How do I add a URL with a Windows Group Policy into a client's "Local Intranet Zone"?

windows internet-explorer group-policy

You need a policy that applies to Authenticated Users, and in that policy you need to set the following option:

User config | Administrative Templates | Windows Components | Internet Explorer | Internet Control Panel | Security Page

Enable the option Site to Zone Assignment List and then enter the site, and the zone you want to assign it to, eg.

http://www.fabrikam.com
1

(1 = Intranet Zone, 2 = Trusted Sites Zone, 3 = Internet Zone, 4 = Restricted Sites Zone)


Add one URL to Intranet Zone and Another Url To trusted Site Zone through GPO Requirement: Add one URL to Intranet Zone and Another Url To trusted Site Zone.

The above requirement can be achieved in three ways. Option 1: Computer Configuration ““> Administrative Tools ““> Windows Components ““> Internet Explorer ““> Internet Control Panel ““> Security Page and then zone assignment list.

This will disable the add/remove buttons. The reason behind this is when you set GPO to manage the IE security page by default all settings (add/remove buttons) get disabled. End users will not be able to add/remove sites/urls in his computer (This is not recommended, coz end users will access different web sites and they will to add may urls in trusted sites)

Option 2: User Configuration>Windows Settings>Internet Explorer Maintenance>Security>Security Zone and Content Ratings>Import The Current Security Zones and Content Ratings> Click On Modify. I do not recommend this.

This will import all the security settings (of Internet Explorer) of from the computer from where you are editing the GPO. In your environment if you have a dedicated machine to edit GPO (The IE settings) , you can follow this step. In this settings end users will be able to add/remove sites to Intranet zone/Trusted zone but with GPO refresh interval all manual entry’s will be wiped out.

Oprion 3: Use a script. Code is Given below 

On Error Resume Next



Const HKEY_CURRENT_USER = &H80000001



strComputer = "."

Set objReg = GetObject("winmgmts:" _

    & "{impersonationLevel=impersonate}\\" & strComputer & _

        "\root\default:StdRegProv")



strKeyPath = "Software\Microsoft\Windows\CurrentVersion\Internet Settings\" _

    & "ZoneMap\Domains\Contoso.com"

objReg.CreateKey HKEY_CURRENT_USER,strKeyPath

strValueName = "http"

dwValue = 2

objReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName,dwValue



strKeyPath = "Software\Microsoft\Windows\CurrentVersion\Internet Settings\" _

    & "ZoneMap\EscDomains\Contoso.com"

objReg.CreateKey HKEY_CURRENT_USER,strKeyPath

strValueName = "http"

dwValue = 2

objReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName,dwValue



strKeyPath = "Software\Microsoft\Windows\CurrentVersion\Internet Settings\" _

    & "ZoneMap\Domains\BenefitsWeb"

objReg.CreateKey HKEY_CURRENT_USER,strKeyPath

strValueName = "*"

dwValue = 1

objReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName,dwValue



strKeyPath = "Software\Microsoft\Windows\CurrentVersion\Internet Settings\" _

    & "ZoneMap\EscDomains\BenefitsWeb"

objReg.CreateKey HKEY_CURRENT_USER,strKeyPath

strValueName = "*"

dwValue = 1

objReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName,dwValue

Put this into user logon script.

http://social.technet.microsoft.com/wiki/contents/articles/add-one-url-to-intranet-zone-and-another-url-to-trusted-site-zone-through-gpo.aspx


I do this with a login script that is attached to a group policy. See this KB for details about how the settings are stored.

Option Explicit

Dim oShell Set oShell =
WScript.CreateObject("WScript.Shell")

' http://support.microsoft.com/kb/182569
Dim sSite, sDValue, sZone, sKey, sZonesPath, aKeys, aKey
sZonesPath="HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"
sSite=0
sDvalue=1
sZone=2
' create key
aKeys = array( _
    array(sZonesPath & "\internet-zone.example.org\","","2"), _
    array(sZonesPath & "\intranet-zone.example.org\","","1") _
)
For Each aKey in aKeys
    ' create key for sSite
    oShell.RegWrite akey(sSite), akey(sDvalue)

    ' add * dword under the site's key and set the sonze
    sKey=akey(sSite) & "*"
    oShell.RegWrite sKey, akey(sZone), "REG_DWORD"
Next

With the group policy preferences you could adjust the registry, see the kb for details. Of course this only works if you have the client side extensions installed on all the machines.

I find that using a script tends to be the most reliable method.

Related

Logging and Reporting on W2k3 print server printing
How can I use a Linux BIND DNS server for my Active Directory forest?
How to boot quicker?
VPN chaining using openvpn
Yum on Centos 8 - Failed to download metadata for repo 'AppStream'
Repositories for CentOS that don't suck?
Multiple versions of PHP through nginx
SVN - Error Rep Repository UUID 'XXX...' doesn't match expected 'XXX..'
finding the best network latency between two countries
PDF of a sum of exponential random variables [closed]
For $n \in \mathbb{N}$ $\lfloor{\sqrt{n} + \sqrt{n+1}\rfloor} = \lfloor{\sqrt{4n+2}\rfloor}$
Differentiability of a two variable function $f(x,y)=\dfrac{1}{1+x-y}$