Set email domains that client is restricted to log in with (Recommendation Setting)
Zoom 5.17.5
Supported on: Microsoft Windows XP SP2 or later
Description
Default setting is empty, client can log in with any email domains. Allow you to set multiple email domains that client is restricted to log in with. Multiple email accounts can by separated with &. For example: abc.com&zoom.us
Registry
HKLM
Software\Policies\Zoom\Zoom Meetings\Recommended\General REG Builder
BETAConfigure the state and elements to generate .reg, PowerShell, Intune, and SCCM outputs.
These exports replicate the policy's registry effect. Editing the registry directly is not the same as applying the GPO through the management console (no gpupdate, no central reporting). Test before production; HKLM changes require administrator rights.
.reg file
Windows Registry Editor Version 5.00
; Exported from gporais.com
; Policy: Set email domains that client is restricted to log in with (Recommendation Setting)
; State: Enabled
; Supported on: Microsoft Windows XP SP2 or later
[HKEY_LOCAL_MACHINE\Software\Policies\Zoom\Zoom Meetings\Recommended\General]
"SetEmailDomainsRestrictedToLogin"="" PowerShell
# Exported from gporais.com
# Policy: Set email domains that client is restricted to log in with (Recommendation Setting)
# State: Enabled
# Supported on: Microsoft Windows XP SP2 or later
$path = 'HKLM:\Software\Policies\Zoom\Zoom Meetings\Recommended\General'
New-Item -Path $path -Force | Out-Null
Set-ItemProperty -Path $path -Name 'SetEmailDomainsRestrictedToLogin' -Value '' -Type String Intune XML
No direct Policy CSP / OMA-URI mapping for this policy. Use the Intune Remediation tab, or ingest the ADMX in Intune. Intune Remediation
# === Detection script ===
# Exported from gporais.com
# Policy: Set email domains that client is restricted to log in with (Recommendation Setting)
# State: Enabled
# Supported on: Microsoft Windows XP SP2 or later
function Test-RegistryValue {
param(
[Parameter(Mandatory = $true)][string]$Path,
[Parameter(Mandatory = $true)][string]$Name,
[object]$Expected,
[ValidateSet('String', 'DWord', 'MultiString')][string]$Kind = 'String',
[switch]$Absent
)
try {
$item = Get-ItemProperty -LiteralPath $Path -Name $Name -ErrorAction Stop
} catch {
return $Absent.IsPresent
}
if ($Absent.IsPresent) { return $false }
$actual = $item.$Name
if ($Kind -eq 'DWord') { return ([int64]$actual) -eq ([int64]$Expected) }
if ($Kind -eq 'MultiString') {
$actualValues = @($actual)
$expectedValues = @($Expected)
if ($actualValues.Count -ne $expectedValues.Count) { return $false }
for ($i = 0; $i -lt $expectedValues.Count; $i++) {
if ([string]$actualValues[$i] -ne [string]$expectedValues[$i]) { return $false }
}
return $true
}
return [string]$actual -eq [string]$Expected
}
$checks = @(
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Zoom\Zoom Meetings\Recommended\General' -Name 'SetEmailDomainsRestrictedToLogin' -Expected '' -Kind String)
)
if ($checks -notcontains $false) {
Write-Output 'Compliant'
exit 0
}
Write-Output 'Non-compliant'
exit 1
# === Remediation script ===
# Exported from gporais.com
# Policy: Set email domains that client is restricted to log in with (Recommendation Setting)
# State: Enabled
# Supported on: Microsoft Windows XP SP2 or later
$path = 'HKLM:\Software\Policies\Zoom\Zoom Meetings\Recommended\General'
New-Item -Path $path -Force | Out-Null
Set-ItemProperty -Path $path -Name 'SetEmailDomainsRestrictedToLogin' -Value '' -Type String SCCM CI
# Exported from gporais.com
# Policy: Set email domains that client is restricted to log in with (Recommendation Setting)
# State: Enabled
# Supported on: Microsoft Windows XP SP2 or later
# SCCM Configuration Item guidance:
# Create a Configuration Item of type "Setting: Script".
# Discovery script: use the Detection script below.
# Remediation script: use the Remediation script below.
# Compliance rule: the Discovery script output equals 'Compliant'.
# === Detection script ===
# Exported from gporais.com
# Policy: Set email domains that client is restricted to log in with (Recommendation Setting)
# State: Enabled
# Supported on: Microsoft Windows XP SP2 or later
function Test-RegistryValue {
param(
[Parameter(Mandatory = $true)][string]$Path,
[Parameter(Mandatory = $true)][string]$Name,
[object]$Expected,
[ValidateSet('String', 'DWord', 'MultiString')][string]$Kind = 'String',
[switch]$Absent
)
try {
$item = Get-ItemProperty -LiteralPath $Path -Name $Name -ErrorAction Stop
} catch {
return $Absent.IsPresent
}
if ($Absent.IsPresent) { return $false }
$actual = $item.$Name
if ($Kind -eq 'DWord') { return ([int64]$actual) -eq ([int64]$Expected) }
if ($Kind -eq 'MultiString') {
$actualValues = @($actual)
$expectedValues = @($Expected)
if ($actualValues.Count -ne $expectedValues.Count) { return $false }
for ($i = 0; $i -lt $expectedValues.Count; $i++) {
if ([string]$actualValues[$i] -ne [string]$expectedValues[$i]) { return $false }
}
return $true
}
return [string]$actual -eq [string]$Expected
}
$checks = @(
(Test-RegistryValue -Path 'HKLM:\Software\Policies\Zoom\Zoom Meetings\Recommended\General' -Name 'SetEmailDomainsRestrictedToLogin' -Expected '' -Kind String)
)
if ($checks -notcontains $false) {
Write-Output 'Compliant'
exit 0
}
Write-Output 'Non-compliant'
exit 1
# === Remediation script ===
# Exported from gporais.com
# Policy: Set email domains that client is restricted to log in with (Recommendation Setting)
# State: Enabled
# Supported on: Microsoft Windows XP SP2 or later
$path = 'HKLM:\Software\Policies\Zoom\Zoom Meetings\Recommended\General'
New-Item -Path $path -Force | Out-Null
Set-ItemProperty -Path $path -Name 'SetEmailDomainsRestrictedToLogin' -Value '' -Type String