Share via


How to add web sites to “Trusted Sites” via GPO from DC installed IE10 or higher IE version

Background

I have concluded four methods on “How to add trust sites into IE before IE10” as mentioned in below reference:

https://blogs.msdn.com/b/asiatech/archive/2013/01/04/how-to-add-trust-sites-into-ie-before-ie10-through-group-policy.aspx.

And as we known that Internet Explorer Maintenance (IEM) has been removed from IE10. Client machine with IE10+ installed cannot get the content configured in IEM from DC GPO.

Here is official reference:

https://technet.microsoft.com/en-us/library/jj890998.aspx

So the first method in “How to add trust sites into IE before IE10“Import the current security zones and privacy settings” in IE Maintenance CANNOT work from DC with Windows 2008 R2 & IE10+ or with Windows 2012 R2 & IE10+.

Target & Suggestions

What’s the recommend method to add trust sites into IE when IE version of DC is IE10 or above?

In fact, except the first method in “How to add trust sites into IE before IE10”, other three methods are all capable on DC with Windows 2008 R2 & IE10+ or with Windows 2012 R2 & IE10+.

Second method : “Site to the zone assignment list” in Administrative Templates.

Third method : “Logon Scripts”.

Fourth method : “Group Policy Preferences”

Since many customer ask us provide the detailed step for the fourth method, we list them as below:

Detailed Steps:

Steps for add web sites into “Trusted Sites” zone by “User Configuration -> Preferences -> Windows Settings -> Registry”:

In DC:

1) Please configure “Trusted Sites” in DC local IE “Internet Option -> Security -> Trusted sites” as you expected:

clip_image002

2) Then in registry table, there are below values existing:

A. Web sites of FDQN were recorded in “HKEY_CURRENT_USER \SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains”.

clip_image004

B. The web site of IP will be recorded in “HKEY_CURRENT_USER \SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges”.

clip_image006

3) Run “GPMC” and enter into “User Configuration -> Preferences -> Windows Settings -> Registry” on one GPO, add all registry keys with its values related to the web sites.

clip_image008

4) In client machine (IE8-IE11 on Windows 7, or IE10 on Windows 8, or IE11 on Windows 8.1), run “gpupdate /force”, it will get result as expected.

Regards,

Xiaoman Wang From GBSD DSI