I recently had to assist a client with configuring a GPO to add sites in Internet Explorer 11’s trusted zones and disabling "Require server verification (https:) for all sites in this zone" so I thought I’d write this blog post to outline the registry keys required for the settings.
Note that this post will only demonstrate configuring the registry for HKEY_CURRENT_USER and it is also possible to apply the changes HKEY_LOCAL_MACHINE.
Enabling or Disabling "Require server verification (https:) for all sites in this zone"
The registry key that controls the Require server verification (https:) for all sites in this zone setting is the REG_DWORD setting named Flags located in the following registry + the # representing the zone (we’ll use zone 2 which represents Trusted Sites):
The value to enable the configuration is:
The value to disable the configuration is:
You can use Group Policy preferences to configure this for the user:
Adding URLs of Trusted Sites
The registry path for adding URLs of trusted sites is:
Adding http://www.msn.com would look as such:
Notice how the site URL www.msn.com is an actual key under the Domains key:
To add the msn.com and all of its subdomain, you can add the following key: