How Can I Add a Web Site to the Trusted Sites Zone?

Hey, Scripting Guy! Question

Hey, Scripting Guy! How can I add a Web site to the Trusted Sites zone in Internet Explorer?

— NR

SpacerHey, Scripting Guy! AnswerScript Center

Hey, NR. As it turns out, trusted sites are actually stored in the registry; consequently, adding a Web site is simply a matter of creating and configuring a new registry key. For example, suppose you want to trust Microsoft.com. (And, really, who doesn’t want to trust Microsoft?) Here’s a script that adds Microsoft.com to the list of trusted sites:

On Error Resume Next

Const HKEY_CURRENT_USER = &H80000001

strComputer = “.”
Set objReg=GetObject(“winmgmts:\\” & strComputer & “\root\default:StdRegProv”)
strKeyPath = “Software\Microsoft\Windows\CurrentVersion\Internet Settings\” _
& “ZoneMap\Domains\microsoft.com”

objReg.CreateKey HKEY_CURRENT_USER, strKeyPath

strValueName = “http”
dwValue = 2

objReg.SetDWORDValue HKEY_CURRENT_USER, strKeyPath, strValueName, dwValue


Let’s talk about what’s going on here. We begin by creating a constant HKEY_CURRENT_USER and setting it to the value &H80000001. This constant will be used to access the HKEY_CURRENT_USER portion of the registry and configure Microsoft.com as a trusted site for only the logged-on user. What if you wanted to configure Microsoft.com as a trusted site for anyone logging on to the computer? In that case, substitute the constant HKEY_LOCAL_MACHINE for HKEY_CURRENT_USER, and assign HKEY_LOCAL_MACHINE the value &H80000002.


Next we connect to the WMI service and, more specifically, to the Standard Registry Provider. We then assign the following registry path to the variable strKeyPath:

Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoft.com

Note the tail-end of the path: that’s where we put microsoft.com, the name of the Web site to be added to the trusted sites. We then call the CreateKey method to create a new registry key (microsoft.com) inside Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains.


Still with us? Having created the registry key, we simply need to create and configure a single registry value. In our sample script, we assign the value http to the variable strValueName. This will be the name of our new registry value; it also indicates which Internet protocols will be trusted from Microsoft.com. If we want to trust only the ftp protocol, then we’d assign strValueName the value ftp; if we want to trust all Internet protocols, then we’d assign strValueName the value * (a single asterisk).


We then assign the value 2 to the variable dwValue. In the world of Internet Explorer, the 2 represents the Trusted Sites zone. You could also use the value 1 to assign a site to the Intranet Sites zone; the value 3 to assign a site to the Internet Sites zone; or the value 4 to assign a site to the Restricted Sites zone.


Finally we use the SetDWORDValue method to create our new registry value. Fire up Internet Explorer, click on Tools, click on Internet Options, and then, on the Security tab, select Trusted Sites and click the Sites button. You should see Microsoft.com among the trusted sites.