Occasionally I need to add a site to the Trusted Sites or Local Intranet Zones on computers. Group policy is the obvious way to do this but if you put it to Computer Configuration > Administrative Tools > Windows Components > Internet Explorer > Internet Control Panel > Security Page > Site to Zone Assignment List, the zone becomes controlled by the administrator and the end user can’t add sites later.
In the past I have had to use the IE Customization tool to create a custom package. Today.. I found a much better way to add sites to zones that can be updated on the fly. Thank goodness for the registery and GPP.
Basically I am using GPP to drop a registry key down that adds the site to zone. I have found that the user needs to logoff and back on for it to take effect.
The key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains contains the zone mappings under the enhanced security configuration. Each registry key that is below this key in the registry hierarchy is a Web site domain. Each of these keys has values which indicate the allowed protocol and the zone to which that protocol belongs for the domain. A value of 0x001 indicates the Intranet zone and a value of 0x002 indicates the Trusted sites zone.
Works great so far!!