intune manage IE trusted sites

Question

I have a config policy that allows 3 trusted sites in IE, however this blocks the user from adding there own if they want to. Is there a way to allow users to edit the trusted sites list while having this config profile enabled? or does this profile lock it down?

moe_kinani · Answer

You have to add it from your side whether using Intune Administrative templates or OMI profile (like your screenshot), which makes it grayed out for end user.

The only workaround is to run Intune PS and add Trusted Sites registries that you want to add. With this option, the user can still add sites from his end (check screenshot) Example of Registry in PS:

Hope this helps!

Moe

$RegLoc1 = "HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\example.com"

$RegLoc2 = "HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\example.com\child"

$Name = "https"

New-Item -path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\example.com"

New-Item -path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\example.com\child"

New-ItemProperty -Path $RegLoc2 -Name $Name -PropertyType Dword -Value 2

ablake2035 · Answer

Moe_Kinanithank you for your response I will take a look at this.&nbsp;thanks&nbsp;

samsonaca · Answer

Moe_Kinani&nbsp;&nbsp;Hi Moe,&nbsp;I have pushed the PS script and can confirm it did create the registry keys as intended, however:1- Users are still unable to modify or add new trusted sites.2- Although the keys can be viewed in the registry, they are NOT showing up in "Internet Options", Trusted Sites.&nbsp;Any suggestions?

rudy_ooms_mvp · Answer

HI,Are you sure/could you confirm the policy you created earlier is no longer active?

samsonaca · Answer

Confirming that the PSscripts are successfully pushed using Intune and we can see the new keys in the registry, however, users are still unable to add their own sites.Steps performed:1- Configuration Profiles --&gt; Site to Zone Assignment List completed (\Windows Components\Internet Explorer\Internet Control Panel\Security Page) --&gt; no changes in sites under Internet options-&gt; Trusted sites, still shows the old ones.2- Security Baseline, IE (users adding sites / changing policies set to "NOT Configured" ). Not configured -&gt; No changes, still the old sites, users can not add trusted sites.3- Added a Powershell script to create the keys and set the value(2), and pushed it using Intune, can confirm that the keys have been added to endpoints, however no reflections under trusted sites, users can not add sites.(HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xxx.com)4- Added a configuration profile so that Intune policies get precedence over on-prem GPOs, still no changes.Any suggestions?

Forum Discussion

intune manage IE trusted sites

9 Replies

Resources