Created
February 16, 2020 15:44
-
-
Save marrobHD/9256d4575314080c89346056603a4e6c to your computer and use it in GitHub Desktop.
Windows 10: Add trusted domains to all users using batch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@ECHO OFF | |
SETLOCAL | |
SET REG="%WINDIR%\system32\reg.exe" | |
SET INTRANET_DOMAINS=contoso.local example.local | |
SET TRUSTED_DOMAINS=microsoft.com example.com | |
IF EXIST "%USERPROFILE%\..\Default User\NTUSER.DAT" SET NTUSER="%USERPROFILE%\..\Default User\NTUSER.DAT" | |
IF EXIST "%USERPROFILE%\..\Default\NTUSER.DAT" SET NTUSER="%USERPROFILE%\..\Default\NTUSER.DAT" | |
IF DEFINED PROGRAMFILES(x86) SET X64=TRUE | |
ECHO Adding domains to Intranet Zone for HKEY_LOCAL_MACHINE | |
FOR %%D IN (%INTRANET_DOMAINS%) DO ( | |
ECHO -^> %%D | |
%REG% add "HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\%%D" /v * /t REG_DWORD /d 1 /f | |
%REG% add "HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\%%D" /v * /t REG_DWORD /d 1 /f | |
IF DEFINED X64 %REG% add "HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\%%D" /v * /t REG_DWORD /d 1 /f | |
IF DEFINED X64 %REG% add "HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\%%D" /v * /t REG_DWORD /d 1 /f | |
) | |
ECHO Adding domains to Trusted Zone for HKEY_LOCAL_MACHINE | |
FOR %%D IN (%TRUSTED_DOMAINS%) DO ( | |
ECHO -^> %%D | |
%REG% add "HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\%%D" /v * /t REG_DWORD /d 2 /f | |
%REG% add "HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\%%D" /v * /t REG_DWORD /d 2 /f | |
) | |
IF DEFINED NTUSER ECHO Loading registry defaults for new user from %NTUSER% | |
IF DEFINED NTUSER %REG% load HKU\.NTUSER %NTUSER% | |
FOR /f "usebackq tokens=1,2 delims=_" %%A IN (`%REG% query HKU`) DO ( | |
ECHO Adding domains to Intranet Zone for %%A_%%B | |
FOR %%D IN (%INTRANET_DOMAINS%) DO ( | |
ECHO -^> %%D | |
%REG% add "%%A_%%B\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\%%D" /v * /t REG_DWORD /d 1 /f | |
%REG% add "%%A_%%B\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\%%D" /v * /t REG_DWORD /d 1 /f | |
IF DEFINED X64 %REG% add "%%A_%%B\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\%%D" /v * /t REG_DWORD /d 1 /f | |
IF DEFINED X64 %REG% add "%%A_%%B\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\%%D" /v * /t REG_DWORD /d 1 /f | |
) | |
ECHO Adding domains to Trusted Zone for %%A_%%B | |
FOR %%D IN (%TRUSTED_DOMAINS%) DO ( | |
ECHO -^> %%D | |
%REG% add "%%A_%%B\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\%%D" /v * /t REG_DWORD /d 2 /f | |
%REG% add "%%A_%%B\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\%%D" /v * /t REG_DWORD /d 2 /f | |
IF DEFINED X64 %REG% add "%%A_%%B\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\%%D" /v * /t REG_DWORD /d 2 /f | |
IF DEFINED X64 %REG% add "%%A_%%B\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\%%D" /v * /t REG_DWORD /d 2 /f | |
) | |
) | |
IF DEFINED NTUSER ECHO Unloading new user registry defaults | |
IF DEFINED NTUSER %REG% unload HKU\.NTUSER | |
ENDLOCAL |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment