How do I add a URL with a Windows Group Policy into a client's "Local Intranet Zone"?
You need a policy that applies to Authenticated Users, and in that policy you need to set the following option:
User config | Administrative Templates | Windows Components | Internet Explorer | Internet Control Panel | Security Page
Enable the option Site to Zone Assignment List and then enter the site, and the zone you want to assign it to, eg.
http://www.fabrikam.com
1
(1 = Intranet Zone, 2 = Trusted Sites Zone, 3 = Internet Zone, 4 = Restricted Sites Zone)
Add one URL to Intranet Zone and Another Url To trusted Site Zone through GPO Requirement: Add one URL to Intranet Zone and Another Url To trusted Site Zone.
The above requirement can be achieved in three ways. Option 1: Computer Configuration ““> Administrative Tools ““> Windows Components ““> Internet Explorer ““> Internet Control Panel ““> Security Page and then zone assignment list.
This will disable the add/remove buttons. The reason behind this is when you set GPO to manage the IE security page by default all settings (add/remove buttons) get disabled. End users will not be able to add/remove sites/urls in his computer (This is not recommended, coz end users will access different web sites and they will to add may urls in trusted sites)
Option 2: User Configuration>Windows Settings>Internet Explorer Maintenance>Security>Security Zone and Content Ratings>Import The Current Security Zones and Content Ratings> Click On Modify. I do not recommend this.
This will import all the security settings (of Internet Explorer) of from the computer from where you are editing the GPO. In your environment if you have a dedicated machine to edit GPO (The IE settings) , you can follow this step. In this settings end users will be able to add/remove sites to Intranet zone/Trusted zone but with GPO refresh interval all manual entry’s will be wiped out.
Oprion 3: Use a script. Code is Given below
On Error Resume Next
Const HKEY_CURRENT_USER = &H80000001
strComputer = "."
Set objReg = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}\\" & strComputer & _
"\root\default:StdRegProv")
strKeyPath = "Software\Microsoft\Windows\CurrentVersion\Internet Settings\" _
& "ZoneMap\Domains\Contoso.com"
objReg.CreateKey HKEY_CURRENT_USER,strKeyPath
strValueName = "http"
dwValue = 2
objReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName,dwValue
strKeyPath = "Software\Microsoft\Windows\CurrentVersion\Internet Settings\" _
& "ZoneMap\EscDomains\Contoso.com"
objReg.CreateKey HKEY_CURRENT_USER,strKeyPath
strValueName = "http"
dwValue = 2
objReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName,dwValue
strKeyPath = "Software\Microsoft\Windows\CurrentVersion\Internet Settings\" _
& "ZoneMap\Domains\BenefitsWeb"
objReg.CreateKey HKEY_CURRENT_USER,strKeyPath
strValueName = "*"
dwValue = 1
objReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName,dwValue
strKeyPath = "Software\Microsoft\Windows\CurrentVersion\Internet Settings\" _
& "ZoneMap\EscDomains\BenefitsWeb"
objReg.CreateKey HKEY_CURRENT_USER,strKeyPath
strValueName = "*"
dwValue = 1
objReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName,dwValue
Put this into user logon script.
http://social.technet.microsoft.com/wiki/contents/articles/add-one-url-to-intranet-zone-and-another-url-to-trusted-site-zone-through-gpo.aspx
I do this with a login script that is attached to a group policy. See this KB for details about how the settings are stored.
Option Explicit
Dim oShell Set oShell =
WScript.CreateObject("WScript.Shell")
' http://support.microsoft.com/kb/182569
Dim sSite, sDValue, sZone, sKey, sZonesPath, aKeys, aKey
sZonesPath="HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"
sSite=0
sDvalue=1
sZone=2
' create key
aKeys = array( _
array(sZonesPath & "\internet-zone.example.org\","","2"), _
array(sZonesPath & "\intranet-zone.example.org\","","1") _
)
For Each aKey in aKeys
' create key for sSite
oShell.RegWrite akey(sSite), akey(sDvalue)
' add * dword under the site's key and set the sonze
sKey=akey(sSite) & "*"
oShell.RegWrite sKey, akey(sZone), "REG_DWORD"
Next
With the group policy preferences you could adjust the registry, see the kb for details. Of course this only works if you have the client side extensions installed on all the machines.
I find that using a script tends to be the most reliable method.