Thursday, March 21, 2019

Configuring Internet Explorer 11 zones and enabling / disabling "Require server verification (https:) for all sites in this zone"

I recently had to assist a client with configuring a GPO to add sites in Internet Explorer 11’s trusted zones and disabling "Require server verification (https:) for all sites in this zone" so I thought I’d write this blog post to outline the registry keys required for the settings.

Note that this post will only demonstrate configuring the registry for HKEY_CURRENT_USER and it is also possible to apply the changes HKEY_LOCAL_MACHINE.

Enabling or Disabling "Require server verification (https:) for all sites in this zone"

The registry key that controls the Require server verification (https:) for all sites in this zone setting is the REG_DWORD setting named Flags located in the following registry + the # representing the zone (we’ll use zone 2 which represents Trusted Sites):

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\

The value to enable the configuration is:

Hex: 47

Decimal: 71

The value to disable the configuration is:

Hex: 43

Decimal: 67

You can use Group Policy preferences to configure this for the user:

Adding URLs of Trusted Sites

The registry path for adding URLs of trusted sites is:

Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\

Adding would look as such:

Notice how the site URL is an actual key under the Domains key:

To add the and all of its subdomain, you can add the following key:

Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\

No comments: