How Can I Add a Web Site to the Trusted Sites Zone?


Hey, Scripting Guy! Question

Hey, Scripting Guy! How can I add a Web site to the Trusted Sites zone in Internet Explorer?

-- NR

SpacerHey, Scripting Guy! AnswerScript Center

Hey, NR. As it turns out, trusted sites are actually stored in the registry; consequently, adding a Web site is simply a matter of creating and configuring a new registry key. For example, suppose you want to trust Microsoft.com. (And, really, who doesn’t want to trust Microsoft?) Here’s a script that adds Microsoft.com to the list of trusted sites:

On Error Resume Next

Const HKEY_CURRENT_USER = &H80000001

strComputer = "."
Set objReg=GetObject("winmgmts:\\" & strComputer & "\root\default:StdRegProv")
strKeyPath = "Software\Microsoft\Windows\CurrentVersion\Internet Settings\" _
& "ZoneMap\Domains\microsoft.com"

objReg.CreateKey HKEY_CURRENT_USER, strKeyPath

strValueName = "http"
dwValue = 2

objReg.SetDWORDValue HKEY_CURRENT_USER, strKeyPath, strValueName, dwValue


Let’s talk about what’s going on here. We begin by creating a constant HKEY_CURRENT_USER and setting it to the value &H80000001. This constant will be used to access the HKEY_CURRENT_USER portion of the registry and configure Microsoft.com as a trusted site for only the logged-on user. What if you wanted to configure Microsoft.com as a trusted site for anyone logging on to the computer? In that case, substitute the constant HKEY_LOCAL_MACHINE for HKEY_CURRENT_USER, and assign HKEY_LOCAL_MACHINE the value &H80000002.


Next we connect to the WMI service and, more specifically, to the Standard Registry Provider. We then assign the following registry path to the variable strKeyPath:

Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoft.com

Note the tail-end of the path: that’s where we put microsoft.com, the name of the Web site to be added to the trusted sites. We then call the CreateKey method to create a new registry key (microsoft.com) inside Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains.


Still with us? Having created the registry key, we simply need to create and configure a single registry value. In our sample script, we assign the value http to the variable strValueName. This will be the name of our new registry value; it also indicates which Internet protocols will be trusted from Microsoft.com. If we want to trust only the ftp protocol, then we’d assign strValueName the value ftp; if we want to trust all Internet protocols, then we’d assign strValueName the value * (a single asterisk).


We then assign the value 2 to the variable dwValue. In the world of Internet Explorer, the 2 represents the Trusted Sites zone. You could also use the value 1 to assign a site to the Intranet Sites zone; the value 3 to assign a site to the Internet Sites zone; or the value 4 to assign a site to the Restricted Sites zone.


Finally we use the SetDWORDValue method to create our new registry value. Fire up Internet Explorer, click on Tools, click on Internet Options, and then, on the Security tab, select Trusted Sites and click the Sites button. You should see Microsoft.com among the trusted sites.



Comments (17)

  1. Anonymous says:

    this is the easy part sir, but how do I tick the box for https?

  2. Jhonatan says:

    hola, como hago para eliminar los sitios de confianza, necesito un script para eliminarlos

  3. Rico says:

    This doesn't seem to work for anyone logging in (HKLM), for Windows 7 IE8.  Does there need to be a modification for Win7 IE to get it to work in the HKLM contect?

  4. dirk says:

    Is there .reg file that will append the log off time for inactivity? I would like to be able to change the time it takes for the PC to finally log off. For example: If a user is working on the pc and then leaves and does not log off, I would like the PC to show a warning that its about to log off and then log off after it has been inactive for the time I selected.  This would be a great thing to do.

  5. Chaz says:

    I am with Rico. I desire to do this at the machine level so that it applies to all users (even new ones) but as we are 50% through our migration to Windows 7 x64 I have run into a roadblock. I have tried both the standard registry location under HKLM as well as the Wow6432Node and both failed to add the entries.

    Please help! Is there a way to do this for all users in Win 7?

  6. BW says:

    Instead of using the script I just modified the registry directly to fit my needs.

    regedit

    HKLMSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZoneMapDomainsNew Key = <name of site to add>

    New DWORD = *

    Value = 2

  7. Hatim says:

    Can i run the script from within a webpage

    I tried doing that on localhost, and it was ok

    but when running from website, it fails

    any idea

  8. Corne says:

    Hi There. Can you please tell me how I can use this script by adding more than 1 trusted site.

    Thank you very much.

  9. Kumaravel says:

    I have written the script in a .hta file and saved it on an apache server. Then I hit the appropriate url stating the hta file. In IE8 the file is executed and prompts for open, save, saveas. But in Mozilla and chrome the content of the hta file is displayed
    in the browser

  10. chris mills says:

    PowerShell Function AddManagementServerToTrustedSites { Param ([string]$TrusterServer) $TrustedSitesPath = ‘HKCU:SoftwareMicrosoftWindowsCurrentVersionInternet SettingsZoneMapEscDomains’ $TrustedKeyPath = "$TrustedSitesPath$TrusterServer" $LocalIntranetZone
    = 1 $TrustedSitesZone = 2 If (!(Test-Path -Path $TrustedKeyPath)) {New-Item -Path $TrustedSitesPath -Name $TrusterServer} #Add site if not present $Item = Get-Item -Path $TrustedKeyPath If ($Item.GetValue(‘file’,$null) -eq $null) {New-ItemProperty -Path $TrustedKeyPath
    -Name file -PropertyType DWord -Value $LocalIntranetZone} # Add file key if not present $key = Get-ItemProperty $TrustedKeyPath -Name file if ($key.file -ne 1 ) {Set-ItemProperty $TrustedKeyPath -Name file -Value $LocalIntranetZone} # set file key to 1 if
    not 1 Write-Log "$TrusterServer is trusted in Local Intranet Zone" }

  11. Ozan says:

    Hello,

    I have written the file but I just want to know what the file extension must be. And where must I save the file? I am using flat PHP encoding.

    Regards Peter

  12. SALKA says:

    CAN YOU MAKE A TURTIOAL ABOUT THIS SUBJECT

  13. Ozan says:

    Hello,

    I have written the file but I just want to know what the file extension must be. And where must I save the file? I am using flat PHP encoding.

    Regards Peter

  14. Jon says:

    An interesting start, but can we take this idea further to, say, perform this action remotely on a set of machines from my desktop? My goal is to set a trusted site on 40 machines, and then set the Run Unsafe Applications setting to Enable for the Trusted
    Sites domain. These are domain joined computers, but the GPO route is not an option, as it locks down the trusted sites setting so it cannot be altered by the user.

  15. Drishya says:

    Where to execute this Script? Please explain

  16. Toshar says:

    Sir your post is informative and usefull for our, I am try now.Thanks for sharing

Skip to main content