Forum Discussion

ablake2035's avatar
ablake2035
Copper Contributor
May 04, 2020

intune manage IE trusted sites

I have a config policy that allows 3 trusted sites in IE, however this blocks the user from adding there own if they want to. Is there a way to allow users to edit the trusted sites list while having this config profile enabled?  or does this profile lock it down?

 

 

  • Moe_Kinani's avatar
    Moe_Kinani
    Bronze Contributor

    You have to add it from your side whether using Intune Administrative templates or OMI profile (like your screenshot), which makes it grayed out for end user.

     

    The only workaround is to run Intune PS and add Trusted Sites registries that you want to add. With this option, the user can still add sites from his end (check screenshot) Example of Registry in PS:

     

    Hope this helps!

    Moe

     

     

    $RegLoc1 = "HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\example.com"

    $RegLoc2 = "HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\example.com\child"

    $Name = "https"

    New-Item -path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\example.com"

    New-Item -path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\example.com\child"

     

    New-ItemProperty -Path $RegLoc2 -Name $Name -PropertyType Dword -Value 2

     

     

      • lhern68's avatar
        lhern68
        Copper Contributor
        Are the devices in question domain joined, hybrid, or Azure AD joined?
    • SamSONACA's avatar
      SamSONACA
      Copper Contributor

      Moe_Kinani 

       

      Hi Moe,

       

      I have pushed the PS script and can confirm it did create the registry keys as intended, however:

      1- Users are still unable to modify or add new trusted sites.

      2- Although the keys can be viewed in the registry, they are NOT showing up in "Internet Options", Trusted Sites.

       

      Any suggestions?

      • HI,

        Are you sure/could you confirm the policy you created earlier is no longer active?

Resources