| Author | Messages | |
DaemonRoot
Posts:29
 | | 02/17/2011 1:55 AM |
| Hi there,
I am planning on deploying some IE settings enterprise wide, but a doubt
arose. should I go for HKLM or HKCU?
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Domains\domain.local" ???
Is there any advantage/downside on picking one or the other?
What is the best practice here?
As an example my current configuration is:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Domains\domain.com
* REG_DWORD 0x1
http REG_DWORD 0x2
https REG_DWORD 0x2
Local Machine config is empty.
~D
| | | |
| omar
Posts:97
| | 02/17/2011 1:59 AM |
| I wasn't sure that this key domains key exists in HKLM.
I'm familiar with this HKCU key for adding trusted sites.
I always use HKCU and run at startup with the reg command in a batch file.
I plan to move to GPP but haven't yet- on the list
Here are the commands from my batch to add an entire dns domain to the trusted site list for both HTTP and HTTPS.
This works for my clients who have outsourced web based applications that require different IE settings.
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\domain.com" /f
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\domain.com" /v http /t REG_DWORD /d 2 /f
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\domain.com" /v https /t REG_DWORD /d 2 /f
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Castillo, Daniel (Directory Services)
Sent: Wednesday, February 16, 2011 3:06 PM
To: xxxxxxxxxxxxxxxx
Subject: [gptalk] IE settings thru GPO.
Importance: High
Hi there,
I am planning on deploying some IE settings enterprise wide, but a doubt arose... should I go for HKLM or HKCU?
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\domain.local" ???
Is there any advantage/downside on picking one or the other?
What is the best practice here?
As an example my current configuration is:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\domain.com
* REG_DWORD 0x1
http REG_DWORD 0x2
https REG_DWORD 0x2
Local Machine config is empty...
~D
| | | |
| DhirajHaritwal
Posts:39
| | 02/17/2011 10:16 AM |
| I think it's user specific settings so it should be in HKCU. Whatever
user will logged into these systems, these settings will be applied.
Navigate to User Configuration > Administrative Templates > Windows
Components > Internet Explorer > Internet Control Panel > Security Page
and double click on the "Site to Zone Assignment List" and check the
"Enable" option then click on the "Show.." button & enter here all sites
name which you want to add as trusted sites.
Dhiraj
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Omar Droubi
Sent: Thursday, February 17, 2011 4:54 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] IE settings thru GPO.
I wasn't sure that this key domains key exists in HKLM.
I'm familiar with this HKCU key for adding trusted sites.
I always use HKCU and run at startup with the reg command in a batch
file.
I plan to move to GPP but haven't yet- on the list
Here are the commands from my batch to add an entire dns domain to the
trusted site list for both HTTP and HTTPS.
This works for my clients who have outsourced web based applications
that require different IE settings.
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Domains\domain.com" /f
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Domains\domain.com" /v http /t REG_DWORD /d 2 /f
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Domains\domain.com" /v https /t REG_DWORD /d 2 /f
From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Castillo, Daniel
(Directory Services)
Sent: Wednesday, February 16, 2011 3:06 PM
To: xxxxxxxxxxxxxxxx
Subject: [gptalk] IE settings thru GPO.
Importance: High
Hi there,
I am planning on deploying some IE settings enterprise wide, but a doubt
arose... should I go for HKLM or HKCU?
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Domains\domain.local" ???
Is there any advantage/downside on picking one or the other?
What is the best practice here?
As an example my current configuration is:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Domains\domain.com
* REG_DWORD 0x1
http REG_DWORD 0x2
https REG_DWORD 0x2
Local Machine config is empty...
~D
-------------------------------------------------------------------
This email is confidential and intended only for the use of the individual or entity named above and may contain information that is privileged. If you are not the intended recipient, you are notified that any dissemination, distribution or copying of this email is strictly prohibited. If you have received this email in error, please notify us immediately by return email or telephone and destroy the original message. - This mail is sent via Sony Asia Pacific Mail Gateway.
-------------------------------------------------------------------
| | | |
| amankumarkhatri
Posts:4
| | 02/17/2011 12:56 PM |
| Hi Dhiraj,
If you use this method then end users will not be able to modify the Trusted
site lists themselves and it would create some problem.
*Regards*
*Aman Khatri
*
On Thu, Feb 17, 2011 at 1:16 PM, Haritwal, Dhiraj <
xxxxxxxxxxxxxxxx> wrote:
> I think it’s user specific settings so it should be in HKCU. Whatever
> user will logged into these systems, these settings will be applied.
>
>
>
> Navigate to User Configuration > Administrative Templates > Windows
> Components > Internet Explorer > Internet Control Panel > Security Page and
> double click on the “Site to Zone Assignment List” and check the “Enable”
> option then click on the “Show..” button & enter here all sites name which
> you want to add as trusted sites.
>
>
>
>
>
> Dhiraj
>
>
>
>
>
>
>
> *From:* xxxxxxxxxxxxxxxx [mailto:
> xxxxxxxxxxxxxxxx] *On Behalf Of *Omar Droubi
> *Sent:* Thursday, February 17, 2011 4:54 AM
>
> *To:* xxxxxxxxxxxxxxxx
> *Subject:* RE: [gptalk] IE settings thru GPO.
>
>
>
> I wasn’t sure that this key domains key exists in HKLM.
>
>
>
> I’m familiar with this HKCU key for adding trusted sites.
>
>
>
> I always use HKCU and run at startup with the reg command in a batch file.
>
>
>
> I plan to move to GPP but haven’t yet- on the list
>
>
>
> Here are the commands from my batch to add an entire dns domain to the
> trusted site list for both HTTP and HTTPS.
>
> This works for my clients who have outsourced web based applications that
> require different IE settings.
>
>
>
> REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
> Settings\ZoneMap\Domains\domain.com" /f
>
> REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
> Settings\ZoneMap\Domains\domain.com" /v http /t REG_DWORD /d 2 /f
>
> REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
> Settings\ZoneMap\Domains\domain.com" /v https /t REG_DWORD /d 2 /f
>
>
>
>
>
>
>
> *From:* xxxxxxxxxxxxxxxx [mailto:
> xxxxxxxxxxxxxxxx] *On Behalf Of *Castillo, Daniel (Directory
> Services)
> *Sent:* Wednesday, February 16, 2011 3:06 PM
> *To:* xxxxxxxxxxxxxxxx
> *Subject:* [gptalk] IE settings thru GPO.
> *Importance:* High
>
>
>
> Hi there,
>
>
>
> I am planning on deploying some IE settings enterprise wide, but a doubt
> arose… should I go for HKLM or HKCU?
>
>
>
> "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet
> Settings\ZoneMap\Domains\domain.local” ???
>
>
>
> Is there any advantage/downside on picking one or the other?
>
>
>
> What is the best practice here?
>
>
>
> As an example my current configuration is:
>
>
>
> HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
> Settings\ZoneMap\Domains\domain.com
>
> * REG_DWORD 0x1
>
> http REG_DWORD 0x2
>
> https REG_DWORD 0x2
>
>
>
> Local Machine config is empty…
>
>
>
>
>
> ~D
>
>
>
> ------------------------------
>
> This email is confidential and intended only for the use of the individual
> or entity named above and may contain information that is privileged. If you
> are not the intended recipient, you are notified that any dissemination,
> distribution or copying of this email is strictly prohibited. If you have
> received this email in error, please notify us immediately by return email
> or telephone and destroy the original message. - This mail is sent via Sony
> Asia Pacific Mail Gateway.
> ------------------------------
>
--
______________
Warm Regards
Aman Khatri
| | | |
| DaemonRoot
Posts:29
| | 02/17/2011 2:42 PM |
| Correct, and I the users to be able to still manage this while pushing some
mandatory configuration.
Any other suggestions out there?
Many thanks!
~D
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
On Behalf Of Aman Khatri
Sent: Thursday, February 17, 2011 4:12 AM
To: xxxxxxxxxxxxxxxx
Cc: Haritwal, Dhiraj
Subject: Re: [gptalk] IE settings thru GPO.
Hi Dhiraj,
If you use this method then end users will not be able to modify the Trusted
site lists themselves and it would create some problem.
Regards
Aman Khatri
On Thu, Feb 17, 2011 at 1:16 PM, Haritwal, Dhiraj
<xxxxxxxxxxxxxxxx> wrote:
I think it's user specific settings so it should be in HKCU. Whatever user
will logged into these systems, these settings will be applied.
Navigate to User Configuration > Administrative Templates > Windows
Components > Internet Explorer > Internet Control Panel > Security Page and
double click on the "Site to Zone Assignment List" and check the "Enable"
option then click on the "Show.." button & enter here all sites name which
you want to add as trusted sites.
Dhiraj
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
On Behalf Of Omar Droubi
Sent: Thursday, February 17, 2011 4:54 AM
To: xxxxxxxxxxxxxxxx
Subject: RE: [gptalk] IE settings thru GPO.
I wasn't sure that this key domains key exists in HKLM.
I'm familiar with this HKCU key for adding trusted sites.
I always use HKCU and run at startup with the reg command in a batch file.
I plan to move to GPP but haven't yet- on the list
Here are the commands from my batch to add an entire dns domain to the
trusted site list for both HTTP and HTTPS.
This works for my clients who have outsourced web based applications that
require different IE settings.
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Domains\domain.com <http://domain.com/> " /f
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Domains\domain.com <http://domain.com/> " /v http /t
REG_DWORD /d 2 /f
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Domains\domain.com <http://domain.com/> " /v https /t
REG_DWORD /d 2 /f
From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx]
On Behalf Of Castillo, Daniel (Directory Services)
Sent: Wednesday, February 16, 2011 3:06 PM
To: xxxxxxxxxxxxxxxx
Subject: [gptalk] IE settings thru GPO.
Importance: High
Hi there,
I am planning on deploying some IE settings enterprise wide, but a doubt
arose. should I go for HKLM or HKCU?
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Domains\domain.local" ???
Is there any advantage/downside on picking one or the other?
What is the best practice here?
As an example my current configuration is:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Domains\domain.com <http://domain.com/>
* REG_DWORD 0x1
http REG_DWORD 0x2
https REG_DWORD 0x2
Local Machine config is empty.
~D
_____
This email is confidential and intended only for the use of the individual
or entity named above and may contain information that is privileged. If you
are not the intended recipient, you are notified that any dissemination,
distribution or copying of this email is strictly prohibited. If you have
received this email in error, please notify us immediately by return email
or telephone and destroy the original message. - This mail is sent via Sony
Asia Pacific Mail Gateway.
_____
--
______________
Warm Regards
Aman Khatri
| | | |
|
|