GPO for IE Trusted Sites, plus preserve users' existing trusted si

Discussion in 'Active Directory' started by TimS, Nov 15, 2005.

  1. TimS

    TimS Guest

    Is there a way I can use a GPO to add a web site to users' 'Trusted Sites'
    zone, and at the same time preserve any sites they may have added on their
    own to the zone?
     
    TimS, Nov 15, 2005
    #1
    1. Advertisements

  2. Assuming you can even update the trusted sites, I would imagine it is a
    replace as opposed to a merge. I don't know how you can merge data into
    what is already there.

    Cross-posting to the GPO group for additional insight.

    --
    Paul Williams
    Microsoft MVP - Windows Server - Directory Services
    http://www.msresource.net | http://forums.msresource.net


    Is there a way I can use a GPO to add a web site to users' 'Trusted Sites'
    zone, and at the same time preserve any sites they may have added on their
    own to the zone?
     
    Paul Williams [MVP], Nov 16, 2005
    #2
    1. Advertisements

  3. TimS

    Irv Guest

    You can do this with Group Policy and I don't think it will replace any
    existing entries.
    Depending on whether you have set your IE settings to be PC or User based
    open up the Computer or User part of your GPO.

    Navigate to -:
    Administrative Templates\Windows components\Internet Explorer\Internet
    Control Panel\Security Page.

    In there is a "Site to zone assignment list" setting. You add the site here
    with a value depending on which zone it needs to go into -:

    1 = Intranet
    2 = Trusted
    3 = Internet
    4 = Restricted

    Therefore in the dialog box to add http:\\www.acme.com to the trusted sites
    list you would add the URL with a value of 2

    This will work for XP SP2. If not XP SP2 then you need to go to
    Windows Settings\Internet Explorer Maintenance\Security\Security Zones and
    Content Ratings (haven't done this one myself)

    Cheers,

    Irv
     
    Irv, Nov 16, 2005
    #3
  4. TimS

    TimS Guest

    Thanks for the responses. I am not sure I understand what you mean when you
    say 'Depending on whether you have set your IE settings to be PC or User
    based' - is this an either-or option? Is there something in IE itself to
    select this option?
    Thanks
     
    TimS, Nov 16, 2005
    #4
  5. TimS

    Irv Guest

    In your desktop GPO navigate to

    Computer Configuration\Administrative Templates\Windows components\Internet
    Explorer

    There is a setting called "Security Zones: Use only machine settings"

    If this is enabled then set up the trusted site as described below in the
    Computer config part of the GPO. Otherwise use the User Config

    HTH

    Irv
     
    Irv, Nov 16, 2005
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.