How Can I Add a Web Site to the Trusted Sites Zone?

How Can I Add a Web Site to the Trusted Sites Zone?

  • Comments 14
  • Likes
Hey, Scripting Guy! Question

Hey, Scripting Guy! How can I add a Web site to the Trusted Sites zone in Internet Explorer?

-- NR

SpacerHey, Scripting Guy! AnswerScript Center

Hey, NR. As it turns out, trusted sites are actually stored in the registry; consequently, adding a Web site is simply a matter of creating and configuring a new registry key. For example, suppose you want to trust (And, really, who doesn’t want to trust Microsoft?) Here’s a script that adds to the list of trusted sites:

On Error Resume Next

Const HKEY_CURRENT_USER = &H80000001

strComputer = "."
Set objReg=GetObject("winmgmts:\\" & strComputer & "\root\default:StdRegProv")
strKeyPath = "Software\Microsoft\Windows\CurrentVersion\Internet Settings\" _
    & "ZoneMap\Domains\"

objReg.CreateKey HKEY_CURRENT_USER, strKeyPath

strValueName = "http"
dwValue = 2

objReg.SetDWORDValue HKEY_CURRENT_USER, strKeyPath, strValueName, dwValue

Let’s talk about what’s going on here. We begin by creating a constant HKEY_CURRENT_USER and setting it to the value &H80000001. This constant will be used to access the HKEY_CURRENT_USER portion of the registry and configure as a trusted site for only the logged-on user. What if you wanted to configure as a trusted site for anyone logging on to the computer? In that case, substitute the constant HKEY_LOCAL_MACHINE for HKEY_CURRENT_USER, and assign HKEY_LOCAL_MACHINE the value &H80000002.

Next we connect to the WMI service and, more specifically, to the Standard Registry Provider. We then assign the following registry path to the variable strKeyPath:

Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\

Note the tail-end of the path: that’s where we put, the name of the Web site to be added to the trusted sites. We then call the CreateKey method to create a new registry key ( inside Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains.

Still with us? Having created the registry key, we simply need to create and configure a single registry value. In our sample script, we assign the value http to the variable strValueName. This will be the name of our new registry value; it also indicates which Internet protocols will be trusted from If we want to trust only the ftp protocol, then we’d assign strValueName the value ftp; if we want to trust all Internet protocols, then we’d assign strValueName the value * (a single asterisk).

We then assign the value 2 to the variable dwValue. In the world of Internet Explorer, the 2 represents the Trusted Sites zone. You could also use the value 1 to assign a site to the Intranet Sites zone; the value 3 to assign a site to the Internet Sites zone; or the value 4 to assign a site to the Restricted Sites zone.

Finally we use the SetDWORDValue method to create our new registry value. Fire up Internet Explorer, click on Tools, click on Internet Options, and then, on the Security tab, select Trusted Sites and click the Sites button. You should see among the trusted sites.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
  • this is the easy part sir, but how do I tick the box for https?

  • This doesn't seem to work for anyone logging in (HKLM), for Windows 7 IE8.  Does there need to be a modification for Win7 IE to get it to work in the HKLM contect?

  • Is there .reg file that will append the log off time for inactivity? I would like to be able to change the time it takes for the PC to finally log off. For example: If a user is working on the pc and then leaves and does not log off, I would like the PC to show a warning that its about to log off and then log off after it has been inactive for the time I selected.  This would be a great thing to do.

  • I am with Rico. I desire to do this at the machine level so that it applies to all users (even new ones) but as we are 50% through our migration to Windows 7 x64 I have run into a roadblock. I have tried both the standard registry location under HKLM as well as the Wow6432Node and both failed to add the entries.

    Please help! Is there a way to do this for all users in Win 7?

  • Instead of using the script I just modified the registry directly to fit my needs.


    HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\New Key = <name of site to add>

    New DWORD = *

    Value = 2

  • Can i run the script from within a webpage

    I tried doing that on localhost, and it was ok

    but when running from website, it fails

    any idea

  • Hi There. Can you please tell me how I can use this script by adding more than 1 trusted site.

    Thank you very much.

  • I have written the script in a .hta file and saved it on an apache server. Then I hit the appropriate url stating the hta file. In IE8 the file is executed and prompts for open, save, saveas. But in Mozilla and chrome the content of the hta file is displayed in the browser

  • PowerShell Function AddManagementServerToTrustedSites { Param ([string]$TrusterServer) $TrustedSitesPath = 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains' $TrustedKeyPath = "$TrustedSitesPath\$TrusterServer" $LocalIntranetZone = 1 $TrustedSitesZone = 2 If (!(Test-Path -Path $TrustedKeyPath)) {New-Item -Path $TrustedSitesPath -Name $TrusterServer} #Add site if not present $Item = Get-Item -Path $TrustedKeyPath If ($Item.GetValue('file',$null) -eq $null) {New-ItemProperty -Path $TrustedKeyPath -Name file -PropertyType DWord -Value $LocalIntranetZone} # Add file key if not present $key = Get-ItemProperty $TrustedKeyPath -Name file if ($key.file -ne 1 ) {Set-ItemProperty $TrustedKeyPath -Name file -Value $LocalIntranetZone} # set file key to 1 if not 1 Write-Log "$TrusterServer is trusted in Local Intranet Zone" }

  • Hello,

    I have written the file but I just want to know what the file extension must be. And where must I save the file? I am using flat PHP encoding.

    Regards Peter


  • Hello,

    I have written the file but I just want to know what the file extension must be. And where must I save the file? I am using flat PHP encoding.

    Regards Peter

  • An interesting start, but can we take this idea further to, say, perform this action remotely on a set of machines from my desktop? My goal is to set a trusted site on 40 machines, and then set the Run Unsafe Applications setting to Enable for the Trusted Sites domain. These are domain joined computers, but the GPO route is not an option, as it locks down the trusted sites setting so it cannot be altered by the user.

  • Where to execute this Script? Please explain