SOLVED

Site to Zone Assignment List - Powershell

Copper Contributor

I need to replicate the steps of adding a list of URLs to the Site to Zone Assignment List of a GPO. Is there a way to edit that GPO via PowerShell, enable Site to Zone Assignment List, and pass the list of URLs to it?

 

  1. - Open the Group Policy Management Editor.
  2.  Go to User Configuration > Policies > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page.
  3. Select the Site to Zone Assignment List.
  4. Select Enabled and click Show to edit the list. The zone values are as follows: 1 — intranet, 2 — trusted sites, 3 — internet zone, 4 — restricted sites.
  5. Click OK.
  6. Click Apply and OK.
1 Reply
best response confirmed by KvotheRCD (Copper Contributor)
Solution

Hi @KvotheRCD,

you can try to use something like this:

 

# Step 1: Open Group Policy Management Editor
# Retrieve the GPO
$GPO = Get-GPO -Name "YourGPOName"

# Open Group Policy Management Editor for the GPO
Edit-GPO -Guid $GPO.Id

# Step 2: Navigate to the Site to Zone Assignment List
# This step is manual and requires navigating through the Group Policy Management Editor interface.

# Step 3: Enable the Policy and Specify Zone Assignments
# Define the list of URLs and their corresponding zone assignments
$SiteToZoneAssignmentList = @{
    "https://example.com" = 1   # Intranet zone
    "https://trusted-site.com" = 2   # Trusted sites zone
    "https://internet-zone.com" = 3  # Internet zone
}

# Convert the hashtable to a string format acceptable by the registry
$RegistryValue = $SiteToZoneAssignmentList.GetEnumerator() | ForEach-Object {
    $_.Key + "=" + $_.Value
} -join ";"

# Set the registry value to enable Site to Zone Assignment List and specify the assignments
Set-GPRegistryValue -Guid $GPO.Id -Key "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap" -ValueName "SiteToZoneAssignmentList" -Type String -Value $RegistryValue

# Step 4: Apply the Changes
# Force Group Policy update
gpupdate /force

 


Make sure to replace "YourGPOName" with the actual name of your GPO and adjust the URLs and zone assignments as needed.


Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.


If the post was useful in other ways, please consider giving it Like.


Kindest regards,


Leon Pavesic
(LinkedIn)
(Twitter)

1 best response

Accepted Solutions
best response confirmed by KvotheRCD (Copper Contributor)
Solution

Hi @KvotheRCD,

you can try to use something like this:

 

# Step 1: Open Group Policy Management Editor
# Retrieve the GPO
$GPO = Get-GPO -Name "YourGPOName"

# Open Group Policy Management Editor for the GPO
Edit-GPO -Guid $GPO.Id

# Step 2: Navigate to the Site to Zone Assignment List
# This step is manual and requires navigating through the Group Policy Management Editor interface.

# Step 3: Enable the Policy and Specify Zone Assignments
# Define the list of URLs and their corresponding zone assignments
$SiteToZoneAssignmentList = @{
    "https://example.com" = 1   # Intranet zone
    "https://trusted-site.com" = 2   # Trusted sites zone
    "https://internet-zone.com" = 3  # Internet zone
}

# Convert the hashtable to a string format acceptable by the registry
$RegistryValue = $SiteToZoneAssignmentList.GetEnumerator() | ForEach-Object {
    $_.Key + "=" + $_.Value
} -join ";"

# Set the registry value to enable Site to Zone Assignment List and specify the assignments
Set-GPRegistryValue -Guid $GPO.Id -Key "HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap" -ValueName "SiteToZoneAssignmentList" -Type String -Value $RegistryValue

# Step 4: Apply the Changes
# Force Group Policy update
gpupdate /force

 


Make sure to replace "YourGPOName" with the actual name of your GPO and adjust the URLs and zone assignments as needed.


Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.


If the post was useful in other ways, please consider giving it Like.


Kindest regards,


Leon Pavesic
(LinkedIn)
(Twitter)

View solution in original post