How to view all IE Trusted Sites when security settings are managed?

Question

If the Security Zones for Internet Explorer are managed by my system administrator, the list of Trusted Sites is disabled and I cannot scroll through the list. Is there a way I can view the full list of Trusted Sites?

Trusted sites

score 43 · Accepted Answer · edited Apr 13 '17 at 12:14

In the registry, perform a search for a URL that is known to be trusted. This should get you to the relevant key where you can see all of the others.

On my Windows 7 installation, the path appears to be HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapKey, which is slightly different from this answer.

The key should contain several string values with a name indicating the URL and numeric data indicating the zone, one of the following by default.

0 = My Computer
1 = Local Intranet Zone
2 = Trusted sites Zone
3 = Internet Zone
4 = Restricted Sites Zone

score 30 · Answer 2 · edited May 26 '15 at 17:02

30

Depends upon your firm whether the list is under HKLM or HKCU. Here's a quick Powershell command to get the list

$(get-item "HKCU:\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapKey").property

$(get-item "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapKey").property

edited May 26 '15 at 17:02

Jason Aller

2,360

answered Jan 07 '15 at 15:46

Dan Loughney

401

score 3 · Answer 3 · answered Feb 10 '15 at 13:28

3

From powershell:

Get-itemproperty "hkcu:\Software\policies\microsoft\windows\currentversion\internet settings\ZoneMapKey"

answered Feb 10 '15 at 13:28

enriqedk

31

score 2 · Answer 4 · answered Apr 18 '12 at 22:09

Try this:

Start -> type gpedit.msc -> hit Enter
navigate to Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page
in the right-hand panel, double-click on the Site to Zone Assignment List option, then click Show...
trusted sites are the ones with 2 in the Value column (1 = Intranet, 3 = Internet, 4 = Restricted)

If that doesn't work (that option is set to "Not Configured" or the list is empty), try the same, except instead of Computer Configuration, start with User Configuration.

score 2 · Answer 5 · edited Mar 05 '14 at 12:11

I came up with the following solution, I hope others will find it useful as well.

I have limited rights, only local, not enough to open and view GPEDIT on AD level.

So, what I did, and works, is to open a command prompt (as Admin) and run the command:

C:\WINDOWS\system32>GPResult /V /SCOPE Computer /H c:\temp\stuff.txt

Then perform a search e.g. for the "ZoneMapKey"

C:\WINDOWS\system32>find "ZoneMapKey" c:\temp\stuff.txt >> c:\temp\sites.txt

Keep in mind there are other keys that might require your attention, like the "approvedactivexinstalsites"...

You will have an output like:

KeyName: Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapKey\https://www.wesayso.com

Clean it up (I use Excel, use the \ as seperator and be done with it) and you will have a great list.

score 2 · Answer 6 · answered May 18 '15 at 08:28

This one works on my Windows 7 machine. It was set by my company's domain controller.

Get-ChildItem -Path "Registry::HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains" -Recurse > c:\result.txt
Get-ChildItem -Path "Registry::HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains" -Recurse
"DONE"

score 1 · Answer 7 · answered Jul 20 '20 at 09:58

on windows 10 The URL are saved in Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapKey

to get the values you can brows to the above key or via PowerShell

Get-ItemProperty "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapKey"

score 1 · Answer 8 · edited Sep 26 '17 at 17:18

Here is an enhanced version of the script that translates the zone type number in the registry to its name as seen in the IE explorer settings dialog box.

$_RegKeyList1 = @()
$_RegKeyList2 = @()
$_RegKeyList3 = @()
$_RegKeyInfo  = @()


$_RegKeyList1 = $(Get-item 'HKCU:\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapKey' -ErrorAction SilentlyContinue).property  


$_RegKeyList2 = $(Get-item 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapKey' -ErrorAction SilentlyContinue).property | Out-GridView


$_RegKeyList3 = $_RegKeyList1 + $_RegKeyList2 

Foreach($_RegValueName in $_RegKeyList3){

    $_RegValue = $(Get-ItemProperty -Path 'HKCU:\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapKey' -Name $_RegValueName  )

    Switch($_RegValue.$_RegValueName){

         0 {$_ZoneType = 'My Computer'}
         1 {$_ZoneType = 'Local Intranet Zone'}
         2 {$_ZoneType = 'Trusted sites Zone'}
         3 {$_ZoneType = 'Internet Zone'}
         4 {$_ZoneType = 'Restricted Sites Zonet'}

    }

    $_RegKeyInfo += "$_RegValueName,$_ZoneType"

}

Above we see how to gather the registry value names in a registry key and then get the data of each of those values. As each enter separates the value name and the value data with a comma, it could be further enhanced to output to a file with the csv extension and then opened in Excel. Many more possibilities if you want an actual report. But if just need to know what is the site list this will show most of them.

score 0 · Answer 9 · edited Feb 26 '19 at 16:57

Stick this in Powershell for a list of the trusted sites:

Get-ItemProperty  "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapKey" | fl

1 = Intranet zone – sites on your local network. 2 = Trusted Sites zone – sites that have been added to your trusted sites. 3 = Internet zone – sites that are on the Internet. 4 = Restricted Sites zone – sites that have been specifically added to your restricted sites.

Answer taken from: https://blogs.sulross.edu/gfreidline/2017/06/20/show-ie-trusted-sites-from-powershell/

score 0 · Answer 10 · answered Aug 08 '14 at 21:09

My key was located here (in HKEY_LOCAL_MACHINE, not HKEY_CURRENT_USER)

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapKey

I could right-click "ZoneMapKey" and choose "Export"

This .reg file can be opened in Notepad to view (and search) the text contents.

score 0 · Answer 11 · edited May 26 '15 at 17:04

This PowerShell script provides a list from both registry keys if they are populated and uses the out-gridview cmdlet to provide a search capability using the out-gridview filter field.

$_List1 = @()
$_List2 = @()
$_List3 = @()

$_List1 = $(Get-item 'HKCU:\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapKey' -ErrorAction SilentlyContinue).property  

$_List2 = $(Get-item 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapKey' -ErrorAction SilentlyContinue).property | Out-GridView

$_List3 = $_List1 + $_List2 
$_List3 | Out-GridView

How to view all IE Trusted Sites when security settings are managed?

11 Answers11