Internet Options to add Trusted Site Greyed Out - SysPreped Windows 10 LTSB

Question

I just deployed an custom Windows 10 ISO I created and I can't set my local file server as a trusted site in internet options. The site button is greyed out. The only change I made in the image was adding the site pre-sysprep and now It not only didn't keep the settings through the sysprep process, but also locked me from making changes to internet options. I did test this image on another computer before adding the site pre-sysprep and post deploy I was able to add the site via normal methods. Clearly somehow adding the site to trusted sites before sysprepping the OS caused the issue. Unfortunatley, this is not an easy computer to re-deploy or I would just remake the ISO and re-deploy.

Update Re Comment [The Goal is to get RID of this Message]:

• I don't use IE or care about its "options", I just want to get rid of this nag message when I run an exe from my fileserver as almost all my software is installed on the server.

• Any idea how I can reset the settings to default?
• How can I add the site via RegEdit? I know I only need to add one site and I use the IP not DNS.

I know the keys are related to HKLM/SOFTWARE/Policies/Microsoft/Windows/CurrentVersion/Internet settings/, I'm thinking of exporting the entire "tree" from the other computer and importing it here, but that's a hassle as well as its not my computer.

Any ideas!? Thanks!

PS: Windows 10 LTSB v 1607 x64 -Up-2-date

Update: I had IE11 not installed, by installing it, Internet Options now look as they used to, but the option is still greyed out!

Update 2: I have "reset" IE Options, but still Grey :(

Answer 1

The issue was that Group Policy was somehow blocking me from adding into IE Options like I'm used to.

You want to configure Group Policy like so:

Navigate to Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page >> Site to Zone Assignment List

The "Values" are as follows:

INTERNET EXPLORER GROUP POLICY ZONE NUMBER MAPPING
Zone Number Zone Name
1   Intranet Zone
2   Trusted Sites zone
3   Internet zone
4   Restricted Sites zone

After configuration open CMD in Administrator mode and run the following:

gpupdate /force

Now reboot and test!

Sources:

https://community.spiceworks.com/topic/1182041-gpo-for-local-intranet-site http://www.grouppolicy.biz/2010/03/how-to-use-group-policy-to-configure-internet-explorer-security-zone-sites/

Answer 2

This worked for me even though it's for Windows XP.

All credit to the original author.

FYI, my system specs are:

OS Name:                   Microsoft Windows 10 Pro
OS Version:                10.0.17763 N/A Build 17763

LINK: Sites" button and "Custom Level" slider are grayed out in Internet Options - Security tab

This is the contents of that site should it ever get taken down.

---

When you open Internet Options - Security tab and click on any Zone (except Internet Zone), the Sites button may be grayed out. As a result, you may be unable to add or remove a website to the specified Zone. Additionally, you may also notice that the Custom level slider is grayed out. This prevents you from customizing the Security level for that particular Zone.

The Flags value in the registry governs the above two options (and more) for each Zone. See Description of Internet Explorer security zones registry entries for more information on the Flags value.

To enable the Sites button and the Custom Level slider for that particular Zone, follow these steps:

---

Open Registry Editor (regedit.exe) and navigate to

1. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\{Zone ID}

   Zone             {Zone ID}
   Local intranet    1
   Trusted sites     2
   Internet          3
   Restricted sites  4
   

2. Backup the key by exporting it to a REG file.

3. In the right-pane, double-click Flags and click Decimal

4. Add 3 to the existing Value data

   • Example: If Flags value reads 0 (Decimal), set it to 3 (i.e.,0 + 1 + 2)

   • Flags value listing (from MS-KB 182569)

       Flags value Setting
   1     Allow changes to custom settings
   2     Allow users to add Web sites to this zone
   4     Require verified Web sites (https protocol)
   8     Include Web sites that bypass the proxy server
   16    Include Web sites not listed in other zones
   32    Do not show security zone in Internet Properties
   64    Show the Requires Server Verification dialog box
   128   Treat Universal Naming Connections (UNCs) as intranet connections
   

5. Close Registry Editor and restart your machine and follow the route in your OP.

   • For me, the apply button was greyed out but it works none the less.

   • The entry I have entered is file://PRINCE_NASEEM but yours will differ.

Answer 3

I answer late, but I have the same problem. I recovered the .reg on a pc which was not impacted.

Copy the code, insert it into a text file that you rename to .reg.

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones]
@=""
"SelfHealCount"=dword:00000001
"SecuritySafe"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
@=""
"DisplayName"="Computer"
"PMDisplayName"="Computer [Protected Mode]"
"Description"="Your computer"
"Icon"="shell32.dll#0016"
"LowIcon"="inetcpl.cpl#005422"
"CurrentLevel"=dword:00000000
"Flags"=dword:00000021
"1200"=dword:00000000
"1400"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1]
@=""
"DisplayName"="Intranet local"
"PMDisplayName"="Local intranet [Protected Mode]"
"Description"="Cette zone contient les sites Web situés sur l’intranet de votre société."
"Icon"="shell32.dll#0018"
"LowIcon"="inetcpl.cpl#005423"
"CurrentLevel"=dword:00000000
"Flags"=dword:000000db
"1200"=dword:00000000
"1400"=dword:00000000
"2500"=dword:00000003

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2]
@=""
"DisplayName"="Trusted sites"
"PMDisplayName"="Trusted sites [Protected Mode]"
"Description"="This zone contains Web sites that you trust not to damage your computer or data."
"Icon"="inetcpl.cpl#00004480"
"LowIcon"="inetcpl.cpl#005424"
"CurrentLevel"=dword:00011000
"Flags"=dword:00000047
"1200"=dword:00000000
"1400"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
@=""
"DisplayName"="Internet"
"PMDisplayName"="Internet [Protected Mode]"
"Description"="This zone contains all Web sites you haven't placed in other zones"
"Icon"="inetcpl.cpl#001313"
"LowIcon"="inetcpl.cpl#005425"
"CurrentLevel"=dword:00011500
"Flags"=dword:00000001
"1200"=dword:00000000
"1400"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4]
@=""
"DisplayName"="Restricted sites"
"PMDisplayName"="Restricted sites [Protected Mode]"
"Description"="This zone contains Web sites that could potentially damage your computer or data."
"Icon"="inetcpl.cpl#00004481"
"LowIcon"="inetcpl.cpl#005426"
"CurrentLevel"=dword:00012000
"Flags"=dword:00000003
"1200"=dword:00000003
"1400"=dword:00000003
"1C00"=dword:00000000