The definitive guide to Site to Zone assignment syntax can be found at: http://evilgpo.blogspot.com/2016/03/internet-explorer-site-to-zone.html
The typical problems are:
- Trying to use two stars like *://*.yourcompany.com,trusted …. INVALID
- www.mycorp.* …INVALID.
- 192.168.*.1 … INVALID.
- *://*.abc.com … INVALID.. two wildcards
— More Examples Below —
Valid entry – consist of a fully qualified host name (FQDN). Since no protocol is specified, it will be applied for all protocols.
Valid entry – consist of a protocol and a plain host name. Since no domain is specified, it will be applied to a host sitting in the primary dns suffix domain.
Partially valid entry – consist of protocol, host and port. The port will be transparently stripped, it will be applied for all ports on that host.
Partially valid entry – consist of protocol, host and path. The path will be transparently stripped, it will be applied for all paths on that host.
Valid entry – since the protocol is a wildcard, it is identical to specifyingwww.microsoft.com (without a protocol)
Valid entry – since the plain hostname is a wildcard, it applies to all hosts in the domainmycorp.com.
Valid entry – IP addresses are allowed as well as hostnames.
Valid entry – consists of an IP range and a wildcard for all hosts in that range.
Valid entry – but be aware that this is not an entry for the host microsoft in the domain com, but s2z converts this to *.microsoft.com. This is an implication of one of the rules above: If you use a FQDN, it must consist of at least 3 parts. Since we have only 2 parts here, s2z assumes this to be a domain.
Invalid entry – a wildcard is not allowed as a part of the hostname, but for the whole hostname only.
Invalid entry – the wildcard replaces a part of the domain.
Invalid entry (same as above) – the wildcard replaces a part of the domain.
Invalid entry – a wildcard is not allowed as a part of the protocol, but for the whole protocol only (which of course is the same as omitting the protocol at all).
Invalid entry – a wildcard for IP addresses can only be used in the last position.
Invalid entry – only one wildcard is allowed, and only for the hostname.
Remark: In earlier versions of windows, if you provided a wildcard with a second level domain with only two letters (*.co.uk e.g.), this was an invalid entry. This was to prevent the whole SLD of some countrys to be added. At the time of this writing, this type of entry has become valid in Windows 10.