Add a Trusted Site in IE using KiXtart

11th September 2007, 05:33 pm

At Ergotron, we have a browser based, third party application that works best when the server is added to the Trusted Sites Zone in Internet Explorer. In a perfect world, we could bug the developers to make it run correctly on the principle of least privilege, but that’s not likely to happen.

trusted_sites_details.png

So, I added code to our log on script, which is written in KiXtart, to add the servers for this application to the Trusted Sites Zone.

Here’s the main function:

; Add a site to the Trusted Sites Zone
FUNCTION AddTrustedSite ($Protocol, $Server, $Domain)
	$DomainsKey = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"
	$SiteKey = '$DomainsKey\$Domain\$Server\'
	$SiteValue = $Protocol
	$TrustedSitesZone = 2
 
	$Result = WRITEVALUE ($SiteKey, $SiteValue, $TrustedSitesZone, "REG_DWORD")
ENDFUNCTION

I also wanted a way to remove sites from the Trusted Sites Zone as well:

; Delete a site from the Trusted Sites Zone
FUNCTION DeleteTrustedSite ($Protocol, $Server, $Domain)
	$DomainsKey = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"
	$SiteKey = '$DomainsKey\$Domain\$Server\'
	$SiteValue = $Protocol
 
	$Result = DELVALUE ($SiteKey, $SiteValue)
ENDFUNCTION

Now, to use these functions:

; Add buggy application to the Trusted Sites Zone
AddTrustedSite ("http", "buggyapp", "example.com")
 
; Remove fixed application from the Trusted Sites Zone
DeleteTrustedSite ("http", "fixedapp", "example.com")

The value passed to $Protocol can be “http”, “https”, “file”, “ftp” or “*”. If “*” is used, the site will be trusted when it is accessed using any protocol. If anything other than “https” is specified, you must disable the “Require server verification (https) for sites in this zone” option.

This is how to disable the “Require server verification (https) for sites in this zone” option:

; Do not require https for sites in the Trusted Sites zone
$TrustedSitesFlags = VAL (READVALUE ("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\", "Flags"))
$TrustedSitesFlags = $TrustedSitesFlags | 4
$Result = WRITEVALUE ("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\", "Flags", $TrustedSitesFlags, "REG_DWORD")
Category: System Administration  |  Comment  |  E-Mail  |  Print This Post Print This Post

Scripting Language - KiXtart

31st August 2007, 02:50 pm

KiXtart is an easy to use scripting language that is ideal for logon scripts. I use KiXtart for the logon script at Ergotron to map network drives and printers, adjust system settings, remove unwanted programs, install standard software and more. Over the last few years, the script has grown to over 1,800 lines but still runs quickly and is fairly easy to maintain.

Periodically, I’ll post about common logon and administrative tasks that I’ve found KiXtart useful for.

Here’s an example of a simple use of KiXtart to map different network drives for different groups of users.

1
2
3
4
5
6
7

; Everyone gets a drive mapped to the "Company Documents" share
USE "X:" "\\SERVER\Company Documents"
 
; Only users in the "Finance" group get a drive mapped to the "Finance" share
IF INGROUP ("Finance")
	USE "Y:" "\\SERVER\Finance"
ENDIF
Category: System Administration  |  Comment  |  E-Mail  |  Print This Post Print This Post