I recently received an email asking – “How can I populate Internet Explorer Zones using Group Policy?”. I receive this email pretty frequently so I thought I would just blog it….

 

First, get into the Group Policy Object Editor then locate the Internet Explorer Security Page objects. You are looking for the Site to Zone Assignment List object.

 

SecurityPage

 

Open that object and can enter site names you wish to push to the clients. You select the zone using a numerical value (1-4) for the zone it should go in:

 

1= Intranet Zone

2= Trusted Sites Zone

3= Internet Zone

4= Restricted Sites Zone

 

In my example, I have added my blog site to the Trusted Sites Zone –

 

List

 

Once the policy is created and linked to an OU (or domain or site), and the clients have refreshed, the client will have the list you set in group policy.

 

Client

 

Downside - with the control we give the admin, we sacrifice control at the user level. This group policy will overwrite any existing settings in place at the client. In addition, the user loses the ability to add sites to the zones theselves. The user can get into the interface and add sites to zones but the will not stick. As an admin you may wish to lock out access to the page completely.

 

You can find more detailed information on this and other settings in this document.

 

 

Cheers!