intune manage IE trusted sites

%3CLINGO-SUB%20id%3D%22lingo-sub-1358097%22%20slang%3D%22en-US%22%3Eintune%20manage%20IE%20trusted%20sites%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1358097%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20a%20config%20policy%20that%20allows%203%20trusted%20sites%20in%20IE%2C%20however%20this%20blocks%20the%20user%20from%20adding%20there%20own%20if%20they%20want%20to.%20Is%20there%20a%20way%20to%20allow%20users%20to%20edit%20the%20trusted%20sites%20list%20while%20having%20this%20config%20profile%20enabled%3F%26nbsp%3B%20or%20does%20this%20profile%20lock%20it%20down%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22ablake2035_0-1588608613302.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F188731i95DE4913874B20D7%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20title%3D%22ablake2035_0-1588608613302.png%22%20alt%3D%22ablake2035_0-1588608613302.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1358097%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMobile%20Device%20Management%20(MDM)%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1358983%22%20slang%3D%22en-US%22%3ERe%3A%20intune%20manage%20IE%20trusted%20sites%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1358983%22%20slang%3D%22en-US%22%3E%3CP%3EYou%20have%20to%20add%20it%20from%20your%20side%20whether%20using%20Intune%20Administrative%20templates%20or%20OMI%20profile%20(like%20your%20screenshot)%2C%20which%20makes%20it%20grayed%20out%20for%20end%20user.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20only%20workaround%20is%20to%20run%20Intune%20PS%20and%20add%20Trusted%20Sites%20registries%20that%26nbsp%3Byou%20want%20to%20add.%20With%20this%20option%2C%20the%20user%20can%20still%20add%20sites%20from%20his%20end%20(check%20screenshot)%20Example%20of%20Registry%20in%20PS%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHope%20this%20helps!%3C%2FP%3E%3CP%3EMoe%3C%2FP%3E%3CP%20class%3D%22x_MsoNormal%22%3E%26nbsp%3B%3C%2FP%3E%3CP%20class%3D%22x_MsoNormal%22%3E%26nbsp%3B%3C%2FP%3E%3CP%20class%3D%22x_MsoNormal%22%3E%3CSPAN%3E%24RegLoc1%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3E%3D%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3E%22HKCU%3A%5CSoftware%5CMicrosoft%5CWindows%5CCurrentVersion%5CInternet%20Settings%5CZoneMap%5CDomains%5Cexample.com%22%3C%2FSPAN%3E%3C%2FP%3E%3CP%20class%3D%22x_MsoNormal%22%3E%3CSPAN%3E%24RegLoc2%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3E%3D%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3E%22HKCU%3A%5CSoftware%5CMicrosoft%5CWindows%5CCurrentVersion%5CInternet%20Settings%5CZoneMap%5CDomains%5Cexample.com%5Cchild%22%3C%2FSPAN%3E%3C%2FP%3E%3CP%20class%3D%22x_MsoNormal%22%3E%3CSPAN%3E%24Name%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3E%3D%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3E%22https%22%3C%2FSPAN%3E%3C%2FP%3E%3CP%20class%3D%22x_MsoNormal%22%3E%3CSPAN%3ENew-Item%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3E-path%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3E%22HKCU%3A%5CSoftware%5CMicrosoft%5CWindows%5CCurrentVersion%5CInternet%20Settings%5CZoneMap%5CDomains%5Cexample.com%22%3C%2FSPAN%3E%3C%2FP%3E%3CP%20class%3D%22x_MsoNormal%22%3E%3CSPAN%3ENew-Item%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3E-path%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3E%22HKCU%3A%5CSoftware%5CMicrosoft%5CWindows%5CCurrentVersion%5CInternet%20Settings%5CZoneMap%5CDomains%5Cexample.com%5Cchild%22%3C%2FSPAN%3E%3C%2FP%3E%3CP%20class%3D%22x_MsoNormal%22%3E%26nbsp%3B%3C%2FP%3E%3CP%20class%3D%22x_MsoNormal%22%3E%3CSPAN%3ENew-ItemProperty%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3E-Path%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3E%24RegLoc2%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3E-Name%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3E%24Name%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3E-PropertyType%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3EDword%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3E-Value%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3E2%3C%2FSPAN%3E%3C%2FP%3E%3CP%20class%3D%22x_MsoNormal%22%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1360159%22%20slang%3D%22en-US%22%3ERe%3A%20intune%20manage%20IE%20trusted%20sites%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1360159%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F503735%22%20target%3D%22_blank%22%3E%40Moe_Kinani%3C%2FA%3Ethank%20you%20for%20your%20response%20I%20will%20take%20a%20look%20at%20this.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ethanks%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

I have a config policy that allows 3 trusted sites in IE, however this blocks the user from adding there own if they want to. Is there a way to allow users to edit the trusted sites list while having this config profile enabled?  or does this profile lock it down?

 

ablake2035_0-1588608613302.png

 

2 Replies
Highlighted

You have to add it from your side whether using Intune Administrative templates or OMI profile (like your screenshot), which makes it grayed out for end user.

 

The only workaround is to run Intune PS and add Trusted Sites registries that you want to add. With this option, the user can still add sites from his end (check screenshot) Example of Registry in PS:

 

Hope this helps!

Moe

 

 

$RegLoc1 = "HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\example.com"

$RegLoc2 = "HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\example.com\child"

$Name = "https"

New-Item -path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\example.com"

New-Item -path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\example.com\child"

 

New-ItemProperty -Path $RegLoc2 -Name $Name -PropertyType Dword -Value 2

 

 

Highlighted

@Moe_Kinanithank you for your response I will take a look at this.

 

thanks