Our Active Directory domain consisting of Windows Server 2012 R2 servers and Windows 7 workstations configures Internet Explorer security zones using this Group Policy setting:
Computer Configuration/Policies/Administrative Template/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Site to Zone Assignment List
However, this has no effect on the servers, which have IE Enhanced Security Configuration enabled. How do I configure them using Group Policy? Ideally, I'd want the same settings to apply both with and without ESC without listing them twice.
https://msdn.microsoft.com/en-us/library/ms537181%28v=vs.85%29.aspx
As you want a machine setting, those would be configured like that;
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mytest.org ... ]
As the settings is not there via the normal ZoneMap GPO setting, I recommand a GPP to set the registry item within your GPO
In addition to adding EscDomains registry keys per yagmoth555's answer, I had to set
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_POLICIES_ZONEMAP_IF_ESC_ENABLED_KB918915\*to1(DWORD) for the registry settings to be applied.https://support.microsoft.com/en-gb/kb/918915 describes the problem. I initially ignored it, because it's for Windows Server 2003 and we're running 2012 R2. It turns out that, while the hotfix doesn't need to be applied to later Windows Server versions, it still needs to be enabled using this registry key.