Welcome PowerShell User! This recipe is just one of the hundreds of useful resources contained in the PowerShell Cookbook.

If you own the book already, login here to get free, online, searchable access to the entire book's content.

If not, the Windows PowerShell Cookbook is available at Amazon, or any of your other favourite book retailers. If you want to see what the PowerShell Cookbook has to offer, enjoy this free 90 page e-book sample: "The Windows PowerShell Interactive Shell".

Mastodon: @Lee_Holmes | Mail: lee/leeholmes.com

21.7 Add a Site to an Internet Explorer Security Zone

Problem

You want to add a site to a specific Internet Explorer security zone.

Solution

To create the registry keys and properties required to add a site to a specific security zone, use the New-Item and New-ItemProperty cmdlets. Example 21-3 adds www.example.com to the list of sites trusted by Internet Explorer.

Example 21-3. Adding www.example.com to the list of trusted sites in Internet Explorer
Set-Location "HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings"
Set-Location ZoneMap\Domains
New-Item example.com
Set-Location example.com
New-Item www
Set-Location www
New-ItemProperty . -Name http -Value 2 -Type DWORD

Discussion

One task that requires modifying data in the registry is working with Internet Explorer to add and remove sites from its different security zones.

Internet Explorer stores its zone mapping information in the registry at HKCU:\Software\Microsoft\Windows\CurrentVersion\InternetSettings\ZoneMap\Domains. Below that key, Explorer stores the domain name (such as leeholmes.com) with the hostname (such as www) as a subkey of that one (see Figure 21-1). In the host key, Explorer stores a property (such as http) with a DWORD value that corresponds to the zone identifier.

The Internet Explorer zone identifiers are:

  • My Computer

  • Local intranet

  • Trusted sites

  • Internet

  • Restricted sites

wps4 2101
Figure 21-1. Internet Explorer zone configuration

When Internet Explorer is configured in its Enhanced Security Configuration mode, you must also update entries under the EscDomains key.

Note

Once a machine has enabled Internet Explorer’s Enhanced Security Configuration, those settings persist even after you remove Enhanced Security Configuration. The following commands let your machine trust UNC paths again:

Set-Location "HKCU:\Software\Microsoft\Windows\"
Set-Location "CurrentVersion"
Set-Location "Internet Settings"
Set-ItemProperty ZoneMap UNCAsIntranet -Type DWORD 1
Set-ItemProperty ZoneMap IntranetName -Type DWORD 1

To remove the zone mapping for a specific domain, use the Remove-Item cmdlet:

PS > Get-ChildItem

   Hive: HKEY_CURRENT_USER\Software\...\Internet Settings\ZoneMap\Domains

SKC VC Name                            Property
--- -- ----                            --------
  1  0 example.com                     {}

PS > Remove-Item -Recurse example.com
PS > Get-ChildItem
PS >

For more information about using the Internet Explorer registry entries to configure security zones, see the Microsoft KB article “Internet Explorer Security Zones Registry Entries for Advanced Users”. For more information about managing Internet Explorer’s Enhanced Security Configuration, search for it on the official Microsoft documentation site.

For more information about modifying data in the registry, see Recipe 21.3.

See Also

Recipe 21.3, “Modify or Remove a Registry Key Value”