Forum Discussion
KvotheRCD
Mar 13, 2024Copper Contributor
Site to Zone Assignment List - Powershell
I need to replicate the steps of adding a list of URLs to the Site to Zone Assignment List of a GPO. Is there a way to edit that GPO via PowerShell, enable Site to Zone Assignment List, and pass the list of URLs to it?
- - Open the Group Policy Management Editor.
- Go to User Configuration > Policies > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page.
- Select the Site to Zone Assignment List.
- Select Enabled and click Show to edit the list. The zone values are as follows: 1 — intranet, 2 — trusted sites, 3 — internet zone, 4 — restricted sites.
- Click OK.
- Click Apply and OK.
Hi KvotheRCD,
you can try to use something like this:# Step 1: Open Group Policy Management Editor # Retrieve the GPO $GPO = Get-GPO -Name "YourGPOName" # Open Group Policy Management Editor for the GPO Edit-GPO -Guid $GPO.Id # Step 2: Navigate to the Site to Zone Assignment List # This step is manual and requires navigating through the Group Policy Management Editor interface. # Step 3: Enable the Policy and Specify Zone Assignments # Define the list of URLs and their corresponding zone assignments $SiteToZoneAssignmentList = @{ "https://example.com" = 1 # Intranet zone "https://trusted-site.com" = 2 # Trusted sites zone "https://internet-zone.com" = 3 # Internet zone } # Convert the hashtable to a string format acceptable by the registry $RegistryValue = $SiteToZoneAssignmentList.GetEnumerator() | ForEach-Object { $_.Key + "=" + $_.Value } -join ";" # Set the registry value to enable Site to Zone Assignment List and specify the assignments Set-GPRegistryValue -Guid $GPO.Id -Key "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap" -ValueName "SiteToZoneAssignmentList" -Type String -Value $RegistryValue # Step 4: Apply the Changes # Force Group Policy update gpupdate /force
Make sure to replace "YourGPOName" with the actual name of your GPO and adjust the URLs and zone assignments as needed.
- LeonPavesicSilver Contributor
Hi KvotheRCD,
you can try to use something like this:# Step 1: Open Group Policy Management Editor # Retrieve the GPO $GPO = Get-GPO -Name "YourGPOName" # Open Group Policy Management Editor for the GPO Edit-GPO -Guid $GPO.Id # Step 2: Navigate to the Site to Zone Assignment List # This step is manual and requires navigating through the Group Policy Management Editor interface. # Step 3: Enable the Policy and Specify Zone Assignments # Define the list of URLs and their corresponding zone assignments $SiteToZoneAssignmentList = @{ "https://example.com" = 1 # Intranet zone "https://trusted-site.com" = 2 # Trusted sites zone "https://internet-zone.com" = 3 # Internet zone } # Convert the hashtable to a string format acceptable by the registry $RegistryValue = $SiteToZoneAssignmentList.GetEnumerator() | ForEach-Object { $_.Key + "=" + $_.Value } -join ";" # Set the registry value to enable Site to Zone Assignment List and specify the assignments Set-GPRegistryValue -Guid $GPO.Id -Key "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap" -ValueName "SiteToZoneAssignmentList" -Type String -Value $RegistryValue # Step 4: Apply the Changes # Force Group Policy update gpupdate /force
Make sure to replace "YourGPOName" with the actual name of your GPO and adjust the URLs and zone assignments as needed.