I'm trying to set up a GPO to add 3 sites to the Trusted sites zone and change some of the security settings for the same zone (Allow unsigned ActiveX and such).
I used a clean PC and added the settings to Internet Explorer, started gpmc and imported the settings for Security/Securityzones under Internet Explorer Mainteneance, which works but imports all the settings for all security zones which isn't really what i want.
How do i just get the settings for the Trusted sites zone?
Best Answer
The administrative UI for Internet Explorer Maintenance imports the entire "Security Zones" setting from the computer running the Group Policy Editor in one fell swoop. It does not allow granular selection of which security zone settings you'd like to import.
The import process in the Group Policy editor UI is just creating a "seczones.inf" file in the "user\Microsoft\IEAK\BRANDING\ZONES" subfolder of the GPO you're working within. You could customize that "seczones.inf" file to contain only "Trusted Sites" information (you'll probably need some technical implementation details about IE Security Zones to make the "seczones.inf" file make sense), but I doubt you'll ever be able to edit the file using the Group Policy Editor GUI again.
(I always felt like the "integration" of Internet Explorer Maintenance in Group Policy felt like it was very close to 5 o'clock on a Friday when it was "architected".)
Microsoft exposed a lot of IE Security Zone settings in "Administrative Templates" in later revs of Internet Explorer. You might look at using these settings (under "Windows Components \ Internet Explorer \ Internet Control Panel \ Security Page") to see if you can accomplish what you're looking for without using the Internet Explorer Maintenance Group Policy extension.