Office 2010 has improved security in the Office line. So much that I am hearing complaints from clients about not being able to edit a document without saying ‘Enable editing’ each time and generally not understanding the new procedures to download and open documents. Part of supporting these users has been helping them add our various web services to their Trusted Sites list in Internet Explorer. Instead of being reactionary, it’s time to be proactive and get our web services added to the list for those computers on the domain.
Using Group Policy, you can find the setting under Computer Config -> Policies -> Admin Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page. The Site to Zone Assignment List is the policy we want to enable and configure.
Once you get into the policy, you add the website under Value name and add 1-4 to the Value field. The Value you choose corresponds to which zone the site is added to.
1) Intranet zone
2) Trusted Sites
3) Internet
4) Restricted Sites
For example, I would add http://www.404techsupport.com, 2 to add 404 Tech Support to the Trusted Sites.
Don’t forget you can use wildcards in the site to zone assignment list. This way you can cover both http or https versions of a site or all subdomains with a single rule.
You can find and use the setting as both a computer configuration and a user configuration. If both are enabled and list sites, the lists will be combined when they are enforced on the computer.
Using this policy adds the sites you designate but prevents users from being able to add additional sites. That may be good or bad, depending on your environment and policy. If you want users to be able to add sites in the future, you may be better off using Group Policy Preferences to write the needed registry keys to:
HKCUSOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsZoneMapDomains[domain]
Value name: https
Value type: REG_DWORD
Value data: 0x2