There are a few different ways of doing IE zone.. I don’t like all though. I have listed the most common and the way I like.
Group Policy Administrative Templates
Computer Configuration/Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page Policy: Site to Zone Assignment List
Allows you to enter different fqdn/hostname/ip and point to which zone they should be assigned.
If you do it this way your end users wont be able to change anything, even add their own bank if allowed by policy.
Group Policy Obsolete way
Before there was a way that was really bad.. It was called Internet Explorer Maintenance Extension. What it did was if you were in a GPO you could import your current setting.
Group Policy Preferences
Under Windows SettingsRegistry create a single key for each domain you want added:
| Field | Value |
|---|---|
| Action | Update |
| Hive | HKEY_LOCAL_MACHINE |
| Key Path | Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\example.com |
| Valuename | * |
| Value type | REG_DWORD |
| Value data | 00000001 |
This has now create a computer default that all users will get, but still allows for users to create own mappings.
The zones are as follows
| ID | Zonename |
|---|---|
| 0 | My Computer |
| 1 | Local Intranet Zone |
| 2 | Trusted sites Zone |
| 3 | Internet Zone |
| 4 | Restricted Sites Zone |