Internet Windows

How To Configure Trusted Sites In Internet Explorer For A Group Policy

Karl L. Gechlik 13-04-2010

iscaHeadI love working with Active Directory on my Windows network because it makes my life so much easier. Active Directory is the directory service used on Windows based networks to administer large groups of computers easily. You use Active Directory to push out group policies.


Group policy is the magic behind Active Directory. Group policies are rules that either allow or deny – well pretty much anything on a machine. As a network administrator I get to use group policy to push out rules and regulations to my networked computers. These rules can tell the machine what applications are allowed to run, or in this case what sites are “trusted” in Internet Explorer.

Today I will show you how to add trusted sites to Internet Explorer using the group policy, without ever visiting the actual desktops. If you are new to group policy don’t worry, I will make this as easy and pain free as possible. If you do not know what the benefits of group policy are, let me give you an example. I have 278 computers on my network. I can either walk to each of them manually and add a trusted site list or I can push it out to all of them in one quick swoop.

Adding Trusted Sites to Internet Explorer Using Group Policy

For those of you who already know group policy I am sure you can just take a look at the screenshots below to find what you need.

You can open your Active Directory users and computers’ control panel by navigating to it on your Start menu by going to Program Files ““> Administrative Tools ““> Active Directory Users and Computers.

That will open a console that looks something like this:


trusted sites internet explorer group policy

If you want the policy to apply to your entire domain, right click at the top of the console. The domain is specified by three computers. If you want to apply the policy to another group or organizational unit right click on that instead. I will be using the organizational unit called editors. Choose properties from the context menu and then you will see the screen below:

trusted sites internet explorer group policy

Click on the Group Policy tab and then click the Open button. This will take us into the wonderful world of group policy. This is called the group policy management tool. The organizational unit will already be highlighted. Right click on it and choose Create And Link A GPO Here.


trusted sites internet explorer group policy

That will take us to the place where we can name the policy. Name it something that will make it easily identifiable. I chose AddTrustedSites for mine. Then click OK.

how to set internet explorer in windows group policy

You have just created your policy. Now we need to define the settings that we want to trickle down to our clients. Locate your policy in the right pane and right click on it. Choose Edit to get started.


how to set internet explorer in windows group policy

Now we need to drill down to the settings that we want to set. We need to go to the Computer Configuration ““> Administrative Tools ““> Windows Components ““> Internet Explorer ““> Internet Control Panel ““> Security Page and then double click to the zone assignment list in the right pane as you can see below.

how to set internet explorer in windows group policy

After you double click on site to the zone assignment list you will see a window to enable the settings and configure it. Click enabled. Then click show. On the show contents screen click add.


group policy

By clicking add we can add URLs and specify what zone we want them to be placed in like so:

group policy

The number 2 denotes the number of the zone. In this case it is the trusted zone. Microsoft breaks down the settings as follows:

  1. Intranet zone – sites on your local network.
  2. Trusted Sites zone – sites that have been added to your trusted sites.
  3. Internet zone – sites that are on the Internet.
  4. Restricted Sites zone – sites that have been specifically added to your restricted sites.

After clicking OK you can wait for your default refresh of Group Policy which is 15 minutes by default or you can run gpupdate.exe from any workstation to see if it worked. You can also restart the workstations to force the update.

Do you have another method of achieving this? Let us know in the comments.

Related topics: Internet Explorer, Parental Control.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Emile Monestime
    February 22, 2015 at 2:45 pm

    Best tutorial I have seen on this. Thank you very much

  2. Simon
    June 16, 2010 at 2:59 pm

    Is there any way with GPO to disable the "Require server verification" setting?

  3. Aibek
    April 13, 2010 at 11:00 am

    Hey Karl,

    excellent tutorial! thank you.

  4. bryn_ie8team
    April 13, 2010 at 9:39 am

    Thanks for posting this great how to guide on configuring trusted sites in IE! The pictures are very helpful and I am sure many users will find this helpful!

    You should share your wealth of IE knowledge with the community of users over on Facebook:

    IE Outreach Team

  5. Henx
    April 13, 2010 at 7:42 am

    Thanks for this awesome post, very informative. I agree that learning Active Directory makes life easy and group policy is the magic, but only in the hands of a good wizard lol. I've seen disasters happen when group policy falls into the hands of the untrained wizard lol.