You can. As ken suggested predefine all the security zone settings for IE in gpo.
-----Original Message----- From: Ken Schaefer [mailto:[EMAIL PROTECTED] Sent: Tuesday, 6 May 2008 10:34 AM To: NT System Admin Issues Subject: RE: Trusted Intranet Sites You can do this with the Microsoft supplied GPOs (use the Site To Zone assignment option) Do not edit the Default Domain Policy - create a new Domain policy for your business, and put all your domain-wide policies in there. Why? Then you know exactly what came "in the box" from Microsoft and what you've changed subsequently. It will help with maintenance and troubleshooting. I would always use a GPO over a batch file/logon script *if* they do the same thing. It's really easy to model the net effect of GPOs on users and computers using RSOP/GPMC. It's virtually impossible to model the effect of batch scripts unless you have a unit test harness... Cheers Ken > -----Original Message----- > From: Troy Meyer [mailto:[EMAIL PROTECTED] > Sent: Tuesday, 6 May 2008 4:52 AM > To: NT System Admin Issues > Subject: RE: Trusted Intranet Sites > > You could use an adm if you wanted to, it all depends on how you want > to run things. I went the lazy route and just added a bat file into > the user login script in a GP (under User Config - Admin Templates - > System - Logon - Run these programs at user logon). > > It checks a couple settings and then applies a couple registry settings > so stuff matches. Things like registry adds to HKCU are super fast and > the user doesn't even notice. > > -tm > > > -----Original Message----- > From: Phil Hershey [mailto:[EMAIL PROTECTED] > Sent: Monday, May 05, 2008 11:37 AM > To: NT System Admin Issues > Subject: RE: Trusted Intranet Sites > > Troy, > > How would I actually go about applying the registry hack with a policy? > I'd need to use the Inetesc.adm file, wouldn't I? > > - Philip > > This communication, including attachments, is for the exclusive use of > addressee and may contain proprietary, confidential and/or privileged > information. If you are not the intended recipient, any use, copying, > disclosure, dissemination or distribution is strictly prohibited. If > you > are not the intended recipient, please notify the sender immediately by > return e-mail, delete this communication and destroy all copies. > > > > -----Original Message----- > From: Troy Meyer [mailto:[EMAIL PROTECTED] > Sent: Monday, May 05, 2008 11:28 AM > To: NT System Admin Issues > Subject: RE: Trusted Intranet Sites > > Phil, > > If you wanted to add rather than replace, this is merely a registry > setting. Adding all of monacocoach.com to your local intranet would > look like: (excuse silly outlook wrapping) > > reg add > "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet > Settings\ZoneMap\Domains\monacocoach.com" /v "*" /t REG_DWORD /d > 00000001 /f > > So you could take that string and easily apply that in a policy without > replacing existing settings. > > -troy > > > -----Original Message----- > From: Phil Hershey [mailto:[EMAIL PROTECTED] > Sent: Monday, May 05, 2008 11:08 AM > To: NT System Admin Issues > Subject: GPO: Trusted Intranet Sites > > I need to add an internal site to every user's Local Intranet sites. > Is > there a simple way to do that with a GPO or even the Default Domain > GPO, > since it applied to everyone? > > Phil Hershey ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~