I recently had to assist a client with configuring a GPO to add sites in Internet Explorer 11’s trusted zones and disabling "Require server verification (https:) for all sites in this zone" so I thought I’d write this blog post to outline the registry keys required for the settings.
Note that this post will only demonstrate configuring the registry for HKEY_CURRENT_USER and it is also possible to apply the changes HKEY_LOCAL_MACHINE.
Enabling or Disabling "Require server verification (https:) for all sites in this zone"
The registry key that controls the Require server verification (https:) for all sites in this zone setting is the REG_DWORD setting named Flags located in the following registry + the # representing the zone (we’ll use zone 2 which represents Trusted Sites):
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
The value to enable the configuration is:
Hex: 47
Decimal: 71
The value to disable the configuration is:
Hex: 43
Decimal: 67
You can use Group Policy preferences to configure this for the user:
Adding URLs of Trusted Sites
The registry path for adding URLs of trusted sites is:
Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
Adding http://www.msn.com would look as such:
Notice how the site URL www.msn.com is an actual key under the Domains key:
To add the msn.com and all of its subdomain, you can add the following key:
Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\msn.com
No comments:
Post a Comment