Friday, June 29, 2012

Group Policy: Site to Zone Assignment

Adding a URL to an Internet Explorer zone gives you the ability to change the security settings Ineternet Explorer applies to that website. Some websites may require more or les security than what is given through the default Internet Zone.  There are two ways you can add a website to an Internet Explorer zone using Group Policy.  One way is to use policy provided by Microsoft shown below.  A Policy almost always has UI lockout associated with it.  Meaning no user receiving the Site to Zone policy even Admins will be unable to add new sites to IE zones through the UI.  To get around this you could manually add all the sites you need in the different zones and then use Group Policy Preferences Registry Wizard to dig down to where those zone keys are located and have them applied via Preference without the UI lockout.  Below I will demonstrate how most corporations would choose to deploy these sites to zone which is through Policy.

Node: Computer, User
Categorie: Policy
Path: Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page
Setting: Site to Zone Assignment List - Enabled

1) In the Site to Zone Assignment List you can click the Show button and enter in a website under value name.  You have a few options on how to enter a website.  Entering * will set the entire domain into a particular zone.  This will include, and http, https, ftp, or any other protcal for the domain.

Under Value enter a number 1-4 to represent the zone you are placing the site into.

     0 - My Computer
     1 - Local Intranet Zone
     2 - Trusted sites Zone
     3 - Internet Zone
     4 - Restricted Sites Zone


No comments:

Post a Comment