Server 2008 R2 – Add Trusted Sites to IE via Group Policy
This will not override or disable anything on the user side, just add the additional Trusted Sites that you want added. It will not adjust the Security settings of the zone either.
It is sometimes necessary to push out “Trusted Site” preferences to clients for internet sites that require some special privileges. Though these changes have historically been made through registry edits in scripts, GP 2008 makes this potentially a lot more intuitive.
*Note that if your AD/GP Server is still 2003, you may still access the 2008 Group Policy options from a Vista or 2008 box provided you have updated your AD schema to 2008 and you have installed the Group policy extensions patch from MS.
| 1. | Create/Name a New Group PolicyPop open gpmc.msc with domain admin credentials from your Vista/2008 box or navigate to “Group Policy Management” through your preferred snap-in.
Create a New Group Policy Named Appropriately. |
 |
| 2. | Edit your new Group PolicyRight Click to edit your new Group Policy.
Navigate through User Configuration -> Windows Settings -> Internet Explorer Maintenance -> Security In the Right Pane, right click on “Security Zones and Content Ratings” and select “Properties” |
 |
| 3. | Modify Security Zones PropertiesAt the properties Window, Select the “Import the current security zones and privacy settings” radio button and click “Modify Settings”*
*Note… the first time you attempt this, it may ask you to confirm your intension of only modifying those clients who are not running IE under the special “Enhanced Security Configuration” (usually reserved for server instances). This How-To only covers modifying the “Trusted Sites” for standard IE installations. From the “Internet Properties” window, select the “Trusted Sites” category and click the “Sites” button. |
 |
| 4. | Enter your Trusted Sites to the ListList your desired “Trusted” sites to the list, making note of the potential requirement of a secure (https) URL near the bottom. |  |
| 5. | Link your GPO to the Appropriate OUSubject says it all – Now that you’ve created your Group Policy Opject, link it to the appropriate Organizational Unit to ensure it will be applied to the users who need the trusted sites added. |
Provided your XP-Vista Clients have the appropriate “Client Side Extensions” installed to extend Group Policy to the newer 2008 options, your Users will now have your preferred trusted sites pushed to them on login!
To link a GPO
- In the Group Policy Management Console (GPMC) console tree, locate the site, domain, or organizational unit (OU) to which you want to link a Group Policy object (GPO)
- Do one of the following:
- To link an existing GPO, right-click the domain or OU within the domain, and then click Link an Existing GPO. In the Select GPO dialog box, click the GPO that you want to link, and then click OK.
- To link a new GPO, right-click the domain or OU within a domain, and then click Create a GPO in this domain, and link it here. In the Name box, type a name for the new GPO, and then click OK.
- To link an existing GPO to a site, domain, or OU, you must have Link GPOs permission on that site, domain, or OU. By default, only domain administrators and enterprise administrators have this privilege for domains and OUs. Enterprise administrators and domain administrators of the forest root domain have this privilege for sites.
- To create and link a GPO, you must have Link GPOs permissions on the desired domain or organizational unit, and you must have permission to create GPOs in that domain. By default, only domain administrators, enterprise administrators, and Group Policy Creator owners have permission to create GPOs.
RSS 2.0 Feed URL
