Site To Zone Assignment List Policy Making


I have concluded four methods on “How to add trust sites into IE before IE10” as mentioned in below reference:

And as we known that Internet Explorer Maintenance (IEM) has been removed from IE10. Client machine with IE10+ installed cannot get the content configured in IEM from DC GPO.

Here is official reference:

So the first method in “How to add trust sites into IE before IE10” “Import the current security zones and privacy settings” in IE Maintenance CANNOT work from DC with Windows 2008 R2 & IE10+ or with Windows 2012 R2 & IE10+.

Target & Suggestions

What’s the recommend method to add trust sites into IE when IE version of DC is IE10 or above?

In fact, except the first method in “How to add trust sites into IE before IE10”, other three methods are all capable on DC with Windows 2008 R2 & IE10+ or with Windows 2012 R2 & IE10+.

Second method: “Site to the zone assignment list” in Administrative Templates.

Third method: “Logon Scripts”.

Fourth method: “Group Policy Preferences”

Since many customer ask us provide the detailed step for the fourth method, we list them as below:

Detailed Steps:

Steps for add web sites into “Trusted Sites” zone by “User Configuration -> Preferences -> Windows Settings -> Registry”:

In DC:

1) Please configure “Trusted Sites” in DC local IE “Internet Option -> Security -> Trusted sites” as you expected:

2) Then in registry table, there are below values existing:

A. Web sites of FDQN were recorded in “HKEY_CURRENT_USER \SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains”.

B. The web site of IP will be recorded in “HKEY_CURRENT_USER \SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges”.

3) Run “GPMC” and enter into “User Configuration -> Preferences -> Windows Settings -> Registry” on one GPO, add all registry keys with its values related to the web sites.

4) In client machine (IE8-IE11 on Windows 7, or IE10 on Windows 8, or IE11 on Windows 8.1), run “gpupdate /force”, it will get result as expected.


Xiaoman Wang From GBSD DSI



I love working with Active Directory on my Windows network because it makes my life so much easier. Active Directory is the directory service used on Windows based networks to administer large groups of computers easily. You use Active Directory to push out group policies.

Group policy is the magic behind Active Directory. Group policies are rules that either allow or deny – well pretty much anything on a machine. As a network administrator I get to use group policy to push out rules and regulations to my networked computers. These rules can tell the machine what applications are allowed to run, or in this case what sites are “trusted” in Internet Explorer.

Today I will show you how to add trusted sites to Internet Explorer using the group policy, without ever visiting the actual desktops. If you are new to group policy don’t worry, I will make this as easy and pain free as possible. If you do not know what the benefits of group policy are, let me give you an example. I have 278 computers on my network. I can either walk to each of them manually and add a trusted site list or I can push it out to all of them in one quick swoop.

Adding Trusted Sites to Internet Explorer Using Group Policy

For those of you who already know group policy I am sure you can just take a look at the screenshots below to find what you need.

You can open your Active Directory users and computers’ control panel by navigating to it on your Start menu by going to Program Files ““> Administrative Tools ““> Active Directory Users and Computers.

That will open a console that looks something like this:

If you want the policy to apply to your entire domain, right click at the top of the console. The domain is specified by three computers. If you want to apply the policy to another group or organizational unit right click on that instead. I will be using the organizational unit called editors. Choose properties from the context menu and then you will see the screen below:

Click on the Group Policy tab and then click the Open button. This will take us into the wonderful world of group policy. This is called the group policy management tool. The organizational unit will already be highlighted. Right click on it and choose Create And Link A GPO Here.

That will take us to the place where we can name the policy. Name it something that will make it easily identifiable. I chose AddTrustedSites for mine. Then click OK.

You have just created your policy. Now we need to define the settings that we want to trickle down to our clients. Locate your policy in the right pane and right click on it. Choose Edit to get started.

Now we need to drill down to the settings that we want to set. We need to go to the Computer Configuration ““> Administrative Tools ““> Windows Components ““> Internet Explorer ““> Internet Control Panel ““> Security Page and then double click to the zone assignment list in the right pane as you can see below.

After you double click on site to the zone assignment list you will see a window to enable the settings and configure it. Click enabled. Then click show. On the show contents screen click add.

By clicking add we can add URLs and specify what zone we want them to be placed in like so:

The number 2 denotes the number of the zone. In this case it is the trusted zone. Microsoft breaks down the settings as follows:

  1. Intranet zone – sites on your local network.
  2. Trusted Sites zone – sites that have been added to your trusted sites.
  3. Internet zone – sites that are on the Internet.
  4. Restricted Sites zone – sites that have been specifically added to your restricted sites.

After clicking OK you can wait for your default refresh of Group Policy which is 15 minutes by default or you can run gpupdate.exe from any workstation to see if it worked. You can also restart the workstations to force the update.

Do you have another method of achieving this? Let us know in the comments.

5 Useful Resume Sites for Preparing a CV That Gets Read in 2018TV Rename – The Long Awaited App for TV Show Addicts

Categories: 1

0 Replies to “Site To Zone Assignment List Policy Making”

Leave a comment

L'indirizzo email non verrà pubblicato. I campi obbligatori sono contrassegnati *