intune manage IE trusted sites

I have a config policy that allows 3 trusted sites in IE, however this blocks the user from adding there own if they want to. Is there a way to allow users to edit the trusted sites list while having...

Intune

mobile device management (mdm)

SamSONACA

Copper Contributor

Apr 04, 2021

Moe_Kinani

Hi Moe,

I have pushed the PS script and can confirm it did create the registry keys as intended, however:

1- Users are still unable to modify or add new trusted sites.

2- Although the keys can be viewed in the registry, they are NOT showing up in "Internet Options", Trusted Sites.

Any suggestions?

Rudy_Ooms_MVP

MVP

Apr 06, 2021

SamSONACA

The first thing to check if the OLD CSP is no longer tattooed to the device

Open the registry: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\current\

Best practise is to make sure the CSP is configured to disabled

When I configure the setting to disabled/ within a few minutes I can add websites again.

After you can add website manually again, you can add them with the powershell script mentioned earlier

$RegLoc1 = "HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\example.com"

$RegLoc2 = "HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\example.com\child"

$Name = "https"

New-Item -path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\example.com"

New-Item -path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\example.com\child"

New-ItemProperty -Path $RegLoc2 -Name $Name -PropertyType Dword -Value 2

Forum Discussion

intune manage IE trusted sites

Resources