Q. I want to centrally control the Internet Explorer (IE) security zone site assignments of my users' browser. For example, I want to ensure that our intranet sites are always categorized in the Local Intranet IE security zone. I was thinking of using Group Policy Preferences (GPP) for this purpose, but I couldn't find the corresponding setting. Can you help?
A. GPP is indeed a fantastic new tool that allows administrators to configure almost anything they want on their users' desktops using Group Policy Object (GPO) settings. Unfortunately, IE security zone site assignments aren't covered by GPPs. You can, however, still control them using the standard GPO settings.
The GPO setting that allows you to control IE security zone site assignments is called Site to Zone Assignment List and is located in the User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page GPO container. To edit it, double-click the Site to Zone Assignment List entry in the right pane of the GPO Editor, check the Enabled radio button, then click the Show… button. This opens the Show Contents dialog, where you can enter your custom security zone site assignments. In this dialog, you must type your URLs in the Value name field and then type a zone number (explained next) you want to assign to that URL. The zone numbers are 1 for the Local Intranet Zone, 2 for the Trusted Sites Zone, 3 for the Internet Zone and 4 for the Restricted Sites Zone. As soon as you start typing a URL, a new line appears for the next URL. Once you've finished adding your URLs and their corresponding zone numbers, click OK.
The image below illustrates this configuration process for automatically assigning the URL http://www.intranetsite.local to the Local Intranet Zone and the URL http://www.ourpartner.net to the Trusted Sites Zone.