Adding website to the Trusted Sites Zones in Internet Explorer via GPO or Registry

The IE Zones and Configured Web sites are controlled by IE group policy named “Site to Zone Assignment List” as shown below:

Group Policy Setting Path:

In Group Policy Object Editor,

• Computer Configuration and the User Configuration nodes
  • Administrative Templates
    • Windows Components
      • Internet Explorer
        • Internet Control Panel
          • Security Page.

  GUI:

About the Policy Setting and it’s behavior:

This policy setting allows you to manage a list of sites that you want to associate with a particular security zone. These zone numbers have associated security settings that apply to all of the sites in the zone.

Internet Explorer has 4 security zones, numbered 1-4, and these are used by this policy setting to associate sites to zones. They are:

• 1 => Intranet zone,
• 2 => Trusted Sites zone,
• 3 => Internet zone, and
• 4 => Restricted Sites zone.

Security settings can be set for each of these zones through other policy settings, and their default settings are: Trusted Sites zone (Low template), Intranet zone (Medium-Low template), Internet zone (Medium template), and Restricted Sites zone (High template). (The Local Machine zone and its locked down equivalent have special security settings that protect your local computer.)

If you enable this policy setting, you can enter a list of sites and their related zone numbers. The association of a site with a zone will ensure that the security settings for the specified zone are applied to the site.  For each entry that you add to the list, enter the following information:

Valuename – A host for an intranet site, or a fully qualified domain name for other sites.

The valuename may also include a specific protocol.

For example,

• if you enter http://www.contoso.com as the valuename, other protocols are not affected.
• If you enter just www.contoso.com, then all protocols are affected for that site, including http, https, ftp, and so on.
• The site may also be expressed as an IP address (e.g., 127.0.0.1) or range (e.g., 127.0.0.1-10).
• To avoid creating conflicting policies, do not include additional characters after the domain such as trailing slashes or URL path. For example, policy settings for www.contoso.com and www.contoso.com/mail would be treated as the same policy setting by Internet Explorer, and would therefore be in conflict.

Value – A number indicating the zone with which this site should be associated for security settings. The Internet Explorer zones described above are 1-4.

If you disable or do not configure this policy, users may choose their own site-to-zone assignments.

Configuring a web site as Trusted Site is shown below:

Managing via Registry:

Respective domain and sub-domain named registry entries are created in Registry depending the Computer/User Configuration policy you applied.

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZoneMapDomains

Example:

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZoneMapDomainswordpress.comgunnalag

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsZoneMapDomainswordpress.comgunnalag

 

C:>reg query “HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZoneMapDomainswordpress.comgunnalag”

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZoneMapDomainswordpress.comgunnalag
http    REG_DWORD    0x2
https    REG_DWORD    0x2

C:>reg query “HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionInternet SettingsZoneMapDomainswordpress.comgunnalag”

HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionInternet SettingsZoneMapDomainswordpress.comgunnalag
http    REG_DWORD    0x2
https    REG_DWORD    0x2

C:>

Important Notes:

1. If you specify the website along with port number like http://MyWebSite:8080, IE doesn’t show up the port number in the sites list. This has been confirmed as a problem in IE including the latest version IE9. Refer to MSFT article: Port Numbers Are Missing from URL of Web Sites Assigned to Security Zones