I have a policy that I created a few years back that modifies the users IE security settings as well as adding Trusted Sites to the trusted sites zone.
I can open the INF file in the SYSVOL share on the DC and see the particular area where the settings are kept:
\DC01\sysvol\domain.com\Policies{31B2F340-016D-11D2-945F-00C04FB984F9}\USER\Microsoft\IEAK\BRANDING\ZONES
the file is seczones.inf
My question is…can I modify this file directly or no? The only way to modify this setting is to do the whole "IMPORT SETTINGS" button in the GPMC from a client's IE to make these changes, but that seems like a pain to just add one more site to the trusted sites.
My other option was to simply create a vbscript to add the new site as a login script, but I'm curious if I can actually modify the INF file directly and have it take affect. Or would it screw it up?
If there's some other way to add trusted sites through a GPO without the site to zone assignment option I'm all ears…I just want to add a site not overwrite any current sites, etc.
Best Answer
You can edit it directly, but you need to make sure that you're 100% correct with your syntax, otherwise the GPO won't be processed by the clients. There is no validation when you do this, so it's strongly encouraged that you use the GPMC for this rather than notepad.