GPO for adding site to Trusted Sites Zone in Internet Explorer

 Hello, 


Today even when almost nobody uses Internet Explorer, there is someone who is still using it... yes, and you know who is it... Its Your Operating system!! Windows 10 and many applicatinos still uses Internet Explorer for managing security and other settings.

I need to add some sites to the Trusted Zone, for an internal project, so in your Enterprise environment the most easy way to doing it is using GPO, but be careful. There are many ways of doing it, and even you can overwritte the complete zone list, or wipe it.

I like this method because it only add sites, it doesn't delete anything and even allow your users still modify the zone. It's fine for some environments.



As I always recommend, please Create a new GPO for each kind of setting you are modifying. Please do not add your settings into the defaults GPO, or a previous one. The best practice is always managing different GPOs for differnent settings. In this case, You should name this one as "Trusted zone Sites"

Navigate to User Configuration\Preferences\Windows Settings\Registry

Yes... we are going to use the registry to add some sites to the Trust Zone.


Create a new registry Item as "Update"
Hive is Current User and for Key Path use the following:

SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\example.com\mydearwebsite\

Please pay attention to the marked text. Here you should write your site. In this example, I am adding the site https://mydearwebsite.example.com to the zone. As you see, the order is inverted.

In value name put https or http, depending on your site.

The base kind is "Decimal", Value type is REG_DWORD and Value Data it's 2 for Trusted Zone.




After adding, if you need to add more sites, just Copy-Paste the Registry setting, and just change the Key Path for each one.

For checking results, wait fot the GPO to be applied in your environment, or just execute in a test machine the "gpupdate /force" command.


Just check on your Internet Explorer, and you will find the new site in the list of trusted sites.

You can use this same method for adding sites in different zones.

Just change the Value Data form 2, to other values, in this table:

Value  Setting

------------------------------

0      My Computer

1      Local Intranet Zone

2      Trusted sites Zone

3      Internet Zone

4      Restricted Sites Zon

Microsoft Official Reference:

IE security zones registry entries for advanced users - Browsers | Microsoft Docs

Have a nice Day/night


Comments

Post a Comment

Popular posts from this blog

Update DNS static servers in your local Network

Image
 lets say you need to update your DNS servers, maybe you installed a new Domain Controller in your network. So probably the last step is update in each computer the primary and secondary DNS server. It's sad, but in GPO, you will not find an effective way of doing this for windows10 Instead, you can use this script. $inet1=Get-DnsClient  | Get-DnsClientServerAddress | where{$_.ServerAddresses -contains "192.168.0.245" -or $_.ServerAddresses -contains "192.168.0.207"} foreach($nic in $inet1){     Set-DnsClientServerAddress -InterfaceIndex $nic.InterfaceIndex -ServerAddresses ("192.168.0.245","192.168.0.114") } You can change the old IPs (192.168.0.245 and 192.168.0.207) for new IPs. then, save the file as ChangeDNS.ps1 file in your network Share. Create a New GPO and configure the Schedule Tasks for the Computer node. Configure the task as Immediate Task. Set the user account as SYSTEM. It will automatically convert into NT Authority\system. S
Read more

Error 'General access denied error' (0x80070005). Starting SCVMM Resource

Image
 Hello,  After a VMM migration and disk migration I faced this issue. I was unable to start a VM. So if you check on Failover Cluster Manager, you should find this information under "roles". If you check information, it says you should get more information from the "Information Details" windows. This example error says about an Access denied error, so this should be related to permisions. In fact, I did a change on my VMs disk, that is probably the cause on my case.  For resolving I recommend, checking on permissions on the disks of your VM, and if possible, use a tool to copy/paste the correct permissions. Luckly in my case, I do have another disk with the correct permissions, so I used icacls to backup and restore the correct permissions. icacls VM1_mydisk.vhdx /save backup.txt then, you should open the backup.txt file and change the name of the file, to match the destination. then restore using: icacls C:\ClusterStorage\Volume3\VM1 /restore backup.txt After doing
Read more

Powershell Scritp for Inventory VMS in Hyper-V and VMware

Image
 Today I have to create a list of VMS, but with specific information. Usually you will like some basic info from your virtual machines, including, name, amoutn of CPU, RAM and Disk Usage. Seems simple, but the true is a nightmare. The issue is about the Disk usage. When your VMs has only one disk is easy, but what about a machine with 4 disks? What if these disk are thin provisioning and you need to sum the space? Well... here you will learn how, and using simple lines. Get a List of VMS from Virtual Machine Manager If using VMM you can use this method, this will allow a complete list of all hosts and VMS in your environment. #This get the list of all VMs $vms = Get-VM -All #this generate a report including, name, host, status, cpu, ram and disk usage $Report = $vms | select name, vmhost, status, CPUcount, MemoryAssignedMB, @{Name="DiskAllocated";Expression={[math]::round($_.TotalSize/1024/1024/1024,2)}} #this export the report as CSV. Now you can take this to Excel. $Report
Read more