Thursday, April 14, 2011

Keeping and Updating trusted sites in Internet Explorer

At Windows Server domain environments, we can assign the trusted sites in Internet Explorer by Group Policy.

1. At "Group Policy Management Editor", expand "User Configuration > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page".
2. At right pane, double-click "Site to Zone Assignment List".
3. Select "Enabled".
4. Click "Show".

Figure 1: Trusted sites list

5. Next to "Value name", type "*.microsoft.com".
6. Next to "Value", type "2".

Value number reference:
1. Local intranet
2. Trusted Sites
4. Restricted Sites

7. Click "OK".
8. Close "Group Policy Management Editor".
9. Update the Group Policy in the domain workstations.


Test result
1. At domain workstation, launch "Internet Explorer".
2. On the menu, click "Tools > Internet Options".
3. Select "Security" tab.
4. Select "Trusted sites", click "Sites".


Figure 2: Internet Explorer trusted sites

As a result, the web site is  assigned to the trusted sites, but users can't add or remove other trusted site.

I will show you another method to assign web site in Internet Explorer trusted sites.

Prerequisites
The domain controller is using Windows Server 2008 or above.

Assuming "www.microsoft.com" will be assigned to trusted site.
1. At "Group Policy Management Editor", expand "User Configuration > Preferences Windows Settings > Registry".
2. Right-click "Registry", select "New > Registry Item".
3. Next to "Action", select "Update".
4. Next to "Hive", select "HKEY_CURRENT_USER".
5. Next to "Key Path", type "Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoft.com\www
6. Next to "Value name", type "*".
7. Next to "Value type", select "REG_DWORD".
8. Next to "Value data", type "2".

Figure 3: Registry key settings

Remark: If you want to trust "microsoft.com" domain, you don't have to type "www" in key path.

"Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoft.com

9. Click "OK".
10. Close "Group Policy Management Editor".


Test result
1. At domain workstation, launch "Internet Explorer".
2. On the menu, click "Tools > Internet Options".
3. Select "Security" tab.
4. Select "Trusted sites", click "Sites".

Figure 4: Internet Explorer trusted sites

As a result, the web site is assigned to the trusted sites, and users can add or remove other trusted site.

This posting is provided “AS IS” with no warranties, and confers no rights!
Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)