has been set to block additions to trusted sites.  This is normal for a domain.  What you are doing is abnormal and useful only for stand alone systems.

    When a domain level policy for IE has beem set then the sites will be locked to what the domain allows.  In many domains no sites are allowed in Trusted sites for most users.  Many of my domains are required to be set this way.  Some have a process where a manager can request a site to be added if they can make a business case for it and IT determines the site meets some basic standards. Companies worry about security alot these days.


    ¯\_(ツ)_/¯


    Friday, May 25, 2012 9:53 PM
  • I realize this is a old thread. However, I may I add that one reason not to use GPO would be because once you do that, users will no longer be able to manually add sites to the Trusted Sites. This is really restrictive to users since different users would be browsing different sites.

    Thursday, July 11, 2013 9:16 PM
  • I realize this is a old thread. However, I may I add that one reason not to use GPO would be because once you do that, users will no longer be able to manually add sites to the Trusted Sites. This is really restrictive to users since different users would be browsing different sites.

    And that is the whole point of enforcing this with a GPO. We do not want users to lower the shields without corporate approval.  In more sophisticated realms we also control this at the firewall.  Only corporate certified sites are allowed through the firewall.  You will likely find this at all banks, financial institutions and government offices.


    ¯\_(ツ)_/¯

    Thursday, July 11, 2013 10:08 PM