Group policy is the magic behind Active Directory. Group policies are
rules that either allow or deny – well pretty much anything on a
machine. As a network administrator I get to use group policy to push
out rules and regulations to my networked computers. These rules can
tell the machine what applications are allowed to run, or in this case
what sites are “trusted” in Internet Explorer.
Today I will show you how to add trusted sites to Internet Explorer
using the group policy, without ever visiting the actual desktops. If
you are new to group policy don’t worry, I will make this as easy and
pain free as possible. If you do not know what the benefits of group
policy are, let me give you an example. I have 278 computers on my
network. I can either walk to each of them manually and add a trusted
site list or I can push it out to all of them in one quick swoop.
Adding Trusted Sites to Internet Explorer Using Group Policy
For those of you who already know group policy I am sure you can just
take a look at the screenshots below to find what you need.
You can open your Active Directory users and computers’ control panel by navigating to it on your Start menu by going to
Program Files ““> Administrative Tools ““> Active Directory Users and Computers.
That will open a console that looks something like this:
If you want the policy to apply to your entire domain, right click at
the top of the console. The domain is specified by three computers. If
you want to apply the policy to another group or organizational unit
right click on that instead. I will be using the organizational unit
called
editors. Choose
properties from the context menu and then you will see the screen below:
Click on the
Group Policy tab and then click the
Open
button. This will take us into the wonderful world of group policy.
This is called the group policy management tool. The organizational unit
will already be highlighted. Right click on it and choose
Create And Link A GPO Here.
That will take us to the place where we can name the policy. Name it something that will make it easily identifiable. I chose
AddTrustedSites for mine. Then click OK.
You have just created your policy. Now we need to define the settings
that we want to trickle down to our clients. Locate your policy in the
right pane and right click on it. Choose
Edit to get started.
Now we need to drill down to the settings that we want to set. We need to go to the
Computer
Configuration ““> Administrative Tools ““> Windows Components
““> Internet Explorer ““> Internet Control Panel ““> Security
Page and then double click to the zone assignment list in the right pane as you can see below.
After you double click on site to the zone assignment list you will see a window to enable the settings and configure it. Click
enabled. Then click
show. On the
show contents screen click
add.
By clicking add we can add URLs and specify what zone we want them to be placed in like so:
The number 2 denotes the number of the zone. In this case it is the trusted zone. Microsoft breaks down the settings as follows:
- Intranet zone – sites on your local network.
- Trusted Sites zone – sites that have been added to your trusted sites.
- Internet zone – sites that are on the Internet.
- Restricted Sites zone – sites that have been specifically added to your restricted sites.
After clicking OK you can wait for your default refresh of Group Policy which is 15 minutes by default or you can run
gpupdate.exe from any workstation to see if it worked. You can also restart the workstations to force the update.
source: http://www.makeuseof.com/tag/configure-trusted-sites-internet-explorer-group-policy/