Forum Discussion

KvotheRCD's avatar
KvotheRCD
Copper Contributor
Mar 13, 2024

Site to Zone Assignment List - Powershell

I need to replicate the steps of adding a list of URLs to the Site to Zone Assignment List of a GPO. Is there a way to edit that GPO via PowerShell, enable Site to Zone Assignment List, and pass the list of URLs to it?

 

  1. - Open the Group Policy Management Editor.
  2.  Go to User Configuration > Policies > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page.
  3. Select the Site to Zone Assignment List.
  4. Select Enabled and click Show to edit the list. The zone values are as follows: 1 — intranet, 2 — trusted sites, 3 — internet zone, 4 — restricted sites.
  5. Click OK.
  6. Click Apply and OK.
  • Hi KvotheRCD,

    you can try to use something like this:

     

    # Step 1: Open Group Policy Management Editor
    # Retrieve the GPO
    $GPO = Get-GPO -Name "YourGPOName"
    
    # Open Group Policy Management Editor for the GPO
    Edit-GPO -Guid $GPO.Id
    
    # Step 2: Navigate to the Site to Zone Assignment List
    # This step is manual and requires navigating through the Group Policy Management Editor interface.
    
    # Step 3: Enable the Policy and Specify Zone Assignments
    # Define the list of URLs and their corresponding zone assignments
    $SiteToZoneAssignmentList = @{
        "https://example.com" = 1   # Intranet zone
        "https://trusted-site.com" = 2   # Trusted sites zone
        "https://internet-zone.com" = 3  # Internet zone
    }
    
    # Convert the hashtable to a string format acceptable by the registry
    $RegistryValue = $SiteToZoneAssignmentList.GetEnumerator() | ForEach-Object {
        $_.Key + "=" + $_.Value
    } -join ";"
    
    # Set the registry value to enable Site to Zone Assignment List and specify the assignments
    Set-GPRegistryValue -Guid $GPO.Id -Key "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap" -ValueName "SiteToZoneAssignmentList" -Type String -Value $RegistryValue
    
    # Step 4: Apply the Changes
    # Force Group Policy update
    gpupdate /force

     


    Make sure to replace "YourGPOName" with the actual name of your GPO and adjust the URLs and zone assignments as needed.


    Please click Mark as Best Response & Like if my post helped you to solve your issue.
    This will help others to find the correct solution easily. It also closes the item.


    If the post was useful in other ways, please consider giving it Like.


    Kindest regards,


    Leon Pavesic
    (LinkedIn)
    (Twitter)

  • LeonPavesic's avatar
    LeonPavesic
    Silver Contributor

    Hi KvotheRCD,

    you can try to use something like this:

     

    # Step 1: Open Group Policy Management Editor
    # Retrieve the GPO
    $GPO = Get-GPO -Name "YourGPOName"
    
    # Open Group Policy Management Editor for the GPO
    Edit-GPO -Guid $GPO.Id
    
    # Step 2: Navigate to the Site to Zone Assignment List
    # This step is manual and requires navigating through the Group Policy Management Editor interface.
    
    # Step 3: Enable the Policy and Specify Zone Assignments
    # Define the list of URLs and their corresponding zone assignments
    $SiteToZoneAssignmentList = @{
        "https://example.com" = 1   # Intranet zone
        "https://trusted-site.com" = 2   # Trusted sites zone
        "https://internet-zone.com" = 3  # Internet zone
    }
    
    # Convert the hashtable to a string format acceptable by the registry
    $RegistryValue = $SiteToZoneAssignmentList.GetEnumerator() | ForEach-Object {
        $_.Key + "=" + $_.Value
    } -join ";"
    
    # Set the registry value to enable Site to Zone Assignment List and specify the assignments
    Set-GPRegistryValue -Guid $GPO.Id -Key "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap" -ValueName "SiteToZoneAssignmentList" -Type String -Value $RegistryValue
    
    # Step 4: Apply the Changes
    # Force Group Policy update
    gpupdate /force

     


    Make sure to replace "YourGPOName" with the actual name of your GPO and adjust the URLs and zone assignments as needed.


    Please click Mark as Best Response & Like if my post helped you to solve your issue.
    This will help others to find the correct solution easily. It also closes the item.


    If the post was useful in other ways, please consider giving it Like.


    Kindest regards,


    Leon Pavesic
    (LinkedIn)
    (Twitter)

Resources