Group policy is the magic behind Active Directory. Group policies are rules that either allow or deny – well pretty much anything on a machine. As a network administrator I get to use group policy to push out rules and regulations to my networked computers. These rules can tell the machine what applications are allowed to run, or in this case what sites are “trusted” in Internet Explorer.
Today I will show you how to add trusted sites to Internet Explorer using the group policy, without ever visiting the actual desktops. If you are new to group policy don’t worry, I will make this as easy and pain free as possible. If you do not know what the benefits of group policy are, let me give you an example. I have 278 computers on my network. I can either walk to each of them manually and add a trusted site list or I can push it out to all of them in one quick swoop.
Adding Trusted Sites to Internet Explorer Using Group Policy
For those of you who already know group policy I am sure you can just take a look at the screenshots below to find what you need.
You can open your Active Directory users and computers’ control panel by navigating to it on your Start menu by going to Program Files ““> Administrative Tools ““> Active Directory Users and Computers.
That will open a console that looks something like this:
If you want the policy to apply to your entire domain, right click at the top of the console. The domain is specified by three computers. If you want to apply the policy to another group or organizational unit right click on that instead. I will be using the organizational unit called editors. Choose properties from the context menu and then you will see the screen below:
Click on the Group Policy tab and then click the Open button. This will take us into the wonderful world of group policy. This is called the group policy management tool. The organizational unit will already be highlighted. Right click on it and choose Create And Link A GPO Here.
That will take us to the place where we can name the policy. Name it something that will make it easily identifiable. I chose AddTrustedSites for mine. Then click OK.
You have just created your policy. Now we need to define the settings that we want to trickle down to our clients. Locate your policy in the right pane and right click on it. Choose Edit to get started.
Now we need to drill down to the settings that we want to set. We need to go to the Computer Configuration ““> Administrative Tools ““> Windows Components ““> Internet Explorer ““> Internet Control Panel ““> Security Page and then double click to the zone assignment list in the right pane as you can see below.
After you double click on site to the zone assignment list you will see a window to enable the settings and configure it. Click enabled. Then click show. On the show contents screen click add.
By clicking add we can add URLs and specify what zone we want them to be placed in like so:
The number 2 denotes the number of the zone. In this case it is the trusted zone. Microsoft breaks down the settings as follows:
- Intranet zone – sites on your local network.
- Trusted Sites zone – sites that have been added to your trusted sites.
- Internet zone – sites that are on the Internet.
- Restricted Sites zone – sites that have been specifically added to your restricted sites.
After clicking OK you can wait for your default refresh of Group Policy which is 15 minutes by default or you can run gpupdate.exe from any workstation to see if it worked. You can also restart the workstations to force the update.
Do you have another method of achieving this? Let us know in the comments.