Wednesday, March 3, 2010

Adding Trusted Sites to Internet Explorer using GPO

For those of you whom wanted to customize the Internet Explorer settings for your clients, you should check out IEAK – Internet Explorer Administration Kit.

In this post, I will illustrate a simple scenario where an organization with Active Directory wants to add Trusted Sites to users’ Internet Explorer settings using GPO.

Before we start doing anything, please note that on Windows Server 2003 and 2008, we have Internet Explorer Enhanced Security Configuration turned on. This will not work with Windows XP, Vista or Windows 7 clients. So to begin, we have to turn off Enhanced Security Configuration to create a GPO for computers that do not have Enhanced Security Configurations.

To disable IE ESC, open Server Manager, Security Information, click on Configure IE ESC.

image

Turn off Internet Explorer Enhanced Security Configurations.

image

Now we are ready to configure a GPO to add Trusted sites to IE settings. You can find IE configuration settings on User Configuration –> Policies –> Windows Settings –> Internet Explorer Maintenance –> Security. Open Security Zones and Content Ratings.

image

Under Security Zones and Privacy, select Import the current security zones and privacy settings.

image

You will see a pop-up that warn you that you are configuring settings for computers that don’t have IE Enhanced Security Configuration enabled.

image

Add your Trusted sites and you are ready to test out your new GPO.

image