Computer/User Node |
Policy Path |
Full Policy Name |
Supported on |
Help/Explain Text |
Registry Settings |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
USER |
Administrative Templates\Windows Components\Internet Explorer |
Search: Disable Search Customization |
at least Internet Explorer v5.0 |
Makes the Customize button in the Search Assistant appear
dimmed. The Search Assistant is a tool
that appears in the Search bar to help users
search the Internet. If you enable
this policy, users cannot change their Search Assistant settings, such as
setting default search engines for specific tasks. If you disable this policy or do not
configure it, users can change their settings for the Search Assistant. This policy is designed to help
administrators maintain consistent settings for searching across an
organization. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Infodelivery\Restrictions!NoSearchCustomization |
|
USER |
Administrative Templates\Windows Components\Internet Explorer |
Search: Disable Find Files via F3 within the browser |
at least Internet Explorer v5.0 |
Disables using the F3 key to search in Internet Explorer and
Windows Explorer. If you enable this
policy, the search functionality of the F3 key is
disabled. Users cannot press F3 to search the Internet (from Internet
Explorer) or to search the hard disk (from Windows Explorer). If the user
presses F3, a prompt appears that informs the user that this feature has been
disabled. If you disable this policy
or do not configure it, users can press F3 to search the Internet (from
Internet Explorer) or the hard disk (from Windows Explorer). This policy is intended for situations in
which administrators do not want users to explore the Internet or the hard
disk. This policy can be used in
coordination with the File Menu: Disable Open menu option policy (located in
\User Configuration\Administrative Templates\Windows Components\Internet
Explorer\Browser Menus), which prevents users from opening files by using the
browser. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Restrictions!NoFindFiles |
|
USER |
Administrative Templates\Windows Components\Internet Explorer |
Disable external branding of Internet Explorer |
at least Internet Explorer v5.0 |
Prevents branding of Internet programs, such as customization
of Internet Explorer and Outlook Express logos and title bars, by another party. If you enable this policy, it prevents
customization of the browser by another party, such as an Internet service
provider or Internet content provider.
If you disable this policy or do not configure it, users could install
customizations from another party-for example, when signing up for Internet
services. This policy is intended for
administrators who want to maintain a consistent browser across an
organization. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Restrictions!NoExternalBranding |
|
USER |
Administrative Templates\Windows Components\Internet Explorer |
Disable importing and exporting of favorites |
at least Internet Explorer v5.0 |
Prevents users from exporting or importing favorite links by
using the Import/Export Wizard. If you
enable this policy, the Import/Export Wizard
cannot import or export favorite links or cookies, which are small text files
that contain settings for Web sites.
If you disable this policy or do not configure it, users can import
and export favorites in Internet Explorer by clicking the File menu, clicking
Import and Export, and then running the Import/Export Wizard. Note: If you enable this policy, users can
still view screens in the wizard, but when users click Finish, a prompt will
appear that states that this feature has been disabled. |
HKCU\Software\Policies\Microsoft\Internet
Explorer!DisableImportExportFavorites |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel |
Disable the General page |
at least Internet Explorer v5.0 |
Removes the General tab from the interface in the Internet
Options dialog box. If you enable this
policy, users are unable to see and change
settings for the home page, the cache, history, Web page appearance, and
accessibility. If you disable this
policy or do not configure it, users can see and change these settings. When you set this policy, you do not need
to set the following Internet Explorer policies (located in \User
Configuration\Administrative Templates\Windows Components\Internet
Explorer\), because this policy removes the General tab from the
interface: Disable changing home page
settings Disable changing Temporary
Internet files settings Disable changing
history settings Disable changing
color settings Disable changing link
color settings Disable changing font
settings Disable changing language
settings Disable changing
accessibility settings |
HKCU\Software\Policies\Microsoft\Internet Explorer\Control
Panel!GeneralTab |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel |
Disable the Security page |
at least Internet Explorer v5.0 |
Removes the Security tab from the interface in the Internet
Options dialog box. If you enable this
policy, it prevents users from seeing and changing
settings for security zones, such as scripting, downloads, and user
authentication. If you disable this
policy or do not configure it, users can see and change these settings. When you set this policy, you do not need
to set the following Internet Explorer policies, because this policy removes
the Security tab from the interface:
Security zones: Do not allow users to change policies Security zones: Do not allow users to
add/delete sites |
HKCU\Software\Policies\Microsoft\Internet Explorer\Control
Panel!SecurityTab |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel |
Disable the Content page |
at least Internet Explorer v5.0 |
Removes the Content tab from the interface in the Internet
Options dialog box. If you enable this
policy, users are prevented from seeing and
changing ratings, certificates, AutoComplete, Wallet, and Profile Assistant
settings. If you disable this policy
or do not configure it, users can see and change these settings. When you set this policy, you do not need
to set the following policies for the Content tab, because this policy
removes the Content tab from the interface:
Disable changing ratings settings
Disable changing certificate settings
Disable changing Profile Assistant settings Disable AutoComplete for forms Do not allow AutoComplete to save passwords |
HKCU\Software\Policies\Microsoft\Internet Explorer\Control
Panel!ContentTab |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel |
Disable the Connections page |
at least Internet Explorer v5.0 |
Removes the Connections tab from the interface in the Internet
Options dialog box. If you enable this
policy, users are prevented from seeing and
changing connection and proxy settings.
If you disable this policy or do not configure it, users can see and
change these settings. When you set
this policy, you do not need to set the following policies for the Content
tab, because this policy removes the Connections tab from the interface: Disable Internet Connection Wizard Disable changing connection settings Disable changing proxy settings Disable changing Automatic Configuration
settings |
HKCU\Software\Policies\Microsoft\Internet Explorer\Control
Panel!ConnectionsTab |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel |
Disable the Programs page |
at least Internet Explorer v5.0 |
Removes the Programs tab from the interface in the Internet
Options dialog box. If you enable this
policy, users are prevented from seeing and
changing default settings for Internet programs. If you disable this policy or do not
configure it, users can see and change these settings. When you set this policy, you do not need
to set the following policies for the Programs tab, because this policy
removes the Programs tab from the interface:
Disable changing Messaging settings
Disable changing Calendar and Contact settings Disable the Reset Web Settings feature Disable changing default browser check |
HKCU\Software\Policies\Microsoft\Internet Explorer\Control
Panel!ProgramsTab |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel |
Disable the Privacy page |
at least Internet Explorer v5.0 |
Removes the Privacy tab from the interface in the Internet
Options dialog box. If you enable this
policy, users are prevented from seeing and
changing default settings for privacy.
If you disable this policy or do not configure it, users can see and
change these settings. |
HKCU\Software\Policies\Microsoft\Internet Explorer\Control
Panel!PrivacyTab |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel |
Disable the Advanced page |
at least Internet Explorer v5.0 |
Removes the Advanced tab from the interface in the Internet
Options dialog box. If you enable this
policy, users are prevented from seeing and
changing advanced Internet settings, such as security, multimedia, and
printing. If you disable this policy
or do not configure it, users can see and change these settings. When you set this policy, you do not need
to set the Disable changing Advanced page settings policy (located in \User
Configuration\Administrative Templates\Windows Components\Internet
Explorer\), because this policy removes the Advanced tab from the interface. |
HKCU\Software\Policies\Microsoft\Internet Explorer\Control
Panel!AdvancedTab |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone |
Run .NET Framework-reliant components signed with Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether .NET
Framework components that are signed with Authenticode can be executed from Internet Explorer. These components
include managed controls referenced from an object tag and managed
executables referenced from a link. If
you enable this policy setting, Internet Explorer will execute signed managed
components. If you select Prompt in the drop-down box, Internet Explorer will
prompt the user to determine whether to execute signed managed
components. If you disable this policy
setting, Internet Explorer will not execute signed managed components. If you do not configure this policy
setting, Internet Explorer will execute signed managed components. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2001 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone |
Run .NET Framework-reliant components not signed with
Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether .NET
Framework components that are not signed with Authenticode can be executed from Internet Explorer. These
components include managed controls referenced from an object tag and managed
executables referenced from a link. If
you enable this policy setting, Internet Explorer will execute unsigned
managed components. If you select Prompt in the drop-down box, Internet
Explorer will prompt the user to determine whether to execute unsigned
managed components. If you disable
this policy setting, Internet Explorer will not execute unsigned managed
components. If you do not configure
this policy setting, Internet Explorer will execute unsigned managed
components. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2004 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone |
Download signed ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users may
download signed ActiveX controls from a page in the zone. If you enable this policy,
users can download signed controls without user intervention. If you select
Prompt in the drop-down box, users are queried whether to download controls
signed by publishers who aren't trusted. Code signed by trusted publishers is
silently downloaded. If you disable
the policy setting, signed controls cannot be downloaded. If you do not configure this policy setting,
users are queried whether to download controls signed by publishers who
aren't trusted. Code signed by trusted
publishers is silently downloaded. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1001 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone |
Download unsigned ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users may
download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an
untrusted zone. If you enable this
policy setting, users can run unsigned controls without user intervention. If
you select Prompt in the drop-down box, users are queried to choose whether
to allow the unsigned control to run.
If you disable this policy setting, users cannot run unsigned
controls. If you do not configure this
policy setting, users cannot run unsigned controls. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1004 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone |
Initialize and script ActiveX controls not marked as safe |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage ActiveX controls not
marked as safe. If you enable this
policy setting, ActiveX controls are run, loaded
with parameters, and scripted without setting object safety for untrusted
data or scripts. This setting is not recommended, except for secure and
administered zones. This setting causes both unsafe and safe controls to be
initialized and scripted, ignoring the Script ActiveX controls marked safe
for scripting option. If you enable
this policy setting and select Prompt in the drop-down box, users are queried
whether to allow the control to be loaded with parameters or scripted. If you disable this policy setting, ActiveX
controls that cannot be made safe are not loaded with parameters or
scripted. If you do not configure this
policy setting, ActiveX controls that cannot be made safe are not loaded with
parameters or scripted. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1201 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone |
Run ActiveX controls and plugins |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether ActiveX
controls and plug-ins can be run on pages from the specified zone. If you
enable this policy setting, controls and plug-ins can run without user
intervention. If you selected Prompt
in the drop-down box, users are asked to choose whether to allow the controls
or plug-in to run. If you disable this
policy setting, controls and plug-ins are prevented from running. If you do not configure this policy
setting, controls and plug-ins can run without user intervention. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1200 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone |
Script ActiveX controls marked safe for scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether an ActiveX
control marked safe for scripting can interact with a script. If you
enable this policy setting, script interaction can occur automatically
without user intervention. If you
select Prompt in the drop-down box, users are queried to choose whether to
allow script interaction. If you
disable this policy setting, script interaction is prevented from
occurring. If you do not configure
this policy setting, script interaction can occur automatically without user
intervention. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1405 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone |
Allow file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether file
downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the
download, not the zone from which the file is delivered. If you enable this policy setting, files
can be downloaded from the zone. If
you disable this policy setting, files are prevented from being downloaded
from the zone. If you do not
configure this policy setting, files can be downloaded from the zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1803 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone |
Allow font downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether pages of the
zone may download HTML fonts. If you
enable this policy setting, HTML fonts can be
downloaded automatically. If you enable this policy setting and Prompt is
selected in the drop-down box, users are queried whether to allow HTML fonts
to download. If you disable this
policy setting, HTML fonts are prevented from downloading. If you do not configure this policy
setting, HTML fonts can be downloaded automatically. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1604 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone |
Java permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage permissions for Java
applets. If you enable this policy
setting, you can choose options from the drop-down
box. Custom, to control permissions settings individually. Low Safety enables applets to perform all
operations. Medium Safety enables
applets to run in their sandbox (an area in memory outside of which the
program cannot make calls), plus capabilities like scratch space (a safe and
secure storage area on the client computer) and user-controlled file
I/O. High Safety enables applets to
run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java
applets cannot run. If you do not configure
this policy setting, the permission is set to High Safety. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1C00 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone |
Access data sources across domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether Internet
Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data
Objects (ADO). If you enable this
policy setting, users can load a page in the zone that uses MSXML or ADO to
access data from another site in the zone. If you select Prompt in the
drop-down box, users are queried to choose whether to allow a page to be
loaded in the zone that uses MSXML or ADO to access data from another site in
the zone. If you disable this policy
setting, users cannot load a page in the zone that uses MSXML or ADO to
access data from another site in the zone.
If you do not configure this policy setting, users cannot load a page
in the zone that uses MSXML or ADO to access data from another site in the
zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1406 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone |
Allow active content over restricted protocols to access my
computer |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether a resource
hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script, ActiveX, Java
and Binary Behaviors. The list of restricted protocols may be set in the
Intranet Zone Restricted Protocols section under Network Protocol Lockdown
policy. If you enable this policy
setting, no Intranet Zone content accessed is affected, even for protocols on
the restricted list. If you select Prompt from the drop-down box, the
Information Bar will appear to allow control over questionable content
accessed over any restricted protocols; content over other protocols is
unaffected. If you disable this policy
setting, all attempts to access such content over the restricted protocols is
blocked. If you do not configure this
policy setting, the Information Bar will appear to allow control over
questionable content accessed over any restricted protocols when the Network
Protocol Lockdown security feature is enabled. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2300 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone |
Automatic prompting for file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting determines whether users will be prompted
for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for
user-initiated downloads. If you
enable this setting, users will receive a file download dialog for automatic
download attempts. If you disable or
do not configure this setting, file downloads that are not user-initiated
will be blocked, and users will see the Information Bar instead of the file
download dialog. Users can then click the Information Bar to allow the file
download prompt. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2200 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone |
Automatic prompting for ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting manages whether users will be
automatically prompted for ActiveX control installations. If you enable
this policy setting, users will receive a prompt when a site instantiates an
ActiveX control they do not have installed.
If you disable this policy setting, ActiveX control installations will
be blocked using the Information Bar. Users can click on the Information Bar
to allow the ActiveX control prompt.
If you do not configure this policy setting, ActiveX control
installations will be blocked using the Information Bar. Users can click on
the Information Bar to allow the ActiveX control prompt. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2201 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone |
Allow META REFRESH |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether a user's
browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag)
to redirect browsers to another Web page.
If you enable this policy setting, a user's browser that loads a page
containing an active Meta Refresh setting can be redirected to another Web
page. If you disable this policy
setting, a user's browser that loads a page containing an active Meta Refresh
setting cannot be redirected to another Web page. If you do not configure this policy
setting, a user's browser that loads a page containing an active Meta Refresh
setting can be redirected to another Web page. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1608 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone |
Allow script-initiated windows without size or position
constraints |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage restrictions on
script-initiated pop-up windows and windows that include the title and status bars.
If you enable this policy setting, Windows Restrictions security will
not apply in this zone. The security zone runs without the added layer of
security provided by this feature. If
you disable this policy setting, the possible harmful actions contained in
script-initiated pop-up windows and windows that include the title and status
bars cannot be run. This Internet Explorer security feature will be on in
this zone as dictated by the Scripted Windows Security Restrictions feature
control setting for the process. If
you do not configure this policy setting, the possible harmful actions
contained in script-initiated pop-up windows and windows that include the
title and status bars cannot be run. This Internet Explorer security feature
will be on in this zone as dictated by the Scripted Windows Security
Restrictions feature control setting for the process. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2102 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone |
Allow binary and script behaviors |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage dynamic binary and
script behaviors: components that encapsulate specific functionality for HTML elements to which they were
attached. If you enable this policy
setting, binary and script behaviors are available. If you select
Administrator approved in the drop-down box, only behaviors listed in the
Admin-approved Behaviors under Binary Behaviors Security Restriction policy
are available. If you disable this
policy setting, binary and script behaviors are not available unless
applications have implemented a custom security manager. If you do not configure this policy
setting, binary and script behaviors are available. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2000 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone |
Display mixed content |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can
display nonsecure items and manage whether users receive a security information message to display pages containing both
secure and nonsecure items. If you
enable this policy setting, and the drop-down box is set to Enable, the user
does not receive a security information message (This page contains both
secure and nonsecure items. Do you want to display the nonsecure items?) and
nonsecure content can be displayed. If
the drop-down box is set to Prompt, the user will receive the security
information message on the Web pages that contain both secure (https://) and
nonsecure (http://) content. If you
disable this policy setting, users cannot receive the security information
message and nonsecure content cannot be displayed. If you do not configure this policy
setting, the user will receive the security information message on the Web
pages that contain both secure (https://) and nonsecure (http://) content. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1609 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone |
Do not prompt for client certificate selection when no
certificates or only one certificate exists. |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users are
prompted to select a certificate when no certificate or only one certificate exists. If you enable this policy setting, Internet
Explorer does not prompt users with a Client Authentication message when they
connect to a Web site that has no certificate or only one certificate. If you disable this policy setting,
Internet Explorer prompts users with a Client Authentication message when
they connect to a Web site that has no certificate or only one certificate. If you do not configure this policy
setting, Internet Explorer prompts users with a Client Authentication message
when they connect to a Web site that has no certificate or only one
certificate. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1A04 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone |
Allow drag and drop or copy and paste files |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can
drag files or copy and paste files from a source within the zone. If you
enable this policy setting, users can drag files or copy and paste files from
this zone automatically. If you select Prompt in the drop-down box, users are
queried to choose whether to drag or copy files from this zone. If you disable this policy setting, users
are prevented from dragging files or copying and pasting files from this
zone. If you do not configure this
policy setting, users can drag files or copy and paste files from this zone
automatically. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1802 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone |
Allow installation of desktop items |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can
install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting,
users can install desktop items from this zone automatically. If you select Prompt in the drop-down box,
users are queried to choose whether to install desktop items from this
zone. If you disable this policy
setting, users are prevented from installing desktop items from this
zone. If you do not configure this
policy setting, users are queried to choose whether to install desktop items
from this zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1800 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone |
Launching applications and files in an IFRAME |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether applications
may be run and files may be downloaded from an IFRAME
reference in the HTML of the pages in this zone. If you enable this policy setting, users
can run applications and download files from IFRAMEs on the pages in this
zone without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to run applications and download files
from IFRAMEs on the pages in this zone.
If you disable this policy setting, users are prevented from running
applications and downloading files from IFRAMEs on the pages in this
zone. If you do not configure this
policy setting, users are queried to choose whether to run applications and
download files from IFRAMEs on the pages in this zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1804 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone |
Navigate sub-frames across different domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage the opening of
sub-frames and access of applications across different domains. If you
enable this policy setting, users can open sub-frames from other domains and
access applications from other domains. If you select Prompt in the drop-down
box, users are queried whether to allow sub-frames or access to applications
from other domains. If you disable
this policy setting, users cannot open sub-frames or access applications from
different domains. If you do not configure
this policy setting, users can open sub-frames from other domains and access
applications from other domains. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1607 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone |
Open files based on content, not file extension |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage MIME sniffing for
file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet
Explorer of the file type based on a bit signature. If you enable this policy setting, the MIME
Sniffing Safety Feature will not apply in this zone. The security zone will
run without the added layer of security provided by this feature. If you disable this policy setting, the
actions that may be harmful cannot run; this Internet Explorer security
feature will be turned on in this zone, as dictated by the feature control
setting for the process. If you do not
configure this policy setting, the MIME Sniffing Safety Feature will not
apply in this zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2100 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone |
Software channel permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage software channel
permissions. If you enable this policy
setting, you can choose the following options from
the drop-down box. Low safety to allow
users to be notified of software updates by e-mail, software packages to be
automatically downloaded to users' computers, and software packages to be
automatically installed on users' computers.
Medium safety to allow users to be notified of software updates by
e-mail and software packages to be automatically downloaded to (but not
installed on) users' computers. High
safety to prevent users from being notified of software updates by e-mail,
software packages from being automatically downloaded to users' computers,
and software packages from being automatically installed on users'
computers. If you disable this policy
setting, permissions are set to high safety.
If you do not configure this policy setting, permissions are set to
Medium safety. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1E05 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone |
Submit non-encrypted form data |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether data on HTML
forms on pages in the zone may be submitted. Forms
sent with SSL (Secure Sockets Layer) encryption are always allowed; this
setting only affects non-SSL form data submission. If you enable this policy setting,
information using HTML forms on pages in this zone can be submitted
automatically. If you select Prompt in the drop-down box, users are queried
to choose whether to allow information using HTML forms on pages in this zone
to be submitted. If you disable this
policy setting, information using HTML forms on pages in this zone is
prevented from being submitted. If you
do not configure this policy setting, users are queried to choose whether to
allow information using HTML forms on pages in this zone to be submitted. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1601 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone |
Use Pop-up Blocker |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether unwanted
pop-up windows appear. Pop-up windows that are opened
when the end user clicks a link are not blocked. If you enable this policy setting, most
unwanted pop-up windows are prevented from appearing. If you disable this policy setting, pop-up
windows are not prevented from appearing.
If you do not configure this policy setting, most unwanted pop-up
windows are prevented from appearing. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1809 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone |
Userdata persistence |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage the preservation of
information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
When a user returns to a persisted page, the state of the page can be
restored if this policy setting is appropriately configured. If you enable this policy setting, users
can preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you disable this policy setting, users
cannot preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you do not configure this policy
setting, users can preserve information in the browser's history, in
favorites, in an XML store, or directly within a Web page saved to disk. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1606 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone |
Web sites in less privileged Web content zones can navigate
into this zone |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether Web sites
from less privileged zones, such as Restricted Sites, can navigate into this zone. If you enable this policy setting, Web
sites from less privileged zones can open new windows in, or navigate into,
this zone. The security zone will run
without the added layer of security that is provided by the Protection from
Zone Elevation security feature. If you select Prompt in the drop-down box, a
warning is issued to the user that potentially risky navigation is about to
occur. If you disable this policy
setting, the possibly harmful navigations are prevented. The Internet
Explorer security feature will be on in this zone as set by Protection from
Zone Elevation feature control. If you
do not configure this policy setting, Web sites from less privileged zones
can open new windows in, or navigate into, this zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2101 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone |
Allow active scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether script code
on pages in the zone is run. If you
enable this policy setting, script code on pages
in the zone can run automatically. If you select Prompt in the drop-down box,
users are queried to choose whether to allow script code on pages in the zone
to run. If you disable this policy
setting, script code on pages in the zone is prevented from running. If you do not configure this policy
setting, script code on pages in the zone can run automatically. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1400 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone |
Allow paste operations via script |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether scripts can
perform a clipboard operation (for example, cut, copy, and paste) in a specified region. If you enable this policy setting, a script
can perform a clipboard operation. If
you select Prompt in the drop-down box, users are queried as to whether to
perform clipboard operations. If you
disable this policy setting, a script cannot perform a clipboard
operation. If you do not configure
this policy setting, a script can perform a clipboard operation. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1407 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone |
Scripting of Java applets |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether applets are
exposed to scripts within the zone. If
you enable this policy setting, scripts can access
applets automatically without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to allow scripts to access applets. If you disable this policy setting, scripts
are prevented from accessing applets.
If you do not configure this policy setting, scripts can access
applets automatically without user intervention. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1402 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone |
Logon options |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage settings for logon
options. If you enable this policy
setting, you can choose from the following logon
options. Anonymous logon to disable
HTTP authentication and use the guest account only for the Common Internet
File System (CIFS) protocol. Prompt
for user name and password to query users for user IDs and passwords. After a
user is queried, these values can be used silently for the remainder of the
session. Automatic logon only in
Intranet zone to query users for user IDs and passwords in other zones. After
a user is queried, these values can be used silently for the remainder of the
session. Automatic logon with current
user name and password to attempt logon using Windows NT Challenge Response
(also known as NTLM authentication). If Windows NT Challenge Response is
supported by the server, the logon uses the user's network user name and
password for logon. If Windows NT Challenge Response is not supported by the
server, the user is queried to provide the user name and password. If you disable this policy setting, logon
is set to Automatic logon only in Intranet zone. If you do not configure this policy
setting, logon is set to Automatic logon only in Intranet zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1A00 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Run .NET Framework-reliant components signed with Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether .NET
Framework components that are signed with Authenticode can be executed from Internet Explorer. These components
include managed controls referenced from an object tag and managed
executables referenced from a link. If
you enable this policy setting, Internet Explorer will execute signed managed
components. If you select Prompt in the drop-down box, Internet Explorer will
prompt the user to determine whether to execute signed managed
components. If you disable this policy
setting, Internet Explorer will not execute signed managed components. If you do not configure this policy
setting, Internet Explorer will not execute signed managed components. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2001 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Run .NET Framework-reliant components not signed with
Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether .NET
Framework components that are not signed with Authenticode can be executed from Internet Explorer. These
components include managed controls referenced from an object tag and managed
executables referenced from a link. If
you enable this policy setting, Internet Explorer will execute unsigned
managed components. If you select Prompt in the drop-down box, Internet
Explorer will prompt the user to determine whether to execute unsigned
managed components. If you disable
this policy setting, Internet Explorer will not execute unsigned managed
components. If you do not configure
this policy setting, Internet Explorer will not execute unsigned managed
components. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2004 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Download signed ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users may
download signed ActiveX controls from a page in the zone. If you enable this policy,
users can download signed controls without user intervention. If you select
Prompt in the drop-down box, users are queried whether to download controls
signed by publishers who aren't trusted. Code signed by trusted publishers is
silently downloaded. If you disable
the policy setting, signed controls cannot be downloaded. If you do not configure this policy setting,
users are queried whether to download controls signed by publishers who
aren't trusted. Code signed by trusted
publishers is silently downloaded. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1001 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Download unsigned ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users may
download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an
untrusted zone. If you enable this
policy setting, users can run unsigned controls without user intervention. If
you select Prompt in the drop-down box, users are queried to choose whether
to allow the unsigned control to run.
If you disable this policy setting, users cannot run unsigned
controls. If you do not configure this
policy setting, users cannot run unsigned controls. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1004 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Initialize and script ActiveX controls not marked as safe |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage ActiveX controls not
marked as safe. If you enable this
policy setting, ActiveX controls are run, loaded
with parameters, and scripted without setting object safety for untrusted
data or scripts. This setting is not recommended, except for secure and
administered zones. This setting causes both unsafe and safe controls to be
initialized and scripted, ignoring the Script ActiveX controls marked safe
for scripting option. If you enable
this policy setting and select Prompt in the drop-down box, users are queried
whether to allow the control to be loaded with parameters or scripted. If you disable this policy setting, ActiveX
controls that cannot be made safe are not loaded with parameters or
scripted. If you do not configure this
policy setting, ActiveX controls that cannot be made safe are not loaded with
parameters or scripted. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1201 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Run ActiveX controls and plugins |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether ActiveX
controls and plug-ins can be run on pages from the specified zone. If you
enable this policy setting, controls and plug-ins can run without user
intervention. If you selected Prompt
in the drop-down box, users are asked to choose whether to allow the controls
or plug-in to run. If you disable this
policy setting, controls and plug-ins are prevented from running. If you do not configure this policy
setting, controls and plug-ins are prevented from running. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1200 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Script ActiveX controls marked safe for scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether an ActiveX
control marked safe for scripting can interact with a script. If you
enable this policy setting, script interaction can occur automatically
without user intervention. If you
select Prompt in the drop-down box, users are queried to choose whether to
allow script interaction. If you
disable this policy setting, script interaction is prevented from
occurring. If you do not configure
this policy setting, script interaction can occur automatically without user
intervention. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1405 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Allow file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether file
downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the
download, not the zone from which the file is delivered. If you enable this policy setting, files
can be downloaded from the zone. If
you disable this policy setting, files are prevented from being downloaded
from the zone. If you do not
configure this policy setting, files can be downloaded from the zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1803 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Allow font downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether pages of the
zone may download HTML fonts. If you
enable this policy setting, HTML fonts can be
downloaded automatically. If you enable this policy setting and Prompt is
selected in the drop-down box, users are queried whether to allow HTML fonts
to download. If you disable this
policy setting, HTML fonts are prevented from downloading. If you do not configure this policy
setting, HTML fonts can be downloaded automatically. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1604 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Java permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage permissions for Java
applets. If you enable this policy
setting, you can choose options from the drop-down
box. Custom, to control permissions settings individually. Low Safety enables applets to perform all
operations. Medium Safety enables
applets to run in their sandbox (an area in memory outside of which the
program cannot make calls), plus capabilities like scratch space (a safe and
secure storage area on the client computer) and user-controlled file
I/O. High Safety enables applets to
run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java
applets cannot run. If you do not configure
this policy setting, Java applets are disabled. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1C00 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Access data sources across domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether Internet
Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data
Objects (ADO). If you enable this
policy setting, users can load a page in the zone that uses MSXML or ADO to
access data from another site in the zone. If you select Prompt in the
drop-down box, users are queried to choose whether to allow a page to be
loaded in the zone that uses MSXML or ADO to access data from another site in
the zone. If you disable this policy
setting, users cannot load a page in the zone that uses MSXML or ADO to
access data from another site in the zone.
If you do not configure this policy setting, users cannot load a page
in the zone that uses MSXML or ADO to access data from another site in the
zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1406 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Automatic prompting for file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting determines whether users will be prompted
for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for
user-initiated downloads. If you
enable this setting, users will receive a file download dialog for automatic
download attempts. If you disable or
do not configure this setting, file downloads that are not user-initiated
will be blocked, and users will see the Information Bar instead of the file
download dialog. Users can then click the Information Bar to allow the file
download prompt. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2200 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Automatic prompting for ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting manages whether users will be
automatically prompted for ActiveX control installations. If you enable
this policy setting, users will receive a prompt when a site instantiates an
ActiveX control they do not have installed.
If you disable this policy setting, ActiveX control installations will
be blocked using the Information Bar. Users can click on the Information Bar
to allow the ActiveX control prompt.
If you do not configure this policy setting, ActiveX control
installations will be blocked using the Information Bar. Users can click on
the Information Bar to allow the ActiveX control prompt. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2201 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Allow META REFRESH |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether a user's
browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag)
to redirect browsers to another Web page.
If you enable this policy setting, a user's browser that loads a page
containing an active Meta Refresh setting can be redirected to another Web
page. If you disable this policy
setting, a user's browser that loads a page containing an active Meta Refresh
setting cannot be redirected to another Web page. If you do not configure this policy
setting, a user's browser that loads a page containing an active Meta Refresh
setting can be redirected to another Web page. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1608 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Allow script-initiated windows without size or position
constraints |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage restrictions on
script-initiated pop-up windows and windows that include the title and status bars.
If you enable this policy setting, Windows Restrictions security will
not apply in this zone. The security zone runs without the added layer of
security provided by this feature. If
you disable this policy setting, the possible harmful actions contained in
script-initiated pop-up windows and windows that include the title and status
bars cannot be run. This Internet Explorer security feature will be on in
this zone as dictated by the Scripted Windows Security Restrictions feature
control setting for the process. If
you do not configure this policy setting, the possible harmful actions
contained in script-initiated pop-up windows and windows that include the
title and status bars cannot be run. This Internet Explorer security feature
will be on in this zone as dictated by the Scripted Windows Security
Restrictions feature control setting for the process. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2102 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Allow binary and script behaviors |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage dynamic binary and
script behaviors: components that encapsulate specific functionality for HTML elements to which they were
attached. If you enable this policy
setting, binary and script behaviors are available. If you select
Administrator approved in the drop-down box, only behaviors listed in the
Admin-approved Behaviors under Binary Behaviors Security Restriction policy
are available. If you disable this
policy setting, binary and script behaviors are not available unless
applications have implemented a custom security manager. If you do not configure this policy
setting, only behaviors listed in the Admin-approved Behaviors under Binary
Behaviors Security Restriction policy are available. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2000 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Display mixed content |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can
display nonsecure items and manage whether users receive a security information message to display pages containing both
secure and nonsecure items. If you
enable this policy setting, and the drop-down box is set to Enable, the user
does not receive a security information message (This page contains both
secure and nonsecure items. Do you want to display the nonsecure items?) and
nonsecure content can be displayed. If
the drop-down box is set to Prompt, the user will receive the security
information message on the Web pages that contain both secure (https://) and
nonsecure (http://) content. If you
disable this policy setting, users cannot receive the security information
message and nonsecure content cannot be displayed. If you do not configure this policy
setting, the user will receive the security information message on the Web
pages that contain both secure (https://) and nonsecure (http://) content. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1609 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Do not prompt for client certificate selection when no
certificates or only one certificate exists. |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users are
prompted to select a certificate when no certificate or only one certificate exists. If you enable this policy setting, Internet
Explorer does not prompt users with a Client Authentication message when they
connect to a Web site that has no certificate or only one certificate. If you disable this policy setting,
Internet Explorer prompts users with a Client Authentication message when
they connect to a Web site that has no certificate or only one certificate. If you do not configure this policy
setting, Internet Explorer prompts users with a Client Authentication message
when they connect to a Web site that has no certificate or only one
certificate. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1A04 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Allow drag and drop or copy and paste files |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can
drag files or copy and paste files from a source within the zone. If you
enable this policy setting, users can drag files or copy and paste files from
this zone automatically. If you select Prompt in the drop-down box, users are
queried to choose whether to drag or copy files from this zone. If you disable this policy setting, users
are prevented from dragging files or copying and pasting files from this
zone. If you do not configure this
policy setting, users can drag files or copy and paste files from this zone
automatically. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1802 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Allow installation of desktop items |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can
install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting,
users can install desktop items from this zone automatically. If you select Prompt in the drop-down box,
users are queried to choose whether to install desktop items from this
zone. If you disable this policy
setting, users are prevented from installing desktop items from this
zone. If you do not configure this
policy setting, users are queried to choose whether to install desktop items
from this zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1800 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Launching applications and files in an IFRAME |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether applications
may be run and files may be downloaded from an IFRAME
reference in the HTML of the pages in this zone. If you enable this policy setting, users
can run applications and download files from IFRAMEs on the pages in this
zone without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to run applications and download files
from IFRAMEs on the pages in this zone.
If you disable this policy setting, users are prevented from running
applications and downloading files from IFRAMEs on the pages in this
zone. If you do not configure this
policy setting, users are queried to choose whether to run applications and
download files from IFRAMEs on the pages in this zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1804 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Navigate sub-frames across different domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage the opening of
sub-frames and access of applications across different domains. If you
enable this policy setting, users can open sub-frames from other domains and
access applications from other domains. If you select Prompt in the drop-down
box, users are queried whether to allow sub-frames or access to applications
from other domains. If you disable
this policy setting, users cannot open sub-frames or access applications from
different domains. If you do not configure
this policy setting, users can open sub-frames from other domains and access
applications from other domains. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1607 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Open files based on content, not file extension |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage MIME sniffing for
file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet
Explorer of the file type based on a bit signature. If you enable this policy setting, the MIME
Sniffing Safety Feature will not apply in this zone. The security zone will
run without the added layer of security provided by this feature. If you disable this policy setting, the
actions that may be harmful cannot run; this Internet Explorer security
feature will be turned on in this zone, as dictated by the feature control
setting for the process. If you do not
configure this policy setting, the actions that may be harmful cannot run;
this Internet Explorer security feature will be turned on in this zone, as
dictated by the feature control setting for the process. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2100 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Software channel permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage software channel
permissions. If you enable this policy
setting, you can choose the following options from
the drop-down box. Low safety to allow
users to be notified of software updates by e-mail, software packages to be
automatically downloaded to users' computers, and software packages to be
automatically installed on users' computers.
Medium safety to allow users to be notified of software updates by
e-mail and software packages to be automatically downloaded to (but not
installed on) users' computers. High
safety to prevent users from being notified of software updates by e-mail,
software packages from being automatically downloaded to users' computers,
and software packages from being automatically installed on users'
computers. If you disable this policy
setting, permissions are set to high safety.
If you do not configure this policy setting, permissions are set to
Low safety. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1E05 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Submit non-encrypted form data |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether data on HTML
forms on pages in the zone may be submitted. Forms
sent with SSL (Secure Sockets Layer) encryption are always allowed; this
setting only affects non-SSL form data submission. If you enable this policy setting,
information using HTML forms on pages in this zone can be submitted
automatically. If you select Prompt in the drop-down box, users are queried
to choose whether to allow information using HTML forms on pages in this zone
to be submitted. If you disable this
policy setting, information using HTML forms on pages in this zone is
prevented from being submitted. If you
do not configure this policy setting, users are queried to choose whether to
allow information using HTML forms on pages in this zone to be submitted. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1601 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Use Pop-up Blocker |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether unwanted
pop-up windows appear. Pop-up windows that are opened
when the end user clicks a link are not blocked. If you enable this policy setting, most
unwanted pop-up windows are prevented from appearing. If you disable this policy setting, pop-up
windows are not prevented from appearing.
If you do not configure this policy setting, most unwanted pop-up
windows are prevented from appearing. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1809 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Userdata persistence |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage the preservation of
information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
When a user returns to a persisted page, the state of the page can be
restored if this policy setting is appropriately configured. If you enable this policy setting, users
can preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you disable this policy setting, users
cannot preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you do not configure this policy
setting, users can preserve information in the browser's history, in
favorites, in an XML store, or directly within a Web page saved to disk. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1606 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Web sites in less privileged Web content zones can navigate
into this zone |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether Web sites
from less privileged zones, such as Internet sites, can navigate into this zone.
If you enable this policy setting, Web sites from less privileged
zones can open new windows in, or navigate into, this zone. The security zone
will run without the added layer of security that is provided by the
Protection from Zone Elevation security feature. If you select Prompt in the
drop-down box, a warning is issued to the user that potentially risky
navigation is about to occur. If you
disable this policy setting, the possibly harmful navigations are prevented.
The Internet Explorer security feature will be on in this zone as set by
Protection from Zone Elevation feature control. If you do not configure this policy
setting, the possibly harmful navigations are prevented. The Internet
Explorer security feature will be on in this zone as set by Protection from
Zone Elevation feature control. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2101 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Allow active scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether script code
on pages in the zone is run. If you
enable this policy setting, script code on pages
in the zone can run automatically. If you select Prompt in the drop-down box,
users are queried to choose whether to allow script code on pages in the zone
to run. If you disable this policy
setting, script code on pages in the zone is prevented from running. If you do not configure this policy
setting, users are queried to choose whether to allow script code on pages in
the Local Machine zone to run. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1400 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Allow paste operations via script |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether scripts can
perform a clipboard operation (for example, cut, copy, and paste) in a specified region. If you enable this policy setting, a script
can perform a clipboard operation. If
you select Prompt in the drop-down box, users are queried as to whether to
perform clipboard operations. If you
disable this policy setting, a script cannot perform a clipboard
operation. If you do not configure
this policy setting, a script can perform a clipboard operation. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1407 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Scripting of Java applets |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether applets are
exposed to scripts within the zone. If
you enable this policy setting, scripts can access
applets automatically without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to allow scripts to access applets. If you disable this policy setting, scripts
are prevented from accessing applets.
If you do not configure this policy setting, scripts can access
applets automatically without user intervention. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1402 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Logon options |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage settings for logon
options. If you enable this policy
setting, you can choose from the following logon
options. Anonymous logon to disable
HTTP authentication and use the guest account only for the Common Internet
File System (CIFS) protocol. Prompt
for user name and password to query users for user IDs and passwords. After a
user is queried, these values can be used silently for the remainder of the
session. Automatic logon only in
Intranet zone to query users for user IDs and passwords in other zones. After
a user is queried, these values can be used silently for the remainder of the
session. Automatic logon with current
user name and password to attempt logon using Windows NT Challenge Response
(also known as NTLM authentication). If Windows NT Challenge Response is
supported by the server, the logon uses the user's network user name and
password for logon. If Windows NT Challenge Response is not supported by the
server, the user is queried to provide the user name and password. If you disable this policy setting, logon
is set to Automatic logon only in Intranet zone. If you do not configure this policy
setting, logon is set to Automatic logon only in Intranet zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1A00 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet Zone |
Run .NET Framework-reliant components signed with Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether .NET
Framework components that are signed with Authenticode can be executed from Internet Explorer. These components
include managed controls referenced from an object tag and managed
executables referenced from a link. If
you enable this policy setting, Internet Explorer will execute signed managed
components. If you select Prompt in the drop-down box, Internet Explorer will
prompt the user to determine whether to execute signed managed
components. If you disable this policy
setting, Internet Explorer will not execute signed managed components. If you do not configure this policy
setting, Internet Explorer will execute signed managed components. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2001 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet Zone |
Run .NET Framework-reliant components not signed with
Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether .NET
Framework components that are not signed with Authenticode can be executed from Internet Explorer. These
components include managed controls referenced from an object tag and managed
executables referenced from a link. If
you enable this policy setting, Internet Explorer will execute unsigned
managed components. If you select Prompt in the drop-down box, Internet
Explorer will prompt the user to determine whether to execute unsigned
managed components. If you disable
this policy setting, Internet Explorer will not execute unsigned managed
components. If you do not configure
this policy setting, Internet Explorer will execute unsigned managed
components. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2004 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet Zone |
Download signed ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users may
download signed ActiveX controls from a page in the zone. If you enable this policy,
users can download signed controls without user intervention. If you select
Prompt in the drop-down box, users are queried whether to download controls
signed by publishers who aren't trusted. Code signed by trusted publishers is
silently downloaded. If you disable
the policy setting, signed controls cannot be downloaded. If you do not configure this policy setting,
users are queried whether to download controls signed by publishers who
aren't trusted. Code signed by trusted
publishers is silently downloaded. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1001 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet Zone |
Download unsigned ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users may
download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an
untrusted zone. If you enable this
policy setting, users can run unsigned controls without user intervention. If
you select Prompt in the drop-down box, users are queried to choose whether
to allow the unsigned control to run.
If you disable this policy setting, users cannot run unsigned
controls. If you do not configure this
policy setting, users cannot run unsigned controls. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1004 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet Zone |
Initialize and script ActiveX controls not marked as safe |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage ActiveX controls not
marked as safe. If you enable this
policy setting, ActiveX controls are run, loaded
with parameters, and scripted without setting object safety for untrusted
data or scripts. This setting is not recommended, except for secure and
administered zones. This setting causes both unsafe and safe controls to be
initialized and scripted, ignoring the Script ActiveX controls marked safe
for scripting option. If you enable
this policy setting and select Prompt in the drop-down box, users are queried
whether to allow the control to be loaded with parameters or scripted. If you disable this policy setting, ActiveX
controls that cannot be made safe are not loaded with parameters or
scripted. If you do not configure this
policy setting, ActiveX controls that cannot be made safe are not loaded with
parameters or scripted. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1201 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet Zone |
Run ActiveX controls and plugins |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether ActiveX
controls and plug-ins can be run on pages from the specified zone. If you
enable this policy setting, controls and plug-ins can run without user
intervention. If you selected Prompt
in the drop-down box, users are asked to choose whether to allow the controls
or plug-in to run. If you disable this
policy setting, controls and plug-ins are prevented from running. If you do not configure this policy
setting, controls and plug-ins can run without user intervention. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1200 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet Zone |
Script ActiveX controls marked safe for scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether an ActiveX
control marked safe for scripting can interact with a script. If you
enable this policy setting, script interaction can occur automatically
without user intervention. If you
select Prompt in the drop-down box, users are queried to choose whether to
allow script interaction. If you
disable this policy setting, script interaction is prevented from
occurring. If you do not configure
this policy setting, script interaction can occur automatically without user
intervention. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1405 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet Zone |
Allow file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether file
downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the
download, not the zone from which the file is delivered. If you enable this policy setting, files
can be downloaded from the zone. If
you disable this policy setting, files are prevented from being downloaded
from the zone. If you do not
configure this policy setting, files can be downloaded from the zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1803 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet Zone |
Allow font downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether pages of the
zone may download HTML fonts. If you
enable this policy setting, HTML fonts can be
downloaded automatically. If you enable this policy setting and Prompt is
selected in the drop-down box, users are queried whether to allow HTML fonts
to download. If you disable this
policy setting, HTML fonts are prevented from downloading. If you do not configure this policy
setting, HTML fonts can be downloaded automatically. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1604 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet Zone |
Java permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage permissions for Java
applets. If you enable this policy
setting, you can choose options from the drop-down
box. Custom, to control permissions settings individually. Low Safety enables applets to perform all
operations. Medium Safety enables
applets to run in their sandbox (an area in memory outside of which the
program cannot make calls), plus capabilities like scratch space (a safe and
secure storage area on the client computer) and user-controlled file
I/O. High Safety enables applets to
run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java
applets cannot run. If you do not configure
this policy setting, the permission is set to Medium Safety. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1C00 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet Zone |
Access data sources across domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether Internet
Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data
Objects (ADO). If you enable this
policy setting, users can load a page in the zone that uses MSXML or ADO to
access data from another site in the zone. If you select Prompt in the
drop-down box, users are queried to choose whether to allow a page to be
loaded in the zone that uses MSXML or ADO to access data from another site in
the zone. If you disable this policy
setting, users cannot load a page in the zone that uses MSXML or ADO to
access data from another site in the zone.
If you do not configure this policy setting, users are queried to
choose whether to allow a page to be loaded in the zone that uses MSXML or
ADO to access data from another site in the zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1406 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet Zone |
Allow active content over restricted protocols to access my
computer |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether a resource
hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script, ActiveX, Java
and Binary Behaviors. The list of restricted protocols may be set in the
Intranet Zone Restricted Protocols section under Network Protocol Lockdown
policy. If you enable this policy
setting, no Intranet Zone content accessed is affected, even for protocols on
the restricted list. If you select Prompt from the drop-down box, the
Information Bar will appear to allow control over questionable content
accessed over any restricted protocols; content over other protocols is
unaffected. If you disable this policy
setting, all attempts to access such content over the restricted protocols is
blocked. If you do not configure this
policy setting, the Information Bar will appear to allow control over
questionable content accessed over any restricted protocols when the Network
Protocol Lockdown security feature is enabled. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2300 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet Zone |
Automatic prompting for file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting determines whether users will be prompted
for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for
user-initiated downloads. If you
enable this setting, users will receive a file download dialog for automatic
download attempts. If you disable or
do not configure this setting, users will receive a file download dialog for
automatic download attempts. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2200 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet Zone |
Automatic prompting for ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting manages whether users will be
automatically prompted for ActiveX control installations. If you enable
this policy setting, users will receive a prompt when a site instantiates an
ActiveX control they do not have installed.
If you disable this policy setting, ActiveX control installations will
be blocked using the Information Bar. Users can click on the Information Bar
to allow the ActiveX control prompt.
If you do not configure this policy setting, users will receive a
prompt when a site instantiates an ActiveX control they do not have
installed. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2201 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet Zone |
Allow META REFRESH |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether a user's
browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag)
to redirect browsers to another Web page.
If you enable this policy setting, a user's browser that loads a page
containing an active Meta Refresh setting can be redirected to another Web
page. If you disable this policy
setting, a user's browser that loads a page containing an active Meta Refresh
setting cannot be redirected to another Web page. If you do not configure this policy
setting, a user's browser that loads a page containing an active Meta Refresh
setting can be redirected to another Web page. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1608 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet Zone |
Allow script-initiated windows without size or position
constraints |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage restrictions on
script-initiated pop-up windows and windows that include the title and status bars.
If you enable this policy setting, Windows Restrictions security will
not apply in this zone. The security zone runs without the added layer of
security provided by this feature. If
you disable this policy setting, the possible harmful actions contained in
script-initiated pop-up windows and windows that include the title and status
bars cannot be run. This Internet Explorer security feature will be on in
this zone as dictated by the Scripted Windows Security Restrictions feature
control setting for the process. If
you do not configure this policy setting, Windows Restrictions security will
not apply in this zone. The security zone runs without the added layer of
security provided by this feature. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2102 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet Zone |
Allow binary and script behaviors |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage dynamic binary and
script behaviors: components that encapsulate specific functionality for HTML elements to which they were
attached. If you enable this policy
setting, binary and script behaviors are available. If you select
Administrator approved in the drop-down box, only behaviors listed in the
Admin-approved Behaviors under Binary Behaviors Security Restriction policy
are available. If you disable this
policy setting, binary and script behaviors are not available unless
applications have implemented a custom security manager. If you do not configure this policy
setting, binary and script behaviors are available. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2000 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet Zone |
Display mixed content |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can
display nonsecure items and manage whether users receive a security information message to display pages containing both
secure and nonsecure items. If you
enable this policy setting, and the drop-down box is set to Enable, the user
does not receive a security information message (This page contains both
secure and nonsecure items. Do you want to display the nonsecure items?) and
nonsecure content can be displayed. If
the drop-down box is set to Prompt, the user will receive the security
information message on the Web pages that contain both secure (https://) and
nonsecure (http://) content. If you
disable this policy setting, users cannot receive the security information
message and nonsecure content cannot be displayed. If you do not configure this policy
setting, the user will receive the security information message on the Web
pages that contain both secure (https://) and nonsecure (http://) content. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1609 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet Zone |
Do not prompt for client certificate selection when no
certificates or only one certificate exists. |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users are
prompted to select a certificate when no certificate or only one certificate exists. If you enable this policy setting, Internet
Explorer does not prompt users with a Client Authentication message when they
connect to a Web site that has no certificate or only one certificate. If you disable this policy setting,
Internet Explorer prompts users with a Client Authentication message when
they connect to a Web site that has no certificate or only one certificate. If you do not configure this policy
setting, Internet Explorer does not prompt users with a Client Authentication
message when they connect to a Web site that has no certificate or only one
certificate. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1A04 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet Zone |
Allow drag and drop or copy and paste files |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can
drag files or copy and paste files from a source within the zone. If you
enable this policy setting, users can drag files or copy and paste files from
this zone automatically. If you select Prompt in the drop-down box, users are
queried to choose whether to drag or copy files from this zone. If you disable this policy setting, users
are prevented from dragging files or copying and pasting files from this
zone. If you do not configure this
policy setting, users can drag files or copy and paste files from this zone
automatically. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1802 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet Zone |
Allow installation of desktop items |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can
install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting,
users can install desktop items from this zone automatically. If you select Prompt in the drop-down box,
users are queried to choose whether to install desktop items from this
zone. If you disable this policy
setting, users are prevented from installing desktop items from this
zone. If you do not configure this
policy setting, users are queried to choose whether to install desktop items
from this zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1800 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet Zone |
Launching applications and files in an IFRAME |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether applications
may be run and files may be downloaded from an IFRAME
reference in the HTML of the pages in this zone. If you enable this policy setting, users
can run applications and download files from IFRAMEs on the pages in this
zone without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to run applications and download files
from IFRAMEs on the pages in this zone.
If you disable this policy setting, users are prevented from running
applications and downloading files from IFRAMEs on the pages in this
zone. If you do not configure this
policy setting, users are queried to choose whether to run applications and
download files from IFRAMEs on the pages in this zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1804 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet Zone |
Navigate sub-frames across different domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage the opening of
sub-frames and access of applications across different domains. If you
enable this policy setting, users can open sub-frames from other domains and
access applications from other domains. If you select Prompt in the drop-down
box, users are queried whether to allow sub-frames or access to applications
from other domains. If you disable
this policy setting, users cannot open sub-frames or access applications from
different domains. If you do not configure
this policy setting, users can open sub-frames from other domains and access
applications from other domains. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1607 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet Zone |
Open files based on content, not file extension |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage MIME sniffing for
file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet
Explorer of the file type based on a bit signature. If you enable this policy setting, the MIME
Sniffing Safety Feature will not apply in this zone. The security zone will
run without the added layer of security provided by this feature. If you disable this policy setting, the
actions that may be harmful cannot run; this Internet Explorer security
feature will be turned on in this zone, as dictated by the feature control
setting for the process. If you do not
configure this policy setting, the MIME Sniffing Safety Feature will not
apply in this zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2100 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet Zone |
Software channel permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage software channel
permissions. If you enable this policy
setting, you can choose the following options from
the drop-down box. Low safety to allow
users to be notified of software updates by e-mail, software packages to be
automatically downloaded to users' computers, and software packages to be
automatically installed on users' computers.
Medium safety to allow users to be notified of software updates by
e-mail and software packages to be automatically downloaded to (but not
installed on) users' computers. High
safety to prevent users from being notified of software updates by e-mail,
software packages from being automatically downloaded to users' computers,
and software packages from being automatically installed on users'
computers. If you disable this policy
setting, permissions are set to high safety.
If you do not configure this policy setting, permissions are set to
Medium safety. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1E05 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet Zone |
Submit non-encrypted form data |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether data on HTML
forms on pages in the zone may be submitted. Forms
sent with SSL (Secure Sockets Layer) encryption are always allowed; this
setting only affects non-SSL form data submission. If you enable this policy setting,
information using HTML forms on pages in this zone can be submitted
automatically. If you select Prompt in the drop-down box, users are queried
to choose whether to allow information using HTML forms on pages in this zone
to be submitted. If you disable this
policy setting, information using HTML forms on pages in this zone is
prevented from being submitted. If you
do not configure this policy setting, information using HTML forms on pages
in this zone can be submitted automatically. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1601 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet Zone |
Use Pop-up Blocker |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether unwanted
pop-up windows appear. Pop-up windows that are opened
when the end user clicks a link are not blocked. If you enable this policy setting, most
unwanted pop-up windows are prevented from appearing. If you disable this policy setting, pop-up
windows are not prevented from appearing.
If you do not configure this policy setting, pop-up windows are not
prevented from appearing. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1809 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet Zone |
Userdata persistence |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage the preservation of
information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
When a user returns to a persisted page, the state of the page can be
restored if this policy setting is appropriately configured. If you enable this policy setting, users
can preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you disable this policy setting, users
cannot preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you do not configure this policy
setting, users can preserve information in the browser's history, in
favorites, in an XML store, or directly within a Web page saved to disk. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1606 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet Zone |
Web sites in less privileged Web content zones can navigate
into this zone |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether Web sites
from less privileged zones, such as Restricted Sites, can navigate into this zone. If you enable this policy setting, Web
sites from less privileged zones can open new windows in, or navigate into,
this zone. The security zone will run
without the added layer of security that is provided by the Protection from
Zone Elevation security feature. If you select Prompt in the drop-down box, a
warning is issued to the user that potentially risky navigation is about to
occur. If you disable this policy
setting, the possibly harmful navigations are prevented. The Internet
Explorer security feature will be on in this zone as set by Protection from
Zone Elevation feature control. If you
do not configure this policy setting, Web sites from less privileged zones
can open new windows in, or navigate into, this zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2101 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet Zone |
Allow active scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether script code
on pages in the zone is run. If you
enable this policy setting, script code on pages
in the zone can run automatically. If you select Prompt in the drop-down box,
users are queried to choose whether to allow script code on pages in the zone
to run. If you disable this policy
setting, script code on pages in the zone is prevented from running. If you do not configure this policy
setting, script code on pages in the zone can run automatically. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1400 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet Zone |
Allow paste operations via script |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether scripts can
perform a clipboard operation (for example, cut, copy, and paste) in a specified region. If you enable this policy setting, a script
can perform a clipboard operation. If
you select Prompt in the drop-down box, users are queried as to whether to
perform clipboard operations. If you
disable this policy setting, a script cannot perform a clipboard
operation. If you do not configure
this policy setting, a script can perform a clipboard operation. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1407 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet Zone |
Scripting of Java applets |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether applets are
exposed to scripts within the zone. If
you enable this policy setting, scripts can access
applets automatically without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to allow scripts to access applets. If you disable this policy setting, scripts
are prevented from accessing applets.
If you do not configure this policy setting, scripts can access
applets automatically without user intervention. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1402 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet Zone |
Logon options |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage settings for logon
options. If you enable this policy
setting, you can choose from the following logon
options. Anonymous logon to disable
HTTP authentication and use the guest account only for the Common Internet
File System (CIFS) protocol. Prompt
for user name and password to query users for user IDs and passwords. After a
user is queried, these values can be used silently for the remainder of the
session. Automatic logon only in
Intranet zone to query users for user IDs and passwords in other zones. After
a user is queried, these values can be used silently for the remainder of the
session. Automatic logon with current
user name and password to attempt logon using Windows NT Challenge Response
(also known as NTLM authentication). If Windows NT Challenge Response is
supported by the server, the logon uses the user's network user name and
password for logon. If Windows NT Challenge Response is not supported by the
server, the user is queried to provide the user name and password. If you disable this policy setting, logon
is set to Automatic logon only in Intranet zone. If you do not configure this policy
setting, logon is set to Automatic logon only in Intranet zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1A00 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Run .NET Framework-reliant components signed with Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether .NET
Framework components that are signed with Authenticode can be executed from Internet Explorer. These components
include managed controls referenced from an object tag and managed
executables referenced from a link. If
you enable this policy setting, Internet Explorer will execute signed managed
components. If you select Prompt in the drop-down box, Internet Explorer will
prompt the user to determine whether to execute signed managed
components. If you disable this policy
setting, Internet Explorer will not execute signed managed components. If you do not configure this policy
setting, Internet Explorer will not execute signed managed components. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2001 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Run .NET Framework-reliant components not signed with
Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether .NET
Framework components that are not signed with Authenticode can be executed from Internet Explorer. These
components include managed controls referenced from an object tag and managed
executables referenced from a link. If
you enable this policy setting, Internet Explorer will execute unsigned
managed components. If you select Prompt in the drop-down box, Internet
Explorer will prompt the user to determine whether to execute unsigned
managed components. If you disable
this policy setting, Internet Explorer will not execute unsigned managed
components. If you do not configure
this policy setting, Internet Explorer will not execute unsigned managed
components. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2004 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Download signed ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users may
download signed ActiveX controls from a page in the zone. If you enable this policy,
users can download signed controls without user intervention. If you select
Prompt in the drop-down box, users are queried whether to download controls
signed by publishers who aren't trusted. Code signed by trusted publishers is
silently downloaded. If you disable
the policy setting, signed controls cannot be downloaded. If you do not configure this policy setting,
users are queried whether to download controls signed by publishers who
aren't trusted. Code signed by trusted
publishers is silently downloaded. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1001 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Download unsigned ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users may
download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an
untrusted zone. If you enable this
policy setting, users can run unsigned controls without user intervention. If
you select Prompt in the drop-down box, users are queried to choose whether
to allow the unsigned control to run.
If you disable this policy setting, users cannot run unsigned
controls. If you do not configure this
policy setting, users cannot run unsigned controls. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1004 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Initialize and script ActiveX controls not marked as safe |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage ActiveX controls not
marked as safe. If you enable this
policy setting, ActiveX controls are run, loaded
with parameters, and scripted without setting object safety for untrusted
data or scripts. This setting is not recommended, except for secure and
administered zones. This setting causes both unsafe and safe controls to be
initialized and scripted, ignoring the Script ActiveX controls marked safe
for scripting option. If you enable
this policy setting and select Prompt in the drop-down box, users are queried
whether to allow the control to be loaded with parameters or scripted. If you disable this policy setting, ActiveX
controls that cannot be made safe are not loaded with parameters or
scripted. If you do not configure this
policy setting, ActiveX controls that cannot be made safe are not loaded with
parameters or scripted. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1201 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Run ActiveX controls and plugins |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether ActiveX
controls and plug-ins can be run on pages from the specified zone. If you
enable this policy setting, controls and plug-ins can run without user
intervention. If you selected Prompt
in the drop-down box, users are asked to choose whether to allow the controls
or plug-in to run. If you disable this
policy setting, controls and plug-ins are prevented from running. If you do not configure this policy
setting, controls and plug-ins are prevented from running. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1200 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Script ActiveX controls marked safe for scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether an ActiveX
control marked safe for scripting can interact with a script. If you
enable this policy setting, script interaction can occur automatically
without user intervention. If you
select Prompt in the drop-down box, users are queried to choose whether to
allow script interaction. If you
disable this policy setting, script interaction is prevented from
occurring. If you do not configure
this policy setting, script interaction can occur automatically without user
intervention. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1405 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Allow file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether file
downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the
download, not the zone from which the file is delivered. If you enable this policy setting, files
can be downloaded from the zone. If
you disable this policy setting, files are prevented from being downloaded
from the zone. If you do not
configure this policy setting, files can be downloaded from the zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1803 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Allow font downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether pages of the
zone may download HTML fonts. If you
enable this policy setting, HTML fonts can be
downloaded automatically. If you enable this policy setting and Prompt is
selected in the drop-down box, users are queried whether to allow HTML fonts
to download. If you disable this
policy setting, HTML fonts are prevented from downloading. If you do not configure this policy
setting, HTML fonts can be downloaded automatically. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1604 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Java permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage permissions for Java
applets. If you enable this policy
setting, you can choose options from the drop-down
box. Custom, to control permissions settings individually. Low Safety enables applets to perform all
operations. Medium Safety enables
applets to run in their sandbox (an area in memory outside of which the
program cannot make calls), plus capabilities like scratch space (a safe and
secure storage area on the client computer) and user-controlled file
I/O. High Safety enables applets to
run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java
applets cannot run. If you do not configure
this policy setting, Java applets are disabled. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1C00 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Access data sources across domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether Internet
Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data
Objects (ADO). If you enable this
policy setting, users can load a page in the zone that uses MSXML or ADO to
access data from another site in the zone. If you select Prompt in the
drop-down box, users are queried to choose whether to allow a page to be
loaded in the zone that uses MSXML or ADO to access data from another site in
the zone. If you disable this policy
setting, users cannot load a page in the zone that uses MSXML or ADO to
access data from another site in the zone.
If you do not configure this policy setting, users are queried to
choose whether to allow a page to be loaded in the zone that uses MSXML or
ADO to access data from another site in the zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1406 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Automatic prompting for file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting determines whether users will be prompted
for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for
user-initiated downloads. If you
enable this setting, users will receive a file download dialog for automatic
download attempts. If you disable or
do not configure this setting, file downloads that are not user-initiated
will be blocked, and users will see the Information Bar instead of the file
download dialog. Users can then click the Information Bar to allow the file
download prompt. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2200 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Automatic prompting for ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting manages whether users will be
automatically prompted for ActiveX control installations. If you enable
this policy setting, users will receive a prompt when a site instantiates an
ActiveX control they do not have installed.
If you disable this policy setting, ActiveX control installations will
be blocked using the Information Bar. Users can click on the Information Bar
to allow the ActiveX control prompt.
If you do not configure this policy setting, ActiveX control
installations will be blocked using the Information Bar. Users can click on
the Information Bar to allow the ActiveX control prompt. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2201 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Allow META REFRESH |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether a user's
browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag)
to redirect browsers to another Web page.
If you enable this policy setting, a user's browser that loads a page
containing an active Meta Refresh setting can be redirected to another Web
page. If you disable this policy
setting, a user's browser that loads a page containing an active Meta Refresh
setting cannot be redirected to another Web page. If you do not configure this policy
setting, a user's browser that loads a page containing an active Meta Refresh
setting can be redirected to another Web page. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1608 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Allow script-initiated windows without size or position
constraints |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage restrictions on
script-initiated pop-up windows and windows that include the title and status bars.
If you enable this policy setting, Windows Restrictions security will
not apply in this zone. The security zone runs without the added layer of
security provided by this feature. If
you disable this policy setting, the possible harmful actions contained in
script-initiated pop-up windows and windows that include the title and status
bars cannot be run. This Internet Explorer security feature will be on in
this zone as dictated by the Scripted Windows Security Restrictions feature
control setting for the process. If
you do not configure this policy setting, the possible harmful actions
contained in script-initiated pop-up windows and windows that include the
title and status bars cannot be run. This Internet Explorer security feature
will be on in this zone as dictated by the Scripted Windows Security
Restrictions feature control setting for the process. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2102 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Allow binary and script behaviors |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage dynamic binary and
script behaviors: components that encapsulate specific functionality for HTML elements to which they were
attached. If you enable this policy
setting, binary and script behaviors are available. If you select
Administrator approved in the drop-down box, only behaviors listed in the
Admin-approved Behaviors under Binary Behaviors Security Restriction policy
are available. If you disable this
policy setting, binary and script behaviors are not available unless
applications have implemented a custom security manager. If you do not configure this policy
setting, only behaviors listed in the Admin-approved Behaviors under Binary
Behaviors Security Restriction policy are available. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2000 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Display mixed content |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can
display nonsecure items and manage whether users receive a security information message to display pages containing both
secure and nonsecure items. If you
enable this policy setting, and the drop-down box is set to Enable, the user
does not receive a security information message (This page contains both
secure and nonsecure items. Do you want to display the nonsecure items?) and
nonsecure content can be displayed. If
the drop-down box is set to Prompt, the user will receive the security
information message on the Web pages that contain both secure (https://) and
nonsecure (http://) content. If you
disable this policy setting, users cannot receive the security information
message and nonsecure content cannot be displayed. If you do not configure this policy
setting, the user will receive the security information message on the Web
pages that contain both secure (https://) and nonsecure (http://) content. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1609 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Do not prompt for client certificate selection when no
certificates or only one certificate exists. |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users are
prompted to select a certificate when no certificate or only one certificate exists. If you enable this policy setting, Internet
Explorer does not prompt users with a Client Authentication message when they
connect to a Web site that has no certificate or only one certificate. If you disable this policy setting,
Internet Explorer prompts users with a Client Authentication message when
they connect to a Web site that has no certificate or only one certificate. If you do not configure this policy
setting, Internet Explorer prompts users with a Client Authentication message
when they connect to a Web site that has no certificate or only one
certificate. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1A04 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Allow drag and drop or copy and paste files |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can
drag files or copy and paste files from a source within the zone. If you
enable this policy setting, users can drag files or copy and paste files from
this zone automatically. If you select Prompt in the drop-down box, users are
queried to choose whether to drag or copy files from this zone. If you disable this policy setting, users
are prevented from dragging files or copying and pasting files from this
zone. If you do not configure this
policy setting, users can drag files or copy and paste files from this zone
automatically. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1802 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Allow installation of desktop items |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can
install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting,
users can install desktop items from this zone automatically. If you select Prompt in the drop-down box,
users are queried to choose whether to install desktop items from this
zone. If you disable this policy
setting, users are prevented from installing desktop items from this
zone. If you do not configure this
policy setting, users are queried to choose whether to install desktop items
from this zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1800 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Launching applications and files in an IFRAME |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether applications
may be run and files may be downloaded from an IFRAME
reference in the HTML of the pages in this zone. If you enable this policy setting, users
can run applications and download files from IFRAMEs on the pages in this
zone without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to run applications and download files
from IFRAMEs on the pages in this zone.
If you disable this policy setting, users are prevented from running
applications and downloading files from IFRAMEs on the pages in this
zone. If you do not configure this
policy setting, users are queried to choose whether to run applications and
download files from IFRAMEs on the pages in this zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1804 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Navigate sub-frames across different domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage the opening of
sub-frames and access of applications across different domains. If you
enable this policy setting, users can open sub-frames from other domains and
access applications from other domains. If you select Prompt in the drop-down
box, users are queried whether to allow sub-frames or access to applications
from other domains. If you disable
this policy setting, users cannot open sub-frames or access applications from
different domains. If you do not configure
this policy setting, users can open sub-frames from other domains and access
applications from other domains. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1607 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Open files based on content, not file extension |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage MIME sniffing for
file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet
Explorer of the file type based on a bit signature. If you enable this policy setting, the MIME
Sniffing Safety Feature will not apply in this zone. The security zone will
run without the added layer of security provided by this feature. If you disable this policy setting, the
actions that may be harmful cannot run; this Internet Explorer security
feature will be turned on in this zone, as dictated by the feature control
setting for the process. If you do not
configure this policy setting, the actions that may be harmful cannot run;
this Internet Explorer security feature will be turned on in this zone, as
dictated by the feature control setting for the process. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2100 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Software channel permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage software channel
permissions. If you enable this policy
setting, you can choose the following options from
the drop-down box. Low safety to allow
users to be notified of software updates by e-mail, software packages to be
automatically downloaded to users' computers, and software packages to be
automatically installed on users' computers.
Medium safety to allow users to be notified of software updates by
e-mail and software packages to be automatically downloaded to (but not
installed on) users' computers. High
safety to prevent users from being notified of software updates by e-mail,
software packages from being automatically downloaded to users' computers,
and software packages from being automatically installed on users'
computers. If you disable this policy
setting, permissions are set to high safety.
If you do not configure this policy setting, permissions are set to
Low safety. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1E05 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Submit non-encrypted form data |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether data on HTML
forms on pages in the zone may be submitted. Forms
sent with SSL (Secure Sockets Layer) encryption are always allowed; this
setting only affects non-SSL form data submission. If you enable this policy setting,
information using HTML forms on pages in this zone can be submitted
automatically. If you select Prompt in the drop-down box, users are queried
to choose whether to allow information using HTML forms on pages in this zone
to be submitted. If you disable this
policy setting, information using HTML forms on pages in this zone is
prevented from being submitted. If you
do not configure this policy setting, information using HTML forms on pages
in this zone can be submitted automatically. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1601 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Use Pop-up Blocker |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether unwanted
pop-up windows appear. Pop-up windows that are opened
when the end user clicks a link are not blocked. If you enable this policy setting, most
unwanted pop-up windows are prevented from appearing. If you disable this policy setting, pop-up
windows are not prevented from appearing.
If you do not configure this policy setting, pop-up windows are not
prevented from appearing. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1809 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Userdata persistence |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage the preservation of
information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
When a user returns to a persisted page, the state of the page can be
restored if this policy setting is appropriately configured. If you enable this policy setting, users
can preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you disable this policy setting, users
cannot preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you do not configure this policy
setting, users can preserve information in the browser's history, in
favorites, in an XML store, or directly within a Web page saved to disk. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1606 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Web sites in less privileged Web content zones can navigate
into this zone |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether Web sites
from less privileged zones, such as Internet sites, can navigate into this zone.
If you enable this policy setting, Web sites from less privileged
zones can open new windows in, or navigate into, this zone. The security zone
will run without the added layer of security that is provided by the
Protection from Zone Elevation security feature. If you select Prompt in the
drop-down box, a warning is issued to the user that potentially risky
navigation is about to occur. If you
disable this policy setting, the possibly harmful navigations are prevented.
The Internet Explorer security feature will be on in this zone as set by
Protection from Zone Elevation feature control. If you do not configure this policy
setting, the possibly harmful navigations are prevented. The Internet
Explorer security feature will be on in this zone as set by Protection from
Zone Elevation feature control. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2101 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Allow active scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether script code
on pages in the zone is run. If you
enable this policy setting, script code on pages
in the zone can run automatically. If you select Prompt in the drop-down box,
users are queried to choose whether to allow script code on pages in the zone
to run. If you disable this policy
setting, script code on pages in the zone is prevented from running. If you do not configure this policy
setting, users are queried to choose whether to allow script code on pages in
the Local Machine zone to run. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1400 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Allow paste operations via script |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether scripts can
perform a clipboard operation (for example, cut, copy, and paste) in a specified region. If you enable this policy setting, a script
can perform a clipboard operation. If
you select Prompt in the drop-down box, users are queried as to whether to
perform clipboard operations. If you
disable this policy setting, a script cannot perform a clipboard
operation. If you do not configure
this policy setting, a script can perform a clipboard operation. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1407 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Scripting of Java applets |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether applets are
exposed to scripts within the zone. If
you enable this policy setting, scripts can access
applets automatically without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to allow scripts to access applets. If you disable this policy setting, scripts
are prevented from accessing applets.
If you do not configure this policy setting, scripts can access
applets automatically without user intervention. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1402 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Logon options |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage settings for logon
options. If you enable this policy
setting, you can choose from the following logon
options. Anonymous logon to disable
HTTP authentication and use the guest account only for the Common Internet
File System (CIFS) protocol. Prompt
for user name and password to query users for user IDs and passwords. After a
user is queried, these values can be used silently for the remainder of the
session. Automatic logon only in
Intranet zone to query users for user IDs and passwords in other zones. After
a user is queried, these values can be used silently for the remainder of the
session. Automatic logon with current
user name and password to attempt logon using Windows NT Challenge Response
(also known as NTLM authentication). If Windows NT Challenge Response is
supported by the server, the logon uses the user's network user name and
password for logon. If Windows NT Challenge Response is not supported by the
server, the user is queried to provide the user name and password. If you disable this policy setting, logon
is set to Automatic logon only in Intranet zone. If you do not configure this policy
setting, logon is set to Automatic logon only in Intranet zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1A00 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Run .NET Framework-reliant components signed with Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether .NET
Framework components that are signed with Authenticode can be executed from Internet Explorer. These components
include managed controls referenced from an object tag and managed
executables referenced from a link. If
you enable this policy setting, Internet Explorer will execute signed managed
components. If you select Prompt in the drop-down box, Internet Explorer will
prompt the user to determine whether to execute signed managed
components. If you disable this policy
setting, Internet Explorer will not execute signed managed components. If you do not configure this policy
setting, Internet Explorer will execute signed managed components. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2001 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Run .NET Framework-reliant components not signed with
Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether .NET
Framework components that are not signed with Authenticode can be executed from Internet Explorer. These
components include managed controls referenced from an object tag and managed
executables referenced from a link. If
you enable this policy setting, Internet Explorer will execute unsigned
managed components. If you select Prompt in the drop-down box, Internet
Explorer will prompt the user to determine whether to execute unsigned
managed components. If you disable
this policy setting, Internet Explorer will not execute unsigned managed
components. If you do not configure
this policy setting, Internet Explorer will execute unsigned managed
components. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2004 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Download signed ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users may
download signed ActiveX controls from a page in the zone. If you enable this policy,
users can download signed controls without user intervention. If you select
Prompt in the drop-down box, users are queried whether to download controls
signed by publishers who aren't trusted. Code signed by trusted publishers is
silently downloaded. If you disable
the policy setting, signed controls cannot be downloaded. If you do not configure this policy setting,
users can download signed controls without user intervention. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1001 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Download unsigned ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users may
download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an
untrusted zone. If you enable this
policy setting, users can run unsigned controls without user intervention. If
you select Prompt in the drop-down box, users are queried to choose whether
to allow the unsigned control to run.
If you disable this policy setting, users cannot run unsigned
controls. If you do not configure this
policy setting, users are queried to choose whether to allow the unsigned
control to run. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1004 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Initialize and script ActiveX controls not marked as safe |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage ActiveX controls not
marked as safe. If you enable this
policy setting, ActiveX controls are run, loaded
with parameters, and scripted without setting object safety for untrusted
data or scripts. This setting is not recommended, except for secure and
administered zones. This setting causes both unsafe and safe controls to be
initialized and scripted, ignoring the Script ActiveX controls marked safe
for scripting option. If you enable
this policy setting and select Prompt in the drop-down box, users are queried
whether to allow the control to be loaded with parameters or scripted. If you disable this policy setting, ActiveX
controls that cannot be made safe are not loaded with parameters or
scripted. If you do not configure this
policy setting, users are queried whether to allow the control to be loaded
with parameters or scripted. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1201 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Run ActiveX controls and plugins |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether ActiveX
controls and plug-ins can be run on pages from the specified zone. If you
enable this policy setting, controls and plug-ins can run without user
intervention. If you selected Prompt
in the drop-down box, users are asked to choose whether to allow the controls
or plug-in to run. If you disable this
policy setting, controls and plug-ins are prevented from running. If you do not configure this policy
setting, controls and plug-ins can run without user intervention. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1200 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Script ActiveX controls marked safe for scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether an ActiveX
control marked safe for scripting can interact with a script. If you
enable this policy setting, script interaction can occur automatically
without user intervention. If you
select Prompt in the drop-down box, users are queried to choose whether to
allow script interaction. If you
disable this policy setting, script interaction is prevented from
occurring. If you do not configure
this policy setting, script interaction can occur automatically without user
intervention. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1405 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Allow file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether file
downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the
download, not the zone from which the file is delivered. If you enable this policy setting, files
can be downloaded from the zone. If
you disable this policy setting, files are prevented from being downloaded
from the zone. If you do not
configure this policy setting, files can be downloaded from the zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1803 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Allow font downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether pages of the
zone may download HTML fonts. If you
enable this policy setting, HTML fonts can be
downloaded automatically. If you enable this policy setting and Prompt is
selected in the drop-down box, users are queried whether to allow HTML fonts
to download. If you disable this
policy setting, HTML fonts are prevented from downloading. If you do not configure this policy
setting, HTML fonts can be downloaded automatically. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1604 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Java permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage permissions for Java
applets. If you enable this policy
setting, you can choose options from the drop-down
box. Custom, to control permissions settings individually. Low Safety enables applets to perform all
operations. Medium Safety enables
applets to run in their sandbox (an area in memory outside of which the
program cannot make calls), plus capabilities like scratch space (a safe and
secure storage area on the client computer) and user-controlled file
I/O. High Safety enables applets to
run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java
applets cannot run. If you do not configure
this policy setting, the permission is set to Low Safety. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1C00 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Access data sources across domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether Internet
Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data
Objects (ADO). If you enable this
policy setting, users can load a page in the zone that uses MSXML or ADO to
access data from another site in the zone. If you select Prompt in the
drop-down box, users are queried to choose whether to allow a page to be
loaded in the zone that uses MSXML or ADO to access data from another site in
the zone. If you disable this policy
setting, users cannot load a page in the zone that uses MSXML or ADO to
access data from another site in the zone.
If you do not configure this policy setting, users can load a page in
the zone that uses MSXML or ADO to access data from another site in the zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1406 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Allow active content over restricted protocols to access my
computer |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether a resource
hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script, ActiveX, Java
and Binary Behaviors. The list of restricted protocols may be set in the
Intranet Zone Restricted Protocols section under Network Protocol Lockdown
policy. If you enable this policy
setting, no Intranet Zone content accessed is affected, even for protocols on
the restricted list. If you select Prompt from the drop-down box, the
Information Bar will appear to allow control over questionable content
accessed over any restricted protocols; content over other protocols is
unaffected. If you disable this policy
setting, all attempts to access such content over the restricted protocols is
blocked. If you do not configure this
policy setting, the Information Bar will appear to allow control over
questionable content accessed over any restricted protocols when the Network
Protocol Lockdown security feature is enabled. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2300 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Automatic prompting for file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting determines whether users will be prompted
for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for
user-initiated downloads. If you
enable this setting, users will receive a file download dialog for automatic
download attempts. If you disable or
do not configure this setting, users will receive a file download dialog for
automatic download attempts. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2200 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Automatic prompting for ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting manages whether users will be
automatically prompted for ActiveX control installations. If you enable
this policy setting, users will receive a prompt when a site instantiates an
ActiveX control they do not have installed.
If you disable this policy setting, ActiveX control installations will
be blocked using the Information Bar. Users can click on the Information Bar
to allow the ActiveX control prompt.
If you do not configure this policy setting, users will receive a
prompt when a site instantiates an ActiveX control they do not have
installed. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2201 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Allow META REFRESH |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether a user's
browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag)
to redirect browsers to another Web page.
If you enable this policy setting, a user's browser that loads a page
containing an active Meta Refresh setting can be redirected to another Web
page. If you disable this policy
setting, a user's browser that loads a page containing an active Meta Refresh
setting cannot be redirected to another Web page. If you do not configure this policy
setting, a user's browser that loads a page containing an active Meta Refresh
setting can be redirected to another Web page. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1608 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Allow script-initiated windows without size or position
constraints |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage restrictions on
script-initiated pop-up windows and windows that include the title and status bars.
If you enable this policy setting, Windows Restrictions security will
not apply in this zone. The security zone runs without the added layer of
security provided by this feature. If
you disable this policy setting, the possible harmful actions contained in
script-initiated pop-up windows and windows that include the title and status
bars cannot be run. This Internet Explorer security feature will be on in
this zone as dictated by the Scripted Windows Security Restrictions feature
control setting for the process. If
you do not configure this policy setting, Windows Restrictions security will
not apply in this zone. The security zone runs without the added layer of
security provided by this feature. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2102 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Allow binary and script behaviors |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage dynamic binary and
script behaviors: components that encapsulate specific functionality for HTML elements to which they were
attached. If you enable this policy
setting, binary and script behaviors are available. If you select
Administrator approved in the drop-down box, only behaviors listed in the
Admin-approved Behaviors under Binary Behaviors Security Restriction policy
are available. If you disable this
policy setting, binary and script behaviors are not available unless
applications have implemented a custom security manager. If you do not configure this policy
setting, binary and script behaviors are available. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2000 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Display mixed content |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can
display nonsecure items and manage whether users receive a security information message to display pages containing both
secure and nonsecure items. If you
enable this policy setting, and the drop-down box is set to Enable, the user
does not receive a security information message (This page contains both
secure and nonsecure items. Do you want to display the nonsecure items?) and
nonsecure content can be displayed. If
the drop-down box is set to Prompt, the user will receive the security
information message on the Web pages that contain both secure (https://) and
nonsecure (http://) content. If you
disable this policy setting, users cannot receive the security information
message and nonsecure content cannot be displayed. If you do not configure this policy
setting, the user will receive the security information message on the Web
pages that contain both secure (https://) and nonsecure (http://) content. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1609 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Do not prompt for client certificate selection when no
certificates or only one certificate exists. |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users are
prompted to select a certificate when no certificate or only one certificate exists. If you enable this policy setting, Internet
Explorer does not prompt users with a Client Authentication message when they
connect to a Web site that has no certificate or only one certificate. If you disable this policy setting,
Internet Explorer prompts users with a Client Authentication message when
they connect to a Web site that has no certificate or only one certificate. If you do not configure this policy
setting, Internet Explorer does not prompt users with a Client Authentication
message when they connect to a Web site that has no certificate or only one
certificate. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1A04 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Allow drag and drop or copy and paste files |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can
drag files or copy and paste files from a source within the zone. If you
enable this policy setting, users can drag files or copy and paste files from
this zone automatically. If you select Prompt in the drop-down box, users are
queried to choose whether to drag or copy files from this zone. If you disable this policy setting, users
are prevented from dragging files or copying and pasting files from this
zone. If you do not configure this
policy setting, users can drag files or copy and paste files from this zone
automatically. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1802 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Allow installation of desktop items |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can
install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting,
users can install desktop items from this zone automatically. If you select Prompt in the drop-down box,
users are queried to choose whether to install desktop items from this
zone. If you disable this policy
setting, users are prevented from installing desktop items from this
zone. If you do not configure this
policy setting, users can install desktop items from this zone automatically. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1800 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Launching applications and files in an IFRAME |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether applications
may be run and files may be downloaded from an IFRAME
reference in the HTML of the pages in this zone. If you enable this policy setting, users
can run applications and download files from IFRAMEs on the pages in this
zone without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to run applications and download files
from IFRAMEs on the pages in this zone.
If you disable this policy setting, users are prevented from running
applications and downloading files from IFRAMEs on the pages in this
zone. If you do not configure this
policy setting, users can run applications and download files from IFRAMEs on
the pages in this zone without user intervention. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1804 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Navigate sub-frames across different domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage the opening of
sub-frames and access of applications across different domains. If you
enable this policy setting, users can open sub-frames from other domains and
access applications from other domains. If you select Prompt in the drop-down
box, users are queried whether to allow sub-frames or access to applications
from other domains. If you disable
this policy setting, users cannot open sub-frames or access applications from
different domains. If you do not configure
this policy setting, users can open sub-frames from other domains and access
applications from other domains. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1607 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Open files based on content, not file extension |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage MIME sniffing for
file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet
Explorer of the file type based on a bit signature. If you enable this policy setting, the MIME
Sniffing Safety Feature will not apply in this zone. The security zone will
run without the added layer of security provided by this feature. If you disable this policy setting, the
actions that may be harmful cannot run; this Internet Explorer security
feature will be turned on in this zone, as dictated by the feature control
setting for the process. If you do not
configure this policy setting, the MIME Sniffing Safety Feature will not
apply in this zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2100 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Software channel permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage software channel
permissions. If you enable this policy
setting, you can choose the following options from
the drop-down box. Low safety to allow
users to be notified of software updates by e-mail, software packages to be
automatically downloaded to users' computers, and software packages to be
automatically installed on users' computers.
Medium safety to allow users to be notified of software updates by
e-mail and software packages to be automatically downloaded to (but not
installed on) users' computers. High
safety to prevent users from being notified of software updates by e-mail,
software packages from being automatically downloaded to users' computers,
and software packages from being automatically installed on users'
computers. If you disable this policy
setting, permissions are set to high safety.
If you do not configure this policy setting, permissions are set to
Low safety. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1E05 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Submit non-encrypted form data |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether data on HTML
forms on pages in the zone may be submitted. Forms
sent with SSL (Secure Sockets Layer) encryption are always allowed; this
setting only affects non-SSL form data submission. If you enable this policy setting,
information using HTML forms on pages in this zone can be submitted
automatically. If you select Prompt in the drop-down box, users are queried
to choose whether to allow information using HTML forms on pages in this zone
to be submitted. If you disable this
policy setting, information using HTML forms on pages in this zone is
prevented from being submitted. If you
do not configure this policy setting, information using HTML forms on pages
in this zone can be submitted automatically. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1601 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Use Pop-up Blocker |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether unwanted
pop-up windows appear. Pop-up windows that are opened
when the end user clicks a link are not blocked. If you enable this policy setting, most
unwanted pop-up windows are prevented from appearing. If you disable this policy setting, pop-up
windows are not prevented from appearing.
If you do not configure this policy setting, pop-up windows are not
prevented from appearing. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1809 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Userdata persistence |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage the preservation of
information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
When a user returns to a persisted page, the state of the page can be
restored if this policy setting is appropriately configured. If you enable this policy setting, users
can preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you disable this policy setting, users
cannot preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you do not configure this policy
setting, users can preserve information in the browser's history, in
favorites, in an XML store, or directly within a Web page saved to disk. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1606 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Web sites in less privileged Web content zones can navigate
into this zone |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether Web sites
from less privileged zones, such as Restricted Sites, can navigate into this zone. If you enable this policy setting, Web
sites from less privileged zones can open new windows in, or navigate into,
this zone. The security zone will run
without the added layer of security that is provided by the Protection from
Zone Elevation security feature. If you select Prompt in the drop-down box, a
warning is issued to the user that potentially risky navigation is about to
occur. If you disable this policy
setting, the possibly harmful navigations are prevented. The Internet
Explorer security feature will be on in this zone as set by Protection from
Zone Elevation feature control. If you
do not configure this policy setting, a warning is issued to the user that
potentially risky navigation is about to occur. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2101 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Allow active scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether script code
on pages in the zone is run. If you
enable this policy setting, script code on pages
in the zone can run automatically. If you select Prompt in the drop-down box,
users are queried to choose whether to allow script code on pages in the zone
to run. If you disable this policy
setting, script code on pages in the zone is prevented from running. If you do not configure this policy
setting, script code on pages in the zone can run automatically. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1400 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Allow paste operations via script |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether scripts can
perform a clipboard operation (for example, cut, copy, and paste) in a specified region. If you enable this policy setting, a script
can perform a clipboard operation. If
you select Prompt in the drop-down box, users are queried as to whether to
perform clipboard operations. If you
disable this policy setting, a script cannot perform a clipboard
operation. If you do not configure
this policy setting, a script can perform a clipboard operation. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1407 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Scripting of Java applets |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether applets are
exposed to scripts within the zone. If
you enable this policy setting, scripts can access
applets automatically without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to allow scripts to access applets. If you disable this policy setting, scripts
are prevented from accessing applets.
If you do not configure this policy setting, scripts can access
applets automatically without user intervention. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1402 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Logon options |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage settings for logon
options. If you enable this policy
setting, you can choose from the following logon
options. Anonymous logon to disable
HTTP authentication and use the guest account only for the Common Internet
File System (CIFS) protocol. Prompt
for user name and password to query users for user IDs and passwords. After a
user is queried, these values can be used silently for the remainder of the
session. Automatic logon only in
Intranet zone to query users for user IDs and passwords in other zones. After
a user is queried, these values can be used silently for the remainder of the
session. Automatic logon with current
user name and password to attempt logon using Windows NT Challenge Response
(also known as NTLM authentication). If Windows NT Challenge Response is
supported by the server, the logon uses the user's network user name and
password for logon. If Windows NT Challenge Response is not supported by the
server, the user is queried to provide the user name and password. If you disable this policy setting, logon
is set to Automatic logon only in Intranet zone. If you do not configure this policy
setting, logon is set to Automatic logon with current username and password. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1A00 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Run .NET Framework-reliant components signed with Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether .NET
Framework components that are signed with Authenticode can be executed from Internet Explorer. These components
include managed controls referenced from an object tag and managed
executables referenced from a link. If
you enable this policy setting, Internet Explorer will execute signed managed
components. If you select Prompt in the drop-down box, Internet Explorer will
prompt the user to determine whether to execute signed managed
components. If you disable this policy
setting, Internet Explorer will not execute signed managed components. If you do not configure this policy
setting, Internet Explorer will not execute signed managed components. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2001 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Run .NET Framework-reliant components not signed with
Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether .NET
Framework components that are not signed with Authenticode can be executed from Internet Explorer. These
components include managed controls referenced from an object tag and managed
executables referenced from a link. If
you enable this policy setting, Internet Explorer will execute unsigned
managed components. If you select Prompt in the drop-down box, Internet
Explorer will prompt the user to determine whether to execute unsigned
managed components. If you disable
this policy setting, Internet Explorer will not execute unsigned managed
components. If you do not configure
this policy setting, Internet Explorer will not execute unsigned managed
components. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2004 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Download signed ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users may
download signed ActiveX controls from a page in the zone. If you enable this policy,
users can download signed controls without user intervention. If you select
Prompt in the drop-down box, users are queried whether to download controls
signed by publishers who aren't trusted. Code signed by trusted publishers is
silently downloaded. If you disable
the policy setting, signed controls cannot be downloaded. If you do not configure this policy setting,
users can download signed controls without user intervention. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1001 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Download unsigned ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users may
download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an
untrusted zone. If you enable this
policy setting, users can run unsigned controls without user intervention. If
you select Prompt in the drop-down box, users are queried to choose whether
to allow the unsigned control to run.
If you disable this policy setting, users cannot run unsigned
controls. If you do not configure this
policy setting, users cannot run unsigned controls. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1004 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Initialize and script ActiveX controls not marked as safe |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage ActiveX controls not
marked as safe. If you enable this
policy setting, ActiveX controls are run, loaded
with parameters, and scripted without setting object safety for untrusted
data or scripts. This setting is not recommended, except for secure and
administered zones. This setting causes both unsafe and safe controls to be
initialized and scripted, ignoring the Script ActiveX controls marked safe
for scripting option. If you enable
this policy setting and select Prompt in the drop-down box, users are queried
whether to allow the control to be loaded with parameters or scripted. If you disable this policy setting, ActiveX
controls that cannot be made safe are not loaded with parameters or
scripted. If you do not configure this
policy setting, ActiveX controls that cannot be made safe are not loaded with
parameters or scripted. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1201 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Run ActiveX controls and plugins |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether ActiveX
controls and plug-ins can be run on pages from the specified zone. If you
enable this policy setting, controls and plug-ins can run without user
intervention. If you selected Prompt
in the drop-down box, users are asked to choose whether to allow the controls
or plug-in to run. If you disable this
policy setting, controls and plug-ins are prevented from running. If you do not configure this policy
setting, controls and plug-ins are prevented from running. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1200 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Script ActiveX controls marked safe for scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether an ActiveX
control marked safe for scripting can interact with a script. If you
enable this policy setting, script interaction can occur automatically
without user intervention. If you
select Prompt in the drop-down box, users are queried to choose whether to
allow script interaction. If you
disable this policy setting, script interaction is prevented from
occurring. If you do not configure
this policy setting, script interaction can occur automatically without user
intervention. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1405 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Allow file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether file
downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the
download, not the zone from which the file is delivered. If you enable this policy setting, files
can be downloaded from the zone. If
you disable this policy setting, files are prevented from being downloaded
from the zone. If you do not
configure this policy setting, files can be downloaded from the zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1803 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Allow font downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether pages of the
zone may download HTML fonts. If you
enable this policy setting, HTML fonts can be
downloaded automatically. If you enable this policy setting and Prompt is
selected in the drop-down box, users are queried whether to allow HTML fonts
to download. If you disable this
policy setting, HTML fonts are prevented from downloading. If you do not configure this policy
setting, HTML fonts can be downloaded automatically. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1604 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Java permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage permissions for Java
applets. If you enable this policy
setting, you can choose options from the drop-down
box. Custom, to control permissions settings individually. Low Safety enables applets to perform all
operations. Medium Safety enables
applets to run in their sandbox (an area in memory outside of which the
program cannot make calls), plus capabilities like scratch space (a safe and
secure storage area on the client computer) and user-controlled file
I/O. High Safety enables applets to
run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java
applets cannot run. If you do not configure
this policy setting, Java applets are disabled. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1C00 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Access data sources across domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether Internet
Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data
Objects (ADO). If you enable this
policy setting, users can load a page in the zone that uses MSXML or ADO to
access data from another site in the zone. If you select Prompt in the
drop-down box, users are queried to choose whether to allow a page to be
loaded in the zone that uses MSXML or ADO to access data from another site in
the zone. If you disable this policy
setting, users cannot load a page in the zone that uses MSXML or ADO to
access data from another site in the zone.
If you do not configure this policy setting, users can load a page in
the zone that uses MSXML or ADO to access data from another site in the zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1406 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Automatic prompting for file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting determines whether users will be prompted
for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for
user-initiated downloads. If you
enable this setting, users will receive a file download dialog for automatic
download attempts. If you disable or
do not configure this setting, file downloads that are not user-initiated
will be blocked, and users will see the Information Bar instead of the file
download dialog. Users can then click the Information Bar to allow the file
download prompt. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2200 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Automatic prompting for ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting manages whether users will be
automatically prompted for ActiveX control installations. If you enable
this policy setting, users will receive a prompt when a site instantiates an
ActiveX control they do not have installed.
If you disable this policy setting, ActiveX control installations will
be blocked using the Information Bar. Users can click on the Information Bar
to allow the ActiveX control prompt.
If you do not configure this policy setting, ActiveX control
installations will be blocked using the Information Bar. Users can click on
the Information Bar to allow the ActiveX control prompt. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2201 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Allow META REFRESH |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether a user's
browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag)
to redirect browsers to another Web page.
If you enable this policy setting, a user's browser that loads a page
containing an active Meta Refresh setting can be redirected to another Web
page. If you disable this policy
setting, a user's browser that loads a page containing an active Meta Refresh
setting cannot be redirected to another Web page. If you do not configure this policy
setting, a user's browser that loads a page containing an active Meta Refresh
setting can be redirected to another Web page. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1608 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Allow script-initiated windows without size or position
constraints |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage restrictions on
script-initiated pop-up windows and windows that include the title and status bars.
If you enable this policy setting, Windows Restrictions security will
not apply in this zone. The security zone runs without the added layer of
security provided by this feature. If
you disable this policy setting, the possible harmful actions contained in
script-initiated pop-up windows and windows that include the title and status
bars cannot be run. This Internet Explorer security feature will be on in
this zone as dictated by the Scripted Windows Security Restrictions feature
control setting for the process. If
you do not configure this policy setting, the possible harmful actions
contained in script-initiated pop-up windows and windows that include the
title and status bars cannot be run. This Internet Explorer security feature
will be on in this zone as dictated by the Scripted Windows Security
Restrictions feature control setting for the process. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2102 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Allow binary and script behaviors |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage dynamic binary and
script behaviors: components that encapsulate specific functionality for HTML elements to which they were
attached. If you enable this policy
setting, binary and script behaviors are available. If you select
Administrator approved in the drop-down box, only behaviors listed in the
Admin-approved Behaviors under Binary Behaviors Security Restriction policy
are available. If you disable this
policy setting, binary and script behaviors are not available unless
applications have implemented a custom security manager. If you do not configure this policy
setting, only behaviors listed in the Admin-approved Behaviors under Binary
Behaviors Security Restriction policy are available. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2000 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Display mixed content |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can
display nonsecure items and manage whether users receive a security information message to display pages containing both
secure and nonsecure items. If you
enable this policy setting, and the drop-down box is set to Enable, the user
does not receive a security information message (This page contains both
secure and nonsecure items. Do you want to display the nonsecure items?) and
nonsecure content can be displayed. If
the drop-down box is set to Prompt, the user will receive the security
information message on the Web pages that contain both secure (https://) and
nonsecure (http://) content. If you
disable this policy setting, users cannot receive the security information
message and nonsecure content cannot be displayed. If you do not configure this policy
setting, the user will receive the security information message on the Web
pages that contain both secure (https://) and nonsecure (http://) content. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1609 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Do not prompt for client certificate selection when no
certificates or only one certificate exists. |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users are
prompted to select a certificate when no certificate or only one certificate exists. If you enable this policy setting, Internet
Explorer does not prompt users with a Client Authentication message when they
connect to a Web site that has no certificate or only one certificate. If you disable this policy setting,
Internet Explorer prompts users with a Client Authentication message when
they connect to a Web site that has no certificate or only one certificate. If you do not configure this policy
setting, Internet Explorer prompts users with a Client Authentication message
when they connect to a Web site that has no certificate or only one
certificate. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1A04 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Allow drag and drop or copy and paste files |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can
drag files or copy and paste files from a source within the zone. If you
enable this policy setting, users can drag files or copy and paste files from
this zone automatically. If you select Prompt in the drop-down box, users are
queried to choose whether to drag or copy files from this zone. If you disable this policy setting, users
are prevented from dragging files or copying and pasting files from this
zone. If you do not configure this
policy setting, users can drag files or copy and paste files from this zone
automatically. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1802 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Allow installation of desktop items |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can
install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting,
users can install desktop items from this zone automatically. If you select Prompt in the drop-down box,
users are queried to choose whether to install desktop items from this
zone. If you disable this policy
setting, users are prevented from installing desktop items from this
zone. If you do not configure this
policy setting, users can install desktop items from this zone automatically. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1800 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Launching applications and files in an IFRAME |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether applications
may be run and files may be downloaded from an IFRAME
reference in the HTML of the pages in this zone. If you enable this policy setting, users
can run applications and download files from IFRAMEs on the pages in this
zone without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to run applications and download files
from IFRAMEs on the pages in this zone.
If you disable this policy setting, users are prevented from running
applications and downloading files from IFRAMEs on the pages in this
zone. If you do not configure this
policy setting, users can run applications and download files from IFRAMEs on
the pages in this zone without user intervention. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1804 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Navigate sub-frames across different domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage the opening of
sub-frames and access of applications across different domains. If you
enable this policy setting, users can open sub-frames from other domains and
access applications from other domains. If you select Prompt in the drop-down
box, users are queried whether to allow sub-frames or access to applications
from other domains. If you disable
this policy setting, users cannot open sub-frames or access applications from
different domains. If you do not configure
this policy setting, users can open sub-frames from other domains and access
applications from other domains. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1607 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Open files based on content, not file extension |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage MIME sniffing for
file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet
Explorer of the file type based on a bit signature. If you enable this policy setting, the MIME
Sniffing Safety Feature will not apply in this zone. The security zone will
run without the added layer of security provided by this feature. If you disable this policy setting, the
actions that may be harmful cannot run; this Internet Explorer security
feature will be turned on in this zone, as dictated by the feature control
setting for the process. If you do not
configure this policy setting, the actions that may be harmful cannot run;
this Internet Explorer security feature will be turned on in this zone, as
dictated by the feature control setting for the process. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2100 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Software channel permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage software channel
permissions. If you enable this policy
setting, you can choose the following options from
the drop-down box. Low safety to allow
users to be notified of software updates by e-mail, software packages to be
automatically downloaded to users' computers, and software packages to be
automatically installed on users' computers.
Medium safety to allow users to be notified of software updates by
e-mail and software packages to be automatically downloaded to (but not
installed on) users' computers. High
safety to prevent users from being notified of software updates by e-mail,
software packages from being automatically downloaded to users' computers,
and software packages from being automatically installed on users'
computers. If you disable this policy
setting, permissions are set to high safety.
If you do not configure this policy setting, permissions are set to
Low safety. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1E05 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Submit non-encrypted form data |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether data on HTML
forms on pages in the zone may be submitted. Forms
sent with SSL (Secure Sockets Layer) encryption are always allowed; this
setting only affects non-SSL form data submission. If you enable this policy setting,
information using HTML forms on pages in this zone can be submitted
automatically. If you select Prompt in the drop-down box, users are queried
to choose whether to allow information using HTML forms on pages in this zone
to be submitted. If you disable this
policy setting, information using HTML forms on pages in this zone is
prevented from being submitted. If you
do not configure this policy setting, information using HTML forms on pages
in this zone can be submitted automatically. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1601 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Use Pop-up Blocker |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether unwanted
pop-up windows appear. Pop-up windows that are opened
when the end user clicks a link are not blocked. If you enable this policy setting, most
unwanted pop-up windows are prevented from appearing. If you disable this policy setting, pop-up
windows are not prevented from appearing.
If you do not configure this policy setting, pop-up windows are not
prevented from appearing. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1809 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Userdata persistence |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage the preservation of
information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
When a user returns to a persisted page, the state of the page can be
restored if this policy setting is appropriately configured. If you enable this policy setting, users
can preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you disable this policy setting, users
cannot preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you do not configure this policy
setting, users can preserve information in the browser's history, in
favorites, in an XML store, or directly within a Web page saved to disk. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1606 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Web sites in less privileged Web content zones can navigate
into this zone |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether Web sites
from less privileged zones, such as Internet sites, can navigate into this zone.
If you enable this policy setting, Web sites from less privileged
zones can open new windows in, or navigate into, this zone. The security zone
will run without the added layer of security that is provided by the
Protection from Zone Elevation security feature. If you select Prompt in the
drop-down box, a warning is issued to the user that potentially risky
navigation is about to occur. If you
disable this policy setting, the possibly harmful navigations are prevented.
The Internet Explorer security feature will be on in this zone as set by
Protection from Zone Elevation feature control. If you do not configure this policy
setting, the possibly harmful navigations are prevented. The Internet
Explorer security feature will be on in this zone as set by Protection from
Zone Elevation feature control. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2101 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Allow active scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether script code
on pages in the zone is run. If you
enable this policy setting, script code on pages
in the zone can run automatically. If you select Prompt in the drop-down box,
users are queried to choose whether to allow script code on pages in the zone
to run. If you disable this policy
setting, script code on pages in the zone is prevented from running. If you do not configure this policy
setting, users are queried to choose whether to allow script code on pages in
the Local Machine zone to run. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1400 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Allow paste operations via script |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether scripts can
perform a clipboard operation (for example, cut, copy, and paste) in a specified region. If you enable this policy setting, a script
can perform a clipboard operation. If
you select Prompt in the drop-down box, users are queried as to whether to
perform clipboard operations. If you
disable this policy setting, a script cannot perform a clipboard
operation. If you do not configure
this policy setting, a script can perform a clipboard operation. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1407 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Scripting of Java applets |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether applets are
exposed to scripts within the zone. If
you enable this policy setting, scripts can access
applets automatically without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to allow scripts to access applets. If you disable this policy setting, scripts
are prevented from accessing applets.
If you do not configure this policy setting, scripts can access
applets automatically without user intervention. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1402 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Logon options |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage settings for logon
options. If you enable this policy
setting, you can choose from the following logon
options. Anonymous logon to disable
HTTP authentication and use the guest account only for the Common Internet
File System (CIFS) protocol. Prompt
for user name and password to query users for user IDs and passwords. After a
user is queried, these values can be used silently for the remainder of the
session. Automatic logon only in
Intranet zone to query users for user IDs and passwords in other zones. After
a user is queried, these values can be used silently for the remainder of the
session. Automatic logon with current
user name and password to attempt logon using Windows NT Challenge Response
(also known as NTLM authentication). If Windows NT Challenge Response is
supported by the server, the logon uses the user's network user name and
password for logon. If Windows NT Challenge Response is not supported by the
server, the user is queried to provide the user name and password. If you disable this policy setting, logon
is set to Automatic logon only in Intranet zone. If you do not configure this policy
setting, logon is set to Automatic logon with current username and password. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1A00 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Run .NET Framework-reliant components signed with Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether .NET
Framework components that are signed with Authenticode can be executed from Internet Explorer. These components
include managed controls referenced from an object tag and managed
executables referenced from a link. If
you enable this policy setting, Internet Explorer will execute signed managed
components. If you select Prompt in the drop-down box, Internet Explorer will
prompt the user to determine whether to execute signed managed
components. If you disable this policy
setting, Internet Explorer will not execute signed managed components. If you do not configure this policy
setting, Internet Explorer will not execute signed managed components. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2001 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Run .NET Framework-reliant components not signed with
Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether .NET
Framework components that are not signed with Authenticode can be executed from Internet Explorer. These
components include managed controls referenced from an object tag and managed
executables referenced from a link. If
you enable this policy setting, Internet Explorer will execute unsigned
managed components. If you select Prompt in the drop-down box, Internet
Explorer will prompt the user to determine whether to execute unsigned
managed components. If you disable
this policy setting, Internet Explorer will not execute unsigned managed
components. If you do not configure
this policy setting, Internet Explorer will not execute unsigned managed
components. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2004 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Download signed ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users may
download signed ActiveX controls from a page in the zone. If you enable this policy,
users can download signed controls without user intervention. If you select
Prompt in the drop-down box, users are queried whether to download controls
signed by publishers who aren't trusted. Code signed by trusted publishers is
silently downloaded. If you disable
the policy setting, signed controls cannot be downloaded. If you do not configure this policy setting,
signed controls cannot be downloaded. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1001 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Download unsigned ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users may
download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an
untrusted zone. If you enable this
policy setting, users can run unsigned controls without user intervention. If
you select Prompt in the drop-down box, users are queried to choose whether
to allow the unsigned control to run.
If you disable this policy setting, users cannot run unsigned
controls. If you do not configure this
policy setting, users cannot run unsigned controls. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1004 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Initialize and script ActiveX controls not marked as safe |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage ActiveX controls not
marked as safe. If you enable this
policy setting, ActiveX controls are run, loaded
with parameters, and scripted without setting object safety for untrusted
data or scripts. This setting is not recommended, except for secure and
administered zones. This setting causes both unsafe and safe controls to be
initialized and scripted, ignoring the Script ActiveX controls marked safe
for scripting option. If you enable
this policy setting and select Prompt in the drop-down box, users are queried
whether to allow the control to be loaded with parameters or scripted. If you disable this policy setting, ActiveX
controls that cannot be made safe are not loaded with parameters or
scripted. If you do not configure this
policy setting, ActiveX controls that cannot be made safe are not loaded with
parameters or scripted. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1201 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Run ActiveX controls and plugins |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether ActiveX
controls and plug-ins can be run on pages from the specified zone. If you
enable this policy setting, controls and plug-ins can run without user
intervention. If you selected Prompt
in the drop-down box, users are asked to choose whether to allow the controls
or plug-in to run. If you disable this
policy setting, controls and plug-ins are prevented from running. If you do not configure this policy
setting, controls and plug-ins are prevented from running. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1200 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Script ActiveX controls marked safe for scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether an ActiveX
control marked safe for scripting can interact with a script. If you
enable this policy setting, script interaction can occur automatically
without user intervention. If you
select Prompt in the drop-down box, users are queried to choose whether to
allow script interaction. If you
disable this policy setting, script interaction is prevented from
occurring. If you do not configure
this policy setting, script interaction is prevented from occurring. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1405 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Allow file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether file
downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the
download, not the zone from which the file is delivered. If you enable this policy setting, files
can be downloaded from the zone. If
you disable this policy setting, files are prevented from being downloaded
from the zone. If you do not
configure this policy setting, files are prevented from being downloaded from
the zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1803 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Allow font downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether pages of the
zone may download HTML fonts. If you
enable this policy setting, HTML fonts can be
downloaded automatically. If you enable this policy setting and Prompt is
selected in the drop-down box, users are queried whether to allow HTML fonts
to download. If you disable this
policy setting, HTML fonts are prevented from downloading. If you do not configure this policy
setting, users are queried whether to allow HTML fonts to download. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1604 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Java permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage permissions for Java
applets. If you enable this policy
setting, you can choose options from the drop-down
box. Custom, to control permissions settings individually. Low Safety enables applets to perform all
operations. Medium Safety enables
applets to run in their sandbox (an area in memory outside of which the
program cannot make calls), plus capabilities like scratch space (a safe and
secure storage area on the client computer) and user-controlled file
I/O. High Safety enables applets to
run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java
applets cannot run. If you do not configure
this policy setting, Java applets are disabled. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1C00 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Access data sources across domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether Internet
Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data
Objects (ADO). If you enable this
policy setting, users can load a page in the zone that uses MSXML or ADO to
access data from another site in the zone. If you select Prompt in the
drop-down box, users are queried to choose whether to allow a page to be
loaded in the zone that uses MSXML or ADO to access data from another site in
the zone. If you disable this policy
setting, users cannot load a page in the zone that uses MSXML or ADO to
access data from another site in the zone.
If you do not configure this policy setting, users cannot load a page
in the zone that uses MSXML or ADO to access data from another site in the
zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1406 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Allow active content over restricted protocols to access my
computer |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether a resource
hosted on an admin-restricted protocol in the Trusted Sites Zone can run active content such as script, ActiveX,
Java and Binary Behaviors. The list of restricted protocols may be set in the
Trusted Sites Zone Restricted Protocols section under Network Protocol
Lockdown policy. If you enable this
policy setting, no Trusted Sites Zone content accessed is affected, even for
protocols on the restricted list. If you select Prompt from the drop-down
box, the Information Bar will appear to allow control over questionable content
accessed over any restricted protocols; content over other protocols is
unaffected. If you disable this policy
setting, all attempts to access such content over the restricted protocols is
blocked. If you do not configure this
policy setting, all attempts to access such content over the restricted
protocols is blocked when the Network Protocol Lockdown security feature is
enabled. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2300 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Automatic prompting for file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting determines whether users will be prompted
for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for
user-initiated downloads. If you
enable this setting, users will receive a file download dialog for automatic
download attempts. If you disable or
do not configure this setting, file downloads that are not user-initiated
will be blocked, and users will see the Information Bar instead of the file
download dialog. Users can then click the Information Bar to allow the file
download prompt. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2200 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Automatic prompting for ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting manages whether users will be
automatically prompted for ActiveX control installations. If you enable
this policy setting, users will receive a prompt when a site instantiates an
ActiveX control they do not have installed.
If you disable this policy setting, ActiveX control installations will
be blocked using the Information Bar. Users can click on the Information Bar
to allow the ActiveX control prompt.
If you do not configure this policy setting, ActiveX control
installations will be blocked using the Information Bar. Users can click on
the Information Bar to allow the ActiveX control prompt. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2201 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Allow META REFRESH |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether a user's
browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag)
to redirect browsers to another Web page.
If you enable this policy setting, a user's browser that loads a page
containing an active Meta Refresh setting can be redirected to another Web
page. If you disable this policy
setting, a user's browser that loads a page containing an active Meta Refresh
setting cannot be redirected to another Web page. If you do not configure this policy
setting, a user's browser that loads a page containing an active Meta Refresh
setting cannot be redirected to another Web page. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1608 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Allow script-initiated windows without size or position
constraints |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage restrictions on
script-initiated pop-up windows and windows that include the title and status bars.
If you enable this policy setting, Windows Restrictions security will
not apply in this zone. The security zone runs without the added layer of
security provided by this feature. If
you disable this policy setting, the possible harmful actions contained in
script-initiated pop-up windows and windows that include the title and status
bars cannot be run. This Internet Explorer security feature will be on in
this zone as dictated by the Scripted Windows Security Restrictions feature
control setting for the process. If
you do not configure this policy setting, the possible harmful actions
contained in script-initiated pop-up windows and windows that include the
title and status bars cannot be run. This Internet Explorer security feature
will be on in this zone as dictated by the Scripted Windows Security
Restrictions feature control setting for the process. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2102 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Allow binary and script behaviors |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage dynamic binary and
script behaviors: components that encapsulate specific functionality for HTML elements to which they were
attached. If you enable this policy
setting, binary and script behaviors are available. If you select
Administrator approved in the drop-down box, only behaviors listed in the
Admin-approved Behaviors under Binary Behaviors Security Restriction policy
are available. If you disable this
policy setting, binary and script behaviors are not available unless
applications have implemented a custom security manager. If you do not configure this policy
setting, binary and script behaviors are not available unless applications
have implemented a custom security manager. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2000 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Display mixed content |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can
display nonsecure items and manage whether users receive a security information message to display pages containing both
secure and nonsecure items. If you
enable this policy setting, and the drop-down box is set to Enable, the user
does not receive a security information message (This page contains both
secure and nonsecure items. Do you want to display the nonsecure items?) and
nonsecure content can be displayed. If
the drop-down box is set to Prompt, the user will receive the security
information message on the Web pages that contain both secure (https://) and
nonsecure (http://) content. If you
disable this policy setting, users cannot receive the security information
message and nonsecure content cannot be displayed. If you do not configure this policy
setting, the user will receive the security information message on the Web
pages that contain both secure (https://) and nonsecure (http://) content. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1609 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Do not prompt for client certificate selection when no
certificates or only one certificate exists. |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users are
prompted to select a certificate when no certificate or only one certificate exists. If you enable this policy setting, Internet
Explorer does not prompt users with a Client Authentication message when they
connect to a Web site that has no certificate or only one certificate. If you disable this policy setting,
Internet Explorer prompts users with a Client Authentication message when
they connect to a Web site that has no certificate or only one certificate. If you do not configure this policy
setting, Internet Explorer prompts users with a Client Authentication message
when they connect to a Web site that has no certificate or only one
certificate. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1A04 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Allow drag and drop or copy and paste files |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can
drag files or copy and paste files from a source within the zone. If you
enable this policy setting, users can drag files or copy and paste files from
this zone automatically. If you select Prompt in the drop-down box, users are
queried to choose whether to drag or copy files from this zone. If you disable this policy setting, users
are prevented from dragging files or copying and pasting files from this
zone. If you do not configure this
policy setting, users are queried to choose whether to drag or copy files
from this zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1802 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Allow installation of desktop items |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can
install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting,
users can install desktop items from this zone automatically. If you select Prompt in the drop-down box,
users are queried to choose whether to install desktop items from this
zone. If you disable this policy
setting, users are prevented from installing desktop items from this
zone. If you do not configure this
policy setting, users are prevented from installing desktop items from this
zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1800 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Launching applications and files in an IFRAME |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether applications
may be run and files may be downloaded from an IFRAME
reference in the HTML of the pages in this zone. If you enable this policy setting, users
can run applications and download files from IFRAMEs on the pages in this
zone without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to run applications and download files
from IFRAMEs on the pages in this zone.
If you disable this policy setting, users are prevented from running
applications and downloading files from IFRAMEs on the pages in this
zone. If you do not configure this
policy setting, users are prevented from running applications and downloading
files from IFRAMEs on the pages in this zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1804 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Navigate sub-frames across different domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage the opening of
sub-frames and access of applications across different domains. If you
enable this policy setting, users can open additional sub-frames from other
domains and access applications from other domains. If you select Prompt in
the drop-down box, users are queried whether to allow additional sub-frames
or access to applications from other domains.
If you disable this policy setting, users cannot open other sub-frames
or access applications from different domains. If you do not configure this policy
setting, users cannot open other sub-frames or access applications from
different domains. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1607 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Open files based on content, not file extension |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage MIME sniffing for
file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet
Explorer of the file type based on a bit signature. If you enable this policy setting, the MIME
Sniffing Safety Feature will not apply in this zone. The security zone will
run without the added layer of security provided by this feature. If you disable this policy setting, the
actions that may be harmful cannot run; this Internet Explorer security
feature will be turned on in this zone, as dictated by the feature control
setting for the process. If you do not
configure this policy setting, the actions that may be harmful cannot run;
this Internet Explorer security feature will be turned on in this zone, as
dictated by the feature control setting for the process. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2100 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Software channel permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage software channel
permissions. If you enable this policy
setting, you can choose the following options from
the drop-down box. Low safety to allow
users to be notified of software updates by e-mail, software packages to be
automatically downloaded to users' computers, and software packages to be
automatically installed on users' computers.
Medium safety to allow users to be notified of software updates by
e-mail and software packages to be automatically downloaded to (but not
installed on) users' computers. High
safety to prevent users from being notified of software updates by e-mail,
software packages from being automatically downloaded to users' computers,
and software packages from being automatically installed on users'
computers. If you disable this policy
setting, permissions are set to high safety.
If you do not configure this policy setting, permissions are set to
High safety. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1E05 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Submit non-encrypted form data |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether data on HTML
forms on pages in the zone may be submitted. Forms
sent with SSL (Secure Sockets Layer) encryption are always allowed; this
setting only affects non-SSL form data submission. If you enable this policy setting,
information using HTML forms on pages in this zone can be submitted
automatically. If you select Prompt in the drop-down box, users are queried
to choose whether to allow information using HTML forms on pages in this zone
to be submitted. If you disable this
policy setting, information using HTML forms on pages in this zone is
prevented from being submitted. If you
do not configure this policy setting, users are queried to choose whether to
allow information using HTML forms on pages in this zone to be submitted. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1601 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Use Pop-up Blocker |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether unwanted
pop-up windows appear. Pop-up windows that are opened
when the end user clicks a link are not blocked. If you enable this policy setting, most
unwanted pop-up windows are prevented from appearing. If you disable this policy setting, pop-up
windows are not prevented from appearing.
If you do not configure this policy setting, most unwanted pop-up
windows are prevented from appearing. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1809 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Userdata persistence |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage the preservation of
information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
When a user returns to a persisted page, the state of the page can be
restored if this policy setting is appropriately configured. If you enable this policy setting, users
can preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you disable this policy setting, users
cannot preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you do not configure this policy
setting, users cannot preserve information in the browser's history, in
favorites, in an XML store, or directly within a Web page saved to disk. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1606 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Web sites in less privileged Web content zones can navigate
into this zone |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether Web sites
from less privileged zones, such as Internet sites, can navigate into this zone.
If you enable this policy setting, Web sites from less privileged
zones can open new windows in, or navigate into, this zone. The security zone
will run without the added layer of security that is provided by the
Protection from Zone Elevation security feature. If you select Prompt in the
drop-down box, a warning is issued to the user that potentially risky
navigation is about to occur. If you
disable this policy setting, the possibly harmful navigations are prevented.
The Internet Explorer security feature will be on in this zone as set by
Protection from Zone Elevation feature control. If you do not configure this policy
setting, the possibly harmful navigations are prevented. The Internet
Explorer security feature will be on in this zone as set by Protection from
Zone Elevation feature control. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2101 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Allow active scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether script code
on pages in the zone is run. If you
enable this policy setting, script code on pages
in the zone can run automatically. If you select Prompt in the drop-down box,
users are queried to choose whether to allow script code on pages in the zone
to run. If you disable this policy
setting, script code on pages in the zone is prevented from running. If you do not configure this policy
setting, script code on pages in the zone is prevented from running. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1400 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Allow paste operations via script |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether scripts can
perform a clipboard operation (for example, cut, copy, and paste) in a specified region. If you enable this policy setting, a script
can perform a clipboard operation. If
you select Prompt in the drop-down box, users are queried as to whether to
perform clipboard operations. If you
disable this policy setting, a script cannot perform a clipboard
operation. If you do not configure
this policy setting, a script cannot perform a clipboard operation. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1407 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Scripting of Java applets |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether applets are
exposed to scripts within the zone. If
you enable this policy setting, scripts can access
applets automatically without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to allow scripts to access applets. If you disable this policy setting, scripts
are prevented from accessing applets.
If you do not configure this policy setting, scripts are prevented
from accessing applets. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1402 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Logon options |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage settings for logon
options. If you enable this policy
setting, you can choose from the following logon
options. Anonymous logon to disable
HTTP authentication and use the guest account only for the Common Internet
File System (CIFS) protocol. Prompt
for user name and password to query users for user IDs and passwords. After a
user is queried, these values can be used silently for the remainder of the
session. Automatic logon only in
Intranet zone to query users for user IDs and passwords in other zones. After
a user is queried, these values can be used silently for the remainder of the
session. Automatic logon with current
user name and password to attempt logon using Windows NT Challenge Response
(also known as NTLM authentication). If Windows NT Challenge Response is
supported by the server, the logon uses the user's network user name and
password for logon. If Windows NT Challenge Response is not supported by the
server, the user is queried to provide the user name and password. If you disable this policy setting, logon
is set to Automatic logon only in Intranet zone. If you do not configure this policy
setting, logon is set to Prompt for username and password. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1A00 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites
Zone |
Run .NET Framework-reliant components signed with Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether .NET
Framework components that are signed with Authenticode can be executed from Internet Explorer. These components
include managed controls referenced from an object tag and managed
executables referenced from a link. If
you enable this policy setting, Internet Explorer will execute signed managed
components. If you select Prompt in the drop-down box, Internet Explorer will
prompt the user to determine whether to execute signed managed
components. If you disable this policy
setting, Internet Explorer will not execute signed managed components. If you do not configure this policy
setting, Internet Explorer will not execute signed managed components. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2001 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites
Zone |
Run .NET Framework-reliant components not signed with
Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether .NET
Framework components that are not signed with Authenticode can be executed from Internet Explorer. These
components include managed controls referenced from an object tag and managed
executables referenced from a link. If
you enable this policy setting, Internet Explorer will execute unsigned
managed components. If you select Prompt in the drop-down box, Internet
Explorer will prompt the user to determine whether to execute unsigned
managed components. If you disable
this policy setting, Internet Explorer will not execute unsigned managed
components. If you do not configure
this policy setting, Internet Explorer will not execute unsigned managed
components. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2004 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites
Zone |
Download signed ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users may
download signed ActiveX controls from a page in the zone. If you enable this policy,
users can download signed controls without user intervention. If you select
Prompt in the drop-down box, users are queried whether to download controls
signed by publishers who aren't trusted. Code signed by trusted publishers is
silently downloaded. If you disable
the policy setting, signed controls cannot be downloaded. If you do not configure this policy setting,
signed controls cannot be downloaded. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1001 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites
Zone |
Download unsigned ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users may
download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an
untrusted zone. If you enable this
policy setting, users can run unsigned controls without user intervention. If
you select Prompt in the drop-down box, users are queried to choose whether
to allow the unsigned control to run.
If you disable this policy setting, users cannot run unsigned
controls. If you do not configure this
policy setting, users cannot run unsigned controls. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1004 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites
Zone |
Initialize and script ActiveX controls not marked as safe |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage ActiveX controls not
marked as safe. If you enable this
policy setting, ActiveX controls are run, loaded
with parameters, and scripted without setting object safety for untrusted
data or scripts. This setting is not recommended, except for secure and
administered zones. This setting causes both unsafe and safe controls to be
initialized and scripted, ignoring the Script ActiveX controls marked safe
for scripting option. If you enable
this policy setting and select Prompt in the drop-down box, users are queried
whether to allow the control to be loaded with parameters or scripted. If you disable this policy setting, ActiveX
controls that cannot be made safe are not loaded with parameters or
scripted. If you do not configure this
policy setting, ActiveX controls that cannot be made safe are not loaded with
parameters or scripted. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1201 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites
Zone |
Run ActiveX controls and plugins |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether ActiveX
controls and plug-ins can be run on pages from the specified zone. If you
enable this policy setting, controls and plug-ins can run without user
intervention. If you selected Prompt
in the drop-down box, users are asked to choose whether to allow the controls
or plug-in to run. If you disable this
policy setting, controls and plug-ins are prevented from running. If you do not configure this policy
setting, controls and plug-ins are prevented from running. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1200 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites
Zone |
Script ActiveX controls marked safe for scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether an ActiveX
control marked safe for scripting can interact with a script. If you
enable this policy setting, script interaction can occur automatically
without user intervention. If you
select Prompt in the drop-down box, users are queried to choose whether to
allow script interaction. If you
disable this policy setting, script interaction is prevented from
occurring. If you do not configure
this policy setting, script interaction is prevented from occurring. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1405 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites
Zone |
Allow file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether file
downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the
download, not the zone from which the file is delivered. If you enable this policy setting, files
can be downloaded from the zone. If
you disable this policy setting, files are prevented from being downloaded
from the zone. If you do not
configure this policy setting, files are prevented from being downloaded from
the zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1803 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites
Zone |
Allow font downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether pages of the
zone may download HTML fonts. If you
enable this policy setting, HTML fonts can be
downloaded automatically. If you enable this policy setting and Prompt is
selected in the drop-down box, users are queried whether to allow HTML fonts
to download. If you disable this
policy setting, HTML fonts are prevented from downloading. If you do not configure this policy
setting, users are queried whether to allow HTML fonts to download. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1604 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites
Zone |
Java permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage permissions for Java
applets. If you enable this policy
setting, you can choose options from the drop-down
box. Custom, to control permissions settings individually. Low Safety enables applets to perform all
operations. Medium Safety enables
applets to run in their sandbox (an area in memory outside of which the
program cannot make calls), plus capabilities like scratch space (a safe and
secure storage area on the client computer) and user-controlled file
I/O. High Safety enables applets to
run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java
applets cannot run. If you do not configure
this policy setting, Java applets are disabled. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1C00 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites
Zone |
Access data sources across domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether Internet
Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data
Objects (ADO). If you enable this
policy setting, users can load a page in the zone that uses MSXML or ADO to
access data from another site in the zone. If you select Prompt in the
drop-down box, users are queried to choose whether to allow a page to be
loaded in the zone that uses MSXML or ADO to access data from another site in
the zone. If you disable this policy
setting, users cannot load a page in the zone that uses MSXML or ADO to
access data from another site in the zone.
If you do not configure this policy setting, users cannot load a page
in the zone that uses MSXML or ADO to access data from another site in the
zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1406 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites
Zone |
Automatic prompting for file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting determines whether users will be prompted
for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for
user-initiated downloads. If you
enable this setting, users will receive a file download dialog for automatic
download attempts. If you disable or
do not configure this setting, file downloads that are not user-initiated
will be blocked, and users will see the Information Bar instead of the file
download dialog. Users can then click the Information Bar to allow the file
download prompt. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2200 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites
Zone |
Automatic prompting for ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting manages whether users will be
automatically prompted for ActiveX control installations. If you enable
this policy setting, users will receive a prompt when a site instantiates an
ActiveX control they do not have installed.
If you disable this policy setting, ActiveX control installations will
be blocked using the Information Bar. Users can click on the Information Bar
to allow the ActiveX control prompt.
If you do not configure this policy setting, ActiveX control
installations will be blocked using the Information Bar. Users can click on
the Information Bar to allow the ActiveX control prompt. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2201 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites
Zone |
Allow META REFRESH |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether a user's
browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag)
to redirect browsers to another Web page.
If you enable this policy setting, a user's browser that loads a page
containing an active Meta Refresh setting can be redirected to another Web
page. If you disable this policy
setting, a user's browser that loads a page containing an active Meta Refresh
setting cannot be redirected to another Web page. If you do not configure this policy
setting, a user's browser that loads a page containing an active Meta Refresh
setting cannot be redirected to another Web page. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1608 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites
Zone |
Allow script-initiated windows without size or position
constraints |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage restrictions on
script-initiated pop-up windows and windows that include the title and status bars.
If you enable this policy setting, Windows Restrictions security will
not apply in this zone. The security zone runs without the added layer of
security provided by this feature. If
you disable this policy setting, the possible harmful actions contained in
script-initiated pop-up windows and windows that include the title and status
bars cannot be run. This Internet Explorer security feature will be on in
this zone as dictated by the Scripted Windows Security Restrictions feature
control setting for the process. If
you do not configure this policy setting, the possible harmful actions
contained in script-initiated pop-up windows and windows that include the
title and status bars cannot be run. This Internet Explorer security feature
will be on in this zone as dictated by the Scripted Windows Security
Restrictions feature control setting for the process. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2102 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites
Zone |
Allow binary and script behaviors |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage dynamic binary and
script behaviors: components that encapsulate specific functionality for HTML elements to which they were
attached. If you enable this policy
setting, binary and script behaviors are available. If you select
Administrator approved in the drop-down box, only behaviors listed in the
Admin-approved Behaviors under Binary Behaviors Security Restriction policy
are available. If you disable this
policy setting, binary and script behaviors are not available unless
applications have implemented a custom security manager. If you do not configure this policy
setting, binary and script behaviors are not available unless applications
have implemented a custom security manager. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2000 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites
Zone |
Display mixed content |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can
display nonsecure items and manage whether users receive a security information message to display pages containing both
secure and nonsecure items. If you
enable this policy setting, and the drop-down box is set to Enable, the user
does not receive a security information message (This page contains both
secure and nonsecure items. Do you want to display the nonsecure items?) and
nonsecure content can be displayed. If
the drop-down box is set to Prompt, the user will receive the security
information message on the Web pages that contain both secure (https://) and
nonsecure (http://) content. If you
disable this policy setting, users cannot receive the security information
message and nonsecure content cannot be displayed. If you do not configure this policy
setting, the user will receive the security information message on the Web
pages that contain both secure (https://) and nonsecure (http://) content. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1609 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites
Zone |
Do not prompt for client certificate selection when no
certificates or only one certificate exists. |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users are
prompted to select a certificate when no certificate or only one certificate exists. If you enable this policy setting, Internet
Explorer does not prompt users with a Client Authentication message when they
connect to a Web site that has no certificate or only one certificate. If you disable this policy setting,
Internet Explorer prompts users with a Client Authentication message when
they connect to a Web site that has no certificate or only one certificate. If you do not configure this policy
setting, Internet Explorer prompts users with a Client Authentication message
when they connect to a Web site that has no certificate or only one
certificate. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1A04 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites
Zone |
Allow drag and drop or copy and paste files |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can
drag files or copy and paste files from a source within the zone. If you
enable this policy setting, users can drag files or copy and paste files from
this zone automatically. If you select Prompt in the drop-down box, users are
queried to choose whether to drag or copy files from this zone. If you disable this policy setting, users
are prevented from dragging files or copying and pasting files from this
zone. If you do not configure this
policy setting, users are queried to choose whether to drag or copy files
from this zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1802 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites
Zone |
Allow installation of desktop items |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can
install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting,
users can install desktop items from this zone automatically. If you select Prompt in the drop-down box,
users are queried to choose whether to install desktop items from this
zone. If you disable this policy
setting, users are prevented from installing desktop items from this
zone. If you do not configure this
policy setting, users are prevented from installing desktop items from this
zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1800 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites
Zone |
Launching applications and files in an IFRAME |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether applications
may be run and files may be downloaded from an IFRAME
reference in the HTML of the pages in this zone. If you enable this policy setting, users
can run applications and download files from IFRAMEs on the pages in this
zone without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to run applications and download files
from IFRAMEs on the pages in this zone.
If you disable this policy setting, users are prevented from running
applications and downloading files from IFRAMEs on the pages in this
zone. If you do not configure this
policy setting, users are prevented from running applications and downloading
files from IFRAMEs on the pages in this zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1804 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites
Zone |
Navigate sub-frames across different domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage the opening of
sub-frames and access of applications across different domains. If you
enable this policy setting, users can open additional sub-frames from other
domains and access applications from other domains. If you select Prompt in
the drop-down box, users are queried whether to allow additional sub-frames
or access to applications from other domains.
If you disable this policy setting, users cannot open other sub-frames
or access applications from different domains. If you do not configure this policy
setting, users cannot open other sub-frames or access applications from
different domains. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1607 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites
Zone |
Open files based on content, not file extension |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage MIME sniffing for
file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet
Explorer of the file type based on a bit signature. If you enable this policy setting, the MIME
Sniffing Safety Feature will not apply in this zone. The security zone will
run without the added layer of security provided by this feature. If you disable this policy setting, the
actions that may be harmful cannot run; this Internet Explorer security
feature will be turned on in this zone, as dictated by the feature control
setting for the process. If you do not
configure this policy setting, the actions that may be harmful cannot run;
this Internet Explorer security feature will be turned on in this zone, as
dictated by the feature control setting for the process. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2100 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites
Zone |
Software channel permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage software channel
permissions. If you enable this policy
setting, you can choose the following options from
the drop-down box. Low safety to allow
users to be notified of software updates by e-mail, software packages to be
automatically downloaded to users' computers, and software packages to be
automatically installed on users' computers.
Medium safety to allow users to be notified of software updates by
e-mail and software packages to be automatically downloaded to (but not
installed on) users' computers. High
safety to prevent users from being notified of software updates by e-mail,
software packages from being automatically downloaded to users' computers,
and software packages from being automatically installed on users'
computers. If you disable this policy
setting, permissions are set to high safety.
If you do not configure this policy setting, permissions are set to
Low safety. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1E05 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites
Zone |
Submit non-encrypted form data |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether data on HTML
forms on pages in the zone may be submitted. Forms
sent with SSL (Secure Sockets Layer) encryption are always allowed; this
setting only affects non-SSL form data submission. If you enable this policy setting,
information using HTML forms on pages in this zone can be submitted
automatically. If you select Prompt in the drop-down box, users are queried
to choose whether to allow information using HTML forms on pages in this zone
to be submitted. If you disable this
policy setting, information using HTML forms on pages in this zone is
prevented from being submitted. If you
do not configure this policy setting, users are queried to choose whether to
allow information using HTML forms on pages in this zone to be submitted. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1601 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites
Zone |
Use Pop-up Blocker |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether unwanted
pop-up windows appear. Pop-up windows that are opened
when the end user clicks a link are not blocked. If you enable this policy setting, most
unwanted pop-up windows are prevented from appearing. If you disable this policy setting, pop-up
windows are not prevented from appearing.
If you do not configure this policy setting, most unwanted pop-up
windows are prevented from appearing. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1809 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites
Zone |
Userdata persistence |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage the preservation of
information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
When a user returns to a persisted page, the state of the page can be
restored if this policy setting is appropriately configured. If you enable this policy setting, users
can preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you disable this policy setting, users
cannot preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you do not configure this policy
setting, users cannot preserve information in the browser's history, in
favorites, in an XML store, or directly within a Web page saved to disk. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1606 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites
Zone |
Web sites in less privileged Web content zones can navigate
into this zone |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether Web sites
from less privileged zones, such as Internet sites, can navigate into this zone.
If you enable this policy setting, Web sites from less privileged
zones can open new windows in, or navigate into, this zone. The security zone
will run without the added layer of security that is provided by the
Protection from Zone Elevation security feature. If you select Prompt in the
drop-down box, a warning is issued to the user that potentially risky
navigation is about to occur. If you
disable this policy setting, the possibly harmful navigations are prevented.
The Internet Explorer security feature will be on in this zone as set by
Protection from Zone Elevation feature control. If you do not configure this policy
setting, the possibly harmful navigations are prevented. The Internet
Explorer security feature will be on in this zone as set by Protection from
Zone Elevation feature control. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2101 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites
Zone |
Allow active scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether script code
on pages in the zone is run. If you
enable this policy setting, script code on pages
in the zone can run automatically. If you select Prompt in the drop-down box,
users are queried to choose whether to allow script code on pages in the zone
to run. If you disable this policy
setting, script code on pages in the zone is prevented from running. If you do not configure this policy
setting, script code on pages in the zone is prevented from running. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1400 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites
Zone |
Allow paste operations via script |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether scripts can
perform a clipboard operation (for example, cut, copy, and paste) in a specified region. If you enable this policy setting, a script
can perform a clipboard operation. If
you select Prompt in the drop-down box, users are queried as to whether to
perform clipboard operations. If you
disable this policy setting, a script cannot perform a clipboard
operation. If you do not configure
this policy setting, a script cannot perform a clipboard operation. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1407 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites
Zone |
Scripting of Java applets |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether applets are
exposed to scripts within the zone. If
you enable this policy setting, scripts can access
applets automatically without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to allow scripts to access applets. If you disable this policy setting, scripts
are prevented from accessing applets.
If you do not configure this policy setting, scripts are prevented
from accessing applets. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1402 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites
Zone |
Logon options |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage settings for logon
options. If you enable this policy
setting, you can choose from the following logon
options. Anonymous logon to disable
HTTP authentication and use the guest account only for the Common Internet
File System (CIFS) protocol. Prompt
for user name and password to query users for user IDs and passwords. After a
user is queried, these values can be used silently for the remainder of the
session. Automatic logon only in
Intranet zone to query users for user IDs and passwords in other zones. After
a user is queried, these values can be used silently for the remainder of the
session. Automatic logon with current
user name and password to attempt logon using Windows NT Challenge Response
(also known as NTLM authentication). If Windows NT Challenge Response is
supported by the server, the logon uses the user's network user name and
password for logon. If Windows NT Challenge Response is not supported by the
server, the user is queried to provide the user name and password. If you disable this policy setting, logon
is set to Automatic logon only in Intranet zone. If you do not configure this policy
setting, logon is set to Prompt for username and password. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1A00 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Run .NET Framework-reliant components signed with Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether .NET
Framework components that are signed with Authenticode can be executed from Internet Explorer. These components
include managed controls referenced from an object tag and managed
executables referenced from a link. If
you enable this policy setting, Internet Explorer will execute signed managed
components. If you select Prompt in the drop-down box, Internet Explorer will
prompt the user to determine whether to execute signed managed
components. If you disable this policy
setting, Internet Explorer will not execute signed managed components. If you do not configure this policy
setting, Internet Explorer will not execute signed managed components. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2001 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Run .NET Framework-reliant components not signed with
Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether .NET
Framework components that are not signed with Authenticode can be executed from Internet Explorer. These
components include managed controls referenced from an object tag and managed
executables referenced from a link. If
you enable this policy setting, Internet Explorer will execute unsigned
managed components. If you select Prompt in the drop-down box, Internet
Explorer will prompt the user to determine whether to execute unsigned
managed components. If you disable
this policy setting, Internet Explorer will not execute unsigned managed
components. If you do not configure
this policy setting, Internet Explorer will not execute unsigned managed
components. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2004 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Download signed ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users may
download signed ActiveX controls from a page in the zone. If you enable this policy,
users can download signed controls without user intervention. If you select
Prompt in the drop-down box, users are queried whether to download controls
signed by publishers who aren't trusted. Code signed by trusted publishers is
silently downloaded. If you disable
the policy setting, signed controls cannot be downloaded. If you do not configure this policy setting,
users can download signed controls without user intervention. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1001 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Download unsigned ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users may
download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an
untrusted zone. If you enable this
policy setting, users can run unsigned controls without user intervention. If
you select Prompt in the drop-down box, users are queried to choose whether
to allow the unsigned control to run.
If you disable this policy setting, users cannot run unsigned
controls. If you do not configure this
policy setting, users can run unsigned controls without user intervention. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1004 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Initialize and script ActiveX controls not marked as safe |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage ActiveX controls not
marked as safe. If you enable this
policy setting, ActiveX controls are run, loaded
with parameters, and scripted without setting object safety for untrusted
data or scripts. This setting is not recommended, except for secure and
administered zones. This setting causes both unsafe and safe controls to be
initialized and scripted, ignoring the Script ActiveX controls marked safe
for scripting option. If you enable
this policy setting and select Prompt in the drop-down box, users are queried
whether to allow the control to be loaded with parameters or scripted. If you disable this policy setting, ActiveX
controls that cannot be made safe are not loaded with parameters or
scripted. If you do not configure this
policy setting, users are queried whether to allow the control to be loaded
with parameters or scripted. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1201 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Run ActiveX controls and plugins |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether ActiveX
controls and plug-ins can be run on pages from the specified zone. If you
enable this policy setting, controls and plug-ins can run without user
intervention. If you selected Prompt
in the drop-down box, users are asked to choose whether to allow the controls
or plug-in to run. If you disable this
policy setting, controls and plug-ins are prevented from running. If you do not configure this policy
setting, controls and plug-ins can run without user intervention. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1200 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Script ActiveX controls marked safe for scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether an ActiveX
control marked safe for scripting can interact with a script. If you
enable this policy setting, script interaction can occur automatically
without user intervention. If you
select Prompt in the drop-down box, users are queried to choose whether to
allow script interaction. If you
disable this policy setting, script interaction is prevented from
occurring. If you do not configure
this policy setting, script interaction can occur automatically without user
intervention. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1405 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Allow file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether file
downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the
download, not the zone from which the file is delivered. If you enable this policy setting, files
can be downloaded from the zone. If
you disable this policy setting, files are prevented from being downloaded
from the zone. If you do not
configure this policy setting, files can be downloaded from the zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1803 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Allow font downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether pages of the
zone may download HTML fonts. If you
enable this policy setting, HTML fonts can be
downloaded automatically. If you enable this policy setting and Prompt is
selected in the drop-down box, users are queried whether to allow HTML fonts
to download. If you disable this
policy setting, HTML fonts are prevented from downloading. If you do not configure this policy
setting, HTML fonts can be downloaded automatically. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1604 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Java permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage permissions for Java
applets. If you enable this policy
setting, you can choose options from the drop-down
box. Custom, to control permissions settings individually. Low Safety enables applets to perform all
operations. Medium Safety enables
applets to run in their sandbox (an area in memory outside of which the
program cannot make calls), plus capabilities like scratch space (a safe and
secure storage area on the client computer) and user-controlled file
I/O. High Safety enables applets to
run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java
applets cannot run. If you do not configure
this policy setting, the permission is set to Medium Safety. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1C00 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Access data sources across domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether Internet
Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data
Objects (ADO). If you enable this
policy setting, users can load a page in the zone that uses MSXML or ADO to
access data from another site in the zone. If you select Prompt in the
drop-down box, users are queried to choose whether to allow a page to be
loaded in the zone that uses MSXML or ADO to access data from another site in
the zone. If you disable this policy
setting, users cannot load a page in the zone that uses MSXML or ADO to
access data from another site in the zone.
If you do not configure this policy setting, users can load a page in
the zone that uses MSXML or ADO to access data from another site in the zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1406 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Allow active content over restricted protocols to access my
computer |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether a resource
hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script, ActiveX, Java
and Binary Behaviors. The list of restricted protocols may be set in the
Intranet Zone Restricted Protocols section under Network Protocol Lockdown
policy. If you enable this policy
setting, no Intranet Zone content accessed is affected, even for protocols on
the restricted list. If you select Prompt from the drop-down box, the
Information Bar will appear to allow control over questionable content
accessed over any restricted protocols; content over other protocols is
unaffected. If you disable this policy
setting, all attempts to access such content over the restricted protocols is
blocked. If you do not configure this
policy setting, the Information Bar will appear to allow control over
questionable content accessed over any restricted protocols when the Network
Protocol Lockdown security feature is enabled. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2300 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Automatic prompting for file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting determines whether users will be prompted
for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for
user-initiated downloads. If you
enable this setting, users will receive a file download dialog for automatic
download attempts. If you disable or
do not configure this setting, users will receive a file download dialog for
automatic download attempts. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2200 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Automatic prompting for ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting manages whether users will be
automatically prompted for ActiveX control installations. If you enable
this policy setting, users will receive a prompt when a site instantiates an
ActiveX control they do not have installed.
If you disable this policy setting, ActiveX control installations will
be blocked using the Information Bar. Users can click on the Information Bar
to allow the ActiveX control prompt.
If you do not configure this policy setting, users will receive a
prompt when a site instantiates an ActiveX control they do not have
installed. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2201 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Allow META REFRESH |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether a user's
browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag)
to redirect browsers to another Web page.
If you enable this policy setting, a user's browser that loads a page
containing an active Meta Refresh setting can be redirected to another Web
page. If you disable this policy
setting, a user's browser that loads a page containing an active Meta Refresh
setting cannot be redirected to another Web page. If you do not configure this policy
setting, a user's browser that loads a page containing an active Meta Refresh
setting can be redirected to another Web page. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1608 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Allow script-initiated windows without size or position
constraints |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage restrictions on
script-initiated pop-up windows and windows that include the title and status bars.
If you enable this policy setting, Windows Restrictions security will
not apply in this zone. The security zone runs without the added layer of
security provided by this feature. If
you disable this policy setting, the possible harmful actions contained in
script-initiated pop-up windows and windows that include the title and status
bars cannot be run. This Internet Explorer security feature will be on in
this zone as dictated by the Scripted Windows Security Restrictions feature
control setting for the process. If
you do not configure this policy setting, Windows Restrictions security will
not apply in this zone. The security zone runs without the added layer of
security provided by this feature. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2102 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Allow binary and script behaviors |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage dynamic binary and
script behaviors: components that encapsulate specific functionality for HTML elements to which they were
attached. If you enable this policy
setting, binary and script behaviors are available. If you select
Administrator approved in the drop-down box, only behaviors listed in the
Admin-approved Behaviors under Binary Behaviors Security Restriction policy
are available. If you disable this
policy setting, binary and script behaviors are not available unless
applications have implemented a custom security manager. If you do not configure this policy
setting, binary and script behaviors are available. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2000 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Display mixed content |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can
display nonsecure items and manage whether users receive a security information message to display pages containing both
secure and nonsecure items. If you
enable this policy setting, and the drop-down box is set to Enable, the user
does not receive a security information message (This page contains both
secure and nonsecure items. Do you want to display the nonsecure items?) and
nonsecure content can be displayed. If
the drop-down box is set to Prompt, the user will receive the security
information message on the Web pages that contain both secure (https://) and
nonsecure (http://) content. If you
disable this policy setting, users cannot receive the security information
message and nonsecure content cannot be displayed. If you do not configure this policy
setting, the user will receive the security information message on the Web
pages that contain both secure (https://) and nonsecure (http://) content. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1609 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Do not prompt for client certificate selection when no
certificates or only one certificate exists. |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users are
prompted to select a certificate when no certificate or only one certificate exists. If you enable this policy setting, Internet
Explorer does not prompt users with a Client Authentication message when they
connect to a Web site that has no certificate or only one certificate. If you disable this policy setting,
Internet Explorer prompts users with a Client Authentication message when
they connect to a Web site that has no certificate or only one certificate. If you do not configure this policy
setting, Internet Explorer does not prompt users with a Client Authentication
message when they connect to a Web site that has no certificate or only one
certificate. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1A04 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Allow drag and drop or copy and paste files |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can
drag files or copy and paste files from a source within the zone. If you
enable this policy setting, users can drag files or copy and paste files from
this zone automatically. If you select Prompt in the drop-down box, users are
queried to choose whether to drag or copy files from this zone. If you disable this policy setting, users
are prevented from dragging files or copying and pasting files from this
zone. If you do not configure this
policy setting, users can drag files or copy and paste files from this zone
automatically. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1802 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Allow installation of desktop items |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can
install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting,
users can install desktop items from this zone automatically. If you select Prompt in the drop-down box,
users are queried to choose whether to install desktop items from this
zone. If you disable this policy
setting, users are prevented from installing desktop items from this
zone. If you do not configure this
policy setting, users can install desktop items from this zone automatically. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1800 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Launching applications and files in an IFRAME |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether applications
may be run and files may be downloaded from an IFRAME
reference in the HTML of the pages in this zone. If you enable this policy setting, users
can run applications and download files from IFRAMEs on the pages in this
zone without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to run applications and download files
from IFRAMEs on the pages in this zone.
If you disable this policy setting, users are prevented from running
applications and downloading files from IFRAMEs on the pages in this
zone. If you do not configure this
policy setting, users can run applications and download files from IFRAMEs on
the pages in this zone without user intervention. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1804 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Navigate sub-frames across different domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage the opening of
sub-frames and access of applications across different domains. If you
enable this policy setting, users can open sub-frames from other domains and
access applications from other domains. If you select Prompt in the drop-down
box, users are queried whether to allow sub-frames or access to applications
from other domains. If you disable
this policy setting, users cannot open sub-frames or access applications from
different domains. If you do not configure
this policy setting, users can open sub-frames from other domains and access
applications from other domains. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1607 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Open files based on content, not file extension |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage MIME sniffing for
file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet
Explorer of the file type based on a bit signature. If you enable this policy setting, the MIME
Sniffing Safety Feature will not apply in this zone. The security zone will
run without the added layer of security provided by this feature. If you disable this policy setting, the
actions that may be harmful cannot run; this Internet Explorer security
feature will be turned on in this zone, as dictated by the feature control
setting for the process. If you do not
configure this policy setting, the MIME Sniffing Safety Feature will not
apply in this zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2100 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Software channel permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage software channel
permissions. If you enable this policy
setting, you can choose the following options from
the drop-down box. Low safety to allow
users to be notified of software updates by e-mail, software packages to be
automatically downloaded to users' computers, and software packages to be
automatically installed on users' computers.
Medium safety to allow users to be notified of software updates by
e-mail and software packages to be automatically downloaded to (but not
installed on) users' computers. High
safety to prevent users from being notified of software updates by e-mail,
software packages from being automatically downloaded to users' computers,
and software packages from being automatically installed on users'
computers. If you disable this policy
setting, permissions are set to high safety.
If you do not configure this policy setting, permissions are set to
Low safety. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1E05 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Submit non-encrypted form data |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether data on HTML
forms on pages in the zone may be submitted. Forms
sent with SSL (Secure Sockets Layer) encryption are always allowed; this
setting only affects non-SSL form data submission. If you enable this policy setting,
information using HTML forms on pages in this zone can be submitted
automatically. If you select Prompt in the drop-down box, users are queried
to choose whether to allow information using HTML forms on pages in this zone
to be submitted. If you disable this
policy setting, information using HTML forms on pages in this zone is
prevented from being submitted. If you
do not configure this policy setting, information using HTML forms on pages
in this zone can be submitted automatically. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1601 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Use Pop-up Blocker |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether unwanted
pop-up windows appear. Pop-up windows that are opened
when the end user clicks a link are not blocked. If you enable this policy setting, most
unwanted pop-up windows are prevented from appearing. If you disable this policy setting, pop-up
windows are not prevented from appearing.
If you do not configure this policy setting, pop-up windows are not
prevented from appearing. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1809 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Userdata persistence |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage the preservation of
information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
When a user returns to a persisted page, the state of the page can be
restored if this policy setting is appropriately configured. If you enable this policy setting, users
can preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you disable this policy setting, users
cannot preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you do not configure this policy
setting, users can preserve information in the browser's history, in
favorites, in an XML store, or directly within a Web page saved to disk. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1606 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Web sites in less privileged Web content zones can navigate
into this zone |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether Web sites
from less privileged zones, such as Internet sites, can navigate into this zone.
If you enable this policy setting, Web sites from less privileged
zones can open new windows in, or navigate into, this zone. The security zone
will run without the added layer of security that is provided by the
Protection from Zone Elevation security feature. If you select Prompt in the
drop-down box, a warning is issued to the user that potentially risky
navigation is about to occur. If you
disable this policy setting, the possibly harmful navigations are prevented.
The Internet Explorer security feature will be on in this zone as set by
Protection from Zone Elevation feature control. If you do not configure this policy
setting, the possibly harmful navigations are prevented. The Internet
Explorer security feature will be on in this zone as set by Protection from
Zone Elevation feature control. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2101 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Allow active scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether script code
on pages in the zone is run. If you
enable this policy setting, script code on pages
in the zone can run automatically. If you select Prompt in the drop-down box,
users are queried to choose whether to allow script code on pages in the zone
to run. If you disable this policy
setting, script code on pages in the zone is prevented from running. If you do not configure this policy
setting, script code on pages in the zone can run automatically. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1400 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Allow paste operations via script |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether scripts can
perform a clipboard operation (for example, cut, copy, and paste) in a specified region. If you enable this policy setting, a script
can perform a clipboard operation. If
you select Prompt in the drop-down box, users are queried as to whether to
perform clipboard operations. If you
disable this policy setting, a script cannot perform a clipboard
operation. If you do not configure
this policy setting, a script can perform a clipboard operation. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1407 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Scripting of Java applets |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether applets are
exposed to scripts within the zone. If
you enable this policy setting, scripts can access
applets automatically without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to allow scripts to access applets. If you disable this policy setting, scripts
are prevented from accessing applets.
If you do not configure this policy setting, scripts can access
applets automatically without user intervention. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1402 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Logon options |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage settings for logon
options. If you enable this policy
setting, you can choose from the following logon
options. Anonymous logon to disable
HTTP authentication and use the guest account only for the Common Internet
File System (CIFS) protocol. Prompt
for user name and password to query users for user IDs and passwords. After a
user is queried, these values can be used silently for the remainder of the
session. Automatic logon only in
Intranet zone to query users for user IDs and passwords in other zones. After
a user is queried, these values can be used silently for the remainder of the
session. Automatic logon with current
user name and password to attempt logon using Windows NT Challenge Response
(also known as NTLM authentication). If Windows NT Challenge Response is
supported by the server, the logon uses the user's network user name and
password for logon. If Windows NT Challenge Response is not supported by the
server, the user is queried to provide the user name and password. If you disable this policy setting, logon
is set to Automatic logon only in Intranet zone. If you do not configure this policy
setting, logon is set to Automatic logon with current username and password. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1A00 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Run .NET Framework-reliant components signed with Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether .NET
Framework components that are signed with Authenticode can be executed from Internet Explorer. These components
include managed controls referenced from an object tag and managed
executables referenced from a link. If
you enable this policy setting, Internet Explorer will execute signed managed
components. If you select Prompt in the drop-down box, Internet Explorer will
prompt the user to determine whether to execute signed managed
components. If you disable this policy
setting, Internet Explorer will not execute signed managed components. If you do not configure this policy
setting, Internet Explorer will not execute signed managed components. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2001 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Run .NET Framework-reliant components not signed with
Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether .NET
Framework components that are not signed with Authenticode can be executed from Internet Explorer. These
components include managed controls referenced from an object tag and managed
executables referenced from a link. If
you enable this policy setting, Internet Explorer will execute unsigned
managed components. If you select Prompt in the drop-down box, Internet
Explorer will prompt the user to determine whether to execute unsigned
managed components. If you disable
this policy setting, Internet Explorer will not execute unsigned managed
components. If you do not configure
this policy setting, Internet Explorer will not execute unsigned managed
components. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2004 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Download signed ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users may
download signed ActiveX controls from a page in the zone. If you enable this policy,
users can download signed controls without user intervention. If you select
Prompt in the drop-down box, users are queried whether to download controls
signed by publishers who aren't trusted. Code signed by trusted publishers is
silently downloaded. If you disable
the policy setting, signed controls cannot be downloaded. If you do not configure this policy setting,
users can download signed controls without user intervention. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1001 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Download unsigned ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users may
download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an
untrusted zone. If you enable this
policy setting, users can run unsigned controls without user intervention. If
you select Prompt in the drop-down box, users are queried to choose whether
to allow the unsigned control to run.
If you disable this policy setting, users cannot run unsigned
controls. If you do not configure this
policy setting, users cannot run unsigned controls. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1004 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Initialize and script ActiveX controls not marked as safe |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage ActiveX controls not
marked as safe. If you enable this
policy setting, ActiveX controls are run, loaded
with parameters, and scripted without setting object safety for untrusted
data or scripts. This setting is not recommended, except for secure and
administered zones. This setting causes both unsafe and safe controls to be
initialized and scripted, ignoring the Script ActiveX controls marked safe
for scripting option. If you enable
this policy setting and select Prompt in the drop-down box, users are queried
whether to allow the control to be loaded with parameters or scripted. If you disable this policy setting, ActiveX
controls that cannot be made safe are not loaded with parameters or
scripted. If you do not configure this
policy setting, ActiveX controls that cannot be made safe are not loaded with
parameters or scripted. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1201 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Run ActiveX controls and plugins |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether ActiveX
controls and plug-ins can be run on pages from the specified zone. If you
enable this policy setting, controls and plug-ins can run without user
intervention. If you selected Prompt
in the drop-down box, users are asked to choose whether to allow the controls
or plug-in to run. If you disable this
policy setting, controls and plug-ins are prevented from running. If you do not configure this policy
setting, controls and plug-ins are prevented from running. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1200 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Script ActiveX controls marked safe for scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether an ActiveX
control marked safe for scripting can interact with a script. If you
enable this policy setting, script interaction can occur automatically
without user intervention. If you
select Prompt in the drop-down box, users are queried to choose whether to
allow script interaction. If you
disable this policy setting, script interaction is prevented from
occurring. If you do not configure
this policy setting, script interaction can occur automatically without user
intervention. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1405 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Allow file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether file
downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the
download, not the zone from which the file is delivered. If you enable this policy setting, files
can be downloaded from the zone. If
you disable this policy setting, files are prevented from being downloaded
from the zone. If you do not
configure this policy setting, files can be downloaded from the zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1803 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Allow font downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether pages of the
zone may download HTML fonts. If you
enable this policy setting, HTML fonts can be
downloaded automatically. If you enable this policy setting and Prompt is
selected in the drop-down box, users are queried whether to allow HTML fonts
to download. If you disable this
policy setting, HTML fonts are prevented from downloading. If you do not configure this policy
setting, HTML fonts can be downloaded automatically. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1604 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Java permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage permissions for Java
applets. If you enable this policy
setting, you can choose options from the drop-down
box. Custom, to control permissions settings individually. Low Safety enables applets to perform all
operations. Medium Safety enables
applets to run in their sandbox (an area in memory outside of which the
program cannot make calls), plus capabilities like scratch space (a safe and
secure storage area on the client computer) and user-controlled file
I/O. High Safety enables applets to
run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java
applets cannot run. If you do not configure
this policy setting, Java applets are disabled. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1C00 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Access data sources across domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether Internet
Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data
Objects (ADO). If you enable this
policy setting, users can load a page in the zone that uses MSXML or ADO to
access data from another site in the zone. If you select Prompt in the
drop-down box, users are queried to choose whether to allow a page to be
loaded in the zone that uses MSXML or ADO to access data from another site in
the zone. If you disable this policy
setting, users cannot load a page in the zone that uses MSXML or ADO to
access data from another site in the zone.
If you do not configure this policy setting, users can load a page in
the zone that uses MSXML or ADO to access data from another site in the zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1406 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Automatic prompting for file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting determines whether users will be prompted
for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for
user-initiated downloads. If you
enable this setting, users will receive a file download dialog for automatic
download attempts. If you disable or
do not configure this setting, file downloads that are not user-initiated
will be blocked, and users will see the Information Bar instead of the file
download dialog. Users can then click the Information Bar to allow the file
download prompt. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2200 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Automatic prompting for ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting manages whether users will be
automatically prompted for ActiveX control installations. If you enable
this policy setting, users will receive a prompt when a site instantiates an
ActiveX control they do not have installed.
If you disable this policy setting, ActiveX control installations will
be blocked using the Information Bar. Users can click on the Information Bar
to allow the ActiveX control prompt.
If you do not configure this policy setting, ActiveX control
installations will be blocked using the Information Bar. Users can click on
the Information Bar to allow the ActiveX control prompt. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2201 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Allow META REFRESH |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether a user's
browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag)
to redirect browsers to another Web page.
If you enable this policy setting, a user's browser that loads a page
containing an active Meta Refresh setting can be redirected to another Web
page. If you disable this policy
setting, a user's browser that loads a page containing an active Meta Refresh
setting cannot be redirected to another Web page. If you do not configure this policy
setting, a user's browser that loads a page containing an active Meta Refresh
setting can be redirected to another Web page. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1608 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Allow script-initiated windows without size or position
constraints |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage restrictions on
script-initiated pop-up windows and windows that include the title and status bars.
If you enable this policy setting, Windows Restrictions security will
not apply in this zone. The security zone runs without the added layer of
security provided by this feature. If
you disable this policy setting, the possible harmful actions contained in
script-initiated pop-up windows and windows that include the title and status
bars cannot be run. This Internet Explorer security feature will be on in
this zone as dictated by the Scripted Windows Security Restrictions feature
control setting for the process. If
you do not configure this policy setting, the possible harmful actions
contained in script-initiated pop-up windows and windows that include the
title and status bars cannot be run. This Internet Explorer security feature
will be on in this zone as dictated by the Scripted Windows Security
Restrictions feature control setting for the process. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2102 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Allow binary and script behaviors |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage dynamic binary and
script behaviors: components that encapsulate specific functionality for HTML elements to which they were
attached. If you enable this policy
setting, binary and script behaviors are available. If you select
Administrator approved in the drop-down box, only behaviors listed in the
Admin-approved Behaviors under Binary Behaviors Security Restriction policy
are available. If you disable this
policy setting, binary and script behaviors are not available unless
applications have implemented a custom security manager. If you do not configure this policy
setting, only behaviors listed in the Admin-approved Behaviors under Binary
Behaviors Security Restriction policy are available. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2000 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Display mixed content |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can
display nonsecure items and manage whether users receive a security information message to display pages containing both
secure and nonsecure items. If you
enable this policy setting, and the drop-down box is set to Enable, the user
does not receive a security information message (This page contains both
secure and nonsecure items. Do you want to display the nonsecure items?) and
nonsecure content can be displayed. If
the drop-down box is set to Prompt, the user will receive the security
information message on the Web pages that contain both secure (https://) and
nonsecure (http://) content. If you
disable this policy setting, users cannot receive the security information
message and nonsecure content cannot be displayed. If you do not configure this policy
setting, the user will receive the security information message on the Web
pages that contain both secure (https://) and nonsecure (http://) content. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1609 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Do not prompt for client certificate selection when no
certificates or only one certificate exists. |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users are
prompted to select a certificate when no certificate or only one certificate exists. If you enable this policy setting, Internet
Explorer does not prompt users with a Client Authentication message when they
connect to a Web site that has no certificate or only one certificate. If you disable this policy setting,
Internet Explorer prompts users with a Client Authentication message when
they connect to a Web site that has no certificate or only one certificate. If you do not configure this policy
setting, Internet Explorer prompts users with a Client Authentication message
when they connect to a Web site that has no certificate or only one
certificate. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1A04 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Allow drag and drop or copy and paste files |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can
drag files or copy and paste files from a source within the zone. If you
enable this policy setting, users can drag files or copy and paste files from
this zone automatically. If you select Prompt in the drop-down box, users are
queried to choose whether to drag or copy files from this zone. If you disable this policy setting, users
are prevented from dragging files or copying and pasting files from this
zone. If you do not configure this
policy setting, users can drag files or copy and paste files from this zone
automatically. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1802 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Allow installation of desktop items |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can
install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting,
users can install desktop items from this zone automatically. If you select Prompt in the drop-down box,
users are queried to choose whether to install desktop items from this
zone. If you disable this policy
setting, users are prevented from installing desktop items from this
zone. If you do not configure this
policy setting, users can install desktop items from this zone automatically. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1800 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Launching applications and files in an IFRAME |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether applications
may be run and files may be downloaded from an IFRAME
reference in the HTML of the pages in this zone. If you enable this policy setting, users
can run applications and download files from IFRAMEs on the pages in this
zone without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to run applications and download files
from IFRAMEs on the pages in this zone.
If you disable this policy setting, users are prevented from running
applications and downloading files from IFRAMEs on the pages in this
zone. If you do not configure this
policy setting, users can run applications and download files from IFRAMEs on
the pages in this zone without user intervention. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1804 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Navigate sub-frames across different domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage the opening of
sub-frames and access of applications across different domains. If you
enable this policy setting, users can open sub-frames from other domains and
access applications from other domains. If you select Prompt in the drop-down
box, users are queried whether to allow sub-frames or access to applications
from other domains. If you disable
this policy setting, users cannot open sub-frames or access applications from
different domains. If you do not configure
this policy setting, users can open sub-frames from other domains and access
applications from other domains. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1607 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Open files based on content, not file extension |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage MIME sniffing for
file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet
Explorer of the file type based on a bit signature. If you enable this policy setting, the MIME
Sniffing Safety Feature will not apply in this zone. The security zone will
run without the added layer of security provided by this feature. If you disable this policy setting, the
actions that may be harmful cannot run; this Internet Explorer security
feature will be turned on in this zone, as dictated by the feature control
setting for the process. If you do not
configure this policy setting, the actions that may be harmful cannot run;
this Internet Explorer security feature will be turned on in this zone, as
dictated by the feature control setting for the process. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2100 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Software channel permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage software channel
permissions. If you enable this policy
setting, you can choose the following options from
the drop-down box. Low safety to allow
users to be notified of software updates by e-mail, software packages to be
automatically downloaded to users' computers, and software packages to be
automatically installed on users' computers.
Medium safety to allow users to be notified of software updates by
e-mail and software packages to be automatically downloaded to (but not
installed on) users' computers. High
safety to prevent users from being notified of software updates by e-mail,
software packages from being automatically downloaded to users' computers,
and software packages from being automatically installed on users'
computers. If you disable this policy
setting, permissions are set to high safety.
If you do not configure this policy setting, permissions are set to
Low safety. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1E05 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Submit non-encrypted form data |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether data on HTML
forms on pages in the zone may be submitted. Forms
sent with SSL (Secure Sockets Layer) encryption are always allowed; this
setting only affects non-SSL form data submission. If you enable this policy setting,
information using HTML forms on pages in this zone can be submitted
automatically. If you select Prompt in the drop-down box, users are queried
to choose whether to allow information using HTML forms on pages in this zone
to be submitted. If you disable this
policy setting, information using HTML forms on pages in this zone is
prevented from being submitted. If you
do not configure this policy setting, information using HTML forms on pages
in this zone can be submitted automatically. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1601 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Use Pop-up Blocker |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether unwanted
pop-up windows appear. Pop-up windows that are opened
when the end user clicks a link are not blocked. If you enable this policy setting, most
unwanted pop-up windows are prevented from appearing. If you disable this policy setting, pop-up
windows are not prevented from appearing.
If you do not configure this policy setting, pop-up windows are not
prevented from appearing. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1809 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Userdata persistence |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage the preservation of
information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
When a user returns to a persisted page, the state of the page can be
restored if this policy setting is appropriately configured. If you enable this policy setting, users
can preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you disable this policy setting, users
cannot preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you do not configure this policy
setting, users can preserve information in the browser's history, in
favorites, in an XML store, or directly within a Web page saved to disk. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1606 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Web sites in less privileged Web content zones can navigate
into this zone |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether Web sites
from less privileged zones, such as Internet sites, can navigate into this zone.
If you enable this policy setting, Web sites from less privileged
zones can open new windows in, or navigate into, this zone. The security zone
will run without the added layer of security that is provided by the
Protection from Zone Elevation security feature. If you select Prompt in the
drop-down box, a warning is issued to the user that potentially risky
navigation is about to occur. If you
disable this policy setting, the possibly harmful navigations are prevented.
The Internet Explorer security feature will be on in this zone as set by
Protection from Zone Elevation feature control. If you do not configure this policy
setting, the possibly harmful navigations are prevented. The Internet
Explorer security feature will be on in this zone as set by Protection from
Zone Elevation feature control. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2101 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Allow active scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether script code
on pages in the zone is run. If you
enable this policy setting, script code on pages
in the zone can run automatically. If you select Prompt in the drop-down box,
users are queried to choose whether to allow script code on pages in the zone
to run. If you disable this policy
setting, script code on pages in the zone is prevented from running. If you do not configure this policy
setting, users are queried to choose whether to allow script code on pages in
the Local Machine zone to run. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1400 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Allow paste operations via script |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether scripts can
perform a clipboard operation (for example, cut, copy, and paste) in a specified region. If you enable this policy setting, a script
can perform a clipboard operation. If
you select Prompt in the drop-down box, users are queried as to whether to
perform clipboard operations. If you
disable this policy setting, a script cannot perform a clipboard
operation. If you do not configure
this policy setting, a script can perform a clipboard operation. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1407 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Scripting of Java applets |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether applets are
exposed to scripts within the zone. If
you enable this policy setting, scripts can access
applets automatically without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to allow scripts to access applets. If you disable this policy setting, scripts
are prevented from accessing applets.
If you do not configure this policy setting, scripts can access
applets automatically without user intervention. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1402 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Logon options |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage settings for logon
options. If you enable this policy
setting, you can choose from the following logon
options. Anonymous logon to disable
HTTP authentication and use the guest account only for the Common Internet
File System (CIFS) protocol. Prompt
for user name and password to query users for user IDs and passwords. After a
user is queried, these values can be used silently for the remainder of the
session. Automatic logon only in
Intranet zone to query users for user IDs and passwords in other zones. After
a user is queried, these values can be used silently for the remainder of the
session. Automatic logon with current
user name and password to attempt logon using Windows NT Challenge Response
(also known as NTLM authentication). If Windows NT Challenge Response is
supported by the server, the logon uses the user's network user name and
password for logon. If Windows NT Challenge Response is not supported by the
server, the user is queried to provide the user name and password. If you disable this policy setting, logon
is set to Automatic logon only in Intranet zone. If you do not configure this policy
setting, logon is set to Automatic logon with current username and password. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1A00 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page |
Site to Zone Assignment List |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage a list of sites that
you want to associate with a particular security zone. These zone numbers have associated security settings that
apply to all of the sites in the zone.
Internet Explorer has 4 security zones, numbered 1-4, and these are
used by this policy setting to associate sites to zones. They are: (1)
Intranet zone, (2) Trusted Sites zone, (3) Internet zone, and (4) Restricted
Sites zone. Security settings can be set for each of these zones through
other policy settings, and their default settings are: Trusted Sites zone
(Low template), Intranet zone (Medium-Low template), Internet zone (Medium
template), and Restricted Sites zone (High template). (The Local Machine zone
and its locked down equivalent have special security settings that protect
your local computer.) If you enable
this policy setting, you can enter a list of sites and their related zone
numbers. The association of a site with a zone will ensure that the security
settings for the specified zone are applied to the site. For each entry
that you add to the list, enter the following information: Valuename – A host for an intranet site, or
a fully qualified domain name for other sites. The valuename may also
include a specific protocol. For example, if you enter
http://www.contoso.com as the valuename, other protocols are not
affected. If you enter just www.contoso.com, then all
protocols are affected for that site, including http, https, ftp, and so
on. The site may also be expressed as an IP address (e.g., 127.0.0.1) or
range (e.g., 127.0.0.1-10). To avoid creating conflicting policies, do not
include additional characters after the domain such as trailing slashes or
URL path. For example, policy settings for www.contoso.com and
www.contoso.com/mail would be treated as the same policy setting by Internet
Explorer, and would therefore be in conflict.
Value - A number indicating the zone with which this site should be
associated for security settings. The Internet Explorer zones described above
are 1-4. If you disable this policy
setting, any such list is deleted and no site-to-zone assignments are
permitted. If this policy is not
configured, users may choose their own site-to-zone assignments. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings!ListBox_Support_ZoneMapKey |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page |
Intranet Sites: Include all local (intranet) sites not listed
in other zones |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting controls whether local sites which are not
explicitly mapped into any Security Zone are forced into the local Intranet security zone. If you enable this policy setting, local
sites which are not explicitly mapped into a zone are considered to be in the
Intranet Zone. If you disable this
policy setting, local sites which are not explicitly mapped into a zone will
not be considered to be in the Intranet Zone (so would typically be in the
Internet Zone). If you do not
configure this policy setting, users choose whether to force local sites into
the Intranet Zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap!IntranetName |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page |
Intranet Sites: Include all sites that bypass the proxy server |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting controls whether sites which bypass the
proxy server are mapped into the local Intranet security zone. If you
enable this policy setting, sites which bypass the proxy server are mapped
into the Intranet Zone. If you disable
this policy setting, sites which bypass the proxy server aren't necessarily
mapped into the Intranet Zone (other rules might map one there). If you do not configure this policy
setting, users choose whether sites which bypass the proxy server are mapped
into the Intranet Zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap!ProxyByPass |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page |
Intranet Sites: Include all network paths (UNCs) |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting controls whether URLs representing UNCs
are mapped into the local Intranet security zone. If you enable
this policy setting, all network paths are mapped into the Intranet
Zone. If you disable this policy
setting, network paths are not necessarily mapped into the Intranet Zone
(other rules might map one there). If
you do not configure this policy setting, users choose whether network paths
are mapped into the Intranet Zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap!UNCAsIntranet |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page |
Internet Zone Template |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This template policy setting allows you to configure policy
settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High. If you enable this template policy setting
and select a security level, all values for individual settings in the zone
will be overwritten by the standard template defaults. If you disable this template policy
setting, no security level is configured.
If you do not configure this template policy setting, no security
level is configured. Note. Local
Machine Zone Lockdown Security and Network Protocol Lockdown operate by
comparing the settings in the active URL's zone against those in the
Locked-Down equivalent zone. If you select a security level for any zone
(including selecting no security), the same change should be made to the
Locked-Down equivalent. Note. It is
recommended to configure template policy settings in one Group Policy object
(GPO) and configure any related individual policy settings in a separate GPO.
You can then use Group Policy management features (for example, precedence,
inheritance, or enforce) to apply individual settings to specific targets. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Template Policies!InternetZoneTemplate,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Template Policies!Internet, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2300,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2300,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2300,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2300,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2300 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page |
Intranet Zone Template |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This template policy setting allows you to configure policy
settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High. If you enable this template policy setting
and select a security level, all values for individual settings in the zone
will be overwritten by the standard template defaults. If you disable this template policy
setting, no security level is configured.
If you do not configure this template policy setting, no security
level is configured. Note. Local
Machine Zone Lockdown Security and Network Protocol Lockdown operate by
comparing the settings in the active URL's zone against those in the
Locked-Down equivalent zone. If you select a security level for any zone
(including selecting no security), the same change should be made to the
Locked-Down equivalent. Note. It is
recommended to configure template policy settings in one Group Policy object
(GPO) and configure any related individual policy settings in a separate GPO.
You can then use Group Policy management features (for example, precedence,
inheritance, or enforce) to apply individual settings to specific targets. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Intranet
Settings\Template Policies!IntranetZoneTemplate,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Intranet
Settings\Template Policies!Intranet, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2300,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2300,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2300,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2300,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2300 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page |
Trusted Sites Zone Template |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This template policy setting allows you to configure policy
settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High. If you enable this template policy setting
and select a security level, all values for individual settings in the zone
will be overwritten by the standard template defaults. If you disable this template policy
setting, no security level is configured.
If you do not configure this template policy setting, no security
level is configured. Note. Local
Machine Zone Lockdown Security and Network Protocol Lockdown operate by
comparing the settings in the active URL's zone against those in the
Locked-Down equivalent zone. If you select a security level for any zone
(including selecting no security), the same change should be made to the
Locked-Down equivalent. Note. It is
recommended to configure template policy settings in one Group Policy object
(GPO) and configure any related individual policy settings in a separate GPO.
You can then use Group Policy management features (for example, precedence,
inheritance, or enforce) to apply individual settings to specific targets. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Trusted
Sites Settings\Template Policies!TrustedSitesZoneTemplate,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Trusted Sites
Settings\Template Policies!Trusted Sites, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2300,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2300, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2300,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2300,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2300 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page |
Restricted Sites Zone Template |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This template policy setting allows you to configure policy
settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High. If you enable this template policy setting
and select a security level, all values for individual settings in the zone
will be overwritten by the standard template defaults. If you disable this template policy
setting, no security level is configured.
If you do not configure this template policy setting, no security
level is configured. Note. Local
Machine Zone Lockdown Security and Network Protocol Lockdown operate by
comparing the settings in the active URL's zone against those in the
Locked-Down equivalent zone. If you select a security level for any zone
(including selecting no security), the same change should be made to the
Locked-Down equivalent. Note. It is
recommended to configure template policy settings in one Group Policy object
(GPO) and configure any related individual policy settings in a separate GPO.
You can then use Group Policy management features (for example, precedence,
inheritance, or enforce) to apply individual settings to specific targets. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Restricted
Sites Settings\Template Policies!RestrictedSitesZoneTemplate,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Restricted Sites
Settings\Template Policies!Restricted Sites, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2300,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2300, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2300,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2300,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2300 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page |
Local Machine Zone Template |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This template policy setting allows you to configure policy
settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High. If you enable this template policy setting
and select a security level, all values for individual settings in the zone
will be overwritten by the standard template defaults. If you disable this template policy
setting, no security level is configured.
If you do not configure this template policy setting, no security
level is configured. Note. Local
Machine Zone Lockdown Security and Network Protocol Lockdown operate by
comparing the settings in the active URL's zone against those in the
Locked-Down equivalent zone. If you select a security level for any zone
(including selecting no security), the same change should be made to the
Locked-Down equivalent. Note. It is
recommended to configure template policy settings in one Group Policy object
(GPO) and configure any related individual policy settings in a separate GPO.
You can then use Group Policy management features (for example, precedence,
inheritance, or enforce) to apply individual settings to specific targets. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Local
Machine Zone Settings\Template Policies!LocalMachineZoneTemplate,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Local Machine Zone
Settings\Template Policies!Local Machine Zone, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2300,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2300, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2300,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2300,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2300 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page |
Locked-Down
Local Machine Zone Template |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This template policy setting allows you to configure policy
settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High. If you enable this template policy setting
and select a security level, all values for individual settings in the zone
will be overwritten by the standard template defaults. If you disable this template policy
setting, no security level is configured.
If you do not configure this template policy setting, no security
level is configured. Note. Local
Machine Zone Lockdown Security and Network Protocol Lockdown operate by
comparing the settings in the active URL's zone against those in the
Locked-Down equivalent zone. If you select a security level for any zone
(including selecting no security), the same change should be made to the
Locked-Down equivalent. Note. It is
recommended to configure template policy settings in one Group Policy object
(GPO) and configure any related individual policy settings in a separate GPO.
You can then use Group Policy management features (for example, precedence,
inheritance, or enforce) to apply individual settings to specific targets. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Local
Machine Zone Lockdown Settings\Template
Policies!LocalMachineZoneLockdownTemplate,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Local Machine Zone
Lockdown Settings\Template Policies!Locked-Down Local Machine Zone,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2201 |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page |
Locked-Down
Internet Zone Template |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This template policy setting allows you to configure policy
settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High. If you enable this template policy setting
and select a security level, all values for individual settings in the zone
will be overwritten by the standard template defaults. If you disable this template policy
setting, no security level is configured.
If you do not configure this template policy setting, no security
level is configured. Note. Local
Machine Zone Lockdown Security and Network Protocol Lockdown operate by
comparing the settings in the active URL's zone against those in the
Locked-Down equivalent zone. If you select a security level for any zone
(including selecting no security), the same change should be made to the
Locked-Down equivalent. Note. It is
recommended to configure template policy settings in one Group Policy object
(GPO) and configure any related individual policy settings in a separate GPO.
You can then use Group Policy management features (for example, precedence,
inheritance, or enforce) to apply individual settings to specific targets. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Lockdown Settings\Template Policies!InternetZoneLockdownTemplate,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Lockdown
Settings\Template Policies!Locked-Down Internet, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2201 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page |
Locked-Down
Intranet Zone Template |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This template policy setting allows you to configure policy
settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High. If you enable this template policy setting
and select a security level, all values for individual settings in the zone
will be overwritten by the standard template defaults. If you disable this template policy
setting, no security level is configured.
If you do not configure this template policy setting, no security
level is configured. Note. Local
Machine Zone Lockdown Security and Network Protocol Lockdown operate by
comparing the settings in the active URL's zone against those in the
Locked-Down equivalent zone. If you select a security level for any zone
(including selecting no security), the same change should be made to the
Locked-Down equivalent. Note. It is
recommended to configure template policy settings in one Group Policy object
(GPO) and configure any related individual policy settings in a separate GPO.
You can then use Group Policy management features (for example, precedence,
inheritance, or enforce) to apply individual settings to specific targets. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Intranet
Lockdown Settings\Template Policies!IntranetZoneLockdownTemplate,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Intranet Lockdown
Settings\Template Policies!Locked-Down Intranet, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2201 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page |
Locked-Down
Trusted Sites Zone Template |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This template policy setting allows you to configure policy
settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High. If you enable this template policy setting
and select a security level, all values for individual settings in the zone
will be overwritten by the standard template defaults. If you disable this template policy
setting, no security level is configured.
If you do not configure this template policy setting, no security
level is configured. Note. Local
Machine Zone Lockdown Security and Network Protocol Lockdown operate by
comparing the settings in the active URL's zone against those in the
Locked-Down equivalent zone. If you select a security level for any zone
(including selecting no security), the same change should be made to the
Locked-Down equivalent. Note. It is
recommended to configure template policy settings in one Group Policy object
(GPO) and configure any related individual policy settings in a separate GPO.
You can then use Group Policy management features (for example, precedence,
inheritance, or enforce) to apply individual settings to specific targets. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Trusted
Sites Lockdown Settings\Template Policies!TrustedSitesZoneLockdownTemplate,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Trusted Sites
Lockdown Settings\Template Policies!Locked-Down Trusted Sites,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2201 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page |
Locked-Down
Restricted Sites Zone Template |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This template policy setting allows you to configure policy
settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High. If you enable this template policy setting
and select a security level, all values for individual settings in the zone
will be overwritten by the standard template defaults. If you disable this template policy
setting, no security level is configured.
If you do not configure this template policy setting, no security
level is configured. Note. Local
Machine Zone Lockdown Security and Network Protocol Lockdown operate by
comparing the settings in the active URL's zone against those in the
Locked-Down equivalent zone. If you select a security level for any zone
(including selecting no security), the same change should be made to the
Locked-Down equivalent. Note. It is
recommended to configure template policy settings in one Group Policy object
(GPO) and configure any related individual policy settings in a separate GPO.
You can then use Group Policy management features (for example, precedence,
inheritance, or enforce) to apply individual settings to specific targets. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Restricted
Sites Lockdown Settings\Template
Policies!RestrictedSitesZoneLockdownTemplate,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Restricted Sites
Lockdown Settings\Template Policies!Locked-Down Restricted Sites,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2201 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Advanced Page |
Automatically check for Internet Explorer updates |
at least Internet Explorer v6.0 in Windows 2003 Service Pack 1 |
This policy setting allows you to manage whether Internet
Explorer checks the Internet for newer versions. When Internet Explorer is set to do this, the checks occur
approximately every 30 days, and users are prompted to install new versions
as they become available. If you
enable this policy setting, Internet Explorer checks the Internet for a new
version approximately every 30 days and prompts the user to download new
versions when they are available. If
you disable this policy setting, Internet Explorer does not check the
Internet for new versions of the browser, so does not prompt users to install
them. If you do not configure this
policy setting, Internet Explorer does not check the Internet for new
versions of the browser, so does not prompt users to install them. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main!NoUpdateCheck |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Advanced Page |
Allow Install On Demand (Internet Explorer) |
at least Internet Explorer v6.0 in Windows 2003 Service Pack 1 |
This policy setting allows you to manage whether users can
automatically download and install Web components (such as fonts) that can installed by Internet Explorer Active Setup. For example, if you open a Web page that
requires Japanese-text display support, Internet Explorer could prompt the
user to download the Japanese Language Pack component if it is not already
installed. If you enable this policy
setting, Web components such as fonts will be automatically installed as
necessary. If you disable this policy
setting, users will be prompted when Web Components such as fonts would be
downloaded. If you do not configure
this policy, users will be prompted when Web Components such as fonts would
be downloaded. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main!NoJITSetup |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Advanced Page |
Allow Install On Demand (except Internet Explorer) |
at least Internet Explorer v6.0 in Windows 2003 Service Pack 1 |
This policy setting allows you to manage whether users can
download and install self-installing program files (non-Internet Explorer components) that are registered with
Internet Explorer (such as Windows Media Player, Macromedia, and Java) that
are required in order to view web pages as intended. If you enable this policy setting,
non-Internet Explorer components will be automatically installed as
necessary. If you disable this policy
setting, users will be prompted when non-Internet Explorer components would
be installed. If you do not configure
this policy setting, non-Internet Explorer components will be automatically
installed as necessary. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main!NoWebJITSetup |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Advanced Page |
Allow third-party browser extensions |
at least Internet Explorer v6.0 in Windows 2003 Service Pack 1 |
This policy setting allows you to manage whether Internet
Explorer will launch COM add-ons known as browser helper objects, such as toolbars. Browser helper objects may contain flaws
such as buffer overruns which impact Internet Explorer’s performance or
stability. If you enable this policy
setting, Internet Explorer automatically launches any browser helper objects
that are installed on the user's computer.
If you disable this policy setting, browser helper objects do not
launch. If you do not configure this
policy, Internet Explorer automatically launches any browser helper objects
that are installed on the user's computer. |
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Enable
Browser Extensions |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Advanced Page |
Play animations in web pages |
at least Internet Explorer v6.0 in Windows 2003 Service Pack 1 |
This policy setting allows you to manage whether Internet
Explorer will display animated pictures found in Web content. Generally only animated GIF files are affected by
this setting; active Web content such as java applets are not. If you enable this policy setting, Internet
Explorer will play animated pictures found in Web content. If you disable this policy setting,
Internet Explorer will not play or download animated pictures, helping pages
display more quickly. If you do not
configure this policy setting, Internet Explorer will play animated pictures
found in Web content. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main!Play_Animations |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Advanced Page |
Play sounds in web pages |
at least Internet Explorer v6.0 in Windows 2003 Service Pack 1 |
This policy setting allows you to manage whether Internet
Explorer will play sounds found in web content. Generally only sound files such as MIDI files are affected by this
setting; active Web content such as java applets are not. If you enable this policy setting, Internet
Explorer will play sounds found in Web content. If you disable this policy setting,
Internet Explorer will not play or download sounds in Web content, helping
pages display more quickly. If you
enable this policy setting, Internet Explorer will play sounds found in Web
content. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main!Play_Background_Sounds |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Advanced Page |
Play videos in web pages |
at least Internet Explorer v6.0 in Windows 2003 Service Pack 1 |
This policy setting allows you to manage whether Internet
Explorer will display videos found in Web content. Generally only embedded video files are affected by this
setting; active Web content such as java applets are not. If you enable this policy setting, Internet
Explorer will play videos found in Web content. If you disable this policy setting,
Internet Explorer will not play or download videos, helping pages display
more quickly. If you do not configure
this policy setting, Internet Explorer will play videos found in Web content. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main!Display Inline Videos |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Advanced Page |
Allow active content from CDs to run on user machines |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users receive
a dialog requesting permission for active content on a CD to run. If you enable this
policy setting, active content on a CD will run without a prompt. If you disable this policy setting, active
content on a CD will always prompt before running. If you do not configure this policy, users
can choose whether to be prompted before running active content on a CD. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Settings!LOCALMACHINE_CD_UNLOCK |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Advanced Page |
Allow software to run or install even if the signature is
invalid |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether software,
such as ActiveX controls and file downloads, can be installed or run by the user even though the signature is
invalid. An invalid signature might indicate that someone has tampered with
the file. If you enable this policy
setting, users will be prompted to install or run files with an invalid
signature. If you disable this policy
setting, users cannot run or install files with an invalid signature. If you do not configure this policy, users
can choose to run or install files with an invalid signature. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Download!RunInvalidSignatures |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Advanced Page |
Check for server certificate revocation |
at least Internet Explorer v6.0 in Windows 2003 Service Pack 1 |
This policy setting allows you to manage whether Internet
Explorer will check revocation status of servers' certificates. Certificates are revoked when they have been
compromised or are no longer valid, and this option protects users from
submitting confidential data to a site that may be fraudulent or not
secure. If you enable this policy
setting, Internet Explorer will check to see if server certificates have been
revoked. If you disable this policy
setting, Internet Explorer will not check server certificates to see if they
have been revoked. If you do not
configure this policy setting, Internet Explorer will not check server
certificates to see if they have been revoked. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings!CertificateRevocation |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Advanced Page |
Check for signatures on downloaded programs |
at least Internet Explorer v6.0 in Windows 2003 Service Pack 1 |
This policy setting allows you to manage whether Internet
Explorer checks for digital signatures (which identifies the publisher of signed software and verifies it hasn't been
modified or tampered with) on user computers before downloading executable
programs. If you enable this policy
setting, Internet Explorer will check the digital signatures of executable
programs and display their identities before downloading them to user
computers. If you disable this policy
setting, Internet Explorer will not check the digital signatures of
executable programs or display their identities before downloading them to
user computers. If you do not
configure this policy, Internet Explorer will not check the digital
signatures of executable programs or display their identities before
downloading them to user computers. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main!CheckExeSignatures |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Advanced Page |
Do not save encrypted pages to disk |
at least Internet Explorer v6.0 in Windows 2003 Service Pack 1 |
This policy setting allows you to manage whether Internet
Explorer will save encrypted pages that contain secure (HTTPS) information such as passwords and credit card
numbers to the Internet Explorer cache, which may be insecure. If you enable this policy setting, Internet
Explorer will not save encrypted pages containing secure (HTTPS) information
to the cache. If you disable this
policy setting, Internet Explorer will save encrypted pages containing secure
(HTTPS) information to the cache. If
you do not configure this policy, Internet Explorer will save encrypted pages
containing secure (HTTPS) information to the cache. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings!DisableCachingOfSSLPages |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Advanced Page |
Empty Temporary Internet Files folder when browser is closed |
at least Internet Explorer v6.0 in Windows 2003 Service Pack 1 |
This policy setting allows you to manage whether Internet
Explorer deletes the contents of the Temporary Internet Files folder after all browser windows are closed. This
protects against storing dangerous files on the computer, or storing
sensitive files that other users could see, in addition to managing total
disk space usage. If you enable this
policy setting, Internet Explorer will delete the contents of the user's
Temporary Internet Files folder when all browser windows are closed. If you disable this policy setting,
Internet Explorer will not delete the contents of the user's Temporary
Internet Files folder when browser windows are closed. If you do not configure this policy,
Internet Explorer will not delete the contents of the Temporary Internet
Files folder when browser windows are closed. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Cache!Persistent |
|
USER |
Administrative Templates\Windows Components\Internet Explorer |
Disable changing Advanced page settings |
at least Internet Explorer v5.0 |
Prevents users from changing settings on the Advanced tab in
the Internet Options dialog box. If
you enable this policy, users are prevented from
changing advanced Internet settings, such as security, multimedia, and
printing. Users cannot select or clear the check boxes on the Advanced
tab. If you disable this policy or do
not configure it, users can select or clear settings on the Advanced
tab. If you set the Disable the
Advanced page policy (located in \User Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet Control Panel), you
do not need to set this policy, because the Disable the Advanced page policy
removes the Advanced tab from the interface. |
HKCU\Software\Policies\Microsoft\Internet Explorer\Control
Panel!Advanced |
|
USER |
Administrative Templates\Windows Components\Internet Explorer |
Disable changing home page settings |
at least Internet Explorer v5.0 |
Prevents users from changing the home page of the browser. The
home page is the first page that appears when users
start the browser. If you enable this
policy, the settings in the Home Page area on the General tab in the Internet
Options dialog box appear dimmed. If
you disable this policy or do not configure it, users can change their home
page. If you set the Disable the
General page policy (located in \User Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet Control Panel), you
do not need to set this policy, because the Disable the General page policy
removes the General tab from the interface.
This policy is intended for administrators who want to maintain a
consistent home page across their organization. |
HKCU\Software\Policies\Microsoft\Internet Explorer\Control
Panel!HomePage |
|
USER |
Administrative Templates\Windows Components\Internet Explorer |
Use Automatic Detection for dial-up connections |
at least Internet Explorer v5.0 |
Specifies that Automatic Detection will be used to configure
dial-up settings for users. Automatic
Detection uses a DHCP (Dynamic Host Configuration
Protocol) or DNS server to customize the browser the first time it is
started. If you enable this policy,
users' dial-up settings will be configured by Automatic Detection. If you disable this policy or do not
configure it, dial-up settings will not be configured by Automatic Detection,
unless specified by the user. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings!DialupAutodetect |
|
USER |
Administrative Templates\Windows Components\Internet Explorer |
Disable caching of Auto-Proxy scripts |
at least Internet Explorer v5.0 |
Prevents automatic proxy scripts, which interact with a server
to automatically configure users' proxy settings, from being stored in the users' cache. If you enable this policy, automatic proxy
scripts will not be stored temporarily on the users' computer. If you disable this policy or do not
configure it, automatic proxy scripts can be stored in the users' cache. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings!EnableAutoProxyResultCache |
|
USER |
Administrative Templates\Windows Components\Internet Explorer |
Display error message on proxy script download failure |
at least Internet Explorer v5.0 |
Specifies that error messages will be displayed to users if
problems occur with proxy scripts. If
you enable this policy, error messages will be
displayed when the browser does not download or run a script to set proxy
settings. If you disable this policy
or do not configure it, error messages will not be displayed when problems
occur with proxy scripts. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings!DisplayScriptDownloadFailureUI |
|
USER |
Administrative Templates\Windows Components\Internet Explorer |
Disable changing Temporary Internet files settings |
at least Internet Explorer v5.0 |
Prevents users from changing the browser cache settings, such
as the location and amount of disk space to use for the Temporary Internet Files folder.
If you enable this policy, the browser cache settings appear dimmed.
These settings are found in the dialog box that appears when users click the
General tab and then click the Settings button in the Internet Options dialog
box. If you disable this policy or do
not configure it, users can change their cache settings. If you set the Disable the General page
policy (located in \User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel), you do not need to set
this policy, because the Disable the General page policy removes the General
tab from the interface. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings!Cache |
|
USER |
Administrative Templates\Windows Components\Internet Explorer |
Disable changing history settings |
at least Internet Explorer v5.0 |
Prevents users from changing the history settings for the
browser. If you enable this policy,
the settings in the History area on the General
tab in the Internet Options dialog box appear dimmed. If you disable this policy or do not
configure it, users can change the number of days to store Web page
information and clear Web page history.
If you set the Disable the General page policy (located in \User
Configuration\Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel), you do not need to set this policy, because
the Disable the General page policy removes the General tab from the
interface. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings!History |
|
USER |
Administrative Templates\Windows Components\Internet Explorer |
Disable changing color settings |
at least Internet Explorer v5.0 |
Prevents users from changing the default Web page colors. If you enable this policy, the color
settings for Web pages appear dimmed. The settings
are located in the Colors area in the dialog box that appears when the user
clicks the General tab and then clicks the Colors button in the Internet
Options dialog box. If you disable this
policy or do not configure it, users can change the default background and
text color of Web pages. If you set
the Disable the General page policy (located in \User
Configuration\Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel), you do not need to set this policy, because
the Disable the General page policy removes the General tab from the
interface. Note: The default Web page
colors are ignored on Web pages in which the author has specified the
background and text colors. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings!Colors |
|
USER |
Administrative Templates\Windows Components\Internet Explorer |
Disable changing link color settings |
at least Internet Explorer v5.0 |
Prevents users from changing the colors of links on Web
pages. If you enable this policy, the
color settings for links appear dimmed. The
settings are located in the Links area of the dialog box that appears when
users click the General tab and then click the Colors button in the Internet
Options dialog box. If you disable
this policy or do not configure it, users can change the default color of
links on Web pages. If you set the
Disable the General page policy (located in \User
Configuration\Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel), you do not need to set this policy, because
the Disable the General page policy removes the General tab from the
interface. Note: The default link
colors are ignored on Web pages on which the author has specified link
colors. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings!links |
|
USER |
Administrative Templates\Windows Components\Internet Explorer |
Disable changing font settings |
at least Internet Explorer v5.0 |
Prevents users from changing font settings. If you enable this policy, the Font button
on the General tab in the Internet Options dialog
box appears dimmed. If you disable
this policy or do not configure it, users can change the default fonts for
viewing Web pages. If you set the
Disable the General page policy (located in \User
Configuration\Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel), you do not need to set this policy, because
the Disable the General page policy removes the General tab from the interface. Note: The default font settings colors are
ignored in cases in which the Web page author has specified the font
attributes. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings!Fonts |
|
USER |
Administrative Templates\Windows Components\Internet Explorer |
Disable changing language settings |
at least Internet Explorer v5.0 |
Prevents users from changing language settings. If you enable this policy, the Languages
button on the General tab in the Internet Options
dialog box appears dimmed. If you
disable this policy or do not configure it, users can change the language
settings for viewing Web sites for languages in which the character set has
been installed. If you set the Disable
the General page policy (located in \User Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet Control Panel), you
do not need to set this policy, because the Disable the General page policy
removes the General tab from the interface. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings!Languages |
|
USER |
Administrative Templates\Windows Components\Internet Explorer |
Disable changing accessibility settings |
at least Internet Explorer v5.0 |
Prevents users from changing accessibility settings. If you enable this policy, the
Accessibility button on the General tab in the
Internet Options dialog box appears dimmed.
If you disable this policy or do not configure it, users can change
accessibility settings, such as overriding fonts and colors on Web pages. If you set the Disable the General page
policy (located in \User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel), you do not need to set
this policy, because the Disable the General page policy removes the General
tab from the interface. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings!Accessibility |
|
USER |
Administrative Templates\Windows Components\Internet Explorer |
Disable Internet Connection wizard |
at least Internet Explorer v5.0 |
Prevents users from running the Internet Connection
Wizard. If you enable this policy, the
Setup button on the Connections tab in the
Internet Options dialog box appears dimmed.
Users will also be prevented from running the wizard by clicking the
Connect to the Internet icon on the desktop or by clicking Start, pointing to
Programs, pointing to Accessories, pointing to Communications, and then
clicking Internet Connection Wizard.
If you disable this policy or do not configure it, users can change
their connection settings by running the Internet Connection Wizard. Note: This policy overlaps with the Disable
the Connections page policy (located in \User Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet Control Panel), which
removes the Connections tab from the interface. Removing the Connections tab
from the interface, however, does not prevent users from running the Internet
Connection Wizard from the desktop or the Start menu. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings!Connwiz Admin Lock |
|
USER |
Administrative Templates\Windows Components\Internet Explorer |
Disable changing connection settings |
at least Internet Explorer v5.0 |
Prevents users from changing dial-up settings. If you enable this policy, the Settings
button on the Connections tab in the Internet
Options dialog box appears dimmed. If
you disable this policy or do not configure it, users can change their
settings for dial-up connections. If
you set the Disable the Connections page policy (located in \User
Configuration\Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel), you do not need to set this policy, because
the Disable the Connections page policy removes the Connections tab from the
interface. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings!Connection Settings |
|
USER |
Administrative Templates\Windows Components\Internet Explorer |
Disable changing proxy settings |
at least Internet Explorer v5.0 |
Prevents users from changing proxy settings. If you enable this policy, the proxy
settings appear dimmed. These settings are in the
Proxy Server area of the Local Area Network (LAN) Settings dialog box, which
appears when the user clicks the Connections tab and then clicks the LAN
Settings button in the Internet Options dialog box. If you set the Disable the Connections page
policy (located in \User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel), you do not need to set
this policy, because the Disable the Connections page policy removes the
Connections tab from the interface. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings!Proxy |
|
USER |
Administrative Templates\Windows Components\Internet Explorer |
Disable changing Automatic Configuration settings |
at least Internet Explorer v5.0 |
Prevents users from changing automatic configuration settings.
Automatic configuration is a process that administrators can use to update browser settings periodically. If you enable this policy, the automatic
configuration settings appear dimmed. The settings are located in the
Automatic Configuration area of the Local Area Network (LAN) Settings dialog
box. To see the Local Area Network (LAN) Settings dialog box, users open the
Internet Options dialog box, click the Connections tab, and then click the
LAN Settings button. If you disable this
policy or do not configure it, the user can change automatic configuration
settings. This policy is intended to
enable administrators to ensure that users' settings are updated uniformly
through automatic configuration. The
Disable the Connections page policy (located in \User
Configuration\Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel), which removes the Connections tab from
Internet Explorer in Control Panel, takes precedence over this policy. If it
is enabled, this policy is ignored. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings!Autoconfig |
|
USER |
Administrative Templates\Windows Components\Internet Explorer |
Turn off pop-up management |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage pop-up management
functionality in Internet Explorer. If
you enable this policy setting, the Control Panel
information relating to pop-up management will be unavailable (grayed out)
and all other pop-up manager controls, notifications, and dialog boxes will
not appear. Pop-up windows will continue to function as they did in Windows
XP Service Pack 1 or earlier, although windows launched off screen will
continue to be re-positioned onscreen.
If you disable or do not configure this policy setting, the popup
management feature will be functional. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Restrictions!NoPopupManagement |
|
USER |
Administrative Templates\Windows Components\Internet Explorer |
Pop-up allow list |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage a list of web sites
that will be allowed to open pop-up windows regardless of the Internet Explorer process's Pop-Up Blocker
settings. If you enable this policy
setting, you can enter a list of sites which will be allowed to open pop-up
windows regardless of user settings. Users will not be able to view or edit
this list of sites. Only the domain name is allowed, so www.contoso.com is
valid, but not http://www.contoso.com. Wildcards are allowed, so
*.contoso.com is also valid. If you
disable this policy setting, the list is deleted and users may not create
their own lists of sites. If this
policy is not configured, users will be able to view and edit their own lists
of sites. |
HKCU\Software\Policies\Microsoft\Internet Explorer\New
Windows!ListBox_Support_Allow |
|
USER |
Administrative Templates\Windows Components\Internet Explorer |
Disable changing ratings settings |
at least Internet Explorer v5.0 |
Prevents users from changing ratings that help control the
type of Internet content that can be viewed.
If you enable this policy, the settings in
the Content Advisor area on the Content tab in the Internet Options dialog
box appear dimmed. If you disable this
policy or do not configure it, users can change their ratings settings. The Disable the Ratings page policy
(located in \User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel), which removes the
Ratings tab from Internet Explorer in Control Panel, takes precedence over
this policy. If it is enabled, this policy is ignored. |
HKCU\Software\Policies\Microsoft\Internet Explorer\New
Windows\Allow!Ratings |
|
USER |
Administrative Templates\Windows Components\Internet Explorer |
Disable changing certificate settings |
at least Internet Explorer v5.0 |
Prevents users from changing certificate settings in Internet
Explorer. Certificates are used to verify the identity of software publishers.
If you enable this policy, the settings in the Certificates area on
the Content tab in the Internet Options dialog box appear dimmed. If you disable this policy or do not
configure it, users can import new certificates, remove approved publishers,
and change settings for certificates that have already been accepted. The Disable the Content page policy
(located in \User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel), which removes the
Content tab from Internet Explorer in Control Panel, takes precedence over
this policy. If it is enabled, this policy is ignored. Caution: If you enable this policy, users
can still run the Certificate Manager Import Wizard by double-clicking a
software publishing certificate (.spc) file. This wizard enables users to
import and configure settings for certificates from software publishers that
haven't already been configured for Internet Explorer. |
HKCU\Software\Policies\Microsoft\Internet Explorer\New
Windows\Allow!Certificates |
|
USER |
Administrative Templates\Windows Components\Internet Explorer |
Disable changing Profile Assistant settings |
at least Internet Explorer v5.0 |
Prevents users from changing Profile Assistant settings. If you enable this policy, the My Profile
button appears dimmed in the Personal Information
area on the Content tab in the Internet Options dialog box. If you disable this policy or do not
configure it, users can change their profile information, such as their
street and e-mail addresses. The
Disable the Connections page policy (located in \User
Configuration\Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel), which removes the Connections tab from Internet
Explorer in Control Panel, takes precedence over this policy. If it is
enabled, this policy is ignored. |
HKCU\Software\Policies\Microsoft\Internet Explorer\New
Windows\Allow!Profiles |
|
USER |
Administrative Templates\Windows Components\Internet Explorer |
Disable AutoComplete for forms |
at least Internet Explorer v5.0 |
Prevents Microsoft Internet Explorer from automatically
completing forms, such as filling in a name or a password that the user has entered previously on a Web page. If you enable this policy, the Forms check
box appears dimmed. To display the Forms check box, users open the Internet
Options dialog box, click the Content tab, and then click the AutoComplete
button. If you disable this policy or
do not configure it, users can enable the automatic completion of forms. The Disable the Content page policy (located
in \User Configuration\Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel), which removes the Content tab from Internet
Explorer in Control Panel, takes precedence over this policy. If it is
enabled, this policy is ignored.
Caution: If you enable this policy after users have used their browser
with form automatic completion enabled, it will not clear the automatic
completion history for forms that users have already filled out. |
HKCU\Software\Policies\Microsoft\Internet Explorer\New
Windows\Allow!FormSuggest |
|
USER |
Administrative Templates\Windows Components\Internet Explorer |
Do not allow AutoComplete to save passwords |
at least Internet Explorer v5.0 |
Disables automatic completion of user names and passwords in
forms on Web pages, and prevents users from being
prompted to save passwords. If you
enable this policy, the User Names and Passwords on Forms and Prompt Me to
Save Passwords check boxes appear dimmed. To display these check boxes, users
open the Internet Options dialog box, click the Content tab, and then click
the AutoComplete button. If you
disable this policy or don't configure it, users can determine whether
Internet Explorer automatically completes user names and passwords on forms
and prompts them to save passwords.
The Disable the Content page policy (located in \User
Configuration\Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel), which removes the Content tab from Internet
Explorer in Control Panel, takes precedence over this policy. If it is
enabled, this policy is ignored. |
HKCU\Software\Policies\Microsoft\Internet Explorer\New
Windows\Allow!FormSuggest Passwords |
|
USER |
Administrative Templates\Windows Components\Internet Explorer |
Disable changing Messaging settings |
at least Internet Explorer v5.0 |
Prevents users from changing the default programs for
messaging tasks. If you enable this
policy, the E-mail, Newsgroups, and Internet Call
options in the Internet Programs area appear dimmed. To display these
options, users open the Internet Options dialog box, and then click the
Programs tab. If you disable this
policy or do not configure it, users can determine which programs to use for
sending mail, viewing newsgroups, and placing Internet calls, if programs
that perform these tasks are installed.
The Disable the Programs page policy (located in \User
Configuration\Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel), which removes the Programs tab from
Internet Explorer in Control Panel, takes precedence over this policy. If it
is enabled, this policy is ignored. |
HKCU\Software\Policies\Microsoft\Internet Explorer\New
Windows\Allow!Messaging |
|
USER |
Administrative Templates\Windows Components\Internet Explorer |
Disable changing Calendar and Contact settings |
at least Internet Explorer v5.0 |
Prevents users from changing the default programs for managing
schedules and contacts. If you enable
this policy, the Calendar and Contact check boxes
appear dimmed in the Internet Programs area. To display these options, users
open the Internet Options dialog box, and then click the Programs tab. If you disable this policy or do not
configure it, users can determine which programs to use for managing
schedules and contacts, if programs that perform these tasks are
installed. This Disable the Programs
Page policy (located in \User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel) takes precedence over
this policy. If it is enabled, this policy is ignored. |
HKCU\Software\Policies\Microsoft\Internet Explorer\New
Windows\Allow!CalendarContact |
|
USER |
Administrative Templates\Windows Components\Internet Explorer |
Disable the Reset Web Settings feature |
at least Internet Explorer v5.0 |
Prevents users from restoring default settings for home and
search pages. If you enable this
policy, the Reset Web Settings button on the
Programs tab in the Internet Options dialog box appears dimmed. If you disable this policy or do not
configure it, users can restore the default settings for home and search
pages. The Disable the Programs page
policy (located in \User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel), which removes the
Programs tab from Internet Explorer in Control Panel, takes precedence over
this policy. If it is enabled, this policy is ignored. |
HKCU\Software\Policies\Microsoft\Internet Explorer\New
Windows\Allow!ResetWebSettings |
|
USER |
Administrative Templates\Windows Components\Internet Explorer |
Disable changing default browser check |
at least Internet Explorer v5.0 |
Prevents Microsoft Internet Explorer from checking to see
whether it is the default browser. If
you enable this policy, the Internet Explorer
Should Check to See Whether It Is the Default Browser check box on the
Programs tab in the Internet Options dialog box appears dimmed. If you disable this policy or do not
configure it, users can determine whether Internet Explorer will check to see
if it is the default browser. When Internet Explorer performs this check, it
prompts the user to specify which browser to use as the default. This policy is intended for organizations
that do not want users to determine which browser should be their
default. The Disable the Programs page
policy (located in \User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel), which removes the
Programs tab from Internet Explorer in Control Panel, takes precedence over
this policy. If it is enabled, this policy is ignored. |
HKCU\Software\Policies\Microsoft\Internet Explorer\New
Windows\Allow!Check_If_Default |
|
USER |
Administrative Templates\Windows Components\Internet Explorer |
Turn off Crash Detection |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage the crash detection
feature of add-on Management. If you
enable this policy setting, a crash in Internet
Explorer will exhibit behavior found in Windows XP Professional Service Pack
1 and earlier, namely to invoke Windows Error Reporting. All policy settings
for Windows Error Reporting continue to apply. If you disable or do not configure this
policy setting, the crash detection feature for add-on management will be
functional. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Restrictions!NoCrashDetection |
|
USER |
Administrative Templates\Windows Components\Internet Explorer |
Do not allow users to enable or disable add-ons |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users have
the ability to allow or deny add-ons through Add-On Manager. If you enable this policy
setting, users cannot enable or disable add-ons through Add-On Manager. The
only exception occurs if an add-on has been specifically entered into the
'Add-On List' policy setting in such a way as to allow users to continue to
manage the add-on. In this case, the user can still manage the add-on through
the Add-On Manager. If you disable or
do not configure this policy setting, the appropriate controls in the Add-On
Manager will be available to the user. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Restrictions!NoExtensionManagement |
|
USER |
Administrative Templates\Windows Components\Internet Explorer |
Identity Manager: Prevent users from using Identities |
at least Internet Explorer v5.0 |
Prevents users from configuring unique identities by using
Identity Manager. Identity Manager
enables users to create multiple accounts, such as
e-mail accounts, on the same computer. Each user has a unique identity, with
a different password and different program preferences. If you enable this policy, users will not
be able to create new identities, manage existing identities, or switch
identities. The Switch Identity option will be removed from the File menu in
Address Book. If you disable this
policy or do not configure it, users can set up and change identities. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Identities!Locked
Down |
|
USER |
Administrative Templates\Windows Components\Internet Explorer |
Configure Outlook Express |
at least Internet Explorer v6.0 |
Allows Administrators to enable and disable the ability for
Outlook Express users to save or open attachments that can potentially contain a virus. If you check the block attachments setting,
users will be unable to open or save attachments that could potentially
contain a virus. Users will not be
able to disable the blocking of attachments in options. If the block attachments setting is not
checked, the user can specify to enable or disable the blocking of
attachments in options. |
HKCU\Software\Microsoft\Outlook Express!BlockExeAttachments |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Offline Pages |
Disable adding channels |
at least Internet Explorer v5.0 |
Prevents users from adding channels to Internet Explorer. Channels are Web sites that are updated
automatically on your computer, according to a
schedule specified by the channel provider.
If you enable this policy, the Add Active Channel button, which
appears on a channel that users haven't yet subscribed to, will be disabled. Users
also cannot add content that is based on a channel, such as some of the
Active Desktop items from Microsoft's Active Desktop Gallery, to their
desktop. If you disable this policy or
do not configure it, users can add channels to the Channel bar or to their
desktop. Note: Most channel providers
use the words Add Active Channel for this option; however, a few use
different words, such as Subscribe. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Infodelivery\Restrictions!NoAddingChannels |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Offline Pages |
Disable removing channels |
at least Internet Explorer v5.0 |
Prevents users from disabling channel synchronization in
Microsoft Internet Explorer. Channels
are Web sites that are automatically updated on
your computer according to a schedule specified by the channel provider. If you enable this policy, users cannot
prevent channels from being synchronized.
If you disable this policy or do not configure it, users can disable
the synchronization of channels. This
policy is intended to help administrators ensure that users' computers are
being updated uniformly across their organization. Note: This policy does not prevent users
from removing active content from the desktop interface. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Infodelivery\Restrictions!NoRemovingChannels |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Offline Pages |
Disable adding schedules for offline pages |
at least Internet Explorer v5.0 |
Prevents users from specifying that Web pages can be
downloaded for viewing offline. When users make Web pages available for offline viewing, they can view the
content when their computer is not connected to the Internet. If you enable this policy, users cannot add
new schedules for downloading offline content. The Make Available Offline
check box will be dimmed in the Add Favorite dialog box. If you disable this policy or do not
configure it, users can add new offline content schedules. This policy is intended for organizations
that are concerned about server load for downloading content. The Hide Favorites menu policy (located in
User Configuration\Administrative Templates\Windows Components\Internet Explorer)
takes precedence over this policy. If it is enabled, this policy is ignored. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Infodelivery\Restrictions!NoAddingSubscriptions |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Offline Pages |
Disable editing schedules for offline pages |
at least Internet Explorer v5.0 |
Prevents users from editing an existing schedule for
downloading Web pages for offline viewing.
When users make Web pages available for
offline viewing, they can view content when their computer is not connected
to the Internet. If you enable this
policy, users cannot display the schedule properties of pages that have been
set up for offline viewing. If users click the Tools menu, click Synchronize,
select a Web page, and then click the Properties button, no properties are
displayed. Users do not receive an alert stating that the command is
unavailable. If you disable this
policy or do not configure it, users can edit an existing schedule for
downloading Web content for offline viewing.
This policy is intended for organizations that are concerned about
server load for downloading content.
The Hide Favorites menu policy (located in User
Configuration\Administrative Templates\Windows Components\Internet Explorer)
takes precedence over this policy. If it is enabled, this policy is ignored. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Infodelivery\Restrictions!NoEditingSubscriptions |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Offline Pages |
Disable removing schedules for offline pages |
at least Internet Explorer v5.0 |
Prevents users from clearing the preconfigured settings for
Web pages to be downloaded for offline viewing. When users make
Web pages available for offline viewing, they can view content when their
computer is not connected to the Internet.
If you enable this policy, the Make Available Offline check box in the
Organize Favorites Favorite dialog box and the Make This Page Available
Offline check box will be selected but dimmed. To display the Make This Page
Available Offline check box, users click the Tools menu, click Synchronize,
and then click the Properties button.
If you disable this policy or do not configure it, users can remove
the preconfigured settings for pages to be downloaded for offline
viewing. This policy is intended for
organizations that are concerned about server load for downloading
content. The Hide Favorites menu
policy (located in User Configuration\Administrative Templates\Windows
Components\Internet Explorer) takes precedence over this policy. If it is
enabled, this policy is ignored. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Infodelivery\Restrictions!NoRemovingSubscriptions |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Offline Pages |
Disable offline page hit logging |
at least Internet Explorer v5.0 |
Prevents channel providers from recording information about
when their channel pages are viewed by users who are
working offline. If you enable this
policy, it disables any channel logging settings set by channel providers in
the channel definition format (.cdf) file. The .cdf file determines the
schedule and other settings for downloading Web content. If you disable this policy or do not
configure it, channel providers can record information about when their
channel pages are viewed by users who are working offline. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Infodelivery\Restrictions!NoChannelLogging |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Offline Pages |
Disable all scheduled offline pages |
at least Internet Explorer v5.0 |
Disables existing schedules for downloading Web pages for
offline viewing. When users make Web
pages available for offline viewing, they can view
content when their computer is not connected to the Internet. If you enable this policy, the check boxes
for schedules on the Schedule tab of the Web page properties are cleared and
users cannot select them. To display this tab, users click the Tools menu,
click Synchronize, select a Web page, click the Properties button, and then
click the Schedule tab. If you disable
this policy, then Web pages can be updated on the schedules specified on the
Schedule tab. This policy is intended
for organizations that are concerned about server load for downloading
content. The Hide Favorites menu
policy (located in User Configuration\Administrative Templates\Windows
Components\Internet Explorer) takes precedence over this policy. If it is
enabled, this policy is ignored. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Infodelivery\Restrictions!NoScheduledUpdates |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Offline Pages |
Disable channel user interface completely |
at least Internet Explorer v5.0 |
Prevents users from viewing the Channel bar interface.
Channels are Web sites that are automatically updated on their computer according to a schedule specified by the
channel provider. If you enable this
policy, the Channel bar interface will be disabled, and users cannot select
the Internet Explorer Channel Bar check box on the Web tab in the Display
Properties dialog box. If you disable
this policy or do not configure it, users can view and subscribe to channels
from the Channel bar interface. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Infodelivery\Restrictions!NoChannelUI |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Offline Pages |
Disable downloading of site subscription content |
at least Internet Explorer v5.0 |
Prevents content from being downloaded from Web sites that
users have subscribed to. When users
make Web pages available for offline viewing, they
can view content when their computer is not connected to the Internet. If you enable this policy, content will not
be downloaded from Web sites that users have subscribed to. However,
synchronization with the Web pages will still occur to determine if any
content has been updated since the last time the user synchronized with or
visited the page. If you disable this
policy or do not configure it, content will not be prevented from being
downloaded. The Disable downloading of
site subscription content policy and the Hide Favorites menu policy (located
in User Configuration\Administrative Templates\Windows Components\Internet
Explorer) take precedence over this policy. If either policy is enabled, this
policy is ignored. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Infodelivery\Restrictions!NoSubscriptionContent |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Offline Pages |
Disable editing and creating of schedule groups |
at least Internet Explorer v5.0 |
Prevents users from adding, editing, or removing schedules for
offline viewing of Web pages and groups of Web pages
that users have subscribed to. A
subscription group is a favorite Web page plus the Web pages it links
to. If you enable this policy, the
Add, Remove, and Edit buttons on the Schedule tab in the Web page Properties
dialog box are dimmed. To display this tab, users click the Tools menu, click
Synchronize, select a Web page, click the Properties button, and then click
the Schedule tab. If you disable this
policy or do not configure it, users can add, remove, and edit schedules for
Web sites and groups of Web sites. The
Disable editing schedules for offline pages policy and the Hide Favorites
menu policy (located in User Configuration\Administrative Templates\Windows
Components\Internet Explorer) take precedence over this policy. If either
policy is enabled, this policy is ignored. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Infodelivery\Restrictions!NoEditingScheduleGroups |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Offline Pages |
Subscription Limits |
at least Internet Explorer v5.0 |
Restricts the amount of information downloaded for offline
viewing. If you enable this policy,
you can set limits to the size and number of pages
that users can download. If users attempt to exceed the number of
subscriptions, a prompt will appear that states that they cannot set up more
Web sites for offline viewing. If you
disable this policy or do not configure it, then users can determine the
amount of content that is searched for new information and downloaded. Caution: Although the Maximum Number of
Offline Pages option determines how many levels of a Web site are searched
for new information, it does not change the user interface in the Offline
Favorites wizard. Note: The begin and
end times for downloading are measured in minutes after midnight. The Maximum
Offline Page Crawl Depth setting specifies how many levels of a Web site are
searched for new information. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Infodelivery\Restrictions!MaxSubscriptionSize,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Infodelivery\Restrictions!MaxSubscriptionCount,
HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!MinUpdateInterval,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Infodelivery\Restrictions!UpdateExcludeBegin,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Infodelivery\Restrictions!UpdateExcludeEnd, HKCU\Software\Policies\Microsoft\Internet
Explorer\Infodelivery\Restrictions!MaxWebcrawlLevels |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Browser menus |
File menu: Disable Save As... menu option |
at least Internet Explorer v5.0 |
Prevents users from saving Web pages from the browser File
menu to their hard disk or to a network share. If you enable
this policy, the Save As command on the File menu will be removed. If you disable this policy or do not
configure it, users can save Web pages for later viewing. This policy takes precedence over the File
Menu: Disable Save As Web Page Complete policy, which prevents users from
saving the entire contents that are displayed or run from a Web Page, such as
graphics, scripts, and linked files, but does not prevent users from saving
the text of a Web page. Caution: If
you enable this policy, users are not prevented from saving Web content by
pointing to a link on a Web page, clicking the right mouse button, and then
clicking Save Target As. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Restrictions!NoBrowserSaveAs |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Browser menus |
File menu: Disable New menu option |
at least Internet Explorer v5.0 |
Prevents users from opening a new browser window from the File
menu. If this policy is enabled, users
cannot open a new browser window by clicking the
File menu, pointing to the New menu, and then clicking Window. The user
interface is not changed, but a new window will not be opened, and users will
be informed that the command is not available. If you disable this policy or do not
configure it, users can open a new browser window from the File menu. Caution: This policy does not prevent users
from opening a new browser window by right-clicking, and then clicking the
Open in New Window command. To prevent users from using the shortcut menu to
open new browser windows, you should also set the Disable Open in New Window
menu option policy, which disables this command on the shortcut menu, or the
Disable context menu policy, which disables the entire shortcut menu. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Restrictions!NoFileNew |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Browser menus |
File menu: Disable Open menu option |
at least Internet Explorer v5.0 |
Prevents users from opening a file or Web page from the File
menu in Internet Explorer. If you
enable this policy, the Open dialog box will not
appear when users click the Open command on the File menu. If users click the
Open command, they will be notified that the command is not available. If you disable this policy or do not configure
it, users can open a Web page from the browser File menu. Caution: This policy does not prevent users
from right-clicking a link on a Web page, and then clicking the Open or Open
in New Window command. To prevent users from opening Web pages by using the
shortcut menu, set the Disable Open in New Window menu option policy, which
disables this command on the shortcut menu, or the Disable context menu
policy, which disables the entire shortcut menu. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Restrictions!NoFileOpen |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Browser menus |
File menu: Disable Save As Web Page Complete |
at least Internet Explorer v5.0 |
Prevents users from saving the complete contents that are
displayed on or run from a Web page, including the graphics, scripts, linked files, and other elements. It does
not prevent users from saving the text of a Web page. If you enable this policy, the Web Page,
Complete file type option will be removed from the Save as Type box in the
Save Web Page dialog box. Users can still save Web pages as hypertext markup
language (HTML) files or as text files, but graphics, scripts, and other
elements are not saved. To display the Save Web Page dialog box, users click
the File menu, and then click the Save As command. If you disable this policy or do not
configure it, users can save all elements on a Web page. The File menu: Disable Save As... menu
option policy, which removes the Save As command, takes precedence over this
policy. If it is enabled, this policy is ignored. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Infodelivery\Restrictions!NoBrowserSaveWebComplete |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Browser menus |
File menu: Disable closing the browser and Explorer windows |
at least Internet Explorer v5.0 |
Prevents users from closing Microsoft Internet Explorer and
Windows Explorer. If you enable this
policy, the Close command on the File menu will
appear dimmed. If you disable this
policy or do not configure it, users are not prevented from closing the
browser or Windows Explorer. Note: The
Close button in the top right corner of the program will not work; if users
click the Close button, they will be informed that the command is not
available. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Infodelivery\Restrictions!NoBrowserClose |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Browser menus |
View menu: Disable Source menu option |
at least Internet Explorer v5.0 |
Prevents users from viewing the HTML source of Web pages by
clicking the Source command on the View menu.
If you enable this policy, the Source
command on the View menu will appear dimmed.
If you disable this policy or do not configure it, then users can view
the HTML source of Web pages from the browser View menu. Caution: This policy does not prevent users
from viewing the HTML source of a Web page by right-clicking a Web page to
open the shortcut menu, and then clicking View Source. To prevent users from
viewing the HTML source of a Web page from the shortcut menu, set the Disable
context menu policy, which disables the entire shortcut menu. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Infodelivery\Restrictions!NoViewSource |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Browser menus |
View menu: Disable Full Screen menu option |
at least Internet Explorer v5.0 |
Prevents users from displaying the browser in full-screen
(kiosk) mode, without the standard toolbar.
If you enable this policy, the Full Screen
command on the View menu will appear dimmed, and pressing F11 will not
display the browser in a full screen.
If you disable this policy or do not configure it, users can display
the browser in a full screen. This
policy is intended to prevent users from displaying the browser without
toolbars, which might be confusing for some beginning users. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Infodelivery\Restrictions!NoTheaterMode |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Browser menus |
Hide Favorites menu |
at least Internet Explorer v5.0 |
Prevents users from adding, removing, or editing the list of
Favorite links. The Favorites list is
a way to store popular links for future use. If you enable this policy, the Favorites
menu is removed from the interface, and the Favorites button on the browser
toolbar appears dimmed. The Add to Favorites command on the shortcut menu is disabled;
when users click it, they are informed that the command is unavailable. If you disable this policy or do not
configure it, users can manage their Favorites list. This policy is intended to ensure that
users maintain consistent lists of favorites across your organization. Note: If you enable this policy, users also
cannot click Synchronize on the Tools menu to manage their favorite links
that are set up for offline viewing. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Infodelivery\Restrictions!NoFavorites |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Browser menus |
Tools menu: Disable Internet Options... menu option |
at least Internet Explorer v5.0 |
Prevents users from opening the Internet Options dialog box
from the Tools menu in Microsoft Internet Explorer. If you enable
this policy, users cannot change their Internet options, such as default home
page, cache size, and connection and proxy settings, from the browser Tools
menu. When users click the Internet Options command on the Tools menu, they
are informed that the command is unavailable.
If you disable this policy or do not configure it, users can change
their Internet settings from the browser Tools menu. Caution: This policy does not prevent users
from viewing and changing Internet settings by clicking the Internet Options
icon in Windows Control Panel. Also,
see policies for Internet options in the \Administrative Templates\Windows
Components\Internet Explorer and in \Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel folders. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Infodelivery\Restrictions!NoBrowserOptions |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Browser menus |
Help menu: Remove 'Tip of the Day' menu option |
at least Internet Explorer v5.0 |
Prevents users from viewing or changing the Tip of the Day
interface in Microsoft Internet Explorer.
If you enable this policy, the Tip of the
Day command is removed from the Help menu.
If you disable this policy or do not configure it, users can enable or
disable the Tip of the Day, which appears at the bottom of the browser. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Restrictions!NoHelpItemTipOfTheDay |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Browser menus |
Help menu: Remove 'For Netscape Users' menu option |
at least Internet Explorer v5.0 |
Prevents users from displaying tips for users who are
switching from Netscape. If you enable
this policy, the For Netscape Users command is
removed from the Help menu. If you
disable this policy or do not configure it, users can display content about
switching from Netscape by clicking the For Netscape Users command on the
Help menu. Caution: Enabling this
policy does not remove the tips for Netscape users from the Microsoft
Internet Explorer Help file. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Restrictions!NoHelpItemNetscapeHelp |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Browser menus |
Help menu: Remove 'Tour' menu option |
|
Prevents users from running the Internet Explorer Tour from
the Help menu in Internet Explorer. If
you enable this policy, the Tour command is
removed from the Help menu. If you
disable this policy or do not configure it, users can run the tour from the
Help menu. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Restrictions!NoHelpItemTutorial |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Browser menus |
Help menu: Remove 'Send Feedback' menu option |
at least Internet Explorer v5.0 |
Prevents users from sending feedback to Microsoft by clicking
the Send Feedback command on the Help menu.
If you enable this policy, the Send
Feedback command is removed from the Help menu. If you disable this policy or do not
configure it, users can fill out an Internet form to provide feedback about
Microsoft products. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Restrictions!NoHelpItemSendFeedback |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Browser menus |
Disable Context menu |
at least Internet Explorer v5.0 |
Prevents the shortcut menu from appearing when users click the
right mouse button while using the browser.
If you enable this policy, the shortcut
menu will not appear when users point to a Web page, and then click the right
mouse button. If you disable this
policy or do not configure it, users can use the shortcut menu. This policy can be used to ensure that the
shortcut menu is not used as an alternate method of running commands that
have been removed from other parts of the interface. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Restrictions!NoBrowserContextMenu |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Browser menus |
Disable Open in New Window menu option |
at least Internet Explorer v5.0 |
Prevents using the shortcut menu to open a link in a new
browser window. If you enable this
policy, users cannot point to a link, click the
right mouse button, and then click the Open in New Window command. If you disable this policy or do not
configure it, users can open a Web page in a new browser window by using the
shortcut menu. This policy can be used
in coordination with the File menu: Disable New menu option policy, which
prevents users from opening the browser in a new window by clicking the File
menu, pointing to New, and then clicking Window. Note: When users click the Open in New
Window command, the link will not open in a new window and they will be
informed that the command is not available. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Restrictions!NoOpeninNewWnd |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Browser menus |
Disable Save this program to disk option |
at least Internet Explorer v5.0 |
Prevents users from saving a program or file that Microsoft
Internet Explorer has downloaded to the hard disk. If you enable
this policy, users cannot save a program to disk by clicking the Save This
Program to Disk command while attempting to download a file. The file will
not be downloaded and users will be informed that the command is not
available. If you disable this policy
or do not configure it, users can download programs from their browsers. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Restrictions!NoSelectDownloadDir |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Toolbars |
Disable customizing browser toolbar buttons |
at least Internet Explorer v5.0 |
Prevents users from determining which buttons appear on the
Microsoft Internet Explorer and Windows Explorer standard toolbars. If you enable
this policy, the Customize command on the Toolbars submenu of the View menu
will be removed. If you disable this
policy or do not configure it, users can customize which buttons appear on
the Internet Explorer and Windows Explorer toolbars. This policy can be used in coordination
with the Disable customizing browser toolbars policy, which prevents users
from determining which toolbars are displayed in Internet Explorer and
Windows Explorer. |
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoToolbarCustomize |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Toolbars |
Disable customizing browser toolbars |
at least Internet Explorer v5.0 |
Prevents users from determining which toolbars are displayed
in Microsoft Internet Explorer and Windows Explorer. If you enable
this policy, the list of toolbars, which users can display by clicking the
View menu and then pointing to the Toolbars command, will appear dimmed. If you disable this policy or do not
configure it, users can determine which toolbars are displayed in Windows
Explorer and Internet Explorer. This
policy can be used in coordination with the Disable customizing browser
toolbar buttons policy, which prevents users from adding or removing toolbars
from Internet Explorer. |
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoBandCustomize |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Toolbars |
Configure Toolbar Buttons |
at least Internet Explorer v5.0 |
Specifies which buttons will be displayed on the standard
toolbar in Microsoft Internet Explorer.
If you enable this policy, you can specify
whether or not each button will be displayed by selecting or clearing the
check boxes for each button. If you
disable this policy or do not configure it, the standard toolbar will be
displayed with its default settings, unless users customize it. |
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!SpecifyDefaultButtons,
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!Btn_Back,
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!Btn_Forward,
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!Btn_Stop,
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!Btn_Refresh,
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!Btn_Home,
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!Btn_Search,
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!Btn_Favorites,
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!Btn_History,
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!Btn_Folders,
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!Btn_Fullscreen,
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!Btn_Tools,
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!Btn_MailNews,
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!Btn_Size,
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!Btn_Print,
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!Btn_Edit,
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!Btn_Discussions,
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!Btn_Cut,
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!Btn_Copy,
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!Btn_Paste,
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!Btn_Encoding |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Persistence Behavior |
File size limits for Local Machine zone |
at least Internet Explorer v5.0 |
Limits the amount of storage that a page or site using the
DHTML Persistence behavior can use for the Local Computer security zone.
If you enable this policy, you can specify the persistence storage
amount per domain or per document for this security zone. If you disable this policy or do not
configure it, you cannot set this limit.
Note: This setting does not appear in the user interface. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Persistence\0!DomainLimit, HKCU\Software\Policies\Microsoft\Internet
Explorer\Persistence\0!DocumentLimit |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Persistence Behavior |
File size limits for Intranet zone |
at least Internet Explorer v5.0 |
Limits the amount of storage that a page or site using the
DHTML Persistence behavior can use for the Local Intranet security zone. If
you enable this policy, you can specify the persistence storage amount per
domain or per document for this security zone. If you disable this policy or do not
configure it, you cannot set this limit.
Note: This setting does not appear in the user interface. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Persistence\1!DomainLimit, HKCU\Software\Policies\Microsoft\Internet
Explorer\Persistence\1!DocumentLimit |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Persistence Behavior |
File size limits for Trusted Sites zone |
at least Internet Explorer v5.0 |
Limits the amount of storage that a page or site using the
DHTML Persistence behavior can use for the Trusted Sites security zone. If
you enable this policy, you can specify the persistence storage amount per
domain or per document for this security zone. If you disable this policy or do not
configure it, you cannot set this limit.
Note: This setting does not appear in the user interface. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Persistence\2!DomainLimit, HKCU\Software\Policies\Microsoft\Internet
Explorer\Persistence\2!DocumentLimit |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Persistence Behavior |
File size limits for Internet zone |
at least Internet Explorer v5.0 |
Limits the amount of storage that a page or site using the
DHTML Persistence behavior can use for the Internet security zone. If you
enable this policy, you can specify the persistence storage amount per domain
or per document for this security zone.
If you disable this policy or do not configure it, you cannot set this
limit. Note: This setting does not
appear in the user interface. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Persistence\3!DomainLimit, HKCU\Software\Policies\Microsoft\Internet
Explorer\Persistence\3!DocumentLimit |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Persistence Behavior |
File size limits for Restricted Sites zone |
at least Internet Explorer v5.0 |
Limits the amount of storage that a page or site using the
DHTML Persistence behavior can use for the Restricted Sites security zone.
If you enable this policy, you can specify the persistence storage
amount per domain or per document for this security zone. If you disable this policy or do not
configure it, you cannot set this limit.
Note: This setting does not appear in the user interface. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Persistence\4!DomainLimit, HKCU\Software\Policies\Microsoft\Internet
Explorer\Persistence\4!DocumentLimit |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Administrator Approved Controls |
Media Player |
at least Internet Explorer v5.0 |
Designates the Media Player ActiveX control as
administrator-approved. This control
is used for playing sounds, videos, and other
media. If you enable this policy, this
control can be run in security zones in which you specify that
administrator-approved controls can be run.
If you disable this policy or do not configure it, this control will
not be designated as administrator-approved.
To specify how administrator-approved controls are handled for each
security zone, carry out the following steps:
1. In Group Policy, click User Configuration, click Internet Explorer
Maintenance, and then click Security.
2. Double-click Security Zones and Content Ratings, click Import the
Current Security Zones Settings, and then click Modify Settings. 3. Select the content zone in which you
want to manage ActiveX controls, and then click Custom Level. 4. In the Run ActiveX Controls and Plug-ins
area, click Administrator Approved. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\AllowedControls!{05589FA1-C356-11CE-BF01-00AA0055595A},
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\AllowedControls!{22D6F312-B0F6-11D0-94AB-0080C74C7E95} |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Administrator Approved Controls |
Menu Controls |
at least Internet Explorer v5.0 |
Designates a set of Microsoft ActiveX controls used to
manipulate pop-up menus in the browser as administrator-approved. If you
enable this policy, these controls can be run in security zones in which you
specify that administrator-approved controls can be run. If you disable this policy or do not
configure it, these controls will not be designated as
administrator-approved. To specify a
control as administrator-approved, click Enabled, and then select the check
box for the control: -- MCSiMenu -
enables Web authors to control the placement and appearance of Windows pop-up
menus on Web pages -- Popup Menu Object - enables Web authors to add pop-up
menus to Web pages To specify how
administrator-approved controls are handled for each security zone, carry out
the following steps: 1. In Group
Policy, click User Configuration, click Internet Explorer Maintenance, and
then click Security. 2. Double-click
Security Zones and Content Ratings, click Import the Current Security Zones
Settings, and then click Modify Settings.
3. Select the content zone in which you want to manage ActiveX
controls, and then click Custom Level.
4. In the Run ActiveX Controls and Plug-ins area, click Administrator
Approved. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\AllowedControls!{275E2FE0-7486-11D0-89D6-00A0C90C9B67},
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\AllowedControls!{7823A620-9DD9-11CF-A662-00AA00C066D2},
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\AllowedControls!{F5131C24-E56D-11CF-B78A-444553540000} |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Administrator Approved Controls |
Microsoft Agent |
at least Internet Explorer v5.0 |
Designates the Microsoft Agent ActiveX control as
administrator-approved. Microsoft
Agent is a set of software services that supports
the presentation of software agents as interactive personalities within the
Microsoft Windows interface. If you
enable this policy, this control can be run in security zones in which you
specify that administrator-approved controls can be run. If you disable this policy or do not
configure it, these controls will not be designated as
administrator-approved. To specify how
administrator-approved controls are handled for each security zone, carry out
the following steps: 1. In Group
Policy, click User Configuration, click Internet Explorer Maintenance, and
then click Security. 2. Double-click
Security Zones and Content Ratings, click Import the Current Security Zones
Settings, and then click Modify Settings.
3. Select the content zone in which you want to manage ActiveX
controls, and then click Custom Level.
4. In the Run ActiveX Controls and Plug-ins area, click Administrator
Approved. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\AllowedControls!{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F} |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Administrator Approved Controls |
Microsoft Chat |
at least Internet Explorer v5.0 |
Designates the Microsoft Chat ActiveX control as
administrator-approved. This control
is used by Web authors to build text-based and
graphical-based Chat communities for real-time conversations on the Web. If you enable this policy, this control can
be run in security zones in which you specify that administrator-approved
controls can be run. If you disable
this policy or do not configure it, this control will not be designated as
administrator-approved. To specify how
administrator-approved controls are handled for each security zone, carry out
the following steps: 1. In Group
Policy, click User Configuration, click Internet Explorer Maintenance, and
then click Security. 2. Double-click
Security Zones and Content Ratings, click Import the Current Security Zones
Settings, and then click Modify Settings.
3. Select the content zone in which you want to manage ActiveX
controls, and then click Custom Level.
4. In the Run ActiveX Controls and Plug-ins area, click Administrator
Approved. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\AllowedControls!{D6526FE0-E651-11CF-99CB-00C04FD64497} |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Administrator Approved Controls |
Microsoft Survey Control |
at least Internet Explorer v5.0 |
|
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\AllowedControls!{BD1F006E-174F-11D2-95C0-00C04F9A8CFA} |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Administrator Approved Controls |
Shockwave Flash |
at least Internet Explorer v5.0 |
|
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\AllowedControls!{D27CDB6E-AE6D-11CF-96B8-444553540000} |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Administrator Approved Controls |
NetShow File Transfer Control |
at least Internet Explorer v5.0 |
|
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\AllowedControls!{26F24A93-1DA2-11D0-A334-00AA004A5FC5} |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Administrator Approved Controls |
DHTML Edit Control |
at least Internet Explorer v5.0 |
|
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\AllowedControls!{2D360201-FFF5-11D1-8D03-00A0C959BC0A} |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Administrator Approved Controls |
Microsoft Scriptlet Component |
at least Internet Explorer v5.0 |
|
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\AllowedControls!{AE24FDAE-03C6-11D1-8B76-0080C744F389} |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Administrator Approved Controls |
Carpoint |
at least Internet Explorer v5.0 |
Designates the Microsoft Network (MSN) Carpoint automatic
pricing control as administrator-approved.
This control enables enhanced pricing
functionality on the Carpoint Web site, where users can shop for and obtain
information about vehicles. If you
enable this policy, this control can be run in security zones in which you
specify that administrator-approved controls can be run. If you disable this policy or do not
configure it, this control will not be designated as
administrator-approved. To specify how
administrator-approved controls are handled for each security zone, carry out
the following steps: 1. In Group
Policy, click User Configuration, click Internet Explorer Maintenance, and
then click Security. 2. Double-click
Security Zones and Content Ratings, click Import the Current Security Zones
Settings, and then click Modify Settings.
3. Select the content zone in which you want to manage ActiveX
controls, and then click Custom Level.
4. In the Run ActiveX Controls and Plug-ins area, click Administrator
Approved. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\AllowedControls!{DED22F57-FEE2-11D0-953B-00C04FD9152D} |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Administrator Approved Controls |
Investor |
at least Internet Explorer v5.0 |
Designates a set of Microsoft Network (MSN) Investor controls
as administrator-approved. These
controls enable users to view updated lists of
stocks on their Web pages. If you
enable this policy, these controls can be run in security zones in which you
specify that administrator-approved controls can be run. If you disable this policy or do not
configure it, these controls will not be designated as
administrator-approved. Select the
check boxes for the controls that you want to designate as
administrator-approved. To specify how
administrator-approved controls are handled for each security zone, carry out
the following steps: 1. In Group
Policy, click User Configuration, click Internet Explorer Maintenance, and
then click Security. 2. Double-click
Security Zones and Content Ratings, click Import the Current Security Zones
Settings, and then click Modify Settings.
3. Select the content zone in which you want to manage ActiveX
controls, and then click Custom Level.
4. In the Run ActiveX Controls and Plug-ins area, click Administrator
Approved. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\AllowedControls!{9276B91A-E780-11d2-8A8D-00C04FA31D93},
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\AllowedControls!{52ADE293-85E8-11D2-BB22-00104B0EA281} |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Administrator Approved Controls |
MSNBC |
at least Internet Explorer v5.0 |
Designates a set of MSNBC controls as
administrator-approved. These controls
enable enhanced browsing of news reports on the
MSNBC Web site. If you enable this
policy, these controls can be run in security zones in which you specify that
administrator-approved controls can be run.
If you disable this policy or do not configure it, these controls will
not be designated as administrator-approved.
Select the check boxes for the controls that you want to designate as
administrator-approved. To specify how
administrator-approved controls are handled for each security zone, carry out
the following steps: 1. In Group
Policy, click User Configuration, click Internet Explorer Maintenance, and
then click Security. 2. Double-click
Security Zones and Content Ratings, click Import the Current Security Zones
Settings, and then click Modify Settings.
3. Select the content zone in which you want to manage ActiveX
controls, and then click Custom Level.
4. In the Run ActiveX Controls and Plug-ins area, click Administrator
Approved. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\AllowedControls!{2FF18E10-DE11-11D1-8161-00A0C90DD90C} |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Binary Behavior Security Restriction |
Internet Explorer Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
Internet Explorer contains dynamic binary behaviors:
components that encapsulate specific functionality for the HTML elements to which they are attached. This policy
setting controls whether the Binary Behavior Security Restriction setting is
prevented or allowed. If you enable
this policy setting, binary behaviors are prevented for the Windows Explorer
and Internet Explorer processes. If
you disable this policy setting, binary behaviors are allowed for the Windows
Explorer and Internet Explorer processes.
If you do not configure this policy setting, binary behaviors are
prevented for the Windows Explorer and Internet Explorer processes. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!(Reserved),
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!explorer.exe,
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!iexplore.exe,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!(Reserved),
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!explorer.exe,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!iexplore.exe |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Binary Behavior Security Restriction |
Process List |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
Internet Explorer contains dynamic binary behaviors:
components that encapsulate specific functionality for the HTML elements to which they are attached. This policy
setting controls whether the Binary Behavior Security Restriction
setting is prevented or allowed. This policy setting allows administrators
to define applications for which they want this security feature to be
prevented or allowed. If you enable
this policy setting and enter a Value of 1 binary behaviors are prevented. If
you enter a Value of 0 binary behaviors are allowed. The Value Name is the
name of the executable. If a Value Name is empty or the Value is not 0 or 1,
the policy setting is ignored. Do not
enter the Internet Explorer processes in this list: use the related Internet
Explorer Processes policy to enable or disable IE processes. If the All
Processes policy setting is enabled, the processes configured in this box
take precedence over that setting. If
you disable or do not configure this policy setting, the security feature is
allowed. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl!ListBox_Support_FEATURE_BEHAVIORS |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Binary Behavior Security Restriction |
All Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
Internet Explorer contains dynamic binary behaviors:
components that encapsulate specific functionality for the HTML elements to which they are attached. This policy
setting controls whether the Binary Behavior Security Restriction setting is
prevented or allowed. If you enable
this policy setting, binary behaviors are prevented for all processes. Any
use of binary behaviors for HTML rendering is blocked. If you disable or do not configure this
policy setting, binary behaviors are allowed for all processes. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!* |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Binary Behavior Security Restriction |
Admin-approved behaviors |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
For each zone, the Binary and Scripted Behavior security
restrictions may be configured to allow only a list of admin-approved behaviors. This list may be configured here,
and applies to all processes which have opted in to the behavior, and to all
zones. (Behaviors are components that encapsulate specific functionality or
behavior on a page.) If you enable
this policy setting, this sets the list of behaviors permitted in each zone
for which Script and Binary Behaviors is set to 'admin-approved'. Behaviors
must be entered in #package#behavior notation, e.g., #default#vml. If you disable this policy setting, no
behaviors will be allowed in zones set to 'admin-approved', just as if those
zones were set to 'disable'. If you do
not configure this policy setting, only VML will be allowed in zones set to
'admin-approved'. Note. If this policy is set in both Computer
Configuration and User Configuration, both lists of behaviors will be allowed
as appropriate. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings!ListBox_Support_AllowedBehaviors |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\MK Protocol Security Restriction |
Internet Explorer Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
The MK Protocol Security Restriction policy setting reduces
attack surface area by preventing the MK protocol. Resources hosted on the MK protocol will fail. If you enable this policy setting, the MK
Protocol is prevented for Windows Explorer and Internet Explorer, and
resources hosted on the MK protocol will fail. If you disable this policy setting,
applications can use the MK protocol API. Resources hosted on the MK protocol
will work for the Windows Explorer and Internet Explorer processes. If you do not configure this policy
setting, the MK Protocol is prevented for Windows Explorer and Internet
Explorer, and resources hosted on the MK protocol will fail. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!(Reserved),
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!explorer.exe,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!iexplore.exe,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!(Reserved),
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!explorer.exe,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!iexplore.exe |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\MK Protocol Security Restriction |
Process List |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
The
MK Protocol Security Restriction policy setting reduces attack surface area
by preventing the MK protocol. Resources hosted on
the MK protocol will fail. This policy
setting allows administrators to define applications for which they want this
security feature to be prevented or allowed.
If you enable this policy setting and enter a Value of 1, use of the
MK protocol is prevented. If you enter a Value of 0, use of the MK protocol
is allowed. If a Value Name is empty or the Value is not 0 or 1, the policy
setting is ignored. Do not enter the
Internet Explorer processes in this list: use the related Internet Explorer
Processes policy to enable or disable IE processes. If the All Processes
policy setting is enabled, the processes configured in this box take
precedence over that setting. If you
disable or do not configure this policy setting, the policy setting is
ignored. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl!ListBox_Support_FEATURE_DISABLE_MK_PROTOCOL |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\MK Protocol Security Restriction |
All Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
The MK Protocol Security Restriction policy setting reduces
attack surface area by preventing the MK protocol. Resources hosted on the MK protocol will fail. If you enable this policy setting, the MK
Protocol is disabled for all processes. Any use of the MK Protocol is
blocked. If you disable or do not
configure this policy setting, the MK Protocol is enabled. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!* |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Local Machine Zone Lockdown Security |
Internet Explorer Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
Internet Explorer places zone restrictions on each Web page it
opens, which are dependent upon the location of the Web page (Internet, Intranet, Local Machine zone, etc.). Web pages on
the local computer have the fewest security restrictions and reside in the
Local Machine zone. Local Machine zone
security applies to all local files and content processed by Internet
Explorer. This feature helps to mitigate attacks where the Local Machine zone
is used as an attack vector to load malicious HTML code. If you enable this policy setting, the Local
Machine zone security applies to all local files and content processed by
Internet Explorer. If you disable this
policy setting, Local Machine zone security is not applied to local files or
content processed by Internet Explorer.
If you do not configure this policy setting, the Local Machine zone
security applies to all local files and content processed by Internet
Explorer. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!(Reserved),
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!explorer.exe,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!iexplore.exe,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!(Reserved),
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!explorer.exe,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!iexplore.exe |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Local Machine Zone Lockdown Security |
Process List |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
Internet Explorer places zone restrictions on each Web page it
opens, which are dependent upon the location of the Web page (Internet, Intranet, Local Machine zone, and so on). Web pages
on the local computer have the fewest security restrictions and reside in the
Local Machine zone. Local Machine zone
security applies to all local files and content. This feature helps to
mitigate attacks where the Local Machine zone is used as an attack vector to
load malicious HTML code. If you
enable this policy setting and enter a value of 1, Local Machine Zone
security applies. If you enter a value of 0, Local Machine Zone security does
not apply. If a Value Name is empty or the Value is not 0 or 1, the policy
setting is ignored. Do not enter the
Internet Explorer processes in this list: use the related Internet Explorer
Processes policy to enable or disable IE processes. If the All Processes
policy setting is enabled, the processes configured in this box take
precedence over that setting. If you
disable or do not configure this policy setting, the security feature is
allowed. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl!ListBox_Support_FEATURE_LOCALMACHINE_LOCKDOWN |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Local Machine Zone Lockdown Security |
All Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
Internet Explorer places zone restrictions on each Web page it
opens, which are dependent upon the location of the Web page (Internet, Intranet, Local Machine zone, etc.). Web pages on
the local computer have the fewest security restrictions and reside in the
Local Machine zone. Local Machine zone
security applies to all local files and content. This feature helps to
mitigate attacks where the Local Machine zone is used as an attack vector to
load malicious HTML code. If you
enable this policy setting, the Local Machine zone security applies to all
local files and content processed by any process other than Internet Explorer
or those defined in a process list. If
you disable or do not configure this policy setting, Local Machine zone
security is not applied to local files or content processed by any process
other than Internet Explorer or those defined in a process list. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!* |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Consistent Mime Handling |
Internet Explorer Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
Internet Explorer uses Multipurpose Internet Mail Extensions
(MIME) data to determine file handling procedures for files received through a Web server. This policy setting determines whether
Internet Explorer requires that all file-type information provided by Web
servers be consistent. For example, if the MIME type of a file is text/plain
but the MIME sniff indicates that the file is really an executable file,
Internet Explorer renames the file by saving it in the Internet Explorer
cache and changing its extension. If
you enable this policy setting, Internet Explorer requires consistent MIME
data for all received files. If you
disable this policy setting, Internet Explorer will not require consistent
MIME data for all received files. If
you do not configure this policy setting, Internet Explorer requires
consistent MIME data for all received files. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!(Reserved),
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!explorer.exe,
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!iexplore.exe,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!(Reserved),
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!explorer.exe,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!iexplore.exe |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Consistent Mime Handling |
Process List |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
Internet Explorer uses Multipurpose Internet Mail Extensions
(MIME) data to determine file handling procedures for files received through a Web server. This policy setting determines whether
Internet Explorer requires that all file-type information provided by Web
servers be consistent. For example, if the MIME type of a file is text/plain
but the MIME sniff indicates that the file is really an executable file,
Internet Explorer renames the file by saving it in the Internet Explorer
cache and changing its extension. This
policy setting allows administrators to define applications for which they
want this security feature to be prevented or allowed. If you enable this policy setting and enter
a Value of 1, MIME handling is in effect. If you enter a Value of 0 file-type
information is allowed to be inconsistent. The Value Name is the name of the
executable. If a Value Name is empty or the Value is not 0 or 1, the policy
setting is ignored. Do not enter the
Internet Explorer processes in this list: use the related Internet Explorer
Processes policy to enable or disable IE processes. If the All Processes
policy setting is enabled, the processes configured in this box take
precedence over that setting. If you
disable or do not configure this policy setting, the security feature is
allowed. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl!ListBox_Support_FEATURE_MIME_HANDLING |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Consistent Mime Handling |
All Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
Internet Explorer uses Multipurpose Internet Mail Extensions
(MIME) data to determine file handling procedures for files received through a Web server. This policy setting determines whether
Internet Explorer requires that all file-type information provided by Web
servers be consistent. For example, if the MIME type of a file is text/plain
but the MIME sniff indicates that the file is really an executable file,
Internet Explorer renames the file by saving it in the Internet Explorer
cache and changing its extension. If
you enable this policy setting, Consistent Mime Handling is enabled for all
processes. If you disable or do not
configure this policy setting, Consistent Mime Handling is prevented for all
processes. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!* |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Mime Sniffing Safety Feature |
Internet Explorer Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting determines whether Internet Explorer MIME
sniffing will prevent promotion of a file of one type to a more dangerous file type. If you enable this policy setting, MIME
sniffing will never promote a file of one type to a more dangerous file
type. If you disable this policy setting,
Internet Explorer processes will allow a MIME sniff promoting a file of one
type to a more dangerous file type. If
you do not configure this policy setting, MIME sniffing will never promote a
file of one type to a more dangerous file type. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!(Reserved),
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!explorer.exe,
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!iexplore.exe,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!(Reserved),
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!explorer.exe,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!iexplore.exe |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Mime Sniffing Safety Feature |
Process List |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting determines whether Internet Explorer MIME
sniffing will prevent promotion of a file of one type to a more dangerous file type. This policy setting allows administrators
to define applications for which they want this security feature to be
prevented or allowed. If you enable this
policy setting and enter a Value of 1, this protection will be in effect. If
you enter a Value of 0, any file may be promoted to more dangerous file
types. The Value Name is the name of the executable. If a Value Name is empty
or the Value is not 0 or 1, the policy setting is ignored. Do not enter the Internet Explorer
processes in this list: use the related Internet Explorer Processes policy to
enable or disable IE processes. If the All Processes policy setting is
enabled, the processes configured in this box take precedence over that
setting. If you disable or do not
configure this policy setting, the security feature is allowed. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl!ListBox_Support_FEATURE_MIME_SNIFFING |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Mime Sniffing Safety Feature |
All Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting determines whether Internet Explorer MIME
sniffing will prevent promotion of a file of one type to a more dangerous file type. If you enable this policy setting, the Mime
Sniffing Safety Feature is enabled for all processes. If you disable or do not configure this
policy setting, the Mime Sniffing Safety Feature is disabled for all
processes. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!* |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Object Caching Protection |
Internet Explorer Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting defines whether a reference to an object
is accessible when the user navigates within the same domain or to a new domain. If you enable this policy setting, an
object reference is no longer accessible when navigating within or across
domains for Internet Explorer processes.
If you disable this policy setting, an object reference is retained
when navigating within or across domains for Internet Explorer
processes. If you do not configure
this policy setting, an object reference is no longer accessible when
navigating within or across domains for Internet Explorer processes. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!(Reserved),
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!explorer.exe,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!iexplore.exe,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!(Reserved),
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!explorer.exe,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!iexplore.exe |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Object Caching Protection |
Process List |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting defines whether a reference to an object
is accessible when the user navigates within the same domain or to a new domain. This policy setting allows administrators
to define applications for which they want this security feature to be
prevented or allowed. If you enable this
policy setting and enter a Value of 1, references to objects are inaccessible
after navigation. If you enter a Value of 0, references to objects are still
accessible after navigation. The Value Name is the name of the executable. If
a Value Name is empty or the Value is not 0 or 1, the policy setting is
ignored. Do not enter the Internet
Explorer processes in this list: use the related Internet Explorer Processes
policy to enable or disable IE processes. If the All Processes policy setting
is enabled, the processes configured in this box take precedence over that
setting. If you disable or do not
configure this policy setting, the security feature is allowed. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl!ListBox_Support_FEATURE_OBJECT_CACHING |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Object Caching Protection |
All Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting defines whether a reference to an object
is accessible when the user navigates within the same domain or to a new domain. If you enable this policy setting, object
reference is no longer accessible when navigating within or across domains
for all processes. If you disable or
do not configure this policy setting, object reference is retained when
navigating within or across domains in the Restricted Zone sites. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!* |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Scripted Window Security Restrictions |
Internet Explorer Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
Internet Explorer allows scripts to programmatically open,
resize, and reposition windows of various types. The Window Restrictions security feature restricts popup windows
and prohibits scripts from displaying windows in which the title and status
bars are not visible to the user or obfuscate other Windows’ title and status
bars. If you enable this policy
setting, popup windows and other restrictions apply for Windows Explorer and
Internet Explorer processes. If you
disable this policy setting, scripts can continue to create popup windows and
windows that obfuscate other windows.
If you do not configure this policy setting, popup windows and other
restrictions apply for Windows Explorer and Internet Explorer processes. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!(Reserved),
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!explorer.exe,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!iexplore.exe,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!(Reserved),
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!explorer.exe,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!iexplore.exe |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Scripted Window Security Restrictions |
Process List |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
Internet Explorer allows scripts to programmatically open,
resize, and reposition windows of various types. The Window Restrictions security feature restricts popup windows
and prohibits scripts from displaying windows in which the title and status
bars are not visible to the user or obfuscate other Windows’ title and status
bars. This policy setting allows
administrators to define applications for which they want this security
feature to be prevented or allowed. If
you enable this policy setting and enter a Value of 1, such windows may not
be opened. If you enter a Value of 0, windows have none of these
restrictions. The Value Name is the name of the executable. If a Value Name
is empty or the Value is not 0 or 1, the policy setting is ignored. Do not enter the Internet Explorer
processes in this list: use the related Internet Explorer Processes policy to
enable or disable IE processes. If the All Processes policy setting is
enabled, the processes configured in this box take precedence over that
setting. If you disable or do not
configure this policy setting, the security feature is allowed. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl!ListBox_Support_FEATURE_WINDOW_RESTRICTIONS |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Scripted Window Security Restrictions |
All Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
Internet Explorer allows scripts to programmatically open,
resize, and reposition windows of various types. The Window Restrictions security feature restricts popup windows
and prohibits scripts from displaying windows in which the title and status
bars are not visible to the user or obfuscate other Windows’ title and status
bars. If you enable this policy
setting, scripted windows are restricted for all processes. If you disable or do not configure this
policy setting, scripted windows are not restricted. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!* |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Protection From Zone Elevation |
Internet Explorer Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
Internet Explorer places restrictions on each Web page it
opens. The restrictions are dependent upon the location of the Web page (Internet, Intranet, Local Machine zone,
etc.). Web pages on the local computer have the fewest security restrictions
and reside in the Local Machine zone, making the Local Machine security zone
a prime target for malicious users. Zone Elevation also disables JavaScript
navigation if there is no security context.
If you enable this policy setting, any zone can be protected from zone
elevation by Internet Explorer processes.
If you disable this policy setting, no zone receives such protection
for Internet Explorer processes. If
you do not configure this policy setting, any zone can be protected from zone
elevation by Internet Explorer processes. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!(Reserved),
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!explorer.exe,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!iexplore.exe,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!(Reserved),
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!explorer.exe,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!iexplore.exe |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Protection From Zone Elevation |
Process List |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
Internet Explorer places restrictions on each Web page it
opens. The restrictions are dependent upon the location of the Web page (Internet, Intranet, Local Machine zone, and
so on). Web pages on the local computer have the fewest security restrictions
and reside in the Local Machine zone, making the Local Machine security zone
a prime target for malicious users. Zone Elevation also disables JavaScript
navigation if there is no security context.
This policy setting allows administrators to define applications for
which they want this security feature to be prevented or allowed. If you enable this policy setting and enter
a Value of 1, elevation to more privileged zones can be prevented. If you
enter a Value of 0, elevation to any zone is allowed. The Value Name is the
name of the executable. If a Value Name is empty or the Value is not 0 or 1,
the policy setting is ignored. Do not
enter the Internet Explorer processes in this list: use the related Internet
Explorer Processes policy to enable or disable IE processes. If the All
Processes policy setting is enabled, the processes configured in this box
take precedence over that setting. If
you disable or do not configure this policy setting, the security feature is
allowed. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl!ListBox_Support_FEATURE_ZONE_ELEVATION |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Protection From Zone Elevation |
All Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
Internet Explorer places restrictions on each Web page it
opens. The restrictions are dependent upon the location of the Web page (Internet, Intranet, Local Machine zone, and
so on). For example, Web pages on the local computer have the fewest security
restrictions and reside in the Local Machine zone, making the Local Machine
security zone a prime target for malicious users. If you enable this policy setting, any zone
can be protected from zone elevation for all processes. If you disable or do not configure this
policy setting, processes other than Internet Explorer or those listed in the
Process List receive no such protection. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!* |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Information Bar |
Internet Explorer Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether the
Information Bar is displayed for Internet Explorer processes when file or code installs are restricted. By default, the
Information Bar is displayed for Internet Explorer processes. If you enable this policy setting, the
Information Bar will be displayed for Internet Explorer Processes. If you disable this policy setting, the
Information Bar will not be displayed for Internet Explorer processes. If you do not configure this policy
setting, the Information Bar will be displayed for Internet Explorer
Processes. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!(Reserved),
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!explorer.exe,
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!iexplore.exe,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!(Reserved),
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!explorer.exe,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!iexplore.exe |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Information Bar |
Process List |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether the
Information Bar is displayed for specific processes when file or code installs are restricted. By default, the
Information Bar is not displayed for any process when file or code installs
are restricted (except for the Internet Explorer Processes, for which the
Information Bar is displayed by default).
If you enable this policy setting and enter a Value of 1, the
Information Bar is displayed. If you enter a Value of 0 the Information Bar
is not displayed. The Value Name is the name of the executable. If a Value Name
is empty or the Value is not 0 or 1, the policy setting is ignored. Do not enter the Internet Explorer
processes in this list: use the related Internet Explorer Processes policy to
enable or disable for IE processes. If the All Processes policy setting is
enabled, the processes configured in this box take precedence over that
setting. If you disable or do not
configure this policy setting, the Information Bar is not displayed for the
specified processes. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl!ListBox_Support_FEATURE_SECURITYBAND |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Information Bar |
All Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether the
Information Bar is displayed for processes other than the Internet Explorer processes when file or code installs are
restricted. By default, the Information Bar is not displayed for any process
when file or code installs are restricted (except for the Internet Explorer
Processes, for which the Information Bar is displayed by default). If you enable this policy setting, the
Information Bar will be displayed for all processes. If you disable or do not configure this
policy setting, the Information Bar will not be displayed for all processes
other than Internet Explorer or those listed in the Process List. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!* |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Restrict ActiveX Install |
Internet Explorer Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting enables blocking of ActiveX control
installation prompts for Internet Explorer processes. If you enable
this policy setting, prompting for ActiveX control installations will be
blocked for Internet Explorer processes.
If you disable this policy setting, prompting for ActiveX control
installations will not be blocked for Internet Explorer processes. If you do not configure this policy
setting, the user's preference will be used to determine whether to block
ActiveX control installations for Internet Explorer processes. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!(Reserved),
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!explorer.exe,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!iexplore.exe,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!(Reserved),
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!explorer.exe,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!iexplore.exe |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Restrict ActiveX Install |
Process List |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting enables applications hosting the Web
Browser Control to block automatic prompting of ActiveX control installation.
If you enable this policy setting and enter a Value of 1, automatic
prompting of ActiveX control installation is blocked. If you enter a Value of
0, automatic prompting of ActiveX control installation is allowed. The Value
Name is the name of the executable. If a Value Name is empty or the Value is
not 0 or 1, the policy setting is ignored.
Do not enter the Internet Explorer processes in this list: use the related
Internet Explorer Processes policy to enable or disable IE processes. If the
All Processes policy setting is enabled, the processes configured in this box
take precedence over that setting. If
you disable or do not configure this policy setting, the security feature is
allowed. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl!ListBox_Support_FEATURE_RESTRICT_ACTIVEXINSTALL |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Restrict ActiveX Install |
All Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting enables applications hosting the Web
Browser Control to block automatic prompting of ActiveX control installation.
If you enable this policy setting, the Web Browser Control will block
automatic prompting of ActiveX control installation for all processes. If you disable or do not configure this
policy setting, the Web Browser Control will not block automatic prompting of
ActiveX control installation for all processes. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!* |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Restrict File Download |
Internet Explorer Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting enables blocking of file download prompts
that are not user initiated. If you
enable this policy setting, file download prompts
that are not user initiated will be blocked for Internet Explorer
processes. If you disable this policy
setting, prompting will occur for file downloads that are not user initiated
for Internet Explorer processes. If
you do not configure this policy setting, the user's preference determines
whether to prompt for file downloads that are not user initiated for Internet
Explorer processes. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!(Reserved),
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!explorer.exe,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!iexplore.exe,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!(Reserved),
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!explorer.exe,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!iexplore.exe |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Restrict File Download |
Process List |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting enables applications hosting the Web
Browser Control to block automatic prompting of file downloads that are not user initiated. If you enable this policy setting and enter
a Value of 1, automatic prompting of non-initiated file downloads is blocked.
If you enter a Value of 0, automatic prompting of non-initiated file
downloads is allowed. The Value Name is the name of the executable. If a
Value Name is empty or the Value is not 0 or 1, the policy setting is
ignored. Do not enter the Internet
Explorer processes in this list: use the related Internet Explorer Processes
policy to enable or disable IE processes. If the All Processes policy setting
is enabled, the processes configured in this box take precedence over that
setting. If you disable or do not
configure this policy setting, the security feature is allowed. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl!ListBox_Support_FEATURE_RESTRICT_FILEDOWNLOAD |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Restrict File Download |
All Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting enables applications hosting the Web
Browser Control to block automatic prompting of file downloads that are not user initiated. If you enable this policy setting, the Web
Browser Control will block automatic prompting of file downloads that are not
user initiated for all processes. If
you disable this policy setting, the Web Browser Control will not block
automatic prompting of file downloads that are not user initiated for all
processes. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!* |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Add-on Management |
Deny all add-ons unless specifically allowed in the Add-on
List |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to ensure that any Internet
Explorer add-ons not listed in the 'Add-on List' policy setting are denied. By
default, the 'Add-on List' policy setting defines a list of add-ons to be
allowed or denied through Group Policy. However, users can still use the
Add-on Manager within Internet Explorer to manage add-ons not listed within
the 'Add-on List' policy setting. This policy setting effectively removes
this option from users - all add-ons are assumed to be denied unless they are
specifically allowed through the 'Add-on List' policy setting. If you enable this policy setting, Internet
Explorer only allows add-ins that are specifically listed (and allowed)
through the 'Add-on List' policy setting.
If you disable or do not configure this policy setting, users may use
Add-on Manager to allow or deny any add-ons that are not included in the
'Add-on List' policy setting. Note: If
an add-on is listed in the 'Add-on List' policy setting, the user cannot
change its state through Add-on Manager (unless its value has been set to
allow user management - see the 'Add-on List' policy for more details). |
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!RestrictToList |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Add-on Management |
Add-on List |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage a list of add-ons to
be allowed or denied by Internet Explorer.
This list can be used with the 'Deny all
add-ons unless specifically allowed in the Add-on List' policy setting, which
defines whether add-ons not listed here are assumed to be denied. If you enable this policy setting, you can
enter a list of add-ons to be allowed or denied by Internet Explorer. For
each entry that you add to the list, enter the following information: Name of the Value - the CLSID (class
identifier) for the add-on you wish to add to the list. The CLSID should be in brackets for
example, ‘{000000000-0000-0000-0000-0000000000000}’. The CLSID for an add-on
can be obtained by reading the OBJECT tag from a Web page on which the add-on
is referenced. Value - A number
indicating whether Internet Explorer should deny or allow the add-on to be
loaded. To specify that an add-on should be denied enter a 0 (zero) into this
field. To specify that an add-on should be allowed, enter a 1 (one) into this
field. To specify that an add-on should be allowed and also permit the user
to manage the add-on through Add-on Manager, enter a 2 (two) into this
field. If you disable this policy
setting, the list is deleted. The 'Deny all add-ons unless specifically
allowed in the Add-on List' policy setting will still determine whether
add-ons not in this list are assumed to be denied. |
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!ListBox_Support_CLSID |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Add-on Management |
Process List |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether the listed
processes respect add-on management user preferences
(as entered into Add-on Manager) or policy settings. By default, only
Internet Explorer processes use the add-on management user preferences and
policy settings. This policy setting allows you to extend support for these
user preferences and policy settings to specific processes listed in the
process list. If you enable this
policy setting and enter a Value of 1, the process entered will respect the
add-on management user preferences and policy settings. If you enter a Value
of 0, the add-on management user preferences and policy settings are ignored
by the specified process. The Value Name is the name of the executable. If a
Value Name is empty or the Value is not 0 or 1, the policy setting is
ignored. Do not enter Internet
Explorer processes in this list because these processes always respect add-on
management user preferences and policy settings. If the All Processes policy
setting is enabled, the processes configured in this policy setting take
precedence over that setting. If you
do not configure this policy, processes other than the Internet Explorer
processes will not be affected by add-on management user preferences or
policy settings (unless “All Processes” is enabled). |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl!ListBox_Support_FEATURE_ADDON_MANAGEMENT |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Add-on Management |
All Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether processes
respect add-on management user preferences (as reflected by Add-on Manager) or policy settings. By default, any process other than the
Internet Explorer processes or those listed in the 'Process List' policy
setting ignore add-on management user preferences and policy settings. If you enable this policy setting, all
processes will respect add-on management user preferences and policy
settings. If you disable or do not
configure this policy setting, all processes will not respect add-on
management user preferences or policy settings. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT!* |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Network Protocol Lockdown |
Internet Explorer Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
Windows Explorer and Internet Explorer may be configured to
prevent active content obtained through restricted protocols from running in an unsafe manner. This policy
setting controls whether restricting content obtained through restricted
protocols is prevented or allowed. If
you enable this policy setting, restricting content obtained through
restricted protocols is allowed for Windows Explorer and Internet Explorer
processes. For example, you can restrict active content from pages served
over the http and https protocols by adding the value names http and https. If you disable this policy setting,
restricting content obtained through restricted protocols is prevented for
Windows Explorer and Internet Explorer processes. If you do not configure this policy
setting, the policy setting is ignored. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!(Reserved),
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!explorer.exe,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!iexplore.exe,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!(Reserved),
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!explorer.exe,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!iexplore.exe |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Network Protocol Lockdown |
Process List |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
Internet Explorer may be configured to prevent active content
obtained through restricted protocols from running in an unsafe manner. This policy setting controls whether
restricting content obtained through restricted protocols is prevented or
allowed. This policy setting allows
administrators to define applications for which they want restricting content
obtained through restricted protocols to be prevented or allowed. If you enable this policy setting and enter
a Value of 1, restricting content obtained through restricted protocols is
allowed. If you enter a Value of 0, restricting content obtained through
restricted protocols is blocked. The Value Name is the name of the
executable. If a Value Name is empty or the Value is not 0 or 1, the policy
setting is ignored. Do not enter the
Windows Explorer or Internet Explorer processes in this list: use the related
Internet Explorer Processes policy to enable or disable these processes. If
the All Processes policy setting is enabled, the processes configured in this
box take precedence over that setting.
If you disable or do not configure this policy setting, the security
feature is allowed. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl!ListBox_Support_FEATURE_PROTOCOL_LOCKDOWN |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Network Protocol Lockdown |
All Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
Internet Explorer may be configured to prevent active content
obtained through restricted protocols from running in an unsafe manner. This policy setting controls whether
restricting content obtained through restricted protocols is prevented or
allowed. If you enable this policy
setting, restricting content obtained through restricted protocols is allowed
for all processes other than Windows Explorer or Internet Explorer. If you disable this policy setting,
restricting content obtained through restricted protocols is prevented for
all processes other than Windows Explorer or Internet Explorer. If you do not configure this policy
setting, no policy is enforced for processes other than Windows Explorer and
Internet Explorer. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!* |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Network Protocol Lockdown\Restricted Protocols Per
Security Zone |
Internet Zone Restricted Protocols |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
For each zone, the Network Protocol Lockdown security
restriction may be configured to prevent active content obtained through restricted protocols from running in an
unsafe manner, either by prompting the user, or simply disabling the content.
For each zone, this list of protocols may be configured here, and applies to
all processes which have opted in to the security restriction. If you enable this policy setting for a
zone, this sets the list of protocols to be restricted if that zone is set to
Prompt or Disable for Allow active content over restricted protocols to
access my computer. If you disable or
do not configure this policy setting for a zone, no protocols are restricted
for that zone, regardless of the setting for Allow active content over
restricted protocols to access my computer.
Note. If policy for a zone is
set in both Computer Configuration and User Configuration, both lists of
protocols will be restricted for that zone. |
HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\RestrictedProtocols!ListBox_Support_3 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Network Protocol Lockdown\Restricted Protocols Per
Security Zone |
Intranet Zone Restricted Protocols |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
For each zone, the Network Protocol Lockdown security
restriction may be configured to prevent active content obtained through restricted protocols from running in an
unsafe manner, either by prompting the user, or simply disabling the content.
For each zone, this list of protocols may be configured here, and applies to
all processes which have opted in to the security restriction. If you enable this policy setting for a
zone, this sets the list of protocols to be restricted if that zone is set to
Prompt or Disable for Allow active content over restricted protocols to
access my computer. If you disable or
do not configure this policy setting for a zone, no protocols are restricted
for that zone, regardless of the setting for Allow active content over
restricted protocols to access my computer.
Note. If policy for a zone is
set in both Computer Configuration and User Configuration, both lists of
protocols will be restricted for that zone. |
HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\RestrictedProtocols!ListBox_Support_1 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Network Protocol Lockdown\Restricted Protocols Per
Security Zone |
Trusted Sites Zone Restricted Protocols |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
For each zone, the Network Protocol Lockdown security
restriction may be configured to prevent active content obtained through restricted protocols from running in an
unsafe manner, either by prompting the user, or simply disabling the content.
For each zone, this list of protocols may be configured here, and applies to
all processes which have opted in to the security restriction. If you enable this policy setting for a
zone, this sets the list of protocols to be restricted if that zone is set to
Prompt or Disable for Allow active content over restricted protocols to
access my computer. If you disable or
do not configure this policy setting for a zone, no protocols are restricted
for that zone, regardless of the setting for Allow active content over
restricted protocols to access my computer.
Note. If policy for a zone is
set in both Computer Configuration and User Configuration, both lists of
protocols will be restricted for that zone. |
HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\RestrictedProtocols!ListBox_Support_2 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Network Protocol Lockdown\Restricted Protocols Per
Security Zone |
Restricted Sites Zone Restricted Protocols |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
For each zone, the Network Protocol Lockdown security
restriction may be configured to prevent active content obtained through restricted protocols from running in an
unsafe manner, either by prompting the user, or simply disabling the content.
For each zone, this list of protocols may be configured here, and applies to
all processes which have opted in to the security restriction. If you enable this policy setting for a
zone, this sets the list of protocols to be restricted if that zone is set to
Prompt or Disable for Allow active content over restricted protocols to
access my computer. If you disable or
do not configure this policy setting for a zone, no protocols are restricted
for that zone, regardless of the setting for Allow active content over
restricted protocols to access my computer.
Note. If policy for a zone is
set in both Computer Configuration and User Configuration, both lists of
protocols will be restricted for that zone. |
HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\RestrictedProtocols!ListBox_Support_4 |
|
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Network Protocol Lockdown\Restricted Protocols Per
Security Zone |
Local Machine Zone Restricted Protocols |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
For each zone, the Network Protocol Lockdown security
restriction may be configured to prevent active content obtained through restricted protocols from running in an
unsafe manner, either by prompting the user, or simply disabling the content.
For each zone, this list of protocols may be configured here, and applies to
all processes which have opted in to the security restriction. If you enable this policy setting for a
zone, this sets the list of protocols to be restricted if that zone is set to
Prompt or Disable for Allow active content over restricted protocols to
access my computer. If you disable or
do not configure this policy setting for a zone, no protocols are restricted
for that zone, regardless of the setting for Allow active content over
restricted protocols to access my computer.
Note. If policy for a zone is
set in both Computer Configuration and User Configuration, both lists of
protocols will be restricted for that zone. |
HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\RestrictedProtocols!ListBox_Support_0 |
|
MACHINE |
Administrative Templates\Windows Components\Internet Explorer |
Security
Zones: Use only machine settings |
at least Internet Explorer v5.0 |
Applies security zone information to all users of the same
computer. A security zone is a group of Web sites with the same security level.
If you enable this policy, changes that the user makes to a security
zone will apply to all users of that computer. If you disable this policy or do not configure
it, users of the same computer can establish their own security zone
settings. This policy is intended to
ensure that security zone settings apply uniformly to the same computer and
do not vary from user to user. Also,
see the Security zones: Do not allow users to change policies policy. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings!Security_HKLM_only |
|
MACHINE |
Administrative Templates\Windows Components\Internet Explorer |
Security Zones: Do not allow users to change policies |
at least Internet Explorer v5.0 |
Prevents users from changing security zone settings. A
security zone is a group of Web sites with the same security level. If you
enable this policy, the Custom Level button and security-level slider on the
Security tab in the Internet Options dialog box are disabled. If you disable this policy or do not
configure it, users can change the settings for security zones. This policy prevents users from changing
security zone settings established by the administrator. Note: The Disable the Security page policy
(located in \User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel), which removes the
Security tab from Internet Explorer in Control Panel, takes precedence over
this policy. If it is enabled, this policy is ignored. Also, see the Security zones: Use only
machine settings policy. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings!Security_options_edit |
|
MACHINE |
Administrative Templates\Windows Components\Internet Explorer |
Security Zones: Do not allow users to add/delete sites |
at least Internet Explorer v5.0 |
Prevents users from adding or removing sites from security
zones. A security zone is a group of Web sites with the same security level.
If you enable this policy, the site management settings for security
zones are disabled. (To see the site management settings for security zones,
in the Internet Options dialog box, click the Security tab, and then click
the Sites button.) If you disable this
policy or do not configure it, users can add Web sites to or remove sites
from the Trusted Sites and Restricted Sites zones, and alter settings for the
Local Intranet zone. This policy
prevents users from changing site management settings for security zones
established by the administrator.
Note: The Disable the Security
page policy (located in \User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel), which removes the
Security tab from the interface, takes precedence over this policy. If it is
enabled, this policy is ignored. Also,
see the Security zones: Use only machine settings policy. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings!Security_zones_map_edit |
|
MACHINE |
Administrative Templates\Windows Components\Internet Explorer |
Make proxy settings per-machine (rather than per-user) |
at least Internet Explorer v5.0 |
Applies proxy settings to all users of the same computer. If you enable this policy, users cannot set
user-specific proxy settings. They must use the
zones created for all users of the computer.
If you disable this policy or do not configure it, users of the same
computer can establish their own proxy settings. This policy is intended to ensure that
proxy settings apply uniformly to the same computer and do not vary from user
to user. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings!ProxySettingsPerUser |
|
MACHINE |
Administrative Templates\Windows Components\Internet Explorer |
Disable Automatic Install of Internet Explorer components |
at least Internet Explorer v5.0 |
Prevents Internet Explorer from automatically installing
components. If you enable this policy,
it prevents Internet Explorer from downloading a
component when users browse to a Web site that needs that component. If you disable this policy or do not
configure it, users will be prompted to download and install a component when
visiting a Web site that uses that component.
This policy is intended to help the administrator control which
components the user installs. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Infodelivery\Restrictions!NoJITSetup |
|
MACHINE |
Administrative Templates\Windows Components\Internet Explorer |
Disable Periodic Check for Internet Explorer software updates |
at least Internet Explorer v5.0 |
Prevents Internet Explorer from checking whether a new version
of the browser is available. If you
enable this policy, it prevents Internet Explorer
from checking to see whether it is the latest available browser version and
notifying users if a new version is available. If you disable this policy or do not
configure it, Internet Explorer checks every 30 days by default, and then
notifies users if a new version is available.
This policy is intended to help the administrator maintain version
control for Internet Explorer by preventing users from being notified about
new versions of the browser. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Infodelivery\Restrictions!NoUpdateCheck |
|
MACHINE |
Administrative Templates\Windows Components\Internet Explorer |
Disable software update shell notifications on program launch |
at least Internet Explorer v5.0 |
Specifies that programs using the Microsoft Software
Distribution Channel will not notify users when they install new components. The Software Distribution Channel is a
means of updating software dynamically on users' computers by using Open
Software Distribution (.osd) technologies.
If you enable this policy, users will not be notified if their
programs are updated using Software Distribution Channels. If you disable this policy or do not
configure it, users will be notified before their programs are updated. This policy is intended for administrators
who want to use Software Distribution Channels to update their users'
programs without user intervention. |
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoMSAppLogo5ChannelNotify |
|
MACHINE |
Administrative Templates\Windows Components\Internet Explorer |
Disable showing the splash screen |
at least Internet Explorer v5.0 |
Prevents the Internet Explorer splash screen from appearing
when users start the browser. If you
enable this policy, the splash screen, which
displays the program name, licensing, and copyright information, is not
displayed. If you disable this policy
or do not configure it, the splash screen will be displayed when users start
their browsers. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Infodelivery\Restrictions!NoSplash |
|
MACHINE |
Administrative Templates\Windows Components\Internet Explorer |
Turn off Crash Detection |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage the crash detection
feature of add-on Management. If you
enable this policy setting, a crash in Internet
Explorer will exhibit behavior found in Windows XP Professional Service Pack
1 and earlier, namely to invoke Windows Error Reporting. All policy settings
for Windows Error Reporting continue to apply. If you disable or do not configure this
policy setting, the crash detection feature for add-on management will be
functional. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Restrictions!NoCrashDetection |
|
MACHINE |
Administrative Templates\Windows Components\Internet Explorer |
Do not allow users to enable or disable add-ons |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users have
the ability to allow or deny add-ons through Add-On Manager. If you enable this policy
setting, users cannot enable or disable add-ons through Add-On Manager. The
only exception occurs if an add-on has been specifically entered into the
'Add-On List' policy setting in such a way as to allow users to continue to
manage the add-on. In this case, the user can still manage the add-on through
the Add-On Manager. If you disable or
do not configure this policy setting, the appropriate controls in the Add-On
Manager will be available to the user. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Restrictions!NoExtensionManagement |
|
MACHINE |
Administrative Templates\Windows Components\Internet Explorer |
Turn off pop-up management |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage pop-up management
functionality in Internet Explorer. If
you enable this policy setting, the Control Panel
information relating to pop-up management will be unavailable (grayed out)
and all other pop-up manager controls, notifications, and dialog boxes will
not appear. Pop-up windows will continue to function as they did in Windows
XP Service Pack 1 or earlier, although windows launched off screen will
continue to be re-positioned onscreen.
If you disable or do not configure this policy setting, the popup
management feature will be functional. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Restrictions!NoPopupManagement |
|
MACHINE |
Administrative Templates\Windows Components\Internet Explorer |
Pop-up allow list |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage a list of web sites
that will be allowed to open pop-up windows regardless of the Internet Explorer process's Pop-Up Blocker
settings. If you enable this policy
setting, you can enter a list of sites which will be allowed to open pop-up
windows regardless of user settings. Users will not be able to view or edit
this list of sites. Only the domain name is allowed, so www.contoso.com is
valid, but not http://www.contoso.com. Wildcards are allowed, so
*.contoso.com is also valid. If you
disable this policy setting, the list is deleted and users may not create
their own lists of sites. If this
policy is not configured, users will be able to view and edit their own lists
of sites. |
HKLM\Software\Policies\Microsoft\Internet Explorer\New
Windows!ListBox_Support_Allow |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel |
Disable the General page |
at least Internet Explorer v5.0 |
Removes the General tab from the interface in the Internet
Options dialog box. If you enable this
policy, users are unable to see and change
settings for the home page, the cache, history, Web page appearance, and
accessibility. If you disable this
policy or do not configure it, users can see and change these settings. When you set this policy, you do not need
to set the following Internet Explorer policies (located in \User
Configuration\Administrative Templates\Windows Components\Internet
Explorer\), because this policy removes the General tab from the
interface: Disable changing home page
settings Disable changing Temporary
Internet files settings Disable changing
history settings Disable changing
color settings Disable changing link
color settings Disable changing font
settings Disable changing language
settings Disable changing
accessibility settings |
HKLM\Software\Policies\Microsoft\Internet Explorer\Control
Panel!GeneralTab |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel |
Disable the Security page |
at least Internet Explorer v5.0 |
Removes the Security tab from the interface in the Internet
Options dialog box. If you enable this
policy, it prevents users from seeing and changing
settings for security zones, such as scripting, downloads, and user
authentication. If you disable this
policy or do not configure it, users can see and change these settings. When you set this policy, you do not need
to set the following Internet Explorer policies, because this policy removes
the Security tab from the interface:
Security zones: Do not allow users to change policies Security zones: Do not allow users to
add/delete sites |
HKLM\Software\Policies\Microsoft\Internet Explorer\Control
Panel!SecurityTab |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel |
Disable the Content page |
at least Internet Explorer v5.0 |
Removes the Content tab from the interface in the Internet
Options dialog box. If you enable this
policy, users are prevented from seeing and
changing ratings, certificates, AutoComplete, Wallet, and Profile Assistant
settings. If you disable this policy
or do not configure it, users can see and change these settings. When you set this policy, you do not need
to set the following policies for the Content tab, because this policy
removes the Content tab from the interface:
Disable changing ratings settings
Disable changing certificate settings
Disable changing Profile Assistant settings Disable AutoComplete for forms Do not allow AutoComplete to save passwords |
HKLM\Software\Policies\Microsoft\Internet Explorer\Control
Panel!ContentTab |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel |
Disable the Connections page |
at least Internet Explorer v5.0 |
Removes the Connections tab from the interface in the Internet
Options dialog box. If you enable this
policy, users are prevented from seeing and
changing connection and proxy settings.
If you disable this policy or do not configure it, users can see and
change these settings. When you set
this policy, you do not need to set the following policies for the Content
tab, because this policy removes the Connections tab from the interface: Disable Internet Connection Wizard Disable changing connection settings Disable changing proxy settings Disable changing Automatic Configuration
settings |
HKLM\Software\Policies\Microsoft\Internet Explorer\Control
Panel!ConnectionsTab |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel |
Disable the Programs page |
at least Internet Explorer v5.0 |
Removes the Programs tab from the interface in the Internet
Options dialog box. If you enable this
policy, users are prevented from seeing and
changing default settings for Internet programs. If you disable this policy or do not
configure it, users can see and change these settings. When you set this policy, you do not need
to set the following policies for the Programs tab, because this policy
removes the Programs tab from the interface:
Disable changing Messaging settings
Disable changing Calendar and Contact settings Disable the Reset Web Settings feature Disable changing default browser check |
HKLM\Software\Policies\Microsoft\Internet Explorer\Control
Panel!ProgramsTab |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel |
Disable the Privacy page |
at least Internet Explorer v5.0 |
Removes the Privacy tab from the interface in the Internet
Options dialog box. If you enable this
policy, users are prevented from seeing and
changing default settings for privacy.
If you disable this policy or do not configure it, users can see and
change these settings. |
HKLM\Software\Policies\Microsoft\Internet Explorer\Control
Panel!PrivacyTab |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel |
Disable the Advanced page |
at least Internet Explorer v5.0 |
Removes the Advanced tab from the interface in the Internet
Options dialog box. If you enable this
policy, users are prevented from seeing and
changing advanced Internet settings, such as security, multimedia, and
printing. If you disable this policy
or do not configure it, users can see and change these settings. When you set this policy, you do not need
to set the Disable changing Advanced page settings policy (located in \User
Configuration\Administrative Templates\Windows Components\Internet
Explorer\), because this policy removes the Advanced tab from the interface. |
HKLM\Software\Policies\Microsoft\Internet Explorer\Control
Panel!AdvancedTab |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone |
Run .NET Framework-reliant components signed with Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether .NET
Framework components that are signed with Authenticode can be executed from Internet Explorer. These components
include managed controls referenced from an object tag and managed
executables referenced from a link. If
you enable this policy setting, Internet Explorer will execute signed managed
components. If you select Prompt in the drop-down box, Internet Explorer will
prompt the user to determine whether to execute signed managed
components. If you disable this policy
setting, Internet Explorer will not execute signed managed components. If you do not configure this policy
setting, Internet Explorer will execute signed managed components. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2001 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone |
Run .NET Framework-reliant components not signed with
Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether .NET
Framework components that are not signed with Authenticode can be executed from Internet Explorer. These
components include managed controls referenced from an object tag and managed
executables referenced from a link. If
you enable this policy setting, Internet Explorer will execute unsigned
managed components. If you select Prompt in the drop-down box, Internet
Explorer will prompt the user to determine whether to execute unsigned
managed components. If you disable
this policy setting, Internet Explorer will not execute unsigned managed
components. If you do not configure
this policy setting, Internet Explorer will execute unsigned managed
components. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2004 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone |
Download signed ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users may
download signed ActiveX controls from a page in the zone. If you enable this policy,
users can download signed controls without user intervention. If you select
Prompt in the drop-down box, users are queried whether to download controls
signed by publishers who aren't trusted. Code signed by trusted publishers is
silently downloaded. If you disable
the policy setting, signed controls cannot be downloaded. If you do not configure this policy setting,
users are queried whether to download controls signed by publishers who
aren't trusted. Code signed by trusted
publishers is silently downloaded. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1001 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone |
Download unsigned ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users may
download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an
untrusted zone. If you enable this
policy setting, users can run unsigned controls without user intervention. If
you select Prompt in the drop-down box, users are queried to choose whether
to allow the unsigned control to run.
If you disable this policy setting, users cannot run unsigned
controls. If you do not configure this
policy setting, users cannot run unsigned controls. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1004 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone |
Initialize and script ActiveX controls not marked as safe |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage ActiveX controls not
marked as safe. If you enable this
policy setting, ActiveX controls are run, loaded
with parameters, and scripted without setting object safety for untrusted
data or scripts. This setting is not recommended, except for secure and
administered zones. This setting causes both unsafe and safe controls to be
initialized and scripted, ignoring the Script ActiveX controls marked safe
for scripting option. If you enable
this policy setting and select Prompt in the drop-down box, users are queried
whether to allow the control to be loaded with parameters or scripted. If you disable this policy setting, ActiveX
controls that cannot be made safe are not loaded with parameters or
scripted. If you do not configure this
policy setting, ActiveX controls that cannot be made safe are not loaded with
parameters or scripted. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1201 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone |
Run ActiveX controls and plugins |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether ActiveX
controls and plug-ins can be run on pages from the specified zone. If you
enable this policy setting, controls and plug-ins can run without user
intervention. If you selected Prompt
in the drop-down box, users are asked to choose whether to allow the controls
or plug-in to run. If you disable this
policy setting, controls and plug-ins are prevented from running. If you do not configure this policy
setting, controls and plug-ins can run without user intervention. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1200 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone |
Script ActiveX controls marked safe for scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether an ActiveX
control marked safe for scripting can interact with a script. If you
enable this policy setting, script interaction can occur automatically
without user intervention. If you
select Prompt in the drop-down box, users are queried to choose whether to
allow script interaction. If you
disable this policy setting, script interaction is prevented from
occurring. If you do not configure
this policy setting, script interaction can occur automatically without user
intervention. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1405 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone |
Allow file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether file
downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the
download, not the zone from which the file is delivered. If you enable this policy setting, files
can be downloaded from the zone. If
you disable this policy setting, files are prevented from being downloaded
from the zone. If you do not
configure this policy setting, files can be downloaded from the zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1803 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone |
Allow font downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether pages of the
zone may download HTML fonts. If you
enable this policy setting, HTML fonts can be
downloaded automatically. If you enable this policy setting and Prompt is
selected in the drop-down box, users are queried whether to allow HTML fonts
to download. If you disable this
policy setting, HTML fonts are prevented from downloading. If you do not configure this policy
setting, HTML fonts can be downloaded automatically. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1604 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone |
Java permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage permissions for Java
applets. If you enable this policy
setting, you can choose options from the drop-down
box. Custom, to control permissions settings individually. Low Safety enables applets to perform all
operations. Medium Safety enables
applets to run in their sandbox (an area in memory outside of which the
program cannot make calls), plus capabilities like scratch space (a safe and
secure storage area on the client computer) and user-controlled file
I/O. High Safety enables applets to
run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java
applets cannot run. If you do not configure
this policy setting, the permission is set to High Safety. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1C00 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone |
Access data sources across domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether Internet
Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data
Objects (ADO). If you enable this
policy setting, users can load a page in the zone that uses MSXML or ADO to
access data from another site in the zone. If you select Prompt in the
drop-down box, users are queried to choose whether to allow a page to be
loaded in the zone that uses MSXML or ADO to access data from another site in
the zone. If you disable this policy
setting, users cannot load a page in the zone that uses MSXML or ADO to
access data from another site in the zone.
If you do not configure this policy setting, users cannot load a page
in the zone that uses MSXML or ADO to access data from another site in the
zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1406 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone |
Allow active content over restricted protocols to access my
computer |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether a resource
hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script, ActiveX, Java
and Binary Behaviors. The list of restricted protocols may be set in the
Intranet Zone Restricted Protocols section under Network Protocol Lockdown
policy. If you enable this policy
setting, no Intranet Zone content accessed is affected, even for protocols on
the restricted list. If you select Prompt from the drop-down box, the
Information Bar will appear to allow control over questionable content
accessed over any restricted protocols; content over other protocols is
unaffected. If you disable this policy
setting, all attempts to access such content over the restricted protocols is
blocked. If you do not configure this
policy setting, the Information Bar will appear to allow control over
questionable content accessed over any restricted protocols when the Network
Protocol Lockdown security feature is enabled. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2300 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone |
Automatic prompting for file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting determines whether users will be prompted
for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for
user-initiated downloads. If you
enable this setting, users will receive a file download dialog for automatic
download attempts. If you disable or
do not configure this setting, file downloads that are not user-initiated
will be blocked, and users will see the Information Bar instead of the file
download dialog. Users can then click the Information Bar to allow the file
download prompt. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2200 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone |
Automatic prompting for ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting manages whether users will be
automatically prompted for ActiveX control installations. If you enable
this policy setting, users will receive a prompt when a site instantiates an
ActiveX control they do not have installed.
If you disable this policy setting, ActiveX control installations will
be blocked using the Information Bar. Users can click on the Information Bar
to allow the ActiveX control prompt.
If you do not configure this policy setting, ActiveX control
installations will be blocked using the Information Bar. Users can click on
the Information Bar to allow the ActiveX control prompt. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2201 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone |
Allow META REFRESH |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether a user's
browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag)
to redirect browsers to another Web page.
If you enable this policy setting, a user's browser that loads a page
containing an active Meta Refresh setting can be redirected to another Web
page. If you disable this policy
setting, a user's browser that loads a page containing an active Meta Refresh
setting cannot be redirected to another Web page. If you do not configure this policy
setting, a user's browser that loads a page containing an active Meta Refresh
setting can be redirected to another Web page. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1608 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone |
Allow script-initiated windows without size or position
constraints |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage restrictions on
script-initiated pop-up windows and windows that include the title and status bars.
If you enable this policy setting, Windows Restrictions security will
not apply in this zone. The security zone runs without the added layer of
security provided by this feature. If
you disable this policy setting, the possible harmful actions contained in
script-initiated pop-up windows and windows that include the title and status
bars cannot be run. This Internet Explorer security feature will be on in
this zone as dictated by the Scripted Windows Security Restrictions feature
control setting for the process. If
you do not configure this policy setting, the possible harmful actions
contained in script-initiated pop-up windows and windows that include the
title and status bars cannot be run. This Internet Explorer security feature
will be on in this zone as dictated by the Scripted Windows Security
Restrictions feature control setting for the process. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2102 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone |
Allow binary and script behaviors |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage dynamic binary and
script behaviors: components that encapsulate specific functionality for HTML elements to which they were
attached. If you enable this policy
setting, binary and script behaviors are available. If you select
Administrator approved in the drop-down box, only behaviors listed in the
Admin-approved Behaviors under Binary Behaviors Security Restriction policy
are available. If you disable this
policy setting, binary and script behaviors are not available unless
applications have implemented a custom security manager. If you do not configure this policy
setting, binary and script behaviors are available. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2000 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone |
Display mixed content |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can
display nonsecure items and manage whether users receive a security information message to display pages containing both
secure and nonsecure items. If you
enable this policy setting, and the drop-down box is set to Enable, the user
does not receive a security information message (This page contains both
secure and nonsecure items. Do you want to display the nonsecure items?) and
nonsecure content can be displayed. If
the drop-down box is set to Prompt, the user will receive the security
information message on the Web pages that contain both secure (https://) and
nonsecure (http://) content. If you
disable this policy setting, users cannot receive the security information
message and nonsecure content cannot be displayed. If you do not configure this policy
setting, the user will receive the security information message on the Web
pages that contain both secure (https://) and nonsecure (http://) content. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1609 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone |
Do not prompt for client certificate selection when no
certificates or only one certificate exists. |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users are
prompted to select a certificate when no certificate or only one certificate exists. If you enable this policy setting, Internet
Explorer does not prompt users with a Client Authentication message when they
connect to a Web site that has no certificate or only one certificate. If you disable this policy setting,
Internet Explorer prompts users with a Client Authentication message when
they connect to a Web site that has no certificate or only one certificate. If you do not configure this policy
setting, Internet Explorer prompts users with a Client Authentication message
when they connect to a Web site that has no certificate or only one
certificate. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1A04 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone |
Allow drag and drop or copy and paste files |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can
drag files or copy and paste files from a source within the zone. If you
enable this policy setting, users can drag files or copy and paste files from
this zone automatically. If you select Prompt in the drop-down box, users are
queried to choose whether to drag or copy files from this zone. If you disable this policy setting, users
are prevented from dragging files or copying and pasting files from this
zone. If you do not configure this
policy setting, users can drag files or copy and paste files from this zone
automatically. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1802 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone |
Allow installation of desktop items |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can
install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting,
users can install desktop items from this zone automatically. If you select Prompt in the drop-down box,
users are queried to choose whether to install desktop items from this
zone. If you disable this policy
setting, users are prevented from installing desktop items from this
zone. If you do not configure this
policy setting, users are queried to choose whether to install desktop items
from this zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1800 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone |
Launching applications and files in an IFRAME |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether applications
may be run and files may be downloaded from an IFRAME
reference in the HTML of the pages in this zone. If you enable this policy setting, users
can run applications and download files from IFRAMEs on the pages in this
zone without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to run applications and download files
from IFRAMEs on the pages in this zone.
If you disable this policy setting, users are prevented from running
applications and downloading files from IFRAMEs on the pages in this
zone. If you do not configure this
policy setting, users are queried to choose whether to run applications and
download files from IFRAMEs on the pages in this zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1804 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone |
Navigate sub-frames across different domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage the opening of
sub-frames and access of applications across different domains. If you
enable this policy setting, users can open sub-frames from other domains and
access applications from other domains. If you select Prompt in the drop-down
box, users are queried whether to allow sub-frames or access to applications
from other domains. If you disable
this policy setting, users cannot open sub-frames or access applications from
different domains. If you do not configure
this policy setting, users can open sub-frames from other domains and access
applications from other domains. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1607 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone |
Open files based on content, not file extension |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage MIME sniffing for
file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet
Explorer of the file type based on a bit signature. If you enable this policy setting, the MIME
Sniffing Safety Feature will not apply in this zone. The security zone will
run without the added layer of security provided by this feature. If you disable this policy setting, the
actions that may be harmful cannot run; this Internet Explorer security
feature will be turned on in this zone, as dictated by the feature control
setting for the process. If you do not
configure this policy setting, the MIME Sniffing Safety Feature will not
apply in this zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2100 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone |
Software channel permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage software channel
permissions. If you enable this policy
setting, you can choose the following options from
the drop-down box. Low safety to allow
users to be notified of software updates by e-mail, software packages to be
automatically downloaded to users' computers, and software packages to be
automatically installed on users' computers.
Medium safety to allow users to be notified of software updates by
e-mail and software packages to be automatically downloaded to (but not
installed on) users' computers. High
safety to prevent users from being notified of software updates by e-mail,
software packages from being automatically downloaded to users' computers,
and software packages from being automatically installed on users'
computers. If you disable this policy
setting, permissions are set to high safety.
If you do not configure this policy setting, permissions are set to
Medium safety. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1E05 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone |
Submit non-encrypted form data |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether data on HTML
forms on pages in the zone may be submitted. Forms
sent with SSL (Secure Sockets Layer) encryption are always allowed; this
setting only affects non-SSL form data submission. If you enable this policy setting,
information using HTML forms on pages in this zone can be submitted
automatically. If you select Prompt in the drop-down box, users are queried
to choose whether to allow information using HTML forms on pages in this zone
to be submitted. If you disable this
policy setting, information using HTML forms on pages in this zone is
prevented from being submitted. If you
do not configure this policy setting, users are queried to choose whether to
allow information using HTML forms on pages in this zone to be submitted. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1601 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone |
Use Pop-up Blocker |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether unwanted
pop-up windows appear. Pop-up windows that are opened
when the end user clicks a link are not blocked. If you enable this policy setting, most
unwanted pop-up windows are prevented from appearing. If you disable this policy setting, pop-up
windows are not prevented from appearing.
If you do not configure this policy setting, most unwanted pop-up
windows are prevented from appearing. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1809 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone |
Userdata persistence |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage the preservation of
information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
When a user returns to a persisted page, the state of the page can be
restored if this policy setting is appropriately configured. If you enable this policy setting, users
can preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you disable this policy setting, users
cannot preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you do not configure this policy
setting, users can preserve information in the browser's history, in
favorites, in an XML store, or directly within a Web page saved to disk. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1606 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone |
Web sites in less privileged Web content zones can navigate
into this zone |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether Web sites
from less privileged zones, such as Restricted Sites, can navigate into this zone. If you enable this policy setting, Web
sites from less privileged zones can open new windows in, or navigate into,
this zone. The security zone will run
without the added layer of security that is provided by the Protection from
Zone Elevation security feature. If you select Prompt in the drop-down box, a
warning is issued to the user that potentially risky navigation is about to
occur. If you disable this policy
setting, the possibly harmful navigations are prevented. The Internet
Explorer security feature will be on in this zone as set by Protection from
Zone Elevation feature control. If you
do not configure this policy setting, Web sites from less privileged zones
can open new windows in, or navigate into, this zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2101 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone |
Allow active scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether script code
on pages in the zone is run. If you
enable this policy setting, script code on pages
in the zone can run automatically. If you select Prompt in the drop-down box,
users are queried to choose whether to allow script code on pages in the zone
to run. If you disable this policy
setting, script code on pages in the zone is prevented from running. If you do not configure this policy
setting, script code on pages in the zone can run automatically. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1400 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone |
Allow paste operations via script |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether scripts can
perform a clipboard operation (for example, cut, copy, and paste) in a specified region. If you enable this policy setting, a script
can perform a clipboard operation. If
you select Prompt in the drop-down box, users are queried as to whether to
perform clipboard operations. If you
disable this policy setting, a script cannot perform a clipboard
operation. If you do not configure
this policy setting, a script can perform a clipboard operation. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1407 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone |
Scripting of Java applets |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether applets are
exposed to scripts within the zone. If
you enable this policy setting, scripts can access
applets automatically without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to allow scripts to access applets. If you disable this policy setting, scripts
are prevented from accessing applets.
If you do not configure this policy setting, scripts can access
applets automatically without user intervention. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1402 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet Zone |
Logon options |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage settings for logon
options. If you enable this policy
setting, you can choose from the following logon
options. Anonymous logon to disable
HTTP authentication and use the guest account only for the Common Internet
File System (CIFS) protocol. Prompt
for user name and password to query users for user IDs and passwords. After a
user is queried, these values can be used silently for the remainder of the
session. Automatic logon only in
Intranet zone to query users for user IDs and passwords in other zones. After
a user is queried, these values can be used silently for the remainder of the
session. Automatic logon with current
user name and password to attempt logon using Windows NT Challenge Response
(also known as NTLM authentication). If Windows NT Challenge Response is
supported by the server, the logon uses the user's network user name and
password for logon. If Windows NT Challenge Response is not supported by the
server, the user is queried to provide the user name and password. If you disable this policy setting, logon
is set to Automatic logon only in Intranet zone. If you do not configure this policy
setting, logon is set to Automatic logon only in Intranet zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1A00 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Run .NET Framework-reliant components signed with Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether .NET
Framework components that are signed with Authenticode can be executed from Internet Explorer. These components
include managed controls referenced from an object tag and managed
executables referenced from a link. If
you enable this policy setting, Internet Explorer will execute signed managed
components. If you select Prompt in the drop-down box, Internet Explorer will
prompt the user to determine whether to execute signed managed
components. If you disable this policy
setting, Internet Explorer will not execute signed managed components. If you do not configure this policy
setting, Internet Explorer will not execute signed managed components. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2001 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Run .NET Framework-reliant components not signed with
Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether .NET
Framework components that are not signed with Authenticode can be executed from Internet Explorer. These
components include managed controls referenced from an object tag and managed
executables referenced from a link. If
you enable this policy setting, Internet Explorer will execute unsigned
managed components. If you select Prompt in the drop-down box, Internet
Explorer will prompt the user to determine whether to execute unsigned
managed components. If you disable
this policy setting, Internet Explorer will not execute unsigned managed
components. If you do not configure
this policy setting, Internet Explorer will not execute unsigned managed
components. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2004 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Download signed ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users may
download signed ActiveX controls from a page in the zone. If you enable this policy,
users can download signed controls without user intervention. If you select
Prompt in the drop-down box, users are queried whether to download controls
signed by publishers who aren't trusted. Code signed by trusted publishers is
silently downloaded. If you disable
the policy setting, signed controls cannot be downloaded. If you do not configure this policy setting,
users are queried whether to download controls signed by publishers who
aren't trusted. Code signed by trusted
publishers is silently downloaded. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1001 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Download unsigned ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users may
download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an
untrusted zone. If you enable this
policy setting, users can run unsigned controls without user intervention. If
you select Prompt in the drop-down box, users are queried to choose whether
to allow the unsigned control to run.
If you disable this policy setting, users cannot run unsigned
controls. If you do not configure this
policy setting, users cannot run unsigned controls. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1004 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Initialize and script ActiveX controls not marked as safe |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage ActiveX controls not
marked as safe. If you enable this
policy setting, ActiveX controls are run, loaded
with parameters, and scripted without setting object safety for untrusted
data or scripts. This setting is not recommended, except for secure and
administered zones. This setting causes both unsafe and safe controls to be
initialized and scripted, ignoring the Script ActiveX controls marked safe
for scripting option. If you enable
this policy setting and select Prompt in the drop-down box, users are queried
whether to allow the control to be loaded with parameters or scripted. If you disable this policy setting, ActiveX
controls that cannot be made safe are not loaded with parameters or
scripted. If you do not configure this
policy setting, ActiveX controls that cannot be made safe are not loaded with
parameters or scripted. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1201 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Run ActiveX controls and plugins |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether ActiveX
controls and plug-ins can be run on pages from the specified zone. If you
enable this policy setting, controls and plug-ins can run without user
intervention. If you selected Prompt
in the drop-down box, users are asked to choose whether to allow the controls
or plug-in to run. If you disable this
policy setting, controls and plug-ins are prevented from running. If you do not configure this policy
setting, controls and plug-ins are prevented from running. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1200 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Script ActiveX controls marked safe for scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether an ActiveX
control marked safe for scripting can interact with a script. If you
enable this policy setting, script interaction can occur automatically
without user intervention. If you
select Prompt in the drop-down box, users are queried to choose whether to
allow script interaction. If you
disable this policy setting, script interaction is prevented from
occurring. If you do not configure
this policy setting, script interaction can occur automatically without user
intervention. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1405 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Allow file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether file
downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the
download, not the zone from which the file is delivered. If you enable this policy setting, files
can be downloaded from the zone. If
you disable this policy setting, files are prevented from being downloaded
from the zone. If you do not
configure this policy setting, files can be downloaded from the zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1803 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Allow font downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether pages of the
zone may download HTML fonts. If you
enable this policy setting, HTML fonts can be
downloaded automatically. If you enable this policy setting and Prompt is
selected in the drop-down box, users are queried whether to allow HTML fonts
to download. If you disable this
policy setting, HTML fonts are prevented from downloading. If you do not configure this policy
setting, HTML fonts can be downloaded automatically. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1604 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Java permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage permissions for Java
applets. If you enable this policy
setting, you can choose options from the drop-down
box. Custom, to control permissions settings individually. Low Safety enables applets to perform all
operations. Medium Safety enables
applets to run in their sandbox (an area in memory outside of which the
program cannot make calls), plus capabilities like scratch space (a safe and
secure storage area on the client computer) and user-controlled file
I/O. High Safety enables applets to
run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java
applets cannot run. If you do not configure
this policy setting, Java applets are disabled. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1C00 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Access data sources across domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether Internet
Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data
Objects (ADO). If you enable this
policy setting, users can load a page in the zone that uses MSXML or ADO to
access data from another site in the zone. If you select Prompt in the
drop-down box, users are queried to choose whether to allow a page to be
loaded in the zone that uses MSXML or ADO to access data from another site in
the zone. If you disable this policy
setting, users cannot load a page in the zone that uses MSXML or ADO to
access data from another site in the zone.
If you do not configure this policy setting, users cannot load a page
in the zone that uses MSXML or ADO to access data from another site in the
zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1406 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Automatic prompting for file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting determines whether users will be prompted
for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for
user-initiated downloads. If you
enable this setting, users will receive a file download dialog for automatic
download attempts. If you disable or
do not configure this setting, file downloads that are not user-initiated
will be blocked, and users will see the Information Bar instead of the file
download dialog. Users can then click the Information Bar to allow the file
download prompt. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2200 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Automatic prompting for ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting manages whether users will be
automatically prompted for ActiveX control installations. If you enable
this policy setting, users will receive a prompt when a site instantiates an
ActiveX control they do not have installed.
If you disable this policy setting, ActiveX control installations will
be blocked using the Information Bar. Users can click on the Information Bar
to allow the ActiveX control prompt.
If you do not configure this policy setting, ActiveX control
installations will be blocked using the Information Bar. Users can click on
the Information Bar to allow the ActiveX control prompt. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2201 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Allow META REFRESH |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether a user's
browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag)
to redirect browsers to another Web page.
If you enable this policy setting, a user's browser that loads a page
containing an active Meta Refresh setting can be redirected to another Web
page. If you disable this policy
setting, a user's browser that loads a page containing an active Meta Refresh
setting cannot be redirected to another Web page. If you do not configure this policy
setting, a user's browser that loads a page containing an active Meta Refresh
setting can be redirected to another Web page. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1608 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Allow script-initiated windows without size or position
constraints |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage restrictions on
script-initiated pop-up windows and windows that include the title and status bars.
If you enable this policy setting, Windows Restrictions security will
not apply in this zone. The security zone runs without the added layer of
security provided by this feature. If
you disable this policy setting, the possible harmful actions contained in
script-initiated pop-up windows and windows that include the title and status
bars cannot be run. This Internet Explorer security feature will be on in
this zone as dictated by the Scripted Windows Security Restrictions feature
control setting for the process. If
you do not configure this policy setting, the possible harmful actions
contained in script-initiated pop-up windows and windows that include the
title and status bars cannot be run. This Internet Explorer security feature
will be on in this zone as dictated by the Scripted Windows Security
Restrictions feature control setting for the process. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2102 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Allow binary and script behaviors |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage dynamic binary and
script behaviors: components that encapsulate specific functionality for HTML elements to which they were
attached. If you enable this policy
setting, binary and script behaviors are available. If you select
Administrator approved in the drop-down box, only behaviors listed in the
Admin-approved Behaviors under Binary Behaviors Security Restriction policy
are available. If you disable this
policy setting, binary and script behaviors are not available unless
applications have implemented a custom security manager. If you do not configure this policy
setting, only behaviors listed in the Admin-approved Behaviors under Binary
Behaviors Security Restriction policy are available. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2000 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Display mixed content |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can
display nonsecure items and manage whether users receive a security information message to display pages containing both
secure and nonsecure items. If you
enable this policy setting, and the drop-down box is set to Enable, the user
does not receive a security information message (This page contains both
secure and nonsecure items. Do you want to display the nonsecure items?) and
nonsecure content can be displayed. If
the drop-down box is set to Prompt, the user will receive the security
information message on the Web pages that contain both secure (https://) and
nonsecure (http://) content. If you
disable this policy setting, users cannot receive the security information
message and nonsecure content cannot be displayed. If you do not configure this policy
setting, the user will receive the security information message on the Web
pages that contain both secure (https://) and nonsecure (http://) content. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1609 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Do not prompt for client certificate selection when no
certificates or only one certificate exists. |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users are
prompted to select a certificate when no certificate or only one certificate exists. If you enable this policy setting, Internet
Explorer does not prompt users with a Client Authentication message when they
connect to a Web site that has no certificate or only one certificate. If you disable this policy setting,
Internet Explorer prompts users with a Client Authentication message when
they connect to a Web site that has no certificate or only one certificate. If you do not configure this policy
setting, Internet Explorer prompts users with a Client Authentication message
when they connect to a Web site that has no certificate or only one
certificate. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1A04 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Allow drag and drop or copy and paste files |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can
drag files or copy and paste files from a source within the zone. If you
enable this policy setting, users can drag files or copy and paste files from
this zone automatically. If you select Prompt in the drop-down box, users are
queried to choose whether to drag or copy files from this zone. If you disable this policy setting, users
are prevented from dragging files or copying and pasting files from this
zone. If you do not configure this
policy setting, users can drag files or copy and paste files from this zone
automatically. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1802 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Allow installation of desktop items |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can
install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting,
users can install desktop items from this zone automatically. If you select Prompt in the drop-down box,
users are queried to choose whether to install desktop items from this
zone. If you disable this policy
setting, users are prevented from installing desktop items from this
zone. If you do not configure this
policy setting, users are queried to choose whether to install desktop items
from this zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1800 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Launching applications and files in an IFRAME |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether applications
may be run and files may be downloaded from an IFRAME
reference in the HTML of the pages in this zone. If you enable this policy setting, users
can run applications and download files from IFRAMEs on the pages in this
zone without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to run applications and download files
from IFRAMEs on the pages in this zone.
If you disable this policy setting, users are prevented from running
applications and downloading files from IFRAMEs on the pages in this
zone. If you do not configure this
policy setting, users are queried to choose whether to run applications and
download files from IFRAMEs on the pages in this zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1804 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Navigate sub-frames across different domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage the opening of
sub-frames and access of applications across different domains. If you
enable this policy setting, users can open sub-frames from other domains and
access applications from other domains. If you select Prompt in the drop-down
box, users are queried whether to allow sub-frames or access to applications
from other domains. If you disable
this policy setting, users cannot open sub-frames or access applications from
different domains. If you do not configure
this policy setting, users can open sub-frames from other domains and access
applications from other domains. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1607 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Open files based on content, not file extension |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage MIME sniffing for
file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet
Explorer of the file type based on a bit signature. If you enable this policy setting, the MIME
Sniffing Safety Feature will not apply in this zone. The security zone will
run without the added layer of security provided by this feature. If you disable this policy setting, the
actions that may be harmful cannot run; this Internet Explorer security
feature will be turned on in this zone, as dictated by the feature control
setting for the process. If you do not
configure this policy setting, the actions that may be harmful cannot run;
this Internet Explorer security feature will be turned on in this zone, as
dictated by the feature control setting for the process. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2100 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Software channel permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage software channel
permissions. If you enable this policy
setting, you can choose the following options from
the drop-down box. Low safety to allow
users to be notified of software updates by e-mail, software packages to be
automatically downloaded to users' computers, and software packages to be
automatically installed on users' computers.
Medium safety to allow users to be notified of software updates by
e-mail and software packages to be automatically downloaded to (but not
installed on) users' computers. High
safety to prevent users from being notified of software updates by e-mail,
software packages from being automatically downloaded to users' computers,
and software packages from being automatically installed on users'
computers. If you disable this policy
setting, permissions are set to high safety.
If you do not configure this policy setting, permissions are set to
Low safety. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1E05 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Submit non-encrypted form data |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether data on HTML
forms on pages in the zone may be submitted. Forms
sent with SSL (Secure Sockets Layer) encryption are always allowed; this
setting only affects non-SSL form data submission. If you enable this policy setting,
information using HTML forms on pages in this zone can be submitted
automatically. If you select Prompt in the drop-down box, users are queried
to choose whether to allow information using HTML forms on pages in this zone
to be submitted. If you disable this
policy setting, information using HTML forms on pages in this zone is
prevented from being submitted. If you
do not configure this policy setting, users are queried to choose whether to
allow information using HTML forms on pages in this zone to be submitted. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1601 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Use Pop-up Blocker |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether unwanted
pop-up windows appear. Pop-up windows that are opened
when the end user clicks a link are not blocked. If you enable this policy setting, most
unwanted pop-up windows are prevented from appearing. If you disable this policy setting, pop-up
windows are not prevented from appearing.
If you do not configure this policy setting, most unwanted pop-up
windows are prevented from appearing. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1809 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Userdata persistence |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage the preservation of
information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
When a user returns to a persisted page, the state of the page can be
restored if this policy setting is appropriately configured. If you enable this policy setting, users
can preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you disable this policy setting, users
cannot preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you do not configure this policy
setting, users can preserve information in the browser's history, in
favorites, in an XML store, or directly within a Web page saved to disk. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1606 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Web sites in less privileged Web content zones can navigate
into this zone |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether Web sites
from less privileged zones, such as Internet sites, can navigate into this zone.
If you enable this policy setting, Web sites from less privileged
zones can open new windows in, or navigate into, this zone. The security zone
will run without the added layer of security that is provided by the
Protection from Zone Elevation security feature. If you select Prompt in the
drop-down box, a warning is issued to the user that potentially risky
navigation is about to occur. If you
disable this policy setting, the possibly harmful navigations are prevented.
The Internet Explorer security feature will be on in this zone as set by
Protection from Zone Elevation feature control. If you do not configure this policy
setting, the possibly harmful navigations are prevented. The Internet
Explorer security feature will be on in this zone as set by Protection from
Zone Elevation feature control. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2101 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Allow active scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether script code
on pages in the zone is run. If you
enable this policy setting, script code on pages
in the zone can run automatically. If you select Prompt in the drop-down box,
users are queried to choose whether to allow script code on pages in the zone
to run. If you disable this policy
setting, script code on pages in the zone is prevented from running. If you do not configure this policy
setting, users are queried to choose whether to allow script code on pages in
the Local Machine zone to run. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1400 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Allow paste operations via script |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether scripts can
perform a clipboard operation (for example, cut, copy, and paste) in a specified region. If you enable this policy setting, a script
can perform a clipboard operation. If
you select Prompt in the drop-down box, users are queried as to whether to
perform clipboard operations. If you
disable this policy setting, a script cannot perform a clipboard
operation. If you do not configure
this policy setting, a script can perform a clipboard operation. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1407 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Scripting of Java applets |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether applets are
exposed to scripts within the zone. If
you enable this policy setting, scripts can access
applets automatically without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to allow scripts to access applets. If you disable this policy setting, scripts
are prevented from accessing applets.
If you do not configure this policy setting, scripts can access
applets automatically without user intervention. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1402 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone |
Logon options |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage settings for logon
options. If you enable this policy
setting, you can choose from the following logon
options. Anonymous logon to disable
HTTP authentication and use the guest account only for the Common Internet
File System (CIFS) protocol. Prompt
for user name and password to query users for user IDs and passwords. After a
user is queried, these values can be used silently for the remainder of the
session. Automatic logon only in
Intranet zone to query users for user IDs and passwords in other zones. After
a user is queried, these values can be used silently for the remainder of the
session. Automatic logon with current
user name and password to attempt logon using Windows NT Challenge Response
(also known as NTLM authentication). If Windows NT Challenge Response is
supported by the server, the logon uses the user's network user name and
password for logon. If Windows NT Challenge Response is not supported by the
server, the user is queried to provide the user name and password. If you disable this policy setting, logon
is set to Automatic logon only in Intranet zone. If you do not configure this policy
setting, logon is set to Automatic logon only in Intranet zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1A00 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet Zone |
Run .NET Framework-reliant components signed with Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether .NET
Framework components that are signed with Authenticode can be executed from Internet Explorer. These components
include managed controls referenced from an object tag and managed
executables referenced from a link. If
you enable this policy setting, Internet Explorer will execute signed managed
components. If you select Prompt in the drop-down box, Internet Explorer will
prompt the user to determine whether to execute signed managed
components. If you disable this policy
setting, Internet Explorer will not execute signed managed components. If you do not configure this policy
setting, Internet Explorer will execute signed managed components. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2001 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet Zone |
Run .NET Framework-reliant components not signed with
Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether .NET
Framework components that are not signed with Authenticode can be executed from Internet Explorer. These
components include managed controls referenced from an object tag and managed
executables referenced from a link. If
you enable this policy setting, Internet Explorer will execute unsigned
managed components. If you select Prompt in the drop-down box, Internet
Explorer will prompt the user to determine whether to execute unsigned
managed components. If you disable
this policy setting, Internet Explorer will not execute unsigned managed
components. If you do not configure
this policy setting, Internet Explorer will execute unsigned managed
components. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2004 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet Zone |
Download signed ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users may
download signed ActiveX controls from a page in the zone. If you enable this policy,
users can download signed controls without user intervention. If you select
Prompt in the drop-down box, users are queried whether to download controls
signed by publishers who aren't trusted. Code signed by trusted publishers is
silently downloaded. If you disable
the policy setting, signed controls cannot be downloaded. If you do not configure this policy setting,
users are queried whether to download controls signed by publishers who
aren't trusted. Code signed by trusted
publishers is silently downloaded. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1001 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet Zone |
Download unsigned ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users may
download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an
untrusted zone. If you enable this
policy setting, users can run unsigned controls without user intervention. If
you select Prompt in the drop-down box, users are queried to choose whether
to allow the unsigned control to run.
If you disable this policy setting, users cannot run unsigned
controls. If you do not configure this
policy setting, users cannot run unsigned controls. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1004 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet Zone |
Initialize and script ActiveX controls not marked as safe |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage ActiveX controls not
marked as safe. If you enable this
policy setting, ActiveX controls are run, loaded
with parameters, and scripted without setting object safety for untrusted
data or scripts. This setting is not recommended, except for secure and
administered zones. This setting causes both unsafe and safe controls to be
initialized and scripted, ignoring the Script ActiveX controls marked safe
for scripting option. If you enable
this policy setting and select Prompt in the drop-down box, users are queried
whether to allow the control to be loaded with parameters or scripted. If you disable this policy setting, ActiveX
controls that cannot be made safe are not loaded with parameters or
scripted. If you do not configure this
policy setting, ActiveX controls that cannot be made safe are not loaded with
parameters or scripted. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1201 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet Zone |
Run ActiveX controls and plugins |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether ActiveX
controls and plug-ins can be run on pages from the specified zone. If you
enable this policy setting, controls and plug-ins can run without user
intervention. If you selected Prompt
in the drop-down box, users are asked to choose whether to allow the controls
or plug-in to run. If you disable this
policy setting, controls and plug-ins are prevented from running. If you do not configure this policy
setting, controls and plug-ins can run without user intervention. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1200 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet Zone |
Script ActiveX controls marked safe for scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether an ActiveX
control marked safe for scripting can interact with a script. If you
enable this policy setting, script interaction can occur automatically
without user intervention. If you
select Prompt in the drop-down box, users are queried to choose whether to
allow script interaction. If you
disable this policy setting, script interaction is prevented from
occurring. If you do not configure
this policy setting, script interaction can occur automatically without user
intervention. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1405 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet Zone |
Allow file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether file
downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the
download, not the zone from which the file is delivered. If you enable this policy setting, files
can be downloaded from the zone. If
you disable this policy setting, files are prevented from being downloaded
from the zone. If you do not
configure this policy setting, files can be downloaded from the zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1803 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet Zone |
Allow font downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether pages of the
zone may download HTML fonts. If you
enable this policy setting, HTML fonts can be
downloaded automatically. If you enable this policy setting and Prompt is
selected in the drop-down box, users are queried whether to allow HTML fonts
to download. If you disable this
policy setting, HTML fonts are prevented from downloading. If you do not configure this policy
setting, HTML fonts can be downloaded automatically. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1604 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet Zone |
Java permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage permissions for Java
applets. If you enable this policy
setting, you can choose options from the drop-down
box. Custom, to control permissions settings individually. Low Safety enables applets to perform all
operations. Medium Safety enables
applets to run in their sandbox (an area in memory outside of which the
program cannot make calls), plus capabilities like scratch space (a safe and
secure storage area on the client computer) and user-controlled file
I/O. High Safety enables applets to
run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java
applets cannot run. If you do not configure
this policy setting, the permission is set to Medium Safety. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1C00 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet Zone |
Access data sources across domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether Internet
Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data
Objects (ADO). If you enable this
policy setting, users can load a page in the zone that uses MSXML or ADO to
access data from another site in the zone. If you select Prompt in the
drop-down box, users are queried to choose whether to allow a page to be
loaded in the zone that uses MSXML or ADO to access data from another site in
the zone. If you disable this policy
setting, users cannot load a page in the zone that uses MSXML or ADO to
access data from another site in the zone.
If you do not configure this policy setting, users are queried to
choose whether to allow a page to be loaded in the zone that uses MSXML or
ADO to access data from another site in the zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1406 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet Zone |
Allow active content over restricted protocols to access my
computer |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether a resource
hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script, ActiveX, Java
and Binary Behaviors. The list of restricted protocols may be set in the
Intranet Zone Restricted Protocols section under Network Protocol Lockdown
policy. If you enable this policy
setting, no Intranet Zone content accessed is affected, even for protocols on
the restricted list. If you select Prompt from the drop-down box, the
Information Bar will appear to allow control over questionable content
accessed over any restricted protocols; content over other protocols is
unaffected. If you disable this policy
setting, all attempts to access such content over the restricted protocols is
blocked. If you do not configure this
policy setting, the Information Bar will appear to allow control over
questionable content accessed over any restricted protocols when the Network
Protocol Lockdown security feature is enabled. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2300 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet Zone |
Automatic prompting for file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting determines whether users will be prompted
for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for
user-initiated downloads. If you
enable this setting, users will receive a file download dialog for automatic
download attempts. If you disable or
do not configure this setting, users will receive a file download dialog for
automatic download attempts. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2200 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet Zone |
Automatic prompting for ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting manages whether users will be
automatically prompted for ActiveX control installations. If you enable
this policy setting, users will receive a prompt when a site instantiates an
ActiveX control they do not have installed.
If you disable this policy setting, ActiveX control installations will
be blocked using the Information Bar. Users can click on the Information Bar
to allow the ActiveX control prompt.
If you do not configure this policy setting, users will receive a
prompt when a site instantiates an ActiveX control they do not have
installed. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2201 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet Zone |
Allow META REFRESH |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether a user's
browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag)
to redirect browsers to another Web page.
If you enable this policy setting, a user's browser that loads a page
containing an active Meta Refresh setting can be redirected to another Web
page. If you disable this policy
setting, a user's browser that loads a page containing an active Meta Refresh
setting cannot be redirected to another Web page. If you do not configure this policy
setting, a user's browser that loads a page containing an active Meta Refresh
setting can be redirected to another Web page. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1608 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet Zone |
Allow script-initiated windows without size or position
constraints |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage restrictions on
script-initiated pop-up windows and windows that include the title and status bars.
If you enable this policy setting, Windows Restrictions security will
not apply in this zone. The security zone runs without the added layer of
security provided by this feature. If
you disable this policy setting, the possible harmful actions contained in
script-initiated pop-up windows and windows that include the title and status
bars cannot be run. This Internet Explorer security feature will be on in
this zone as dictated by the Scripted Windows Security Restrictions feature
control setting for the process. If
you do not configure this policy setting, Windows Restrictions security will
not apply in this zone. The security zone runs without the added layer of
security provided by this feature. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2102 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet Zone |
Allow binary and script behaviors |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage dynamic binary and
script behaviors: components that encapsulate specific functionality for HTML elements to which they were
attached. If you enable this policy
setting, binary and script behaviors are available. If you select
Administrator approved in the drop-down box, only behaviors listed in the
Admin-approved Behaviors under Binary Behaviors Security Restriction policy
are available. If you disable this
policy setting, binary and script behaviors are not available unless
applications have implemented a custom security manager. If you do not configure this policy
setting, binary and script behaviors are available. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2000 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet Zone |
Display mixed content |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can
display nonsecure items and manage whether users receive a security information message to display pages containing both
secure and nonsecure items. If you
enable this policy setting, and the drop-down box is set to Enable, the user
does not receive a security information message (This page contains both
secure and nonsecure items. Do you want to display the nonsecure items?) and
nonsecure content can be displayed. If
the drop-down box is set to Prompt, the user will receive the security
information message on the Web pages that contain both secure (https://) and
nonsecure (http://) content. If you
disable this policy setting, users cannot receive the security information
message and nonsecure content cannot be displayed. If you do not configure this policy
setting, the user will receive the security information message on the Web
pages that contain both secure (https://) and nonsecure (http://) content. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1609 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet Zone |
Do not prompt for client certificate selection when no
certificates or only one certificate exists. |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users are
prompted to select a certificate when no certificate or only one certificate exists. If you enable this policy setting, Internet
Explorer does not prompt users with a Client Authentication message when they
connect to a Web site that has no certificate or only one certificate. If you disable this policy setting,
Internet Explorer prompts users with a Client Authentication message when
they connect to a Web site that has no certificate or only one certificate. If you do not configure this policy
setting, Internet Explorer does not prompt users with a Client Authentication
message when they connect to a Web site that has no certificate or only one
certificate. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1A04 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet Zone |
Allow drag and drop or copy and paste files |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can
drag files or copy and paste files from a source within the zone. If you
enable this policy setting, users can drag files or copy and paste files from
this zone automatically. If you select Prompt in the drop-down box, users are
queried to choose whether to drag or copy files from this zone. If you disable this policy setting, users
are prevented from dragging files or copying and pasting files from this
zone. If you do not configure this
policy setting, users can drag files or copy and paste files from this zone
automatically. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1802 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet Zone |
Allow installation of desktop items |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can
install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting,
users can install desktop items from this zone automatically. If you select Prompt in the drop-down box,
users are queried to choose whether to install desktop items from this
zone. If you disable this policy
setting, users are prevented from installing desktop items from this
zone. If you do not configure this
policy setting, users are queried to choose whether to install desktop items
from this zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1800 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet Zone |
Launching applications and files in an IFRAME |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether applications
may be run and files may be downloaded from an IFRAME
reference in the HTML of the pages in this zone. If you enable this policy setting, users
can run applications and download files from IFRAMEs on the pages in this
zone without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to run applications and download files
from IFRAMEs on the pages in this zone.
If you disable this policy setting, users are prevented from running
applications and downloading files from IFRAMEs on the pages in this
zone. If you do not configure this
policy setting, users are queried to choose whether to run applications and
download files from IFRAMEs on the pages in this zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1804 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet Zone |
Navigate sub-frames across different domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage the opening of
sub-frames and access of applications across different domains. If you
enable this policy setting, users can open sub-frames from other domains and
access applications from other domains. If you select Prompt in the drop-down
box, users are queried whether to allow sub-frames or access to applications
from other domains. If you disable
this policy setting, users cannot open sub-frames or access applications from
different domains. If you do not configure
this policy setting, users can open sub-frames from other domains and access
applications from other domains. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1607 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet Zone |
Open files based on content, not file extension |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage MIME sniffing for
file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet
Explorer of the file type based on a bit signature. If you enable this policy setting, the MIME
Sniffing Safety Feature will not apply in this zone. The security zone will
run without the added layer of security provided by this feature. If you disable this policy setting, the
actions that may be harmful cannot run; this Internet Explorer security
feature will be turned on in this zone, as dictated by the feature control
setting for the process. If you do not
configure this policy setting, the MIME Sniffing Safety Feature will not
apply in this zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2100 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet Zone |
Software channel permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage software channel
permissions. If you enable this policy
setting, you can choose the following options from
the drop-down box. Low safety to allow
users to be notified of software updates by e-mail, software packages to be
automatically downloaded to users' computers, and software packages to be
automatically installed on users' computers.
Medium safety to allow users to be notified of software updates by
e-mail and software packages to be automatically downloaded to (but not
installed on) users' computers. High
safety to prevent users from being notified of software updates by e-mail,
software packages from being automatically downloaded to users' computers,
and software packages from being automatically installed on users'
computers. If you disable this policy
setting, permissions are set to high safety.
If you do not configure this policy setting, permissions are set to
Medium safety. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1E05 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet Zone |
Submit non-encrypted form data |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether data on HTML
forms on pages in the zone may be submitted. Forms
sent with SSL (Secure Sockets Layer) encryption are always allowed; this
setting only affects non-SSL form data submission. If you enable this policy setting,
information using HTML forms on pages in this zone can be submitted
automatically. If you select Prompt in the drop-down box, users are queried
to choose whether to allow information using HTML forms on pages in this zone
to be submitted. If you disable this
policy setting, information using HTML forms on pages in this zone is
prevented from being submitted. If you
do not configure this policy setting, information using HTML forms on pages
in this zone can be submitted automatically. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1601 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet Zone |
Use Pop-up Blocker |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether unwanted
pop-up windows appear. Pop-up windows that are opened
when the end user clicks a link are not blocked. If you enable this policy setting, most
unwanted pop-up windows are prevented from appearing. If you disable this policy setting, pop-up
windows are not prevented from appearing.
If you do not configure this policy setting, pop-up windows are not
prevented from appearing. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1809 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet Zone |
Userdata persistence |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage the preservation of
information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
When a user returns to a persisted page, the state of the page can be
restored if this policy setting is appropriately configured. If you enable this policy setting, users
can preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you disable this policy setting, users
cannot preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you do not configure this policy
setting, users can preserve information in the browser's history, in
favorites, in an XML store, or directly within a Web page saved to disk. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1606 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet Zone |
Web sites in less privileged Web content zones can navigate
into this zone |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether Web sites
from less privileged zones, such as Restricted Sites, can navigate into this zone. If you enable this policy setting, Web
sites from less privileged zones can open new windows in, or navigate into,
this zone. The security zone will run
without the added layer of security that is provided by the Protection from
Zone Elevation security feature. If you select Prompt in the drop-down box, a
warning is issued to the user that potentially risky navigation is about to
occur. If you disable this policy
setting, the possibly harmful navigations are prevented. The Internet
Explorer security feature will be on in this zone as set by Protection from
Zone Elevation feature control. If you
do not configure this policy setting, Web sites from less privileged zones
can open new windows in, or navigate into, this zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2101 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet Zone |
Allow active scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether script code
on pages in the zone is run. If you
enable this policy setting, script code on pages
in the zone can run automatically. If you select Prompt in the drop-down box,
users are queried to choose whether to allow script code on pages in the zone
to run. If you disable this policy
setting, script code on pages in the zone is prevented from running. If you do not configure this policy
setting, script code on pages in the zone can run automatically. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1400 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet Zone |
Allow paste operations via script |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether scripts can
perform a clipboard operation (for example, cut, copy, and paste) in a specified region. If you enable this policy setting, a script
can perform a clipboard operation. If
you select Prompt in the drop-down box, users are queried as to whether to
perform clipboard operations. If you
disable this policy setting, a script cannot perform a clipboard
operation. If you do not configure
this policy setting, a script can perform a clipboard operation. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1407 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet Zone |
Scripting of Java applets |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether applets are
exposed to scripts within the zone. If
you enable this policy setting, scripts can access
applets automatically without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to allow scripts to access applets. If you disable this policy setting, scripts
are prevented from accessing applets.
If you do not configure this policy setting, scripts can access
applets automatically without user intervention. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1402 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet Zone |
Logon options |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage settings for logon
options. If you enable this policy
setting, you can choose from the following logon
options. Anonymous logon to disable
HTTP authentication and use the guest account only for the Common Internet
File System (CIFS) protocol. Prompt
for user name and password to query users for user IDs and passwords. After a
user is queried, these values can be used silently for the remainder of the
session. Automatic logon only in
Intranet zone to query users for user IDs and passwords in other zones. After
a user is queried, these values can be used silently for the remainder of the
session. Automatic logon with current
user name and password to attempt logon using Windows NT Challenge Response
(also known as NTLM authentication). If Windows NT Challenge Response is
supported by the server, the logon uses the user's network user name and
password for logon. If Windows NT Challenge Response is not supported by the
server, the user is queried to provide the user name and password. If you disable this policy setting, logon
is set to Automatic logon only in Intranet zone. If you do not configure this policy
setting, logon is set to Automatic logon only in Intranet zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1A00 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Run .NET Framework-reliant components signed with Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether .NET
Framework components that are signed with Authenticode can be executed from Internet Explorer. These components
include managed controls referenced from an object tag and managed
executables referenced from a link. If
you enable this policy setting, Internet Explorer will execute signed managed
components. If you select Prompt in the drop-down box, Internet Explorer will
prompt the user to determine whether to execute signed managed
components. If you disable this policy
setting, Internet Explorer will not execute signed managed components. If you do not configure this policy
setting, Internet Explorer will not execute signed managed components. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2001 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Run .NET Framework-reliant components not signed with
Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether .NET
Framework components that are not signed with Authenticode can be executed from Internet Explorer. These
components include managed controls referenced from an object tag and managed
executables referenced from a link. If
you enable this policy setting, Internet Explorer will execute unsigned
managed components. If you select Prompt in the drop-down box, Internet
Explorer will prompt the user to determine whether to execute unsigned
managed components. If you disable
this policy setting, Internet Explorer will not execute unsigned managed
components. If you do not configure
this policy setting, Internet Explorer will not execute unsigned managed
components. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2004 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Download signed ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users may
download signed ActiveX controls from a page in the zone. If you enable this policy,
users can download signed controls without user intervention. If you select
Prompt in the drop-down box, users are queried whether to download controls
signed by publishers who aren't trusted. Code signed by trusted publishers is
silently downloaded. If you disable
the policy setting, signed controls cannot be downloaded. If you do not configure this policy setting,
users are queried whether to download controls signed by publishers who
aren't trusted. Code signed by trusted
publishers is silently downloaded. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1001 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Download unsigned ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users may
download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an
untrusted zone. If you enable this
policy setting, users can run unsigned controls without user intervention. If
you select Prompt in the drop-down box, users are queried to choose whether
to allow the unsigned control to run.
If you disable this policy setting, users cannot run unsigned
controls. If you do not configure this
policy setting, users cannot run unsigned controls. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1004 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Initialize and script ActiveX controls not marked as safe |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage ActiveX controls not
marked as safe. If you enable this
policy setting, ActiveX controls are run, loaded
with parameters, and scripted without setting object safety for untrusted
data or scripts. This setting is not recommended, except for secure and
administered zones. This setting causes both unsafe and safe controls to be
initialized and scripted, ignoring the Script ActiveX controls marked safe
for scripting option. If you enable
this policy setting and select Prompt in the drop-down box, users are queried
whether to allow the control to be loaded with parameters or scripted. If you disable this policy setting, ActiveX
controls that cannot be made safe are not loaded with parameters or
scripted. If you do not configure this
policy setting, ActiveX controls that cannot be made safe are not loaded with
parameters or scripted. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1201 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Run ActiveX controls and plugins |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether ActiveX
controls and plug-ins can be run on pages from the specified zone. If you
enable this policy setting, controls and plug-ins can run without user
intervention. If you selected Prompt
in the drop-down box, users are asked to choose whether to allow the controls
or plug-in to run. If you disable this
policy setting, controls and plug-ins are prevented from running. If you do not configure this policy
setting, controls and plug-ins are prevented from running. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1200 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Script ActiveX controls marked safe for scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether an ActiveX
control marked safe for scripting can interact with a script. If you
enable this policy setting, script interaction can occur automatically
without user intervention. If you
select Prompt in the drop-down box, users are queried to choose whether to
allow script interaction. If you
disable this policy setting, script interaction is prevented from
occurring. If you do not configure
this policy setting, script interaction can occur automatically without user
intervention. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1405 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Allow file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether file
downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the
download, not the zone from which the file is delivered. If you enable this policy setting, files
can be downloaded from the zone. If
you disable this policy setting, files are prevented from being downloaded
from the zone. If you do not
configure this policy setting, files can be downloaded from the zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1803 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Allow font downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether pages of the
zone may download HTML fonts. If you
enable this policy setting, HTML fonts can be
downloaded automatically. If you enable this policy setting and Prompt is
selected in the drop-down box, users are queried whether to allow HTML fonts
to download. If you disable this
policy setting, HTML fonts are prevented from downloading. If you do not configure this policy
setting, HTML fonts can be downloaded automatically. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1604 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Java permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage permissions for Java
applets. If you enable this policy
setting, you can choose options from the drop-down
box. Custom, to control permissions settings individually. Low Safety enables applets to perform all
operations. Medium Safety enables
applets to run in their sandbox (an area in memory outside of which the
program cannot make calls), plus capabilities like scratch space (a safe and
secure storage area on the client computer) and user-controlled file
I/O. High Safety enables applets to
run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java
applets cannot run. If you do not configure
this policy setting, Java applets are disabled. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1C00 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Access data sources across domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether Internet
Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data
Objects (ADO). If you enable this
policy setting, users can load a page in the zone that uses MSXML or ADO to
access data from another site in the zone. If you select Prompt in the
drop-down box, users are queried to choose whether to allow a page to be
loaded in the zone that uses MSXML or ADO to access data from another site in
the zone. If you disable this policy
setting, users cannot load a page in the zone that uses MSXML or ADO to
access data from another site in the zone.
If you do not configure this policy setting, users are queried to
choose whether to allow a page to be loaded in the zone that uses MSXML or
ADO to access data from another site in the zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1406 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Automatic prompting for file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting determines whether users will be prompted
for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for
user-initiated downloads. If you
enable this setting, users will receive a file download dialog for automatic
download attempts. If you disable or
do not configure this setting, file downloads that are not user-initiated
will be blocked, and users will see the Information Bar instead of the file
download dialog. Users can then click the Information Bar to allow the file
download prompt. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2200 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Automatic prompting for ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting manages whether users will be
automatically prompted for ActiveX control installations. If you enable
this policy setting, users will receive a prompt when a site instantiates an
ActiveX control they do not have installed.
If you disable this policy setting, ActiveX control installations will
be blocked using the Information Bar. Users can click on the Information Bar
to allow the ActiveX control prompt.
If you do not configure this policy setting, ActiveX control
installations will be blocked using the Information Bar. Users can click on
the Information Bar to allow the ActiveX control prompt. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2201 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Allow META REFRESH |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether a user's
browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag)
to redirect browsers to another Web page.
If you enable this policy setting, a user's browser that loads a page
containing an active Meta Refresh setting can be redirected to another Web
page. If you disable this policy
setting, a user's browser that loads a page containing an active Meta Refresh
setting cannot be redirected to another Web page. If you do not configure this policy
setting, a user's browser that loads a page containing an active Meta Refresh
setting can be redirected to another Web page. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1608 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Allow script-initiated windows without size or position
constraints |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage restrictions on
script-initiated pop-up windows and windows that include the title and status bars.
If you enable this policy setting, Windows Restrictions security will
not apply in this zone. The security zone runs without the added layer of
security provided by this feature. If
you disable this policy setting, the possible harmful actions contained in
script-initiated pop-up windows and windows that include the title and status
bars cannot be run. This Internet Explorer security feature will be on in
this zone as dictated by the Scripted Windows Security Restrictions feature
control setting for the process. If
you do not configure this policy setting, the possible harmful actions
contained in script-initiated pop-up windows and windows that include the
title and status bars cannot be run. This Internet Explorer security feature
will be on in this zone as dictated by the Scripted Windows Security
Restrictions feature control setting for the process. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2102 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Allow binary and script behaviors |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage dynamic binary and
script behaviors: components that encapsulate specific functionality for HTML elements to which they were
attached. If you enable this policy
setting, binary and script behaviors are available. If you select
Administrator approved in the drop-down box, only behaviors listed in the
Admin-approved Behaviors under Binary Behaviors Security Restriction policy
are available. If you disable this
policy setting, binary and script behaviors are not available unless
applications have implemented a custom security manager. If you do not configure this policy
setting, only behaviors listed in the Admin-approved Behaviors under Binary
Behaviors Security Restriction policy are available. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2000 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Display mixed content |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can
display nonsecure items and manage whether users receive a security information message to display pages containing both
secure and nonsecure items. If you
enable this policy setting, and the drop-down box is set to Enable, the user
does not receive a security information message (This page contains both
secure and nonsecure items. Do you want to display the nonsecure items?) and
nonsecure content can be displayed. If
the drop-down box is set to Prompt, the user will receive the security
information message on the Web pages that contain both secure (https://) and
nonsecure (http://) content. If you
disable this policy setting, users cannot receive the security information
message and nonsecure content cannot be displayed. If you do not configure this policy
setting, the user will receive the security information message on the Web
pages that contain both secure (https://) and nonsecure (http://) content. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1609 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Do not prompt for client certificate selection when no
certificates or only one certificate exists. |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users are
prompted to select a certificate when no certificate or only one certificate exists. If you enable this policy setting, Internet
Explorer does not prompt users with a Client Authentication message when they
connect to a Web site that has no certificate or only one certificate. If you disable this policy setting,
Internet Explorer prompts users with a Client Authentication message when
they connect to a Web site that has no certificate or only one certificate. If you do not configure this policy
setting, Internet Explorer prompts users with a Client Authentication message
when they connect to a Web site that has no certificate or only one
certificate. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1A04 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Allow drag and drop or copy and paste files |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can
drag files or copy and paste files from a source within the zone. If you
enable this policy setting, users can drag files or copy and paste files from
this zone automatically. If you select Prompt in the drop-down box, users are
queried to choose whether to drag or copy files from this zone. If you disable this policy setting, users
are prevented from dragging files or copying and pasting files from this
zone. If you do not configure this
policy setting, users can drag files or copy and paste files from this zone
automatically. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1802 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Allow installation of desktop items |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can
install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting,
users can install desktop items from this zone automatically. If you select Prompt in the drop-down box,
users are queried to choose whether to install desktop items from this
zone. If you disable this policy
setting, users are prevented from installing desktop items from this
zone. If you do not configure this
policy setting, users are queried to choose whether to install desktop items
from this zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1800 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Launching applications and files in an IFRAME |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether applications
may be run and files may be downloaded from an IFRAME
reference in the HTML of the pages in this zone. If you enable this policy setting, users
can run applications and download files from IFRAMEs on the pages in this
zone without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to run applications and download files
from IFRAMEs on the pages in this zone.
If you disable this policy setting, users are prevented from running
applications and downloading files from IFRAMEs on the pages in this
zone. If you do not configure this
policy setting, users are queried to choose whether to run applications and
download files from IFRAMEs on the pages in this zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1804 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Navigate sub-frames across different domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage the opening of
sub-frames and access of applications across different domains. If you
enable this policy setting, users can open sub-frames from other domains and
access applications from other domains. If you select Prompt in the drop-down
box, users are queried whether to allow sub-frames or access to applications
from other domains. If you disable
this policy setting, users cannot open sub-frames or access applications from
different domains. If you do not configure
this policy setting, users can open sub-frames from other domains and access
applications from other domains. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1607 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Open files based on content, not file extension |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage MIME sniffing for
file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet
Explorer of the file type based on a bit signature. If you enable this policy setting, the MIME
Sniffing Safety Feature will not apply in this zone. The security zone will
run without the added layer of security provided by this feature. If you disable this policy setting, the
actions that may be harmful cannot run; this Internet Explorer security
feature will be turned on in this zone, as dictated by the feature control
setting for the process. If you do not
configure this policy setting, the actions that may be harmful cannot run;
this Internet Explorer security feature will be turned on in this zone, as
dictated by the feature control setting for the process. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2100 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Software channel permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage software channel
permissions. If you enable this policy
setting, you can choose the following options from
the drop-down box. Low safety to allow
users to be notified of software updates by e-mail, software packages to be
automatically downloaded to users' computers, and software packages to be
automatically installed on users' computers.
Medium safety to allow users to be notified of software updates by
e-mail and software packages to be automatically downloaded to (but not
installed on) users' computers. High
safety to prevent users from being notified of software updates by e-mail,
software packages from being automatically downloaded to users' computers,
and software packages from being automatically installed on users'
computers. If you disable this policy
setting, permissions are set to high safety.
If you do not configure this policy setting, permissions are set to
Low safety. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1E05 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Submit non-encrypted form data |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether data on HTML
forms on pages in the zone may be submitted. Forms
sent with SSL (Secure Sockets Layer) encryption are always allowed; this
setting only affects non-SSL form data submission. If you enable this policy setting,
information using HTML forms on pages in this zone can be submitted
automatically. If you select Prompt in the drop-down box, users are queried
to choose whether to allow information using HTML forms on pages in this zone
to be submitted. If you disable this
policy setting, information using HTML forms on pages in this zone is
prevented from being submitted. If you
do not configure this policy setting, information using HTML forms on pages
in this zone can be submitted automatically. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1601 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Use Pop-up Blocker |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether unwanted
pop-up windows appear. Pop-up windows that are opened
when the end user clicks a link are not blocked. If you enable this policy setting, most
unwanted pop-up windows are prevented from appearing. If you disable this policy setting, pop-up
windows are not prevented from appearing.
If you do not configure this policy setting, pop-up windows are not
prevented from appearing. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1809 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Userdata persistence |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage the preservation of
information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
When a user returns to a persisted page, the state of the page can be
restored if this policy setting is appropriately configured. If you enable this policy setting, users
can preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you disable this policy setting, users
cannot preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you do not configure this policy
setting, users can preserve information in the browser's history, in
favorites, in an XML store, or directly within a Web page saved to disk. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1606 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Web sites in less privileged Web content zones can navigate
into this zone |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether Web sites
from less privileged zones, such as Internet sites, can navigate into this zone.
If you enable this policy setting, Web sites from less privileged
zones can open new windows in, or navigate into, this zone. The security zone
will run without the added layer of security that is provided by the
Protection from Zone Elevation security feature. If you select Prompt in the
drop-down box, a warning is issued to the user that potentially risky
navigation is about to occur. If you
disable this policy setting, the possibly harmful navigations are prevented.
The Internet Explorer security feature will be on in this zone as set by
Protection from Zone Elevation feature control. If you do not configure this policy
setting, the possibly harmful navigations are prevented. The Internet
Explorer security feature will be on in this zone as set by Protection from
Zone Elevation feature control. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2101 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Allow active scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether script code
on pages in the zone is run. If you
enable this policy setting, script code on pages
in the zone can run automatically. If you select Prompt in the drop-down box,
users are queried to choose whether to allow script code on pages in the zone
to run. If you disable this policy
setting, script code on pages in the zone is prevented from running. If you do not configure this policy
setting, users are queried to choose whether to allow script code on pages in
the Local Machine zone to run. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1400 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Allow paste operations via script |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether scripts can
perform a clipboard operation (for example, cut, copy, and paste) in a specified region. If you enable this policy setting, a script
can perform a clipboard operation. If
you select Prompt in the drop-down box, users are queried as to whether to
perform clipboard operations. If you
disable this policy setting, a script cannot perform a clipboard
operation. If you do not configure
this policy setting, a script can perform a clipboard operation. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1407 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Scripting of Java applets |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether applets are
exposed to scripts within the zone. If
you enable this policy setting, scripts can access
applets automatically without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to allow scripts to access applets. If you disable this policy setting, scripts
are prevented from accessing applets.
If you do not configure this policy setting, scripts can access
applets automatically without user intervention. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1402 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone |
Logon options |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage settings for logon
options. If you enable this policy
setting, you can choose from the following logon
options. Anonymous logon to disable
HTTP authentication and use the guest account only for the Common Internet
File System (CIFS) protocol. Prompt
for user name and password to query users for user IDs and passwords. After a
user is queried, these values can be used silently for the remainder of the
session. Automatic logon only in
Intranet zone to query users for user IDs and passwords in other zones. After
a user is queried, these values can be used silently for the remainder of the
session. Automatic logon with current
user name and password to attempt logon using Windows NT Challenge Response
(also known as NTLM authentication). If Windows NT Challenge Response is
supported by the server, the logon uses the user's network user name and
password for logon. If Windows NT Challenge Response is not supported by the
server, the user is queried to provide the user name and password. If you disable this policy setting, logon
is set to Automatic logon only in Intranet zone. If you do not configure this policy
setting, logon is set to Automatic logon only in Intranet zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1A00 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Run .NET Framework-reliant components signed with Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether .NET
Framework components that are signed with Authenticode can be executed from Internet Explorer. These components
include managed controls referenced from an object tag and managed
executables referenced from a link. If
you enable this policy setting, Internet Explorer will execute signed managed
components. If you select Prompt in the drop-down box, Internet Explorer will
prompt the user to determine whether to execute signed managed
components. If you disable this policy
setting, Internet Explorer will not execute signed managed components. If you do not configure this policy
setting, Internet Explorer will execute signed managed components. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2001 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Run .NET Framework-reliant components not signed with
Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether .NET
Framework components that are not signed with Authenticode can be executed from Internet Explorer. These
components include managed controls referenced from an object tag and managed
executables referenced from a link. If
you enable this policy setting, Internet Explorer will execute unsigned
managed components. If you select Prompt in the drop-down box, Internet
Explorer will prompt the user to determine whether to execute unsigned
managed components. If you disable
this policy setting, Internet Explorer will not execute unsigned managed
components. If you do not configure
this policy setting, Internet Explorer will execute unsigned managed
components. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2004 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Download signed ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users may
download signed ActiveX controls from a page in the zone. If you enable this policy,
users can download signed controls without user intervention. If you select
Prompt in the drop-down box, users are queried whether to download controls
signed by publishers who aren't trusted. Code signed by trusted publishers is
silently downloaded. If you disable
the policy setting, signed controls cannot be downloaded. If you do not configure this policy setting,
users can download signed controls without user intervention. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1001 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Download unsigned ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users may
download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an
untrusted zone. If you enable this
policy setting, users can run unsigned controls without user intervention. If
you select Prompt in the drop-down box, users are queried to choose whether
to allow the unsigned control to run.
If you disable this policy setting, users cannot run unsigned
controls. If you do not configure this
policy setting, users are queried to choose whether to allow the unsigned
control to run. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1004 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Initialize and script ActiveX controls not marked as safe |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage ActiveX controls not
marked as safe. If you enable this
policy setting, ActiveX controls are run, loaded
with parameters, and scripted without setting object safety for untrusted
data or scripts. This setting is not recommended, except for secure and
administered zones. This setting causes both unsafe and safe controls to be
initialized and scripted, ignoring the Script ActiveX controls marked safe
for scripting option. If you enable
this policy setting and select Prompt in the drop-down box, users are queried
whether to allow the control to be loaded with parameters or scripted. If you disable this policy setting, ActiveX
controls that cannot be made safe are not loaded with parameters or
scripted. If you do not configure this
policy setting, users are queried whether to allow the control to be loaded
with parameters or scripted. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1201 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Run ActiveX controls and plugins |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether ActiveX
controls and plug-ins can be run on pages from the specified zone. If you
enable this policy setting, controls and plug-ins can run without user
intervention. If you selected Prompt
in the drop-down box, users are asked to choose whether to allow the controls
or plug-in to run. If you disable this
policy setting, controls and plug-ins are prevented from running. If you do not configure this policy
setting, controls and plug-ins can run without user intervention. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1200 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Script ActiveX controls marked safe for scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether an ActiveX
control marked safe for scripting can interact with a script. If you
enable this policy setting, script interaction can occur automatically
without user intervention. If you
select Prompt in the drop-down box, users are queried to choose whether to
allow script interaction. If you
disable this policy setting, script interaction is prevented from
occurring. If you do not configure
this policy setting, script interaction can occur automatically without user
intervention. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1405 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Allow file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether file
downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the
download, not the zone from which the file is delivered. If you enable this policy setting, files
can be downloaded from the zone. If
you disable this policy setting, files are prevented from being downloaded
from the zone. If you do not
configure this policy setting, files can be downloaded from the zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1803 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Allow font downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether pages of the
zone may download HTML fonts. If you
enable this policy setting, HTML fonts can be
downloaded automatically. If you enable this policy setting and Prompt is
selected in the drop-down box, users are queried whether to allow HTML fonts
to download. If you disable this
policy setting, HTML fonts are prevented from downloading. If you do not configure this policy
setting, HTML fonts can be downloaded automatically. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1604 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Java permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage permissions for Java
applets. If you enable this policy
setting, you can choose options from the drop-down
box. Custom, to control permissions settings individually. Low Safety enables applets to perform all
operations. Medium Safety enables
applets to run in their sandbox (an area in memory outside of which the
program cannot make calls), plus capabilities like scratch space (a safe and
secure storage area on the client computer) and user-controlled file
I/O. High Safety enables applets to
run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java
applets cannot run. If you do not configure
this policy setting, the permission is set to Low Safety. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1C00 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Access data sources across domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether Internet
Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data
Objects (ADO). If you enable this
policy setting, users can load a page in the zone that uses MSXML or ADO to
access data from another site in the zone. If you select Prompt in the
drop-down box, users are queried to choose whether to allow a page to be
loaded in the zone that uses MSXML or ADO to access data from another site in
the zone. If you disable this policy
setting, users cannot load a page in the zone that uses MSXML or ADO to
access data from another site in the zone.
If you do not configure this policy setting, users can load a page in
the zone that uses MSXML or ADO to access data from another site in the zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1406 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Allow active content over restricted protocols to access my
computer |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether a resource
hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script, ActiveX, Java
and Binary Behaviors. The list of restricted protocols may be set in the
Intranet Zone Restricted Protocols section under Network Protocol Lockdown
policy. If you enable this policy
setting, no Intranet Zone content accessed is affected, even for protocols on
the restricted list. If you select Prompt from the drop-down box, the
Information Bar will appear to allow control over questionable content
accessed over any restricted protocols; content over other protocols is
unaffected. If you disable this policy
setting, all attempts to access such content over the restricted protocols is
blocked. If you do not configure this
policy setting, the Information Bar will appear to allow control over
questionable content accessed over any restricted protocols when the Network
Protocol Lockdown security feature is enabled. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2300 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Automatic prompting for file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting determines whether users will be prompted
for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for
user-initiated downloads. If you
enable this setting, users will receive a file download dialog for automatic
download attempts. If you disable or
do not configure this setting, users will receive a file download dialog for
automatic download attempts. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2200 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Automatic prompting for ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting manages whether users will be
automatically prompted for ActiveX control installations. If you enable
this policy setting, users will receive a prompt when a site instantiates an
ActiveX control they do not have installed.
If you disable this policy setting, ActiveX control installations will
be blocked using the Information Bar. Users can click on the Information Bar
to allow the ActiveX control prompt.
If you do not configure this policy setting, users will receive a
prompt when a site instantiates an ActiveX control they do not have
installed. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2201 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Allow META REFRESH |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether a user's
browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag)
to redirect browsers to another Web page.
If you enable this policy setting, a user's browser that loads a page
containing an active Meta Refresh setting can be redirected to another Web
page. If you disable this policy
setting, a user's browser that loads a page containing an active Meta Refresh
setting cannot be redirected to another Web page. If you do not configure this policy
setting, a user's browser that loads a page containing an active Meta Refresh
setting can be redirected to another Web page. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1608 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Allow script-initiated windows without size or position
constraints |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage restrictions on
script-initiated pop-up windows and windows that include the title and status bars.
If you enable this policy setting, Windows Restrictions security will
not apply in this zone. The security zone runs without the added layer of
security provided by this feature. If
you disable this policy setting, the possible harmful actions contained in
script-initiated pop-up windows and windows that include the title and status
bars cannot be run. This Internet Explorer security feature will be on in
this zone as dictated by the Scripted Windows Security Restrictions feature
control setting for the process. If
you do not configure this policy setting, Windows Restrictions security will
not apply in this zone. The security zone runs without the added layer of
security provided by this feature. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2102 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Allow binary and script behaviors |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage dynamic binary and
script behaviors: components that encapsulate specific functionality for HTML elements to which they were
attached. If you enable this policy
setting, binary and script behaviors are available. If you select
Administrator approved in the drop-down box, only behaviors listed in the
Admin-approved Behaviors under Binary Behaviors Security Restriction policy
are available. If you disable this
policy setting, binary and script behaviors are not available unless
applications have implemented a custom security manager. If you do not configure this policy
setting, binary and script behaviors are available. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2000 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Display mixed content |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can
display nonsecure items and manage whether users receive a security information message to display pages containing both
secure and nonsecure items. If you
enable this policy setting, and the drop-down box is set to Enable, the user
does not receive a security information message (This page contains both
secure and nonsecure items. Do you want to display the nonsecure items?) and
nonsecure content can be displayed. If
the drop-down box is set to Prompt, the user will receive the security
information message on the Web pages that contain both secure (https://) and
nonsecure (http://) content. If you
disable this policy setting, users cannot receive the security information
message and nonsecure content cannot be displayed. If you do not configure this policy
setting, the user will receive the security information message on the Web
pages that contain both secure (https://) and nonsecure (http://) content. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1609 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Do not prompt for client certificate selection when no
certificates or only one certificate exists. |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users are
prompted to select a certificate when no certificate or only one certificate exists. If you enable this policy setting, Internet
Explorer does not prompt users with a Client Authentication message when they
connect to a Web site that has no certificate or only one certificate. If you disable this policy setting,
Internet Explorer prompts users with a Client Authentication message when
they connect to a Web site that has no certificate or only one certificate. If you do not configure this policy
setting, Internet Explorer does not prompt users with a Client Authentication
message when they connect to a Web site that has no certificate or only one
certificate. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1A04 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Allow drag and drop or copy and paste files |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can
drag files or copy and paste files from a source within the zone. If you
enable this policy setting, users can drag files or copy and paste files from
this zone automatically. If you select Prompt in the drop-down box, users are
queried to choose whether to drag or copy files from this zone. If you disable this policy setting, users
are prevented from dragging files or copying and pasting files from this
zone. If you do not configure this
policy setting, users can drag files or copy and paste files from this zone
automatically. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1802 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Allow installation of desktop items |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can
install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting,
users can install desktop items from this zone automatically. If you select Prompt in the drop-down box,
users are queried to choose whether to install desktop items from this
zone. If you disable this policy
setting, users are prevented from installing desktop items from this
zone. If you do not configure this
policy setting, users can install desktop items from this zone automatically. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1800 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Launching applications and files in an IFRAME |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether applications
may be run and files may be downloaded from an IFRAME
reference in the HTML of the pages in this zone. If you enable this policy setting, users
can run applications and download files from IFRAMEs on the pages in this
zone without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to run applications and download files
from IFRAMEs on the pages in this zone.
If you disable this policy setting, users are prevented from running
applications and downloading files from IFRAMEs on the pages in this
zone. If you do not configure this
policy setting, users can run applications and download files from IFRAMEs on
the pages in this zone without user intervention. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1804 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Navigate sub-frames across different domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage the opening of
sub-frames and access of applications across different domains. If you
enable this policy setting, users can open sub-frames from other domains and
access applications from other domains. If you select Prompt in the drop-down
box, users are queried whether to allow sub-frames or access to applications
from other domains. If you disable
this policy setting, users cannot open sub-frames or access applications from
different domains. If you do not configure
this policy setting, users can open sub-frames from other domains and access
applications from other domains. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1607 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Open files based on content, not file extension |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage MIME sniffing for
file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet
Explorer of the file type based on a bit signature. If you enable this policy setting, the MIME
Sniffing Safety Feature will not apply in this zone. The security zone will
run without the added layer of security provided by this feature. If you disable this policy setting, the
actions that may be harmful cannot run; this Internet Explorer security
feature will be turned on in this zone, as dictated by the feature control
setting for the process. If you do not
configure this policy setting, the MIME Sniffing Safety Feature will not
apply in this zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2100 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Software channel permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage software channel
permissions. If you enable this policy
setting, you can choose the following options from
the drop-down box. Low safety to allow
users to be notified of software updates by e-mail, software packages to be
automatically downloaded to users' computers, and software packages to be
automatically installed on users' computers.
Medium safety to allow users to be notified of software updates by
e-mail and software packages to be automatically downloaded to (but not
installed on) users' computers. High
safety to prevent users from being notified of software updates by e-mail,
software packages from being automatically downloaded to users' computers,
and software packages from being automatically installed on users'
computers. If you disable this policy
setting, permissions are set to high safety.
If you do not configure this policy setting, permissions are set to
Low safety. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1E05 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Submit non-encrypted form data |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether data on HTML
forms on pages in the zone may be submitted. Forms
sent with SSL (Secure Sockets Layer) encryption are always allowed; this
setting only affects non-SSL form data submission. If you enable this policy setting,
information using HTML forms on pages in this zone can be submitted
automatically. If you select Prompt in the drop-down box, users are queried
to choose whether to allow information using HTML forms on pages in this zone
to be submitted. If you disable this
policy setting, information using HTML forms on pages in this zone is
prevented from being submitted. If you
do not configure this policy setting, information using HTML forms on pages
in this zone can be submitted automatically. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1601 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Use Pop-up Blocker |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether unwanted
pop-up windows appear. Pop-up windows that are opened
when the end user clicks a link are not blocked. If you enable this policy setting, most
unwanted pop-up windows are prevented from appearing. If you disable this policy setting, pop-up
windows are not prevented from appearing.
If you do not configure this policy setting, pop-up windows are not
prevented from appearing. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1809 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Userdata persistence |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage the preservation of
information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
When a user returns to a persisted page, the state of the page can be
restored if this policy setting is appropriately configured. If you enable this policy setting, users
can preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you disable this policy setting, users
cannot preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you do not configure this policy
setting, users can preserve information in the browser's history, in
favorites, in an XML store, or directly within a Web page saved to disk. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1606 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Web sites in less privileged Web content zones can navigate
into this zone |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether Web sites
from less privileged zones, such as Restricted Sites, can navigate into this zone. If you enable this policy setting, Web
sites from less privileged zones can open new windows in, or navigate into,
this zone. The security zone will run
without the added layer of security that is provided by the Protection from
Zone Elevation security feature. If you select Prompt in the drop-down box, a
warning is issued to the user that potentially risky navigation is about to
occur. If you disable this policy
setting, the possibly harmful navigations are prevented. The Internet
Explorer security feature will be on in this zone as set by Protection from
Zone Elevation feature control. If you
do not configure this policy setting, a warning is issued to the user that
potentially risky navigation is about to occur. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2101 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Allow active scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether script code
on pages in the zone is run. If you
enable this policy setting, script code on pages
in the zone can run automatically. If you select Prompt in the drop-down box,
users are queried to choose whether to allow script code on pages in the zone
to run. If you disable this policy
setting, script code on pages in the zone is prevented from running. If you do not configure this policy
setting, script code on pages in the zone can run automatically. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1400 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Allow paste operations via script |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether scripts can
perform a clipboard operation (for example, cut, copy, and paste) in a specified region. If you enable this policy setting, a script
can perform a clipboard operation. If
you select Prompt in the drop-down box, users are queried as to whether to
perform clipboard operations. If you
disable this policy setting, a script cannot perform a clipboard
operation. If you do not configure
this policy setting, a script can perform a clipboard operation. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1407 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Scripting of Java applets |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether applets are
exposed to scripts within the zone. If
you enable this policy setting, scripts can access
applets automatically without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to allow scripts to access applets. If you disable this policy setting, scripts
are prevented from accessing applets.
If you do not configure this policy setting, scripts can access
applets automatically without user intervention. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1402 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted Sites Zone |
Logon options |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage settings for logon
options. If you enable this policy
setting, you can choose from the following logon
options. Anonymous logon to disable
HTTP authentication and use the guest account only for the Common Internet
File System (CIFS) protocol. Prompt
for user name and password to query users for user IDs and passwords. After a
user is queried, these values can be used silently for the remainder of the
session. Automatic logon only in
Intranet zone to query users for user IDs and passwords in other zones. After
a user is queried, these values can be used silently for the remainder of the
session. Automatic logon with current
user name and password to attempt logon using Windows NT Challenge Response
(also known as NTLM authentication). If Windows NT Challenge Response is
supported by the server, the logon uses the user's network user name and
password for logon. If Windows NT Challenge Response is not supported by the
server, the user is queried to provide the user name and password. If you disable this policy setting, logon
is set to Automatic logon only in Intranet zone. If you do not configure this policy
setting, logon is set to Automatic logon with current username and password. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1A00 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Run .NET Framework-reliant components signed with Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether .NET
Framework components that are signed with Authenticode can be executed from Internet Explorer. These components
include managed controls referenced from an object tag and managed
executables referenced from a link. If
you enable this policy setting, Internet Explorer will execute signed managed
components. If you select Prompt in the drop-down box, Internet Explorer will
prompt the user to determine whether to execute signed managed
components. If you disable this policy
setting, Internet Explorer will not execute signed managed components. If you do not configure this policy
setting, Internet Explorer will not execute signed managed components. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2001 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Run .NET Framework-reliant components not signed with
Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether .NET
Framework components that are not signed with Authenticode can be executed from Internet Explorer. These
components include managed controls referenced from an object tag and managed
executables referenced from a link. If
you enable this policy setting, Internet Explorer will execute unsigned
managed components. If you select Prompt in the drop-down box, Internet
Explorer will prompt the user to determine whether to execute unsigned
managed components. If you disable
this policy setting, Internet Explorer will not execute unsigned managed
components. If you do not configure
this policy setting, Internet Explorer will not execute unsigned managed
components. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2004 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Download signed ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users may
download signed ActiveX controls from a page in the zone. If you enable this policy,
users can download signed controls without user intervention. If you select
Prompt in the drop-down box, users are queried whether to download controls
signed by publishers who aren't trusted. Code signed by trusted publishers is
silently downloaded. If you disable
the policy setting, signed controls cannot be downloaded. If you do not configure this policy setting,
users can download signed controls without user intervention. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1001 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Download unsigned ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users may
download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an
untrusted zone. If you enable this
policy setting, users can run unsigned controls without user intervention. If
you select Prompt in the drop-down box, users are queried to choose whether
to allow the unsigned control to run.
If you disable this policy setting, users cannot run unsigned
controls. If you do not configure this
policy setting, users cannot run unsigned controls. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1004 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Initialize and script ActiveX controls not marked as safe |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage ActiveX controls not
marked as safe. If you enable this
policy setting, ActiveX controls are run, loaded
with parameters, and scripted without setting object safety for untrusted
data or scripts. This setting is not recommended, except for secure and
administered zones. This setting causes both unsafe and safe controls to be
initialized and scripted, ignoring the Script ActiveX controls marked safe
for scripting option. If you enable
this policy setting and select Prompt in the drop-down box, users are queried
whether to allow the control to be loaded with parameters or scripted. If you disable this policy setting, ActiveX
controls that cannot be made safe are not loaded with parameters or
scripted. If you do not configure this
policy setting, ActiveX controls that cannot be made safe are not loaded with
parameters or scripted. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1201 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Run ActiveX controls and plugins |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether ActiveX
controls and plug-ins can be run on pages from the specified zone. If you
enable this policy setting, controls and plug-ins can run without user
intervention. If you selected Prompt
in the drop-down box, users are asked to choose whether to allow the controls
or plug-in to run. If you disable this
policy setting, controls and plug-ins are prevented from running. If you do not configure this policy
setting, controls and plug-ins are prevented from running. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1200 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Script ActiveX controls marked safe for scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether an ActiveX
control marked safe for scripting can interact with a script. If you
enable this policy setting, script interaction can occur automatically
without user intervention. If you
select Prompt in the drop-down box, users are queried to choose whether to
allow script interaction. If you
disable this policy setting, script interaction is prevented from
occurring. If you do not configure
this policy setting, script interaction can occur automatically without user
intervention. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1405 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Allow file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether file
downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the
download, not the zone from which the file is delivered. If you enable this policy setting, files
can be downloaded from the zone. If
you disable this policy setting, files are prevented from being downloaded
from the zone. If you do not
configure this policy setting, files can be downloaded from the zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1803 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Allow font downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether pages of the
zone may download HTML fonts. If you
enable this policy setting, HTML fonts can be
downloaded automatically. If you enable this policy setting and Prompt is
selected in the drop-down box, users are queried whether to allow HTML fonts
to download. If you disable this
policy setting, HTML fonts are prevented from downloading. If you do not configure this policy
setting, HTML fonts can be downloaded automatically. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1604 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Java permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage permissions for Java
applets. If you enable this policy
setting, you can choose options from the drop-down
box. Custom, to control permissions settings individually. Low Safety enables applets to perform all
operations. Medium Safety enables
applets to run in their sandbox (an area in memory outside of which the
program cannot make calls), plus capabilities like scratch space (a safe and
secure storage area on the client computer) and user-controlled file
I/O. High Safety enables applets to
run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java
applets cannot run. If you do not configure
this policy setting, Java applets are disabled. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1C00 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Access data sources across domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether Internet
Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data
Objects (ADO). If you enable this
policy setting, users can load a page in the zone that uses MSXML or ADO to
access data from another site in the zone. If you select Prompt in the
drop-down box, users are queried to choose whether to allow a page to be
loaded in the zone that uses MSXML or ADO to access data from another site in
the zone. If you disable this policy
setting, users cannot load a page in the zone that uses MSXML or ADO to
access data from another site in the zone.
If you do not configure this policy setting, users can load a page in
the zone that uses MSXML or ADO to access data from another site in the zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1406 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Automatic prompting for file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting determines whether users will be prompted
for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for
user-initiated downloads. If you
enable this setting, users will receive a file download dialog for automatic
download attempts. If you disable or
do not configure this setting, file downloads that are not user-initiated
will be blocked, and users will see the Information Bar instead of the file
download dialog. Users can then click the Information Bar to allow the file
download prompt. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2200 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Automatic prompting for ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting manages whether users will be
automatically prompted for ActiveX control installations. If you enable
this policy setting, users will receive a prompt when a site instantiates an
ActiveX control they do not have installed.
If you disable this policy setting, ActiveX control installations will
be blocked using the Information Bar. Users can click on the Information Bar
to allow the ActiveX control prompt.
If you do not configure this policy setting, ActiveX control
installations will be blocked using the Information Bar. Users can click on
the Information Bar to allow the ActiveX control prompt. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2201 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Allow META REFRESH |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether a user's
browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag)
to redirect browsers to another Web page.
If you enable this policy setting, a user's browser that loads a page
containing an active Meta Refresh setting can be redirected to another Web
page. If you disable this policy
setting, a user's browser that loads a page containing an active Meta Refresh
setting cannot be redirected to another Web page. If you do not configure this policy
setting, a user's browser that loads a page containing an active Meta Refresh
setting can be redirected to another Web page. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1608 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Allow script-initiated windows without size or position
constraints |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage restrictions on
script-initiated pop-up windows and windows that include the title and status bars.
If you enable this policy setting, Windows Restrictions security will
not apply in this zone. The security zone runs without the added layer of
security provided by this feature. If
you disable this policy setting, the possible harmful actions contained in
script-initiated pop-up windows and windows that include the title and status
bars cannot be run. This Internet Explorer security feature will be on in
this zone as dictated by the Scripted Windows Security Restrictions feature
control setting for the process. If
you do not configure this policy setting, the possible harmful actions
contained in script-initiated pop-up windows and windows that include the
title and status bars cannot be run. This Internet Explorer security feature
will be on in this zone as dictated by the Scripted Windows Security
Restrictions feature control setting for the process. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2102 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Allow binary and script behaviors |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage dynamic binary and
script behaviors: components that encapsulate specific functionality for HTML elements to which they were
attached. If you enable this policy
setting, binary and script behaviors are available. If you select
Administrator approved in the drop-down box, only behaviors listed in the
Admin-approved Behaviors under Binary Behaviors Security Restriction policy
are available. If you disable this
policy setting, binary and script behaviors are not available unless
applications have implemented a custom security manager. If you do not configure this policy
setting, only behaviors listed in the Admin-approved Behaviors under Binary
Behaviors Security Restriction policy are available. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2000 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Display mixed content |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can
display nonsecure items and manage whether users receive a security information message to display pages containing both
secure and nonsecure items. If you
enable this policy setting, and the drop-down box is set to Enable, the user
does not receive a security information message (This page contains both
secure and nonsecure items. Do you want to display the nonsecure items?) and
nonsecure content can be displayed. If
the drop-down box is set to Prompt, the user will receive the security
information message on the Web pages that contain both secure (https://) and
nonsecure (http://) content. If you
disable this policy setting, users cannot receive the security information
message and nonsecure content cannot be displayed. If you do not configure this policy
setting, the user will receive the security information message on the Web
pages that contain both secure (https://) and nonsecure (http://) content. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1609 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Do not prompt for client certificate selection when no
certificates or only one certificate exists. |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users are
prompted to select a certificate when no certificate or only one certificate exists. If you enable this policy setting, Internet
Explorer does not prompt users with a Client Authentication message when they
connect to a Web site that has no certificate or only one certificate. If you disable this policy setting,
Internet Explorer prompts users with a Client Authentication message when
they connect to a Web site that has no certificate or only one certificate. If you do not configure this policy
setting, Internet Explorer prompts users with a Client Authentication message
when they connect to a Web site that has no certificate or only one
certificate. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1A04 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Allow drag and drop or copy and paste files |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can
drag files or copy and paste files from a source within the zone. If you
enable this policy setting, users can drag files or copy and paste files from
this zone automatically. If you select Prompt in the drop-down box, users are
queried to choose whether to drag or copy files from this zone. If you disable this policy setting, users
are prevented from dragging files or copying and pasting files from this
zone. If you do not configure this
policy setting, users can drag files or copy and paste files from this zone
automatically. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1802 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Allow installation of desktop items |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can
install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting,
users can install desktop items from this zone automatically. If you select Prompt in the drop-down box,
users are queried to choose whether to install desktop items from this
zone. If you disable this policy
setting, users are prevented from installing desktop items from this
zone. If you do not configure this
policy setting, users can install desktop items from this zone automatically. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1800 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Launching applications and files in an IFRAME |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether applications
may be run and files may be downloaded from an IFRAME
reference in the HTML of the pages in this zone. If you enable this policy setting, users
can run applications and download files from IFRAMEs on the pages in this
zone without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to run applications and download files
from IFRAMEs on the pages in this zone.
If you disable this policy setting, users are prevented from running
applications and downloading files from IFRAMEs on the pages in this
zone. If you do not configure this
policy setting, users can run applications and download files from IFRAMEs on
the pages in this zone without user intervention. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1804 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Navigate sub-frames across different domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage the opening of
sub-frames and access of applications across different domains. If you
enable this policy setting, users can open sub-frames from other domains and
access applications from other domains. If you select Prompt in the drop-down
box, users are queried whether to allow sub-frames or access to applications
from other domains. If you disable
this policy setting, users cannot open sub-frames or access applications from
different domains. If you do not configure
this policy setting, users can open sub-frames from other domains and access
applications from other domains. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1607 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Open files based on content, not file extension |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage MIME sniffing for
file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet
Explorer of the file type based on a bit signature. If you enable this policy setting, the MIME
Sniffing Safety Feature will not apply in this zone. The security zone will
run without the added layer of security provided by this feature. If you disable this policy setting, the
actions that may be harmful cannot run; this Internet Explorer security
feature will be turned on in this zone, as dictated by the feature control
setting for the process. If you do not
configure this policy setting, the actions that may be harmful cannot run;
this Internet Explorer security feature will be turned on in this zone, as
dictated by the feature control setting for the process. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2100 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Software channel permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage software channel
permissions. If you enable this policy
setting, you can choose the following options from
the drop-down box. Low safety to allow
users to be notified of software updates by e-mail, software packages to be
automatically downloaded to users' computers, and software packages to be
automatically installed on users' computers.
Medium safety to allow users to be notified of software updates by
e-mail and software packages to be automatically downloaded to (but not
installed on) users' computers. High
safety to prevent users from being notified of software updates by e-mail,
software packages from being automatically downloaded to users' computers,
and software packages from being automatically installed on users'
computers. If you disable this policy
setting, permissions are set to high safety.
If you do not configure this policy setting, permissions are set to
Low safety. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1E05 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Submit non-encrypted form data |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether data on HTML
forms on pages in the zone may be submitted. Forms
sent with SSL (Secure Sockets Layer) encryption are always allowed; this
setting only affects non-SSL form data submission. If you enable this policy setting,
information using HTML forms on pages in this zone can be submitted
automatically. If you select Prompt in the drop-down box, users are queried
to choose whether to allow information using HTML forms on pages in this zone
to be submitted. If you disable this
policy setting, information using HTML forms on pages in this zone is
prevented from being submitted. If you
do not configure this policy setting, information using HTML forms on pages
in this zone can be submitted automatically. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1601 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Use Pop-up Blocker |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether unwanted
pop-up windows appear. Pop-up windows that are opened
when the end user clicks a link are not blocked. If you enable this policy setting, most
unwanted pop-up windows are prevented from appearing. If you disable this policy setting, pop-up
windows are not prevented from appearing.
If you do not configure this policy setting, pop-up windows are not
prevented from appearing. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1809 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Userdata persistence |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage the preservation of
information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
When a user returns to a persisted page, the state of the page can be
restored if this policy setting is appropriately configured. If you enable this policy setting, users
can preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you disable this policy setting, users
cannot preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you do not configure this policy
setting, users can preserve information in the browser's history, in
favorites, in an XML store, or directly within a Web page saved to disk. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1606 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Web sites in less privileged Web content zones can navigate
into this zone |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether Web sites
from less privileged zones, such as Internet sites, can navigate into this zone.
If you enable this policy setting, Web sites from less privileged
zones can open new windows in, or navigate into, this zone. The security zone
will run without the added layer of security that is provided by the
Protection from Zone Elevation security feature. If you select Prompt in the
drop-down box, a warning is issued to the user that potentially risky
navigation is about to occur. If you
disable this policy setting, the possibly harmful navigations are prevented.
The Internet Explorer security feature will be on in this zone as set by
Protection from Zone Elevation feature control. If you do not configure this policy
setting, the possibly harmful navigations are prevented. The Internet
Explorer security feature will be on in this zone as set by Protection from
Zone Elevation feature control. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2101 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Allow active scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether script code
on pages in the zone is run. If you
enable this policy setting, script code on pages
in the zone can run automatically. If you select Prompt in the drop-down box,
users are queried to choose whether to allow script code on pages in the zone
to run. If you disable this policy
setting, script code on pages in the zone is prevented from running. If you do not configure this policy
setting, users are queried to choose whether to allow script code on pages in
the Local Machine zone to run. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1400 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Allow paste operations via script |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether scripts can
perform a clipboard operation (for example, cut, copy, and paste) in a specified region. If you enable this policy setting, a script
can perform a clipboard operation. If
you select Prompt in the drop-down box, users are queried as to whether to
perform clipboard operations. If you
disable this policy setting, a script cannot perform a clipboard
operation. If you do not configure
this policy setting, a script can perform a clipboard operation. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1407 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Scripting of Java applets |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether applets are
exposed to scripts within the zone. If
you enable this policy setting, scripts can access
applets automatically without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to allow scripts to access applets. If you disable this policy setting, scripts
are prevented from accessing applets.
If you do not configure this policy setting, scripts can access
applets automatically without user intervention. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1402 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone |
Logon options |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage settings for logon
options. If you enable this policy
setting, you can choose from the following logon
options. Anonymous logon to disable
HTTP authentication and use the guest account only for the Common Internet
File System (CIFS) protocol. Prompt
for user name and password to query users for user IDs and passwords. After a
user is queried, these values can be used silently for the remainder of the
session. Automatic logon only in
Intranet zone to query users for user IDs and passwords in other zones. After
a user is queried, these values can be used silently for the remainder of the
session. Automatic logon with current
user name and password to attempt logon using Windows NT Challenge Response
(also known as NTLM authentication). If Windows NT Challenge Response is
supported by the server, the logon uses the user's network user name and
password for logon. If Windows NT Challenge Response is not supported by the
server, the user is queried to provide the user name and password. If you disable this policy setting, logon
is set to Automatic logon only in Intranet zone. If you do not configure this policy
setting, logon is set to Automatic logon with current username and password. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1A00 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Run .NET Framework-reliant components signed with Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether .NET
Framework components that are signed with Authenticode can be executed from Internet Explorer. These components
include managed controls referenced from an object tag and managed
executables referenced from a link. If
you enable this policy setting, Internet Explorer will execute signed managed
components. If you select Prompt in the drop-down box, Internet Explorer will
prompt the user to determine whether to execute signed managed
components. If you disable this policy
setting, Internet Explorer will not execute signed managed components. If you do not configure this policy
setting, Internet Explorer will not execute signed managed components. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2001 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Run .NET Framework-reliant components not signed with
Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether .NET
Framework components that are not signed with Authenticode can be executed from Internet Explorer. These
components include managed controls referenced from an object tag and managed
executables referenced from a link. If
you enable this policy setting, Internet Explorer will execute unsigned
managed components. If you select Prompt in the drop-down box, Internet
Explorer will prompt the user to determine whether to execute unsigned
managed components. If you disable
this policy setting, Internet Explorer will not execute unsigned managed
components. If you do not configure
this policy setting, Internet Explorer will not execute unsigned managed
components. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2004 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Download signed ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users may
download signed ActiveX controls from a page in the zone. If you enable this policy,
users can download signed controls without user intervention. If you select
Prompt in the drop-down box, users are queried whether to download controls
signed by publishers who aren't trusted. Code signed by trusted publishers is
silently downloaded. If you disable
the policy setting, signed controls cannot be downloaded. If you do not configure this policy setting,
signed controls cannot be downloaded. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1001 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Download unsigned ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users may
download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an
untrusted zone. If you enable this
policy setting, users can run unsigned controls without user intervention. If
you select Prompt in the drop-down box, users are queried to choose whether
to allow the unsigned control to run.
If you disable this policy setting, users cannot run unsigned
controls. If you do not configure this
policy setting, users cannot run unsigned controls. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1004 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Initialize and script ActiveX controls not marked as safe |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage ActiveX controls not
marked as safe. If you enable this
policy setting, ActiveX controls are run, loaded
with parameters, and scripted without setting object safety for untrusted
data or scripts. This setting is not recommended, except for secure and
administered zones. This setting causes both unsafe and safe controls to be
initialized and scripted, ignoring the Script ActiveX controls marked safe
for scripting option. If you enable
this policy setting and select Prompt in the drop-down box, users are queried
whether to allow the control to be loaded with parameters or scripted. If you disable this policy setting, ActiveX
controls that cannot be made safe are not loaded with parameters or
scripted. If you do not configure this
policy setting, ActiveX controls that cannot be made safe are not loaded with
parameters or scripted. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1201 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Run ActiveX controls and plugins |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether ActiveX
controls and plug-ins can be run on pages from the specified zone. If you
enable this policy setting, controls and plug-ins can run without user
intervention. If you selected Prompt
in the drop-down box, users are asked to choose whether to allow the controls
or plug-in to run. If you disable this
policy setting, controls and plug-ins are prevented from running. If you do not configure this policy
setting, controls and plug-ins are prevented from running. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1200 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Script ActiveX controls marked safe for scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether an ActiveX
control marked safe for scripting can interact with a script. If you
enable this policy setting, script interaction can occur automatically
without user intervention. If you
select Prompt in the drop-down box, users are queried to choose whether to
allow script interaction. If you
disable this policy setting, script interaction is prevented from
occurring. If you do not configure
this policy setting, script interaction is prevented from occurring. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1405 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Allow file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether file
downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the
download, not the zone from which the file is delivered. If you enable this policy setting, files
can be downloaded from the zone. If
you disable this policy setting, files are prevented from being downloaded
from the zone. If you do not
configure this policy setting, files are prevented from being downloaded from
the zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1803 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Allow font downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether pages of the
zone may download HTML fonts. If you
enable this policy setting, HTML fonts can be
downloaded automatically. If you enable this policy setting and Prompt is
selected in the drop-down box, users are queried whether to allow HTML fonts
to download. If you disable this
policy setting, HTML fonts are prevented from downloading. If you do not configure this policy
setting, users are queried whether to allow HTML fonts to download. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1604 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Java permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage permissions for Java
applets. If you enable this policy
setting, you can choose options from the drop-down
box. Custom, to control permissions settings individually. Low Safety enables applets to perform all
operations. Medium Safety enables
applets to run in their sandbox (an area in memory outside of which the
program cannot make calls), plus capabilities like scratch space (a safe and
secure storage area on the client computer) and user-controlled file
I/O. High Safety enables applets to
run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java
applets cannot run. If you do not configure
this policy setting, Java applets are disabled. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1C00 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Access data sources across domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether Internet
Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data
Objects (ADO). If you enable this
policy setting, users can load a page in the zone that uses MSXML or ADO to
access data from another site in the zone. If you select Prompt in the
drop-down box, users are queried to choose whether to allow a page to be
loaded in the zone that uses MSXML or ADO to access data from another site in
the zone. If you disable this policy
setting, users cannot load a page in the zone that uses MSXML or ADO to
access data from another site in the zone.
If you do not configure this policy setting, users cannot load a page
in the zone that uses MSXML or ADO to access data from another site in the
zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1406 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Allow active content over restricted protocols to access my
computer |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether a resource
hosted on an admin-restricted protocol in the Trusted Sites Zone can run active content such as script, ActiveX,
Java and Binary Behaviors. The list of restricted protocols may be set in the
Trusted Sites Zone Restricted Protocols section under Network Protocol
Lockdown policy. If you enable this
policy setting, no Trusted Sites Zone content accessed is affected, even for
protocols on the restricted list. If you select Prompt from the drop-down
box, the Information Bar will appear to allow control over questionable content
accessed over any restricted protocols; content over other protocols is
unaffected. If you disable this policy
setting, all attempts to access such content over the restricted protocols is
blocked. If you do not configure this
policy setting, all attempts to access such content over the restricted
protocols is blocked when the Network Protocol Lockdown security feature is
enabled. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2300 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Automatic prompting for file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting determines whether users will be prompted
for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for
user-initiated downloads. If you
enable this setting, users will receive a file download dialog for automatic
download attempts. If you disable or
do not configure this setting, file downloads that are not user-initiated
will be blocked, and users will see the Information Bar instead of the file
download dialog. Users can then click the Information Bar to allow the file
download prompt. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2200 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Automatic prompting for ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting manages whether users will be
automatically prompted for ActiveX control installations. If you enable
this policy setting, users will receive a prompt when a site instantiates an
ActiveX control they do not have installed.
If you disable this policy setting, ActiveX control installations will
be blocked using the Information Bar. Users can click on the Information Bar
to allow the ActiveX control prompt.
If you do not configure this policy setting, ActiveX control
installations will be blocked using the Information Bar. Users can click on
the Information Bar to allow the ActiveX control prompt. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2201 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Allow META REFRESH |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether a user's
browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag)
to redirect browsers to another Web page.
If you enable this policy setting, a user's browser that loads a page
containing an active Meta Refresh setting can be redirected to another Web
page. If you disable this policy
setting, a user's browser that loads a page containing an active Meta Refresh
setting cannot be redirected to another Web page. If you do not configure this policy
setting, a user's browser that loads a page containing an active Meta Refresh
setting cannot be redirected to another Web page. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1608 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Allow script-initiated windows without size or position
constraints |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage restrictions on
script-initiated pop-up windows and windows that include the title and status bars.
If you enable this policy setting, Windows Restrictions security will
not apply in this zone. The security zone runs without the added layer of
security provided by this feature. If
you disable this policy setting, the possible harmful actions contained in
script-initiated pop-up windows and windows that include the title and status
bars cannot be run. This Internet Explorer security feature will be on in
this zone as dictated by the Scripted Windows Security Restrictions feature
control setting for the process. If
you do not configure this policy setting, the possible harmful actions
contained in script-initiated pop-up windows and windows that include the
title and status bars cannot be run. This Internet Explorer security feature
will be on in this zone as dictated by the Scripted Windows Security
Restrictions feature control setting for the process. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2102 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Allow binary and script behaviors |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage dynamic binary and
script behaviors: components that encapsulate specific functionality for HTML elements to which they were
attached. If you enable this policy
setting, binary and script behaviors are available. If you select
Administrator approved in the drop-down box, only behaviors listed in the
Admin-approved Behaviors under Binary Behaviors Security Restriction policy
are available. If you disable this
policy setting, binary and script behaviors are not available unless
applications have implemented a custom security manager. If you do not configure this policy
setting, binary and script behaviors are not available unless applications
have implemented a custom security manager. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2000 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Display mixed content |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can
display nonsecure items and manage whether users receive a security information message to display pages containing both
secure and nonsecure items. If you
enable this policy setting, and the drop-down box is set to Enable, the user
does not receive a security information message (This page contains both
secure and nonsecure items. Do you want to display the nonsecure items?) and
nonsecure content can be displayed. If
the drop-down box is set to Prompt, the user will receive the security
information message on the Web pages that contain both secure (https://) and
nonsecure (http://) content. If you
disable this policy setting, users cannot receive the security information
message and nonsecure content cannot be displayed. If you do not configure this policy
setting, the user will receive the security information message on the Web
pages that contain both secure (https://) and nonsecure (http://) content. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1609 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Do not prompt for client certificate selection when no
certificates or only one certificate exists. |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users are
prompted to select a certificate when no certificate or only one certificate exists. If you enable this policy setting, Internet
Explorer does not prompt users with a Client Authentication message when they
connect to a Web site that has no certificate or only one certificate. If you disable this policy setting,
Internet Explorer prompts users with a Client Authentication message when
they connect to a Web site that has no certificate or only one certificate. If you do not configure this policy
setting, Internet Explorer prompts users with a Client Authentication message
when they connect to a Web site that has no certificate or only one
certificate. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1A04 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Allow drag and drop or copy and paste files |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can
drag files or copy and paste files from a source within the zone. If you
enable this policy setting, users can drag files or copy and paste files from
this zone automatically. If you select Prompt in the drop-down box, users are
queried to choose whether to drag or copy files from this zone. If you disable this policy setting, users
are prevented from dragging files or copying and pasting files from this
zone. If you do not configure this
policy setting, users are queried to choose whether to drag or copy files
from this zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1802 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Allow installation of desktop items |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can
install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting,
users can install desktop items from this zone automatically. If you select Prompt in the drop-down box,
users are queried to choose whether to install desktop items from this
zone. If you disable this policy
setting, users are prevented from installing desktop items from this
zone. If you do not configure this
policy setting, users are prevented from installing desktop items from this
zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1800 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Launching applications and files in an IFRAME |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether applications
may be run and files may be downloaded from an IFRAME
reference in the HTML of the pages in this zone. If you enable this policy setting, users
can run applications and download files from IFRAMEs on the pages in this
zone without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to run applications and download files
from IFRAMEs on the pages in this zone.
If you disable this policy setting, users are prevented from running
applications and downloading files from IFRAMEs on the pages in this
zone. If you do not configure this
policy setting, users are prevented from running applications and downloading
files from IFRAMEs on the pages in this zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1804 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Navigate sub-frames across different domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage the opening of
sub-frames and access of applications across different domains. If you
enable this policy setting, users can open additional sub-frames from other
domains and access applications from other domains. If you select Prompt in
the drop-down box, users are queried whether to allow additional sub-frames
or access to applications from other domains.
If you disable this policy setting, users cannot open other sub-frames
or access applications from different domains. If you do not configure this policy
setting, users cannot open other sub-frames or access applications from
different domains. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1607 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Open files based on content, not file extension |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage MIME sniffing for
file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet
Explorer of the file type based on a bit signature. If you enable this policy setting, the MIME
Sniffing Safety Feature will not apply in this zone. The security zone will
run without the added layer of security provided by this feature. If you disable this policy setting, the
actions that may be harmful cannot run; this Internet Explorer security
feature will be turned on in this zone, as dictated by the feature control
setting for the process. If you do not
configure this policy setting, the actions that may be harmful cannot run;
this Internet Explorer security feature will be turned on in this zone, as
dictated by the feature control setting for the process. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2100 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Software channel permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage software channel
permissions. If you enable this policy
setting, you can choose the following options from
the drop-down box. Low safety to allow
users to be notified of software updates by e-mail, software packages to be
automatically downloaded to users' computers, and software packages to be
automatically installed on users' computers.
Medium safety to allow users to be notified of software updates by
e-mail and software packages to be automatically downloaded to (but not
installed on) users' computers. High
safety to prevent users from being notified of software updates by e-mail,
software packages from being automatically downloaded to users' computers,
and software packages from being automatically installed on users'
computers. If you disable this policy
setting, permissions are set to high safety.
If you do not configure this policy setting, permissions are set to
High safety. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1E05 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Submit non-encrypted form data |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether data on HTML
forms on pages in the zone may be submitted. Forms
sent with SSL (Secure Sockets Layer) encryption are always allowed; this
setting only affects non-SSL form data submission. If you enable this policy setting,
information using HTML forms on pages in this zone can be submitted
automatically. If you select Prompt in the drop-down box, users are queried
to choose whether to allow information using HTML forms on pages in this zone
to be submitted. If you disable this
policy setting, information using HTML forms on pages in this zone is
prevented from being submitted. If you
do not configure this policy setting, users are queried to choose whether to
allow information using HTML forms on pages in this zone to be submitted. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1601 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Use Pop-up Blocker |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether unwanted
pop-up windows appear. Pop-up windows that are opened
when the end user clicks a link are not blocked. If you enable this policy setting, most
unwanted pop-up windows are prevented from appearing. If you disable this policy setting, pop-up
windows are not prevented from appearing.
If you do not configure this policy setting, most unwanted pop-up
windows are prevented from appearing. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1809 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Userdata persistence |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage the preservation of
information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
When a user returns to a persisted page, the state of the page can be
restored if this policy setting is appropriately configured. If you enable this policy setting, users
can preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you disable this policy setting, users
cannot preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you do not configure this policy
setting, users cannot preserve information in the browser's history, in
favorites, in an XML store, or directly within a Web page saved to disk. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1606 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Web sites in less privileged Web content zones can navigate
into this zone |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether Web sites
from less privileged zones, such as Internet sites, can navigate into this zone.
If you enable this policy setting, Web sites from less privileged
zones can open new windows in, or navigate into, this zone. The security zone
will run without the added layer of security that is provided by the
Protection from Zone Elevation security feature. If you select Prompt in the
drop-down box, a warning is issued to the user that potentially risky
navigation is about to occur. If you
disable this policy setting, the possibly harmful navigations are prevented.
The Internet Explorer security feature will be on in this zone as set by
Protection from Zone Elevation feature control. If you do not configure this policy
setting, the possibly harmful navigations are prevented. The Internet
Explorer security feature will be on in this zone as set by Protection from
Zone Elevation feature control. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2101 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Allow active scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether script code
on pages in the zone is run. If you
enable this policy setting, script code on pages
in the zone can run automatically. If you select Prompt in the drop-down box,
users are queried to choose whether to allow script code on pages in the zone
to run. If you disable this policy
setting, script code on pages in the zone is prevented from running. If you do not configure this policy
setting, script code on pages in the zone is prevented from running. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1400 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Allow paste operations via script |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether scripts can
perform a clipboard operation (for example, cut, copy, and paste) in a specified region. If you enable this policy setting, a script
can perform a clipboard operation. If
you select Prompt in the drop-down box, users are queried as to whether to
perform clipboard operations. If you
disable this policy setting, a script cannot perform a clipboard
operation. If you do not configure
this policy setting, a script cannot perform a clipboard operation. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1407 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Scripting of Java applets |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether applets are
exposed to scripts within the zone. If
you enable this policy setting, scripts can access
applets automatically without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to allow scripts to access applets. If you disable this policy setting, scripts
are prevented from accessing applets.
If you do not configure this policy setting, scripts are prevented
from accessing applets. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1402 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone |
Logon options |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage settings for logon
options. If you enable this policy
setting, you can choose from the following logon
options. Anonymous logon to disable
HTTP authentication and use the guest account only for the Common Internet
File System (CIFS) protocol. Prompt
for user name and password to query users for user IDs and passwords. After a
user is queried, these values can be used silently for the remainder of the
session. Automatic logon only in
Intranet zone to query users for user IDs and passwords in other zones. After
a user is queried, these values can be used silently for the remainder of the
session. Automatic logon with current
user name and password to attempt logon using Windows NT Challenge Response
(also known as NTLM authentication). If Windows NT Challenge Response is
supported by the server, the logon uses the user's network user name and
password for logon. If Windows NT Challenge Response is not supported by the
server, the user is queried to provide the user name and password. If you disable this policy setting, logon
is set to Automatic logon only in Intranet zone. If you do not configure this policy
setting, logon is set to Prompt for username and password. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1A00 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites
Zone |
Run .NET Framework-reliant components signed with Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether .NET
Framework components that are signed with Authenticode can be executed from Internet Explorer. These components
include managed controls referenced from an object tag and managed
executables referenced from a link. If
you enable this policy setting, Internet Explorer will execute signed managed
components. If you select Prompt in the drop-down box, Internet Explorer will
prompt the user to determine whether to execute signed managed
components. If you disable this policy
setting, Internet Explorer will not execute signed managed components. If you do not configure this policy
setting, Internet Explorer will not execute signed managed components. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2001 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites
Zone |
Run .NET Framework-reliant components not signed with
Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether .NET
Framework components that are not signed with Authenticode can be executed from Internet Explorer. These
components include managed controls referenced from an object tag and managed
executables referenced from a link. If
you enable this policy setting, Internet Explorer will execute unsigned
managed components. If you select Prompt in the drop-down box, Internet
Explorer will prompt the user to determine whether to execute unsigned
managed components. If you disable
this policy setting, Internet Explorer will not execute unsigned managed
components. If you do not configure
this policy setting, Internet Explorer will not execute unsigned managed
components. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2004 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites
Zone |
Download signed ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users may
download signed ActiveX controls from a page in the zone. If you enable this policy,
users can download signed controls without user intervention. If you select
Prompt in the drop-down box, users are queried whether to download controls
signed by publishers who aren't trusted. Code signed by trusted publishers is
silently downloaded. If you disable
the policy setting, signed controls cannot be downloaded. If you do not configure this policy setting,
signed controls cannot be downloaded. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1001 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites
Zone |
Download unsigned ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users may
download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an
untrusted zone. If you enable this
policy setting, users can run unsigned controls without user intervention. If
you select Prompt in the drop-down box, users are queried to choose whether
to allow the unsigned control to run.
If you disable this policy setting, users cannot run unsigned
controls. If you do not configure this
policy setting, users cannot run unsigned controls. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1004 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites
Zone |
Initialize and script ActiveX controls not marked as safe |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage ActiveX controls not
marked as safe. If you enable this
policy setting, ActiveX controls are run, loaded
with parameters, and scripted without setting object safety for untrusted
data or scripts. This setting is not recommended, except for secure and
administered zones. This setting causes both unsafe and safe controls to be
initialized and scripted, ignoring the Script ActiveX controls marked safe
for scripting option. If you enable
this policy setting and select Prompt in the drop-down box, users are queried
whether to allow the control to be loaded with parameters or scripted. If you disable this policy setting, ActiveX
controls that cannot be made safe are not loaded with parameters or
scripted. If you do not configure this
policy setting, ActiveX controls that cannot be made safe are not loaded with
parameters or scripted. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1201 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites
Zone |
Run ActiveX controls and plugins |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether ActiveX
controls and plug-ins can be run on pages from the specified zone. If you
enable this policy setting, controls and plug-ins can run without user
intervention. If you selected Prompt
in the drop-down box, users are asked to choose whether to allow the controls
or plug-in to run. If you disable this
policy setting, controls and plug-ins are prevented from running. If you do not configure this policy
setting, controls and plug-ins are prevented from running. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1200 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites
Zone |
Script ActiveX controls marked safe for scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether an ActiveX
control marked safe for scripting can interact with a script. If you
enable this policy setting, script interaction can occur automatically
without user intervention. If you
select Prompt in the drop-down box, users are queried to choose whether to
allow script interaction. If you
disable this policy setting, script interaction is prevented from
occurring. If you do not configure
this policy setting, script interaction is prevented from occurring. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1405 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites
Zone |
Allow file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether file
downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the
download, not the zone from which the file is delivered. If you enable this policy setting, files
can be downloaded from the zone. If
you disable this policy setting, files are prevented from being downloaded
from the zone. If you do not
configure this policy setting, files are prevented from being downloaded from
the zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1803 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites
Zone |
Allow font downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether pages of the
zone may download HTML fonts. If you
enable this policy setting, HTML fonts can be
downloaded automatically. If you enable this policy setting and Prompt is
selected in the drop-down box, users are queried whether to allow HTML fonts
to download. If you disable this
policy setting, HTML fonts are prevented from downloading. If you do not configure this policy
setting, users are queried whether to allow HTML fonts to download. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1604 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites
Zone |
Java permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage permissions for Java
applets. If you enable this policy
setting, you can choose options from the drop-down
box. Custom, to control permissions settings individually. Low Safety enables applets to perform all
operations. Medium Safety enables
applets to run in their sandbox (an area in memory outside of which the
program cannot make calls), plus capabilities like scratch space (a safe and
secure storage area on the client computer) and user-controlled file
I/O. High Safety enables applets to
run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java
applets cannot run. If you do not configure
this policy setting, Java applets are disabled. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1C00 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites
Zone |
Access data sources across domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether Internet
Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data
Objects (ADO). If you enable this
policy setting, users can load a page in the zone that uses MSXML or ADO to
access data from another site in the zone. If you select Prompt in the
drop-down box, users are queried to choose whether to allow a page to be
loaded in the zone that uses MSXML or ADO to access data from another site in
the zone. If you disable this policy
setting, users cannot load a page in the zone that uses MSXML or ADO to
access data from another site in the zone.
If you do not configure this policy setting, users cannot load a page
in the zone that uses MSXML or ADO to access data from another site in the
zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1406 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites
Zone |
Automatic prompting for file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting determines whether users will be prompted
for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for
user-initiated downloads. If you
enable this setting, users will receive a file download dialog for automatic
download attempts. If you disable or
do not configure this setting, file downloads that are not user-initiated
will be blocked, and users will see the Information Bar instead of the file
download dialog. Users can then click the Information Bar to allow the file
download prompt. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2200 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites
Zone |
Automatic prompting for ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting manages whether users will be
automatically prompted for ActiveX control installations. If you enable
this policy setting, users will receive a prompt when a site instantiates an
ActiveX control they do not have installed.
If you disable this policy setting, ActiveX control installations will
be blocked using the Information Bar. Users can click on the Information Bar
to allow the ActiveX control prompt.
If you do not configure this policy setting, ActiveX control
installations will be blocked using the Information Bar. Users can click on
the Information Bar to allow the ActiveX control prompt. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2201 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites
Zone |
Allow META REFRESH |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether a user's
browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag)
to redirect browsers to another Web page.
If you enable this policy setting, a user's browser that loads a page
containing an active Meta Refresh setting can be redirected to another Web
page. If you disable this policy
setting, a user's browser that loads a page containing an active Meta Refresh
setting cannot be redirected to another Web page. If you do not configure this policy
setting, a user's browser that loads a page containing an active Meta Refresh
setting cannot be redirected to another Web page. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1608 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites
Zone |
Allow script-initiated windows without size or position
constraints |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage restrictions on
script-initiated pop-up windows and windows that include the title and status bars.
If you enable this policy setting, Windows Restrictions security will
not apply in this zone. The security zone runs without the added layer of
security provided by this feature. If
you disable this policy setting, the possible harmful actions contained in
script-initiated pop-up windows and windows that include the title and status
bars cannot be run. This Internet Explorer security feature will be on in
this zone as dictated by the Scripted Windows Security Restrictions feature
control setting for the process. If
you do not configure this policy setting, the possible harmful actions
contained in script-initiated pop-up windows and windows that include the
title and status bars cannot be run. This Internet Explorer security feature
will be on in this zone as dictated by the Scripted Windows Security
Restrictions feature control setting for the process. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2102 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites
Zone |
Allow binary and script behaviors |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage dynamic binary and
script behaviors: components that encapsulate specific functionality for HTML elements to which they were
attached. If you enable this policy
setting, binary and script behaviors are available. If you select
Administrator approved in the drop-down box, only behaviors listed in the
Admin-approved Behaviors under Binary Behaviors Security Restriction policy
are available. If you disable this
policy setting, binary and script behaviors are not available unless
applications have implemented a custom security manager. If you do not configure this policy
setting, binary and script behaviors are not available unless applications
have implemented a custom security manager. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2000 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites
Zone |
Display mixed content |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can
display nonsecure items and manage whether users receive a security information message to display pages containing both
secure and nonsecure items. If you
enable this policy setting, and the drop-down box is set to Enable, the user
does not receive a security information message (This page contains both
secure and nonsecure items. Do you want to display the nonsecure items?) and
nonsecure content can be displayed. If
the drop-down box is set to Prompt, the user will receive the security
information message on the Web pages that contain both secure (https://) and
nonsecure (http://) content. If you
disable this policy setting, users cannot receive the security information
message and nonsecure content cannot be displayed. If you do not configure this policy
setting, the user will receive the security information message on the Web
pages that contain both secure (https://) and nonsecure (http://) content. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1609 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites
Zone |
Do not prompt for client certificate selection when no
certificates or only one certificate exists. |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users are
prompted to select a certificate when no certificate or only one certificate exists. If you enable this policy setting, Internet
Explorer does not prompt users with a Client Authentication message when they
connect to a Web site that has no certificate or only one certificate. If you disable this policy setting,
Internet Explorer prompts users with a Client Authentication message when
they connect to a Web site that has no certificate or only one certificate. If you do not configure this policy
setting, Internet Explorer prompts users with a Client Authentication message
when they connect to a Web site that has no certificate or only one
certificate. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1A04 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites
Zone |
Allow drag and drop or copy and paste files |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can
drag files or copy and paste files from a source within the zone. If you
enable this policy setting, users can drag files or copy and paste files from
this zone automatically. If you select Prompt in the drop-down box, users are
queried to choose whether to drag or copy files from this zone. If you disable this policy setting, users
are prevented from dragging files or copying and pasting files from this
zone. If you do not configure this
policy setting, users are queried to choose whether to drag or copy files
from this zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1802 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites
Zone |
Allow installation of desktop items |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can
install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting,
users can install desktop items from this zone automatically. If you select Prompt in the drop-down box,
users are queried to choose whether to install desktop items from this
zone. If you disable this policy
setting, users are prevented from installing desktop items from this
zone. If you do not configure this
policy setting, users are prevented from installing desktop items from this
zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1800 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites
Zone |
Launching applications and files in an IFRAME |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether applications
may be run and files may be downloaded from an IFRAME
reference in the HTML of the pages in this zone. If you enable this policy setting, users
can run applications and download files from IFRAMEs on the pages in this
zone without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to run applications and download files
from IFRAMEs on the pages in this zone.
If you disable this policy setting, users are prevented from running
applications and downloading files from IFRAMEs on the pages in this
zone. If you do not configure this
policy setting, users are prevented from running applications and downloading
files from IFRAMEs on the pages in this zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1804 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites
Zone |
Navigate sub-frames across different domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage the opening of
sub-frames and access of applications across different domains. If you
enable this policy setting, users can open additional sub-frames from other
domains and access applications from other domains. If you select Prompt in
the drop-down box, users are queried whether to allow additional sub-frames
or access to applications from other domains.
If you disable this policy setting, users cannot open other sub-frames
or access applications from different domains. If you do not configure this policy
setting, users cannot open other sub-frames or access applications from
different domains. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1607 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites
Zone |
Open files based on content, not file extension |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage MIME sniffing for
file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet
Explorer of the file type based on a bit signature. If you enable this policy setting, the MIME
Sniffing Safety Feature will not apply in this zone. The security zone will
run without the added layer of security provided by this feature. If you disable this policy setting, the
actions that may be harmful cannot run; this Internet Explorer security
feature will be turned on in this zone, as dictated by the feature control
setting for the process. If you do not
configure this policy setting, the actions that may be harmful cannot run;
this Internet Explorer security feature will be turned on in this zone, as
dictated by the feature control setting for the process. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2100 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites
Zone |
Software channel permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage software channel
permissions. If you enable this policy
setting, you can choose the following options from
the drop-down box. Low safety to allow
users to be notified of software updates by e-mail, software packages to be
automatically downloaded to users' computers, and software packages to be
automatically installed on users' computers.
Medium safety to allow users to be notified of software updates by
e-mail and software packages to be automatically downloaded to (but not
installed on) users' computers. High
safety to prevent users from being notified of software updates by e-mail,
software packages from being automatically downloaded to users' computers,
and software packages from being automatically installed on users'
computers. If you disable this policy
setting, permissions are set to high safety.
If you do not configure this policy setting, permissions are set to
Low safety. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1E05 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites
Zone |
Submit non-encrypted form data |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether data on HTML
forms on pages in the zone may be submitted. Forms
sent with SSL (Secure Sockets Layer) encryption are always allowed; this
setting only affects non-SSL form data submission. If you enable this policy setting,
information using HTML forms on pages in this zone can be submitted
automatically. If you select Prompt in the drop-down box, users are queried
to choose whether to allow information using HTML forms on pages in this zone
to be submitted. If you disable this
policy setting, information using HTML forms on pages in this zone is
prevented from being submitted. If you
do not configure this policy setting, users are queried to choose whether to
allow information using HTML forms on pages in this zone to be submitted. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1601 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites
Zone |
Use Pop-up Blocker |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether unwanted
pop-up windows appear. Pop-up windows that are opened
when the end user clicks a link are not blocked. If you enable this policy setting, most
unwanted pop-up windows are prevented from appearing. If you disable this policy setting, pop-up
windows are not prevented from appearing.
If you do not configure this policy setting, most unwanted pop-up
windows are prevented from appearing. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1809 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites
Zone |
Userdata persistence |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage the preservation of
information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
When a user returns to a persisted page, the state of the page can be
restored if this policy setting is appropriately configured. If you enable this policy setting, users
can preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you disable this policy setting, users
cannot preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you do not configure this policy
setting, users cannot preserve information in the browser's history, in
favorites, in an XML store, or directly within a Web page saved to disk. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1606 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites
Zone |
Web sites in less privileged Web content zones can navigate
into this zone |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether Web sites
from less privileged zones, such as Internet sites, can navigate into this zone.
If you enable this policy setting, Web sites from less privileged
zones can open new windows in, or navigate into, this zone. The security zone
will run without the added layer of security that is provided by the
Protection from Zone Elevation security feature. If you select Prompt in the
drop-down box, a warning is issued to the user that potentially risky
navigation is about to occur. If you
disable this policy setting, the possibly harmful navigations are prevented.
The Internet Explorer security feature will be on in this zone as set by
Protection from Zone Elevation feature control. If you do not configure this policy
setting, the possibly harmful navigations are prevented. The Internet
Explorer security feature will be on in this zone as set by Protection from
Zone Elevation feature control. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2101 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites
Zone |
Allow active scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether script code
on pages in the zone is run. If you
enable this policy setting, script code on pages
in the zone can run automatically. If you select Prompt in the drop-down box,
users are queried to choose whether to allow script code on pages in the zone
to run. If you disable this policy
setting, script code on pages in the zone is prevented from running. If you do not configure this policy
setting, script code on pages in the zone is prevented from running. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1400 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites
Zone |
Allow paste operations via script |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether scripts can
perform a clipboard operation (for example, cut, copy, and paste) in a specified region. If you enable this policy setting, a script
can perform a clipboard operation. If
you select Prompt in the drop-down box, users are queried as to whether to
perform clipboard operations. If you
disable this policy setting, a script cannot perform a clipboard
operation. If you do not configure
this policy setting, a script cannot perform a clipboard operation. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1407 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites
Zone |
Scripting of Java applets |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether applets are
exposed to scripts within the zone. If
you enable this policy setting, scripts can access
applets automatically without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to allow scripts to access applets. If you disable this policy setting, scripts
are prevented from accessing applets.
If you do not configure this policy setting, scripts are prevented
from accessing applets. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1402 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites
Zone |
Logon options |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage settings for logon
options. If you enable this policy
setting, you can choose from the following logon
options. Anonymous logon to disable
HTTP authentication and use the guest account only for the Common Internet
File System (CIFS) protocol. Prompt
for user name and password to query users for user IDs and passwords. After a
user is queried, these values can be used silently for the remainder of the
session. Automatic logon only in
Intranet zone to query users for user IDs and passwords in other zones. After
a user is queried, these values can be used silently for the remainder of the
session. Automatic logon with current
user name and password to attempt logon using Windows NT Challenge Response
(also known as NTLM authentication). If Windows NT Challenge Response is
supported by the server, the logon uses the user's network user name and
password for logon. If Windows NT Challenge Response is not supported by the
server, the user is queried to provide the user name and password. If you disable this policy setting, logon
is set to Automatic logon only in Intranet zone. If you do not configure this policy
setting, logon is set to Prompt for username and password. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1A00 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Run .NET Framework-reliant components signed with Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether .NET
Framework components that are signed with Authenticode can be executed from Internet Explorer. These components
include managed controls referenced from an object tag and managed
executables referenced from a link. If
you enable this policy setting, Internet Explorer will execute signed managed
components. If you select Prompt in the drop-down box, Internet Explorer will
prompt the user to determine whether to execute signed managed
components. If you disable this policy
setting, Internet Explorer will not execute signed managed components. If you do not configure this policy
setting, Internet Explorer will not execute signed managed components. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2001 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Run .NET Framework-reliant components not signed with
Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether .NET
Framework components that are not signed with Authenticode can be executed from Internet Explorer. These
components include managed controls referenced from an object tag and managed
executables referenced from a link. If
you enable this policy setting, Internet Explorer will execute unsigned
managed components. If you select Prompt in the drop-down box, Internet
Explorer will prompt the user to determine whether to execute unsigned
managed components. If you disable
this policy setting, Internet Explorer will not execute unsigned managed
components. If you do not configure
this policy setting, Internet Explorer will not execute unsigned managed
components. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2004 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Download signed ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users may
download signed ActiveX controls from a page in the zone. If you enable this policy,
users can download signed controls without user intervention. If you select
Prompt in the drop-down box, users are queried whether to download controls
signed by publishers who aren't trusted. Code signed by trusted publishers is
silently downloaded. If you disable
the policy setting, signed controls cannot be downloaded. If you do not configure this policy setting,
users can download signed controls without user intervention. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1001 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Download unsigned ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users may
download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an
untrusted zone. If you enable this
policy setting, users can run unsigned controls without user intervention. If
you select Prompt in the drop-down box, users are queried to choose whether
to allow the unsigned control to run.
If you disable this policy setting, users cannot run unsigned
controls. If you do not configure this
policy setting, users can run unsigned controls without user intervention. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1004 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Initialize and script ActiveX controls not marked as safe |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage ActiveX controls not
marked as safe. If you enable this
policy setting, ActiveX controls are run, loaded
with parameters, and scripted without setting object safety for untrusted
data or scripts. This setting is not recommended, except for secure and
administered zones. This setting causes both unsafe and safe controls to be
initialized and scripted, ignoring the Script ActiveX controls marked safe
for scripting option. If you enable
this policy setting and select Prompt in the drop-down box, users are queried
whether to allow the control to be loaded with parameters or scripted. If you disable this policy setting, ActiveX
controls that cannot be made safe are not loaded with parameters or
scripted. If you do not configure this
policy setting, users are queried whether to allow the control to be loaded
with parameters or scripted. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1201 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Run ActiveX controls and plugins |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether ActiveX
controls and plug-ins can be run on pages from the specified zone. If you
enable this policy setting, controls and plug-ins can run without user
intervention. If you selected Prompt
in the drop-down box, users are asked to choose whether to allow the controls
or plug-in to run. If you disable this
policy setting, controls and plug-ins are prevented from running. If you do not configure this policy
setting, controls and plug-ins can run without user intervention. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1200 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Script ActiveX controls marked safe for scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether an ActiveX
control marked safe for scripting can interact with a script. If you
enable this policy setting, script interaction can occur automatically
without user intervention. If you
select Prompt in the drop-down box, users are queried to choose whether to
allow script interaction. If you
disable this policy setting, script interaction is prevented from
occurring. If you do not configure
this policy setting, script interaction can occur automatically without user
intervention. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1405 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Allow file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether file
downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the
download, not the zone from which the file is delivered. If you enable this policy setting, files
can be downloaded from the zone. If
you disable this policy setting, files are prevented from being downloaded
from the zone. If you do not
configure this policy setting, files can be downloaded from the zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1803 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Allow font downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether pages of the
zone may download HTML fonts. If you
enable this policy setting, HTML fonts can be
downloaded automatically. If you enable this policy setting and Prompt is
selected in the drop-down box, users are queried whether to allow HTML fonts
to download. If you disable this
policy setting, HTML fonts are prevented from downloading. If you do not configure this policy
setting, HTML fonts can be downloaded automatically. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1604 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Java permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage permissions for Java
applets. If you enable this policy
setting, you can choose options from the drop-down
box. Custom, to control permissions settings individually. Low Safety enables applets to perform all
operations. Medium Safety enables
applets to run in their sandbox (an area in memory outside of which the
program cannot make calls), plus capabilities like scratch space (a safe and
secure storage area on the client computer) and user-controlled file
I/O. High Safety enables applets to
run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java
applets cannot run. If you do not configure
this policy setting, the permission is set to Medium Safety. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1C00 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Access data sources across domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether Internet
Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data
Objects (ADO). If you enable this
policy setting, users can load a page in the zone that uses MSXML or ADO to
access data from another site in the zone. If you select Prompt in the
drop-down box, users are queried to choose whether to allow a page to be
loaded in the zone that uses MSXML or ADO to access data from another site in
the zone. If you disable this policy
setting, users cannot load a page in the zone that uses MSXML or ADO to
access data from another site in the zone.
If you do not configure this policy setting, users can load a page in
the zone that uses MSXML or ADO to access data from another site in the zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1406 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Allow active content over restricted protocols to access my
computer |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether a resource
hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script, ActiveX, Java
and Binary Behaviors. The list of restricted protocols may be set in the
Intranet Zone Restricted Protocols section under Network Protocol Lockdown
policy. If you enable this policy
setting, no Intranet Zone content accessed is affected, even for protocols on
the restricted list. If you select Prompt from the drop-down box, the
Information Bar will appear to allow control over questionable content
accessed over any restricted protocols; content over other protocols is
unaffected. If you disable this policy
setting, all attempts to access such content over the restricted protocols is
blocked. If you do not configure this
policy setting, the Information Bar will appear to allow control over
questionable content accessed over any restricted protocols when the Network
Protocol Lockdown security feature is enabled. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2300 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Automatic prompting for file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting determines whether users will be prompted
for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for
user-initiated downloads. If you
enable this setting, users will receive a file download dialog for automatic
download attempts. If you disable or
do not configure this setting, users will receive a file download dialog for
automatic download attempts. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2200 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Automatic prompting for ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting manages whether users will be
automatically prompted for ActiveX control installations. If you enable
this policy setting, users will receive a prompt when a site instantiates an
ActiveX control they do not have installed.
If you disable this policy setting, ActiveX control installations will
be blocked using the Information Bar. Users can click on the Information Bar
to allow the ActiveX control prompt.
If you do not configure this policy setting, users will receive a
prompt when a site instantiates an ActiveX control they do not have
installed. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2201 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Allow META REFRESH |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether a user's
browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag)
to redirect browsers to another Web page.
If you enable this policy setting, a user's browser that loads a page
containing an active Meta Refresh setting can be redirected to another Web
page. If you disable this policy
setting, a user's browser that loads a page containing an active Meta Refresh
setting cannot be redirected to another Web page. If you do not configure this policy
setting, a user's browser that loads a page containing an active Meta Refresh
setting can be redirected to another Web page. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1608 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Allow script-initiated windows without size or position
constraints |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage restrictions on
script-initiated pop-up windows and windows that include the title and status bars.
If you enable this policy setting, Windows Restrictions security will
not apply in this zone. The security zone runs without the added layer of
security provided by this feature. If
you disable this policy setting, the possible harmful actions contained in
script-initiated pop-up windows and windows that include the title and status
bars cannot be run. This Internet Explorer security feature will be on in
this zone as dictated by the Scripted Windows Security Restrictions feature
control setting for the process. If
you do not configure this policy setting, Windows Restrictions security will
not apply in this zone. The security zone runs without the added layer of
security provided by this feature. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2102 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Allow binary and script behaviors |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage dynamic binary and
script behaviors: components that encapsulate specific functionality for HTML elements to which they were
attached. If you enable this policy
setting, binary and script behaviors are available. If you select
Administrator approved in the drop-down box, only behaviors listed in the
Admin-approved Behaviors under Binary Behaviors Security Restriction policy
are available. If you disable this
policy setting, binary and script behaviors are not available unless
applications have implemented a custom security manager. If you do not configure this policy
setting, binary and script behaviors are available. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2000 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Display mixed content |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can
display nonsecure items and manage whether users receive a security information message to display pages containing both
secure and nonsecure items. If you
enable this policy setting, and the drop-down box is set to Enable, the user
does not receive a security information message (This page contains both
secure and nonsecure items. Do you want to display the nonsecure items?) and
nonsecure content can be displayed. If
the drop-down box is set to Prompt, the user will receive the security
information message on the Web pages that contain both secure (https://) and
nonsecure (http://) content. If you
disable this policy setting, users cannot receive the security information
message and nonsecure content cannot be displayed. If you do not configure this policy
setting, the user will receive the security information message on the Web
pages that contain both secure (https://) and nonsecure (http://) content. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1609 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Do not prompt for client certificate selection when no
certificates or only one certificate exists. |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users are
prompted to select a certificate when no certificate or only one certificate exists. If you enable this policy setting, Internet
Explorer does not prompt users with a Client Authentication message when they
connect to a Web site that has no certificate or only one certificate. If you disable this policy setting,
Internet Explorer prompts users with a Client Authentication message when
they connect to a Web site that has no certificate or only one certificate. If you do not configure this policy
setting, Internet Explorer does not prompt users with a Client Authentication
message when they connect to a Web site that has no certificate or only one
certificate. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1A04 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Allow drag and drop or copy and paste files |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can
drag files or copy and paste files from a source within the zone. If you
enable this policy setting, users can drag files or copy and paste files from
this zone automatically. If you select Prompt in the drop-down box, users are
queried to choose whether to drag or copy files from this zone. If you disable this policy setting, users
are prevented from dragging files or copying and pasting files from this
zone. If you do not configure this
policy setting, users can drag files or copy and paste files from this zone
automatically. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1802 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Allow installation of desktop items |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can
install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting,
users can install desktop items from this zone automatically. If you select Prompt in the drop-down box,
users are queried to choose whether to install desktop items from this
zone. If you disable this policy
setting, users are prevented from installing desktop items from this
zone. If you do not configure this
policy setting, users can install desktop items from this zone automatically. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1800 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Launching applications and files in an IFRAME |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether applications
may be run and files may be downloaded from an IFRAME
reference in the HTML of the pages in this zone. If you enable this policy setting, users
can run applications and download files from IFRAMEs on the pages in this
zone without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to run applications and download files
from IFRAMEs on the pages in this zone.
If you disable this policy setting, users are prevented from running
applications and downloading files from IFRAMEs on the pages in this
zone. If you do not configure this
policy setting, users can run applications and download files from IFRAMEs on
the pages in this zone without user intervention. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1804 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Navigate sub-frames across different domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage the opening of
sub-frames and access of applications across different domains. If you
enable this policy setting, users can open sub-frames from other domains and
access applications from other domains. If you select Prompt in the drop-down
box, users are queried whether to allow sub-frames or access to applications
from other domains. If you disable
this policy setting, users cannot open sub-frames or access applications from
different domains. If you do not configure
this policy setting, users can open sub-frames from other domains and access
applications from other domains. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1607 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Open files based on content, not file extension |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage MIME sniffing for
file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet
Explorer of the file type based on a bit signature. If you enable this policy setting, the MIME
Sniffing Safety Feature will not apply in this zone. The security zone will
run without the added layer of security provided by this feature. If you disable this policy setting, the
actions that may be harmful cannot run; this Internet Explorer security
feature will be turned on in this zone, as dictated by the feature control
setting for the process. If you do not
configure this policy setting, the MIME Sniffing Safety Feature will not
apply in this zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2100 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Software channel permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage software channel
permissions. If you enable this policy
setting, you can choose the following options from
the drop-down box. Low safety to allow
users to be notified of software updates by e-mail, software packages to be
automatically downloaded to users' computers, and software packages to be
automatically installed on users' computers.
Medium safety to allow users to be notified of software updates by
e-mail and software packages to be automatically downloaded to (but not
installed on) users' computers. High
safety to prevent users from being notified of software updates by e-mail,
software packages from being automatically downloaded to users' computers,
and software packages from being automatically installed on users'
computers. If you disable this policy
setting, permissions are set to high safety.
If you do not configure this policy setting, permissions are set to
Low safety. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1E05 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Submit non-encrypted form data |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether data on HTML
forms on pages in the zone may be submitted. Forms
sent with SSL (Secure Sockets Layer) encryption are always allowed; this
setting only affects non-SSL form data submission. If you enable this policy setting,
information using HTML forms on pages in this zone can be submitted
automatically. If you select Prompt in the drop-down box, users are queried
to choose whether to allow information using HTML forms on pages in this zone
to be submitted. If you disable this
policy setting, information using HTML forms on pages in this zone is
prevented from being submitted. If you
do not configure this policy setting, information using HTML forms on pages
in this zone can be submitted automatically. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1601 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Use Pop-up Blocker |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether unwanted
pop-up windows appear. Pop-up windows that are opened
when the end user clicks a link are not blocked. If you enable this policy setting, most
unwanted pop-up windows are prevented from appearing. If you disable this policy setting, pop-up
windows are not prevented from appearing.
If you do not configure this policy setting, pop-up windows are not
prevented from appearing. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1809 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Userdata persistence |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage the preservation of
information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
When a user returns to a persisted page, the state of the page can be
restored if this policy setting is appropriately configured. If you enable this policy setting, users
can preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you disable this policy setting, users
cannot preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you do not configure this policy
setting, users can preserve information in the browser's history, in
favorites, in an XML store, or directly within a Web page saved to disk. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1606 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Web sites in less privileged Web content zones can navigate
into this zone |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether Web sites
from less privileged zones, such as Internet sites, can navigate into this zone.
If you enable this policy setting, Web sites from less privileged
zones can open new windows in, or navigate into, this zone. The security zone
will run without the added layer of security that is provided by the
Protection from Zone Elevation security feature. If you select Prompt in the
drop-down box, a warning is issued to the user that potentially risky
navigation is about to occur. If you
disable this policy setting, the possibly harmful navigations are prevented.
The Internet Explorer security feature will be on in this zone as set by
Protection from Zone Elevation feature control. If you do not configure this policy
setting, the possibly harmful navigations are prevented. The Internet
Explorer security feature will be on in this zone as set by Protection from
Zone Elevation feature control. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2101 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Allow active scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether script code
on pages in the zone is run. If you
enable this policy setting, script code on pages
in the zone can run automatically. If you select Prompt in the drop-down box,
users are queried to choose whether to allow script code on pages in the zone
to run. If you disable this policy
setting, script code on pages in the zone is prevented from running. If you do not configure this policy
setting, script code on pages in the zone can run automatically. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1400 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Allow paste operations via script |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether scripts can
perform a clipboard operation (for example, cut, copy, and paste) in a specified region. If you enable this policy setting, a script
can perform a clipboard operation. If
you select Prompt in the drop-down box, users are queried as to whether to
perform clipboard operations. If you
disable this policy setting, a script cannot perform a clipboard
operation. If you do not configure
this policy setting, a script can perform a clipboard operation. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1407 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Scripting of Java applets |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether applets are
exposed to scripts within the zone. If
you enable this policy setting, scripts can access
applets automatically without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to allow scripts to access applets. If you disable this policy setting, scripts
are prevented from accessing applets.
If you do not configure this policy setting, scripts can access
applets automatically without user intervention. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1402 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local Machine Zone |
Logon options |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage settings for logon
options. If you enable this policy
setting, you can choose from the following logon
options. Anonymous logon to disable
HTTP authentication and use the guest account only for the Common Internet
File System (CIFS) protocol. Prompt
for user name and password to query users for user IDs and passwords. After a
user is queried, these values can be used silently for the remainder of the
session. Automatic logon only in
Intranet zone to query users for user IDs and passwords in other zones. After
a user is queried, these values can be used silently for the remainder of the
session. Automatic logon with current
user name and password to attempt logon using Windows NT Challenge Response
(also known as NTLM authentication). If Windows NT Challenge Response is
supported by the server, the logon uses the user's network user name and
password for logon. If Windows NT Challenge Response is not supported by the
server, the user is queried to provide the user name and password. If you disable this policy setting, logon
is set to Automatic logon only in Intranet zone. If you do not configure this policy
setting, logon is set to Automatic logon with current username and password. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1A00 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Run .NET Framework-reliant components signed with Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether .NET
Framework components that are signed with Authenticode can be executed from Internet Explorer. These components
include managed controls referenced from an object tag and managed
executables referenced from a link. If
you enable this policy setting, Internet Explorer will execute signed managed
components. If you select Prompt in the drop-down box, Internet Explorer will
prompt the user to determine whether to execute signed managed
components. If you disable this policy
setting, Internet Explorer will not execute signed managed components. If you do not configure this policy
setting, Internet Explorer will not execute signed managed components. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2001 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Run .NET Framework-reliant components not signed with
Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether .NET
Framework components that are not signed with Authenticode can be executed from Internet Explorer. These
components include managed controls referenced from an object tag and managed
executables referenced from a link. If
you enable this policy setting, Internet Explorer will execute unsigned
managed components. If you select Prompt in the drop-down box, Internet
Explorer will prompt the user to determine whether to execute unsigned
managed components. If you disable
this policy setting, Internet Explorer will not execute unsigned managed
components. If you do not configure
this policy setting, Internet Explorer will not execute unsigned managed
components. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2004 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Download signed ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users may
download signed ActiveX controls from a page in the zone. If you enable this policy,
users can download signed controls without user intervention. If you select
Prompt in the drop-down box, users are queried whether to download controls
signed by publishers who aren't trusted. Code signed by trusted publishers is
silently downloaded. If you disable
the policy setting, signed controls cannot be downloaded. If you do not configure this policy setting,
users can download signed controls without user intervention. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1001 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Download unsigned ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users may
download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an
untrusted zone. If you enable this
policy setting, users can run unsigned controls without user intervention. If
you select Prompt in the drop-down box, users are queried to choose whether
to allow the unsigned control to run.
If you disable this policy setting, users cannot run unsigned
controls. If you do not configure this
policy setting, users cannot run unsigned controls. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1004 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Initialize and script ActiveX controls not marked as safe |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage ActiveX controls not
marked as safe. If you enable this
policy setting, ActiveX controls are run, loaded
with parameters, and scripted without setting object safety for untrusted
data or scripts. This setting is not recommended, except for secure and
administered zones. This setting causes both unsafe and safe controls to be
initialized and scripted, ignoring the Script ActiveX controls marked safe
for scripting option. If you enable
this policy setting and select Prompt in the drop-down box, users are queried
whether to allow the control to be loaded with parameters or scripted. If you disable this policy setting, ActiveX
controls that cannot be made safe are not loaded with parameters or
scripted. If you do not configure this
policy setting, ActiveX controls that cannot be made safe are not loaded with
parameters or scripted. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1201 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Run ActiveX controls and plugins |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether ActiveX
controls and plug-ins can be run on pages from the specified zone. If you
enable this policy setting, controls and plug-ins can run without user
intervention. If you selected Prompt
in the drop-down box, users are asked to choose whether to allow the controls
or plug-in to run. If you disable this
policy setting, controls and plug-ins are prevented from running. If you do not configure this policy
setting, controls and plug-ins are prevented from running. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1200 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Script ActiveX controls marked safe for scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether an ActiveX
control marked safe for scripting can interact with a script. If you
enable this policy setting, script interaction can occur automatically
without user intervention. If you
select Prompt in the drop-down box, users are queried to choose whether to
allow script interaction. If you
disable this policy setting, script interaction is prevented from
occurring. If you do not configure
this policy setting, script interaction can occur automatically without user
intervention. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1405 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Allow file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether file
downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the
download, not the zone from which the file is delivered. If you enable this policy setting, files
can be downloaded from the zone. If
you disable this policy setting, files are prevented from being downloaded
from the zone. If you do not
configure this policy setting, files can be downloaded from the zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1803 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Allow font downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether pages of the
zone may download HTML fonts. If you
enable this policy setting, HTML fonts can be
downloaded automatically. If you enable this policy setting and Prompt is
selected in the drop-down box, users are queried whether to allow HTML fonts
to download. If you disable this
policy setting, HTML fonts are prevented from downloading. If you do not configure this policy
setting, HTML fonts can be downloaded automatically. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1604 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Java permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage permissions for Java
applets. If you enable this policy
setting, you can choose options from the drop-down
box. Custom, to control permissions settings individually. Low Safety enables applets to perform all
operations. Medium Safety enables
applets to run in their sandbox (an area in memory outside of which the
program cannot make calls), plus capabilities like scratch space (a safe and
secure storage area on the client computer) and user-controlled file
I/O. High Safety enables applets to
run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java
applets cannot run. If you do not configure
this policy setting, Java applets are disabled. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1C00 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Access data sources across domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether Internet
Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data
Objects (ADO). If you enable this
policy setting, users can load a page in the zone that uses MSXML or ADO to
access data from another site in the zone. If you select Prompt in the
drop-down box, users are queried to choose whether to allow a page to be
loaded in the zone that uses MSXML or ADO to access data from another site in
the zone. If you disable this policy
setting, users cannot load a page in the zone that uses MSXML or ADO to
access data from another site in the zone.
If you do not configure this policy setting, users can load a page in
the zone that uses MSXML or ADO to access data from another site in the zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1406 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Automatic prompting for file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting determines whether users will be prompted
for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for
user-initiated downloads. If you
enable this setting, users will receive a file download dialog for automatic
download attempts. If you disable or
do not configure this setting, file downloads that are not user-initiated
will be blocked, and users will see the Information Bar instead of the file
download dialog. Users can then click the Information Bar to allow the file
download prompt. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2200 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Automatic prompting for ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting manages whether users will be
automatically prompted for ActiveX control installations. If you enable
this policy setting, users will receive a prompt when a site instantiates an
ActiveX control they do not have installed.
If you disable this policy setting, ActiveX control installations will
be blocked using the Information Bar. Users can click on the Information Bar
to allow the ActiveX control prompt.
If you do not configure this policy setting, ActiveX control
installations will be blocked using the Information Bar. Users can click on
the Information Bar to allow the ActiveX control prompt. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2201 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Allow META REFRESH |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether a user's
browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag)
to redirect browsers to another Web page.
If you enable this policy setting, a user's browser that loads a page
containing an active Meta Refresh setting can be redirected to another Web
page. If you disable this policy
setting, a user's browser that loads a page containing an active Meta Refresh
setting cannot be redirected to another Web page. If you do not configure this policy
setting, a user's browser that loads a page containing an active Meta Refresh
setting can be redirected to another Web page. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1608 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Allow script-initiated windows without size or position
constraints |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage restrictions on
script-initiated pop-up windows and windows that include the title and status bars.
If you enable this policy setting, Windows Restrictions security will
not apply in this zone. The security zone runs without the added layer of
security provided by this feature. If
you disable this policy setting, the possible harmful actions contained in
script-initiated pop-up windows and windows that include the title and status
bars cannot be run. This Internet Explorer security feature will be on in
this zone as dictated by the Scripted Windows Security Restrictions feature
control setting for the process. If
you do not configure this policy setting, the possible harmful actions
contained in script-initiated pop-up windows and windows that include the
title and status bars cannot be run. This Internet Explorer security feature
will be on in this zone as dictated by the Scripted Windows Security
Restrictions feature control setting for the process. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2102 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Allow binary and script behaviors |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage dynamic binary and
script behaviors: components that encapsulate specific functionality for HTML elements to which they were
attached. If you enable this policy
setting, binary and script behaviors are available. If you select
Administrator approved in the drop-down box, only behaviors listed in the
Admin-approved Behaviors under Binary Behaviors Security Restriction policy
are available. If you disable this
policy setting, binary and script behaviors are not available unless
applications have implemented a custom security manager. If you do not configure this policy
setting, only behaviors listed in the Admin-approved Behaviors under Binary
Behaviors Security Restriction policy are available. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2000 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Display mixed content |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can
display nonsecure items and manage whether users receive a security information message to display pages containing both
secure and nonsecure items. If you
enable this policy setting, and the drop-down box is set to Enable, the user
does not receive a security information message (This page contains both
secure and nonsecure items. Do you want to display the nonsecure items?) and
nonsecure content can be displayed. If
the drop-down box is set to Prompt, the user will receive the security
information message on the Web pages that contain both secure (https://) and
nonsecure (http://) content. If you
disable this policy setting, users cannot receive the security information
message and nonsecure content cannot be displayed. If you do not configure this policy
setting, the user will receive the security information message on the Web
pages that contain both secure (https://) and nonsecure (http://) content. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1609 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Do not prompt for client certificate selection when no
certificates or only one certificate exists. |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users are
prompted to select a certificate when no certificate or only one certificate exists. If you enable this policy setting, Internet
Explorer does not prompt users with a Client Authentication message when they
connect to a Web site that has no certificate or only one certificate. If you disable this policy setting,
Internet Explorer prompts users with a Client Authentication message when
they connect to a Web site that has no certificate or only one certificate. If you do not configure this policy
setting, Internet Explorer prompts users with a Client Authentication message
when they connect to a Web site that has no certificate or only one
certificate. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1A04 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Allow drag and drop or copy and paste files |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can
drag files or copy and paste files from a source within the zone. If you
enable this policy setting, users can drag files or copy and paste files from
this zone automatically. If you select Prompt in the drop-down box, users are
queried to choose whether to drag or copy files from this zone. If you disable this policy setting, users
are prevented from dragging files or copying and pasting files from this
zone. If you do not configure this
policy setting, users can drag files or copy and paste files from this zone
automatically. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1802 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Allow installation of desktop items |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can
install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting,
users can install desktop items from this zone automatically. If you select Prompt in the drop-down box,
users are queried to choose whether to install desktop items from this
zone. If you disable this policy
setting, users are prevented from installing desktop items from this
zone. If you do not configure this
policy setting, users can install desktop items from this zone automatically. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1800 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Launching applications and files in an IFRAME |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether applications
may be run and files may be downloaded from an IFRAME
reference in the HTML of the pages in this zone. If you enable this policy setting, users
can run applications and download files from IFRAMEs on the pages in this
zone without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to run applications and download files
from IFRAMEs on the pages in this zone.
If you disable this policy setting, users are prevented from running
applications and downloading files from IFRAMEs on the pages in this
zone. If you do not configure this
policy setting, users can run applications and download files from IFRAMEs on
the pages in this zone without user intervention. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1804 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Navigate sub-frames across different domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage the opening of
sub-frames and access of applications across different domains. If you
enable this policy setting, users can open sub-frames from other domains and
access applications from other domains. If you select Prompt in the drop-down
box, users are queried whether to allow sub-frames or access to applications
from other domains. If you disable
this policy setting, users cannot open sub-frames or access applications from
different domains. If you do not configure
this policy setting, users can open sub-frames from other domains and access
applications from other domains. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1607 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Open files based on content, not file extension |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage MIME sniffing for
file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet
Explorer of the file type based on a bit signature. If you enable this policy setting, the MIME
Sniffing Safety Feature will not apply in this zone. The security zone will
run without the added layer of security provided by this feature. If you disable this policy setting, the
actions that may be harmful cannot run; this Internet Explorer security
feature will be turned on in this zone, as dictated by the feature control
setting for the process. If you do not
configure this policy setting, the actions that may be harmful cannot run;
this Internet Explorer security feature will be turned on in this zone, as
dictated by the feature control setting for the process. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2100 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Software channel permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage software channel
permissions. If you enable this policy
setting, you can choose the following options from
the drop-down box. Low safety to allow
users to be notified of software updates by e-mail, software packages to be
automatically downloaded to users' computers, and software packages to be
automatically installed on users' computers.
Medium safety to allow users to be notified of software updates by
e-mail and software packages to be automatically downloaded to (but not
installed on) users' computers. High
safety to prevent users from being notified of software updates by e-mail,
software packages from being automatically downloaded to users' computers,
and software packages from being automatically installed on users'
computers. If you disable this policy
setting, permissions are set to high safety.
If you do not configure this policy setting, permissions are set to
Low safety. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1E05 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Submit non-encrypted form data |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether data on HTML
forms on pages in the zone may be submitted. Forms
sent with SSL (Secure Sockets Layer) encryption are always allowed; this
setting only affects non-SSL form data submission. If you enable this policy setting,
information using HTML forms on pages in this zone can be submitted
automatically. If you select Prompt in the drop-down box, users are queried
to choose whether to allow information using HTML forms on pages in this zone
to be submitted. If you disable this
policy setting, information using HTML forms on pages in this zone is
prevented from being submitted. If you
do not configure this policy setting, information using HTML forms on pages
in this zone can be submitted automatically. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1601 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Use Pop-up Blocker |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether unwanted
pop-up windows appear. Pop-up windows that are opened
when the end user clicks a link are not blocked. If you enable this policy setting, most
unwanted pop-up windows are prevented from appearing. If you disable this policy setting, pop-up
windows are not prevented from appearing.
If you do not configure this policy setting, pop-up windows are not
prevented from appearing. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1809 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Userdata persistence |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage the preservation of
information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
When a user returns to a persisted page, the state of the page can be
restored if this policy setting is appropriately configured. If you enable this policy setting, users
can preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you disable this policy setting, users
cannot preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you do not configure this policy
setting, users can preserve information in the browser's history, in
favorites, in an XML store, or directly within a Web page saved to disk. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1606 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Web sites in less privileged Web content zones can navigate
into this zone |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether Web sites
from less privileged zones, such as Internet sites, can navigate into this zone.
If you enable this policy setting, Web sites from less privileged
zones can open new windows in, or navigate into, this zone. The security zone
will run without the added layer of security that is provided by the
Protection from Zone Elevation security feature. If you select Prompt in the
drop-down box, a warning is issued to the user that potentially risky
navigation is about to occur. If you
disable this policy setting, the possibly harmful navigations are prevented.
The Internet Explorer security feature will be on in this zone as set by
Protection from Zone Elevation feature control. If you do not configure this policy
setting, the possibly harmful navigations are prevented. The Internet
Explorer security feature will be on in this zone as set by Protection from
Zone Elevation feature control. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2101 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Allow active scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether script code
on pages in the zone is run. If you
enable this policy setting, script code on pages
in the zone can run automatically. If you select Prompt in the drop-down box,
users are queried to choose whether to allow script code on pages in the zone
to run. If you disable this policy
setting, script code on pages in the zone is prevented from running. If you do not configure this policy
setting, users are queried to choose whether to allow script code on pages in
the Local Machine zone to run. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1400 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Allow paste operations via script |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether scripts can
perform a clipboard operation (for example, cut, copy, and paste) in a specified region. If you enable this policy setting, a script
can perform a clipboard operation. If
you select Prompt in the drop-down box, users are queried as to whether to
perform clipboard operations. If you
disable this policy setting, a script cannot perform a clipboard
operation. If you do not configure
this policy setting, a script can perform a clipboard operation. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1407 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Scripting of Java applets |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether applets are
exposed to scripts within the zone. If
you enable this policy setting, scripts can access
applets automatically without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to allow scripts to access applets. If you disable this policy setting, scripts
are prevented from accessing applets.
If you do not configure this policy setting, scripts can access
applets automatically without user intervention. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1402 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone |
Logon options |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage settings for logon
options. If you enable this policy
setting, you can choose from the following logon
options. Anonymous logon to disable
HTTP authentication and use the guest account only for the Common Internet
File System (CIFS) protocol. Prompt
for user name and password to query users for user IDs and passwords. After a
user is queried, these values can be used silently for the remainder of the
session. Automatic logon only in
Intranet zone to query users for user IDs and passwords in other zones. After
a user is queried, these values can be used silently for the remainder of the
session. Automatic logon with current
user name and password to attempt logon using Windows NT Challenge Response
(also known as NTLM authentication). If Windows NT Challenge Response is
supported by the server, the logon uses the user's network user name and
password for logon. If Windows NT Challenge Response is not supported by the
server, the user is queried to provide the user name and password. If you disable this policy setting, logon
is set to Automatic logon only in Intranet zone. If you do not configure this policy
setting, logon is set to Automatic logon with current username and password. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1A00 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page |
Site to Zone Assignment List |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage a list of sites that
you want to associate with a particular security zone. These zone numbers have associated security settings that
apply to all of the sites in the zone.
Internet Explorer has 4 security zones, numbered 1-4, and these are
used by this policy setting to associate sites to zones. They are: (1)
Intranet zone, (2) Trusted Sites zone, (3) Internet zone, and (4) Restricted
Sites zone. Security settings can be set for each of these zones through
other policy settings, and their default settings are: Trusted Sites zone
(Low template), Intranet zone (Medium-Low template), Internet zone (Medium
template), and Restricted Sites zone (High template). (The Local Machine zone
and its locked down equivalent have special security settings that protect
your local computer.) If you enable
this policy setting, you can enter a list of sites and their related zone
numbers. The association of a site with a zone will ensure that the security
settings for the specified zone are applied to the site. For each entry
that you add to the list, enter the following information: Valuename – A host for an intranet site, or
a fully qualified domain name for other sites. The valuename may also
include a specific protocol. For example, if you enter
http://www.contoso.com as the valuename, other protocols are not
affected. If you enter just www.contoso.com, then all
protocols are affected for that site, including http, https, ftp, and so
on. The site may also be expressed as an IP address (e.g., 127.0.0.1) or
range (e.g., 127.0.0.1-10). To avoid creating conflicting policies, do not
include additional characters after the domain such as trailing slashes or
URL path. For example, policy settings for www.contoso.com and
www.contoso.com/mail would be treated as the same policy setting by Internet
Explorer, and would therefore be in conflict.
Value - A number indicating the zone with which this site should be
associated for security settings. The Internet Explorer zones described above
are 1-4. If you disable this policy
setting, any such list is deleted and no site-to-zone assignments are
permitted. If this policy is not
configured, users may choose their own site-to-zone assignments. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings!ListBox_Support_ZoneMapKey |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page |
Intranet Sites: Include all local (intranet) sites not listed
in other zones |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting controls whether local sites which are not
explicitly mapped into any Security Zone are forced into the local Intranet security zone. If you enable this policy setting, local
sites which are not explicitly mapped into a zone are considered to be in the
Intranet Zone. If you disable this
policy setting, local sites which are not explicitly mapped into a zone will
not be considered to be in the Intranet Zone (so would typically be in the
Internet Zone). If you do not
configure this policy setting, users choose whether to force local sites into
the Intranet Zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap!IntranetName |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page |
Intranet Sites: Include all sites that bypass the proxy server |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting controls whether sites which bypass the
proxy server are mapped into the local Intranet security zone. If you
enable this policy setting, sites which bypass the proxy server are mapped
into the Intranet Zone. If you disable
this policy setting, sites which bypass the proxy server aren't necessarily
mapped into the Intranet Zone (other rules might map one there). If you do not configure this policy
setting, users choose whether sites which bypass the proxy server are mapped
into the Intranet Zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap!ProxyByPass |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page |
Intranet Sites: Include all network paths (UNCs) |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting controls whether URLs representing UNCs
are mapped into the local Intranet security zone. If you enable
this policy setting, all network paths are mapped into the Intranet
Zone. If you disable this policy
setting, network paths are not necessarily mapped into the Intranet Zone
(other rules might map one there). If
you do not configure this policy setting, users choose whether network paths
are mapped into the Intranet Zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap!UNCAsIntranet |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page |
Internet Zone Template |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This template policy setting allows you to configure policy
settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High. If you enable this template policy setting
and select a security level, all values for individual settings in the zone
will be overwritten by the standard template defaults. If you disable this template policy
setting, no security level is configured.
If you do not configure this template policy setting, no security
level is configured. Note. Local
Machine Zone Lockdown Security and Network Protocol Lockdown operate by
comparing the settings in the active URL's zone against those in the
Locked-Down equivalent zone. If you select a security level for any zone
(including selecting no security), the same change should be made to the
Locked-Down equivalent. Note. It is
recommended to configure template policy settings in one Group Policy object
(GPO) and configure any related individual policy settings in a separate GPO.
You can then use Group Policy management features (for example, precedence,
inheritance, or enforce) to apply individual settings to specific targets. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Template Policies!InternetZoneTemplate,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Template Policies!Internet, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1200, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1402, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1407, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1C00, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2001, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2101, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2201, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2300,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1004, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1607, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1800, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1804, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1A04, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2000, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2100, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2300,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1402, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1407, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1606, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1609, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1803, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1A00, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2201, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2300,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1004, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1400, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1406, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1604, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1608, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2000, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2100, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2200, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2300,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1001, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1201, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1803, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1A00, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1E05, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2004, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2102, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2300 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page |
Intranet Zone Template |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This template policy setting allows you to configure policy
settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High. If you enable this template policy setting
and select a security level, all values for individual settings in the zone
will be overwritten by the standard template defaults. If you disable this template policy
setting, no security level is configured.
If you do not configure this template policy setting, no security
level is configured. Note. Local
Machine Zone Lockdown Security and Network Protocol Lockdown operate by
comparing the settings in the active URL's zone against those in the
Locked-Down equivalent zone. If you select a security level for any zone
(including selecting no security), the same change should be made to the
Locked-Down equivalent. Note. It is
recommended to configure template policy settings in one Group Policy object
(GPO) and configure any related individual policy settings in a separate GPO.
You can then use Group Policy management features (for example, precedence,
inheritance, or enforce) to apply individual settings to specific targets. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Intranet
Settings\Template Policies!IntranetZoneTemplate,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Intranet
Settings\Template Policies!Intranet, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1200, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1402, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1407, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1C00, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2001, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2101, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2201, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2300,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1004, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1607, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1800, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1804, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1A04, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2000, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2100, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2300,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1402, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1407, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1606, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1609, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1803, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1A00, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2201, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2300,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1004, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1400, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1406, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1604, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1608, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2000, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2100, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2200, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2300,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1001, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1201, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1803, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1A00, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1E05, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2004, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2102, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2300 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page |
Trusted Sites Zone Template |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This template policy setting allows you to configure policy
settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High. If you enable this template policy setting
and select a security level, all values for individual settings in the zone
will be overwritten by the standard template defaults. If you disable this template policy
setting, no security level is configured.
If you do not configure this template policy setting, no security
level is configured. Note. Local
Machine Zone Lockdown Security and Network Protocol Lockdown operate by
comparing the settings in the active URL's zone against those in the
Locked-Down equivalent zone. If you select a security level for any zone
(including selecting no security), the same change should be made to the
Locked-Down equivalent. Note. It is
recommended to configure template policy settings in one Group Policy object
(GPO) and configure any related individual policy settings in a separate GPO.
You can then use Group Policy management features (for example, precedence,
inheritance, or enforce) to apply individual settings to specific targets. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Trusted
Sites Settings\Template Policies!TrustedSitesZoneTemplate,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Trusted Sites
Settings\Template Policies!Trusted Sites, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1200, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1802, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1809, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1C00, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2001, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2101, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2300,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1601, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1607, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1800, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1804, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1A04, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2300, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1200, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1402, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1407, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1606, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1609, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2001, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2101, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2201, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2300,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1004, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1400, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1406, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1804, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1A04, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2000, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2100, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2200, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2300,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1606, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1609, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1803, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1A00, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1E05, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2300 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page |
Restricted Sites Zone Template |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This template policy setting allows you to configure policy
settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High. If you enable this template policy setting
and select a security level, all values for individual settings in the zone
will be overwritten by the standard template defaults. If you disable this template policy
setting, no security level is configured.
If you do not configure this template policy setting, no security
level is configured. Note. Local
Machine Zone Lockdown Security and Network Protocol Lockdown operate by
comparing the settings in the active URL's zone against those in the
Locked-Down equivalent zone. If you select a security level for any zone
(including selecting no security), the same change should be made to the
Locked-Down equivalent. Note. It is
recommended to configure template policy settings in one Group Policy object
(GPO) and configure any related individual policy settings in a separate GPO.
You can then use Group Policy management features (for example, precedence,
inheritance, or enforce) to apply individual settings to specific targets. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Restricted
Sites Settings\Template Policies!RestrictedSitesZoneTemplate,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Restricted Sites
Settings\Template Policies!Restricted Sites, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1608, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1802, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1809, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1C00, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2001, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2300,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1201, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1405, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1601, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1607, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1800, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1804, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2102, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2300, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1200, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1402, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1407, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1606, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1C00, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2001, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2101, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2201, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2300,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1004, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1800, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1804, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1A04, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2000, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2100, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2300,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1407, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1606, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1609, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1803, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1A00, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2201, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2300 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page |
Local Machine Zone Template |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This template policy setting allows you to configure policy
settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High. If you enable this template policy setting
and select a security level, all values for individual settings in the zone
will be overwritten by the standard template defaults. If you disable this template policy
setting, no security level is configured.
If you do not configure this template policy setting, no security
level is configured. Note. Local
Machine Zone Lockdown Security and Network Protocol Lockdown operate by
comparing the settings in the active URL's zone against those in the
Locked-Down equivalent zone. If you select a security level for any zone
(including selecting no security), the same change should be made to the
Locked-Down equivalent. Note. It is
recommended to configure template policy settings in one Group Policy object
(GPO) and configure any related individual policy settings in a separate GPO.
You can then use Group Policy management features (for example, precedence,
inheritance, or enforce) to apply individual settings to specific targets. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Local
Machine Zone Settings\Template Policies!LocalMachineZoneTemplate,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Local Machine Zone
Settings\Template Policies!Local Machine Zone, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1604, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1608, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1802, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1809, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1C00, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2001, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2300,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1201, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1405, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1601, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1607, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1800, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1804, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2102, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2300, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1200, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1402, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1407, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1C00, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2001, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2101, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2201, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2300,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1004, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1607, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1800, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1804, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1A04, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2000, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2100, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2300,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1402, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1407, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1606, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1609, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1803, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1A00, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2201, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2300 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page |
Locked-Down
Local Machine Zone Template |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This template policy setting allows you to configure policy
settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High. If you enable this template policy setting
and select a security level, all values for individual settings in the zone
will be overwritten by the standard template defaults. If you disable this template policy
setting, no security level is configured.
If you do not configure this template policy setting, no security
level is configured. Note. Local
Machine Zone Lockdown Security and Network Protocol Lockdown operate by
comparing the settings in the active URL's zone against those in the
Locked-Down equivalent zone. If you select a security level for any zone
(including selecting no security), the same change should be made to the
Locked-Down equivalent. Note. It is
recommended to configure template policy settings in one Group Policy object
(GPO) and configure any related individual policy settings in a separate GPO.
You can then use Group Policy management features (for example, precedence,
inheritance, or enforce) to apply individual settings to specific targets. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Local
Machine Zone Lockdown Settings\Template
Policies!LocalMachineZoneLockdownTemplate,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Local Machine Zone
Lockdown Settings\Template Policies!Locked-Down Local Machine Zone,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1004, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1601, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1609, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1C00, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2100, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2200, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1201, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1606, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1802, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1809, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2000, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1001, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1402, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1608, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1804, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1A04, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2004, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1200, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1406, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1604, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1800, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1E05, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2101, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1400, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1601, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1607, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1803, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2001, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2200, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2201 |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page |
Locked-Down
Internet Zone Template |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This template policy setting allows you to configure policy
settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High. If you enable this template policy setting
and select a security level, all values for individual settings in the zone
will be overwritten by the standard template defaults. If you disable this template policy
setting, no security level is configured.
If you do not configure this template policy setting, no security
level is configured. Note. Local
Machine Zone Lockdown Security and Network Protocol Lockdown operate by
comparing the settings in the active URL's zone against those in the
Locked-Down equivalent zone. If you select a security level for any zone
(including selecting no security), the same change should be made to the
Locked-Down equivalent. Note. It is
recommended to configure template policy settings in one Group Policy object
(GPO) and configure any related individual policy settings in a separate GPO.
You can then use Group Policy management features (for example, precedence,
inheritance, or enforce) to apply individual settings to specific targets. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Lockdown Settings\Template Policies!InternetZoneLockdownTemplate,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Lockdown
Settings\Template Policies!Locked-Down Internet, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1400, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1607, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1803, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2001, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2200, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1004, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1405, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1609, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1809, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2100, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1001, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1201, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1407, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1802, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1A04, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2000, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2102, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1402, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1604, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1804, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1E05, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2004, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2201, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1406, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1607, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1800, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1A00, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2101, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2201 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page |
Locked-Down
Intranet Zone Template |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This template policy setting allows you to configure policy
settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High. If you enable this template policy setting
and select a security level, all values for individual settings in the zone
will be overwritten by the standard template defaults. If you disable this template policy
setting, no security level is configured.
If you do not configure this template policy setting, no security
level is configured. Note. Local
Machine Zone Lockdown Security and Network Protocol Lockdown operate by
comparing the settings in the active URL's zone against those in the
Locked-Down equivalent zone. If you select a security level for any zone
(including selecting no security), the same change should be made to the
Locked-Down equivalent. Note. It is
recommended to configure template policy settings in one Group Policy object
(GPO) and configure any related individual policy settings in a separate GPO.
You can then use Group Policy management features (for example, precedence,
inheritance, or enforce) to apply individual settings to specific targets. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Intranet
Lockdown Settings\Template Policies!IntranetZoneLockdownTemplate,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Intranet Lockdown
Settings\Template Policies!Locked-Down Intranet, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1400, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1607, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1803, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2001, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2200, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1004, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1405, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1609, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1809, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2100, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1001, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1201, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1407, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1802, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1A04, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2000, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2102, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1606, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1609, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1803, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1A00, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1E05, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1200, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1604, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1800, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1E05, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2101, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2201 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page |
Locked-Down
Trusted Sites Zone Template |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This template policy setting allows you to configure policy
settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High. If you enable this template policy setting
and select a security level, all values for individual settings in the zone
will be overwritten by the standard template defaults. If you disable this template policy
setting, no security level is configured.
If you do not configure this template policy setting, no security
level is configured. Note. Local
Machine Zone Lockdown Security and Network Protocol Lockdown operate by
comparing the settings in the active URL's zone against those in the
Locked-Down equivalent zone. If you select a security level for any zone
(including selecting no security), the same change should be made to the
Locked-Down equivalent. Note. It is
recommended to configure template policy settings in one Group Policy object
(GPO) and configure any related individual policy settings in a separate GPO.
You can then use Group Policy management features (for example, precedence,
inheritance, or enforce) to apply individual settings to specific targets. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Trusted
Sites Lockdown Settings\Template Policies!TrustedSitesZoneLockdownTemplate,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Trusted Sites
Lockdown Settings\Template Policies!Locked-Down Trusted Sites,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1004, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1400, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1601, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1803, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1C00, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2200, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1201, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1405, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1606, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1809, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2000, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2100, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1001, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1407, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1608, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1A04, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2004, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2102, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1200, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1604, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1800, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1804, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1E05, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2201, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1400, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1607, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1803, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1A00, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2001, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2201 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page |
Locked-Down
Restricted Sites Zone Template |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This template policy setting allows you to configure policy
settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High. If you enable this template policy setting
and select a security level, all values for individual settings in the zone
will be overwritten by the standard template defaults. If you disable this template policy
setting, no security level is configured.
If you do not configure this template policy setting, no security
level is configured. Note. Local
Machine Zone Lockdown Security and Network Protocol Lockdown operate by
comparing the settings in the active URL's zone against those in the
Locked-Down equivalent zone. If you select a security level for any zone
(including selecting no security), the same change should be made to the
Locked-Down equivalent. Note. It is
recommended to configure template policy settings in one Group Policy object
(GPO) and configure any related individual policy settings in a separate GPO.
You can then use Group Policy management features (for example, precedence,
inheritance, or enforce) to apply individual settings to specific targets. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Restricted
Sites Lockdown Settings\Template
Policies!RestrictedSitesZoneLockdownTemplate,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Restricted Sites
Lockdown Settings\Template Policies!Locked-Down Restricted Sites,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1004, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1601, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1609, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1803, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1C00, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2200, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1201, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1606, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1802, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1809, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2000, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1001, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1402, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1407, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1608, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1A04, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2004, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1200, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1406, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1604, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1800, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1E05, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2101, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1400, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1601, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1607, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1803, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2001, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2200, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2201 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Advanced Page |
Automatically check for Internet Explorer updates |
at least Internet Explorer v6.0 in Windows 2003 Service Pack 1 |
This policy setting allows you to manage whether Internet
Explorer checks the Internet for newer versions. When Internet Explorer is set to do this, the checks occur
approximately every 30 days, and users are prompted to install new versions
as they become available. If you
enable this policy setting, Internet Explorer checks the Internet for a new
version approximately every 30 days and prompts the user to download new
versions when they are available. If
you disable this policy setting, Internet Explorer does not check the
Internet for new versions of the browser, so does not prompt users to install
them. If you do not configure this
policy setting, Internet Explorer does not check the Internet for new
versions of the browser, so does not prompt users to install them. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main!NoUpdateCheck |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Advanced Page |
Allow Install On Demand (Internet Explorer) |
at least Internet Explorer v6.0 in Windows 2003 Service Pack 1 |
This policy setting allows you to manage whether users can
automatically download and install Web components (such as fonts) that can installed by Internet Explorer Active Setup. For example, if you open a Web page that
requires Japanese-text display support, Internet Explorer could prompt the
user to download the Japanese Language Pack component if it is not already
installed. If you enable this policy
setting, Web components such as fonts will be automatically installed as
necessary. If you disable this policy
setting, users will be prompted when Web Components such as fonts would be
downloaded. If you do not configure
this policy, users will be prompted when Web Components such as fonts would
be downloaded. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main!NoJITSetup |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Advanced Page |
Allow Install On Demand (except Internet Explorer) |
at least Internet Explorer v6.0 in Windows 2003 Service Pack 1 |
This policy setting allows you to manage whether users can
download and install self-installing program files (non-Internet Explorer components) that are registered with
Internet Explorer (such as Windows Media Player, Macromedia, and Java) that
are required in order to view web pages as intended. If you enable this policy setting,
non-Internet Explorer components will be automatically installed as
necessary. If you disable this policy
setting, users will be prompted when non-Internet Explorer components would
be installed. If you do not configure
this policy setting, non-Internet Explorer components will be automatically
installed as necessary. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main!NoWebJITSetup |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Advanced Page |
Allow third-party browser extensions |
at least Internet Explorer v6.0 in Windows 2003 Service Pack 1 |
This policy setting allows you to manage whether Internet
Explorer will launch COM add-ons known as browser helper objects, such as toolbars. Browser helper objects may contain flaws
such as buffer overruns which impact Internet Explorer’s performance or
stability. If you enable this policy
setting, Internet Explorer automatically launches any browser helper objects
that are installed on the user's computer.
If you disable this policy setting, browser helper objects do not
launch. If you do not configure this
policy, Internet Explorer automatically launches any browser helper objects
that are installed on the user's computer. |
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!Enable
Browser Extensions |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Advanced Page |
Play animations in web pages |
at least Internet Explorer v6.0 in Windows 2003 Service Pack 1 |
This policy setting allows you to manage whether Internet
Explorer will display animated pictures found in Web content. Generally only animated GIF files are affected by
this setting; active Web content such as java applets are not. If you enable this policy setting, Internet
Explorer will play animated pictures found in Web content. If you disable this policy setting,
Internet Explorer will not play or download animated pictures, helping pages
display more quickly. If you do not
configure this policy setting, Internet Explorer will play animated pictures
found in Web content. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main!Play_Animations |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Advanced Page |
Play sounds in web pages |
at least Internet Explorer v6.0 in Windows 2003 Service Pack 1 |
This policy setting allows you to manage whether Internet
Explorer will play sounds found in web content. Generally only sound files such as MIDI files are affected by this
setting; active Web content such as java applets are not. If you enable this policy setting, Internet
Explorer will play sounds found in Web content. If you disable this policy setting,
Internet Explorer will not play or download sounds in Web content, helping
pages display more quickly. If you
enable this policy setting, Internet Explorer will play sounds found in Web
content. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main!Play_Background_Sounds |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Advanced Page |
Play videos in web pages |
at least Internet Explorer v6.0 in Windows 2003 Service Pack 1 |
This policy setting allows you to manage whether Internet
Explorer will display videos found in Web content. Generally only embedded video files are affected by this
setting; active Web content such as java applets are not. If you enable this policy setting, Internet
Explorer will play videos found in Web content. If you disable this policy setting,
Internet Explorer will not play or download videos, helping pages display
more quickly. If you do not configure
this policy setting, Internet Explorer will play videos found in Web content. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main!Display Inline Videos |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Advanced Page |
Allow active content from CDs to run on user machines |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users receive
a dialog requesting permission for active content on a CD to run. If you enable this
policy setting, active content on a CD will run without a prompt. If you disable this policy setting, active
content on a CD will always prompt before running. If you do not configure this policy, users
can choose whether to be prompted before running active content on a CD. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Settings!LOCALMACHINE_CD_UNLOCK |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Advanced Page |
Allow software to run or install even if the signature is
invalid |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether software,
such as ActiveX controls and file downloads, can be installed or run by the user even though the signature is
invalid. An invalid signature might indicate that someone has tampered with
the file. If you enable this policy
setting, users will be prompted to install or run files with an invalid
signature. If you disable this policy
setting, users cannot run or install files with an invalid signature. If you do not configure this policy, users
can choose to run or install files with an invalid signature. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Download!RunInvalidSignatures |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Advanced Page |
Check for server certificate revocation |
at least Internet Explorer v6.0 in Windows 2003 Service Pack 1 |
This policy setting allows you to manage whether Internet
Explorer will check revocation status of servers' certificates. Certificates are revoked when they have been
compromised or are no longer valid, and this option protects users from
submitting confidential data to a site that may be fraudulent or not
secure. If you enable this policy
setting, Internet Explorer will check to see if server certificates have been
revoked. If you disable this policy
setting, Internet Explorer will not check server certificates to see if they
have been revoked. If you do not
configure this policy setting, Internet Explorer will not check server
certificates to see if they have been revoked. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings!CertificateRevocation |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Advanced Page |
Check for signatures on downloaded programs |
at least Internet Explorer v6.0 in Windows 2003 Service Pack 1 |
This policy setting allows you to manage whether Internet
Explorer checks for digital signatures (which identifies the publisher of signed software and verifies it hasn't been
modified or tampered with) on user computers before downloading executable
programs. If you enable this policy
setting, Internet Explorer will check the digital signatures of executable
programs and display their identities before downloading them to user
computers. If you disable this policy
setting, Internet Explorer will not check the digital signatures of
executable programs or display their identities before downloading them to
user computers. If you do not
configure this policy, Internet Explorer will not check the digital
signatures of executable programs or display their identities before
downloading them to user computers. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main!CheckExeSignatures |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Advanced Page |
Do not save encrypted pages to disk |
at least Internet Explorer v6.0 in Windows 2003 Service Pack 1 |
This policy setting allows you to manage whether Internet
Explorer will save encrypted pages that contain secure (HTTPS) information such as passwords and credit card
numbers to the Internet Explorer cache, which may be insecure. If you enable this policy setting, Internet
Explorer will not save encrypted pages containing secure (HTTPS) information
to the cache. If you disable this
policy setting, Internet Explorer will save encrypted pages containing secure
(HTTPS) information to the cache. If
you do not configure this policy, Internet Explorer will save encrypted pages
containing secure (HTTPS) information to the cache. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings!DisableCachingOfSSLPages |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Advanced Page |
Empty Temporary Internet Files folder when browser is closed |
at least Internet Explorer v6.0 in Windows 2003 Service Pack 1 |
This policy setting allows you to manage whether Internet
Explorer deletes the contents of the Temporary Internet Files folder after all browser windows are closed. This
protects against storing dangerous files on the computer, or storing
sensitive files that other users could see, in addition to managing total
disk space usage. If you enable this
policy setting, Internet Explorer will delete the contents of the user's
Temporary Internet Files folder when all browser windows are closed. If you disable this policy setting,
Internet Explorer will not delete the contents of the user's Temporary
Internet Files folder when browser windows are closed. If you do not configure this policy,
Internet Explorer will not delete the contents of the Temporary Internet
Files folder when browser windows are closed. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Cache!Persistent |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Binary Behavior Security Restriction |
Internet Explorer Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
Internet Explorer contains dynamic binary behaviors:
components that encapsulate specific functionality for the HTML elements to which they are attached. This policy
setting controls whether the Binary Behavior Security Restriction setting is
prevented or allowed. If you enable
this policy setting, binary behaviors are prevented for the Windows Explorer
and Internet Explorer processes. If
you disable this policy setting, binary behaviors are allowed for the Windows
Explorer and Internet Explorer processes.
If you do not configure this policy setting, binary behaviors are
prevented for the Windows Explorer and Internet Explorer processes. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!(Reserved),
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!explorer.exe,
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!iexplore.exe,
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!(Reserved),
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!explorer.exe,
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!iexplore.exe |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Binary Behavior Security Restriction |
Process List |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
Internet Explorer contains dynamic binary behaviors:
components that encapsulate specific functionality for the HTML elements to which they are attached. This policy
setting controls whether the Binary Behavior Security Restriction
setting is prevented or allowed. This policy setting allows administrators
to define applications for which they want this security feature to be
prevented or allowed. If you enable
this policy setting and enter a Value of 1 binary behaviors are prevented. If
you enter a Value of 0 binary behaviors are allowed. The Value Name is the
name of the executable. If a Value Name is empty or the Value is not 0 or 1,
the policy setting is ignored. Do not
enter the Internet Explorer processes in this list: use the related Internet
Explorer Processes policy to enable or disable IE processes. If the All
Processes policy setting is enabled, the processes configured in this box
take precedence over that setting. If
you disable or do not configure this policy setting, the security feature is
allowed. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl!ListBox_Support_FEATURE_BEHAVIORS |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Binary Behavior Security Restriction |
All Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
Internet Explorer contains dynamic binary behaviors:
components that encapsulate specific functionality for the HTML elements to which they are attached. This policy
setting controls whether the Binary Behavior Security Restriction setting is
prevented or allowed. If you enable
this policy setting, binary behaviors are prevented for all processes. Any
use of binary behaviors for HTML rendering is blocked. If you disable or do not configure this
policy setting, binary behaviors are allowed for all processes. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!* |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Binary Behavior Security Restriction |
Admin-approved behaviors |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
For each zone, the Binary and Scripted Behavior security
restrictions may be configured to allow only a list of admin-approved behaviors. This list may be configured here,
and applies to all processes which have opted in to the behavior, and to all
zones. (Behaviors are components that encapsulate specific functionality or
behavior on a page.) If you enable
this policy setting, this sets the list of behaviors permitted in each zone
for which Script and Binary Behaviors is set to 'admin-approved'. Behaviors
must be entered in #package#behavior notation, e.g., #default#vml. If you disable this policy setting, no
behaviors will be allowed in zones set to 'admin-approved', just as if those
zones were set to 'disable'. If you do
not configure this policy setting, only VML will be allowed in zones set to
'admin-approved'. Note. If this policy is set in both Computer
Configuration and User Configuration, both lists of behaviors will be allowed
as appropriate. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings!ListBox_Support_AllowedBehaviors |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\MK Protocol Security Restriction |
Internet Explorer Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
The MK Protocol Security Restriction policy setting reduces
attack surface area by preventing the MK protocol. Resources hosted on the MK protocol will fail. If you enable this policy setting, the MK
Protocol is prevented for Windows Explorer and Internet Explorer, and
resources hosted on the MK protocol will fail. If you disable this policy setting,
applications can use the MK protocol API. Resources hosted on the MK protocol
will work for the Windows Explorer and Internet Explorer processes. If you do not configure this policy
setting, the MK Protocol is prevented for Windows Explorer and Internet
Explorer, and resources hosted on the MK protocol will fail. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!(Reserved),
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!explorer.exe,
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!iexplore.exe,
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!(Reserved),
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!explorer.exe,
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!iexplore.exe |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\MK Protocol Security Restriction |
Process List |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
The
MK Protocol Security Restriction policy setting reduces attack surface area
by preventing the MK protocol. Resources hosted on
the MK protocol will fail. This policy
setting allows administrators to define applications for which they want this
security feature to be prevented or allowed.
If you enable this policy setting and enter a Value of 1, use of the
MK protocol is prevented. If you enter a Value of 0, use of the MK protocol
is allowed. If a Value Name is empty or the Value is not 0 or 1, the policy
setting is ignored. Do not enter the
Internet Explorer processes in this list: use the related Internet Explorer
Processes policy to enable or disable IE processes. If the All Processes
policy setting is enabled, the processes configured in this box take
precedence over that setting. If you
disable or do not configure this policy setting, the policy setting is
ignored. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl!ListBox_Support_FEATURE_DISABLE_MK_PROTOCOL |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\MK Protocol Security Restriction |
All Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
The MK Protocol Security Restriction policy setting reduces
attack surface area by preventing the MK protocol. Resources hosted on the MK protocol will fail. If you enable this policy setting, the MK
Protocol is disabled for all processes. Any use of the MK Protocol is
blocked. If you disable or do not
configure this policy setting, the MK Protocol is enabled. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!* |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Local Machine Zone Lockdown Security |
Internet Explorer Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
Internet Explorer places zone restrictions on each Web page it
opens, which are dependent upon the location of the Web page (Internet, Intranet, Local Machine zone, etc.). Web pages on
the local computer have the fewest security restrictions and reside in the
Local Machine zone. Local Machine zone
security applies to all local files and content processed by Internet
Explorer. This feature helps to mitigate attacks where the Local Machine zone
is used as an attack vector to load malicious HTML code. If you enable this policy setting, the Local
Machine zone security applies to all local files and content processed by
Internet Explorer. If you disable this
policy setting, Local Machine zone security is not applied to local files or
content processed by Internet Explorer.
If you do not configure this policy setting, the Local Machine zone
security applies to all local files and content processed by Internet
Explorer. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!(Reserved),
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!explorer.exe,
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!iexplore.exe,
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!(Reserved),
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!explorer.exe,
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!iexplore.exe |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Local Machine Zone Lockdown Security |
Process List |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
Internet Explorer places zone restrictions on each Web page it
opens, which are dependent upon the location of the Web page (Internet, Intranet, Local Machine zone, and so on). Web pages
on the local computer have the fewest security restrictions and reside in the
Local Machine zone. Local Machine zone
security applies to all local files and content. This feature helps to
mitigate attacks where the Local Machine zone is used as an attack vector to
load malicious HTML code. If you
enable this policy setting and enter a value of 1, Local Machine Zone
security applies. If you enter a value of 0, Local Machine Zone security does
not apply. If a Value Name is empty or the Value is not 0 or 1, the policy
setting is ignored. Do not enter the
Internet Explorer processes in this list: use the related Internet Explorer
Processes policy to enable or disable IE processes. If the All Processes
policy setting is enabled, the processes configured in this box take
precedence over that setting. If you
disable or do not configure this policy setting, the security feature is
allowed. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl!ListBox_Support_FEATURE_LOCALMACHINE_LOCKDOWN |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Local Machine Zone Lockdown Security |
All Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
Internet Explorer places zone restrictions on each Web page it
opens, which are dependent upon the location of the Web page (Internet, Intranet, Local Machine zone, etc.). Web pages on
the local computer have the fewest security restrictions and reside in the
Local Machine zone. Local Machine zone
security applies to all local files and content. This feature helps to
mitigate attacks where the Local Machine zone is used as an attack vector to
load malicious HTML code. If you
enable this policy setting, the Local Machine zone security applies to all
local files and content processed by any process other than Internet Explorer
or those defined in a process list. If
you disable or do not configure this policy setting, Local Machine zone
security is not applied to local files or content processed by any process
other than Internet Explorer or those defined in a process list. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!* |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Consistent Mime Handling |
Internet Explorer Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
Internet Explorer uses Multipurpose Internet Mail Extensions
(MIME) data to determine file handling procedures for files received through a Web server. This policy setting determines whether
Internet Explorer requires that all file-type information provided by Web
servers be consistent. For example, if the MIME type of a file is text/plain
but the MIME sniff indicates that the file is really an executable file,
Internet Explorer renames the file by saving it in the Internet Explorer
cache and changing its extension. If
you enable this policy setting, Internet Explorer requires consistent MIME
data for all received files. If you
disable this policy setting, Internet Explorer will not require consistent
MIME data for all received files. If
you do not configure this policy setting, Internet Explorer requires
consistent MIME data for all received files. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!(Reserved),
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!explorer.exe,
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!iexplore.exe,
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!(Reserved),
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!explorer.exe,
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!iexplore.exe |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Consistent Mime Handling |
Process List |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
Internet Explorer uses Multipurpose Internet Mail Extensions
(MIME) data to determine file handling procedures for files received through a Web server. This policy setting determines whether
Internet Explorer requires that all file-type information provided by Web
servers be consistent. For example, if the MIME type of a file is text/plain
but the MIME sniff indicates that the file is really an executable file,
Internet Explorer renames the file by saving it in the Internet Explorer
cache and changing its extension. This
policy setting allows administrators to define applications for which they
want this security feature to be prevented or allowed. If you enable this policy setting and enter
a Value of 1, MIME handling is in effect. If you enter a Value of 0 file-type
information is allowed to be inconsistent. The Value Name is the name of the
executable. If a Value Name is empty or the Value is not 0 or 1, the policy
setting is ignored. Do not enter the
Internet Explorer processes in this list: use the related Internet Explorer
Processes policy to enable or disable IE processes. If the All Processes
policy setting is enabled, the processes configured in this box take
precedence over that setting. If you
disable or do not configure this policy setting, the security feature is
allowed. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl!ListBox_Support_FEATURE_MIME_HANDLING |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Consistent Mime Handling |
All Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
Internet Explorer uses Multipurpose Internet Mail Extensions
(MIME) data to determine file handling procedures for files received through a Web server. This policy setting determines whether
Internet Explorer requires that all file-type information provided by Web
servers be consistent. For example, if the MIME type of a file is text/plain
but the MIME sniff indicates that the file is really an executable file,
Internet Explorer renames the file by saving it in the Internet Explorer
cache and changing its extension. If
you enable this policy setting, Consistent Mime Handling is enabled for all
processes. If you disable or do not
configure this policy setting, Consistent Mime Handling is prevented for all
processes. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!* |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Mime Sniffing Safety Feature |
Internet Explorer Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting determines whether Internet Explorer MIME
sniffing will prevent promotion of a file of one type to a more dangerous file type. If you enable this policy setting, MIME
sniffing will never promote a file of one type to a more dangerous file
type. If you disable this policy setting,
Internet Explorer processes will allow a MIME sniff promoting a file of one
type to a more dangerous file type. If
you do not configure this policy setting, MIME sniffing will never promote a
file of one type to a more dangerous file type. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!(Reserved),
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!explorer.exe,
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!iexplore.exe,
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!(Reserved),
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!explorer.exe,
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!iexplore.exe |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Mime Sniffing Safety Feature |
Process List |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting determines whether Internet Explorer MIME
sniffing will prevent promotion of a file of one type to a more dangerous file type. This policy setting allows administrators
to define applications for which they want this security feature to be
prevented or allowed. If you enable this
policy setting and enter a Value of 1, this protection will be in effect. If
you enter a Value of 0, any file may be promoted to more dangerous file
types. The Value Name is the name of the executable. If a Value Name is empty
or the Value is not 0 or 1, the policy setting is ignored. Do not enter the Internet Explorer
processes in this list: use the related Internet Explorer Processes policy to
enable or disable IE processes. If the All Processes policy setting is
enabled, the processes configured in this box take precedence over that
setting. If you disable or do not
configure this policy setting, the security feature is allowed. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl!ListBox_Support_FEATURE_MIME_SNIFFING |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Mime Sniffing Safety Feature |
All Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting determines whether Internet Explorer MIME
sniffing will prevent promotion of a file of one type to a more dangerous file type. If you enable this policy setting, the Mime
Sniffing Safety Feature is enabled for all processes. If you disable or do not configure this
policy setting, the Mime Sniffing Safety Feature is disabled for all
processes. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!* |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Object Caching Protection |
Internet Explorer Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting defines whether a reference to an object
is accessible when the user navigates within the same domain or to a new domain. If you enable this policy setting, an
object reference is no longer accessible when navigating within or across
domains for Internet Explorer processes.
If you disable this policy setting, an object reference is retained
when navigating within or across domains for Internet Explorer
processes. If you do not configure
this policy setting, an object reference is no longer accessible when
navigating within or across domains for Internet Explorer processes. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!(Reserved),
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!explorer.exe,
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!iexplore.exe,
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!(Reserved),
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!explorer.exe,
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!iexplore.exe |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Object Caching Protection |
Process List |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting defines whether a reference to an object
is accessible when the user navigates within the same domain or to a new domain. This policy setting allows administrators
to define applications for which they want this security feature to be
prevented or allowed. If you enable this
policy setting and enter a Value of 1, references to objects are inaccessible
after navigation. If you enter a Value of 0, references to objects are still
accessible after navigation. The Value Name is the name of the executable. If
a Value Name is empty or the Value is not 0 or 1, the policy setting is
ignored. Do not enter the Internet
Explorer processes in this list: use the related Internet Explorer Processes
policy to enable or disable IE processes. If the All Processes policy setting
is enabled, the processes configured in this box take precedence over that
setting. If you disable or do not
configure this policy setting, the security feature is allowed. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl!ListBox_Support_FEATURE_OBJECT_CACHING |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Object Caching Protection |
All Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting defines whether a reference to an object
is accessible when the user navigates within the same domain or to a new domain. If you enable this policy setting, object
reference is no longer accessible when navigating within or across domains
for all processes. If you disable or
do not configure this policy setting, object reference is retained when
navigating within or across domains in the Restricted Zone sites. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!* |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Scripted Window Security Restrictions |
Internet Explorer Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
Internet Explorer allows scripts to programmatically open,
resize, and reposition windows of various types. The Window Restrictions security feature restricts popup windows
and prohibits scripts from displaying windows in which the title and status
bars are not visible to the user or obfuscate other Windows’ title and status
bars. If you enable this policy
setting, popup windows and other restrictions apply for Windows Explorer and
Internet Explorer processes. If you
disable this policy setting, scripts can continue to create popup windows and
windows that obfuscate other windows.
If you do not configure this policy setting, popup windows and other
restrictions apply for Windows Explorer and Internet Explorer processes. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!(Reserved),
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!explorer.exe,
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!iexplore.exe,
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!(Reserved),
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!explorer.exe,
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!iexplore.exe |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Scripted Window Security Restrictions |
Process List |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
Internet Explorer allows scripts to programmatically open,
resize, and reposition windows of various types. The Window Restrictions security feature restricts popup windows
and prohibits scripts from displaying windows in which the title and status
bars are not visible to the user or obfuscate other Windows’ title and status
bars. This policy setting allows
administrators to define applications for which they want this security
feature to be prevented or allowed. If
you enable this policy setting and enter a Value of 1, such windows may not
be opened. If you enter a Value of 0, windows have none of these
restrictions. The Value Name is the name of the executable. If a Value Name
is empty or the Value is not 0 or 1, the policy setting is ignored. Do not enter the Internet Explorer
processes in this list: use the related Internet Explorer Processes policy to
enable or disable IE processes. If the All Processes policy setting is
enabled, the processes configured in this box take precedence over that
setting. If you disable or do not
configure this policy setting, the security feature is allowed. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl!ListBox_Support_FEATURE_WINDOW_RESTRICTIONS |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Scripted Window Security Restrictions |
All Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
Internet Explorer allows scripts to programmatically open,
resize, and reposition windows of various types. The Window Restrictions security feature restricts popup windows
and prohibits scripts from displaying windows in which the title and status
bars are not visible to the user or obfuscate other Windows’ title and status
bars. If you enable this policy
setting, scripted windows are restricted for all processes. If you disable or do not configure this
policy setting, scripted windows are not restricted. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!* |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Protection From Zone Elevation |
Internet Explorer Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
Internet Explorer places restrictions on each Web page it
opens. The restrictions are dependent upon the location of the Web page (Internet, Intranet, Local Machine zone,
etc.). Web pages on the local computer have the fewest security restrictions
and reside in the Local Machine zone, making the Local Machine security zone
a prime target for malicious users. Zone Elevation also disables JavaScript
navigation if there is no security context.
If you enable this policy setting, any zone can be protected from zone
elevation by Internet Explorer processes.
If you disable this policy setting, no zone receives such protection
for Internet Explorer processes. If
you do not configure this policy setting, any zone can be protected from zone
elevation by Internet Explorer processes. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!(Reserved),
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!explorer.exe,
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!iexplore.exe,
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!(Reserved),
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!explorer.exe,
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!iexplore.exe |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Protection From Zone Elevation |
Process List |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
Internet Explorer places restrictions on each Web page it
opens. The restrictions are dependent upon the location of the Web page (Internet, Intranet, Local Machine zone, and
so on). Web pages on the local computer have the fewest security restrictions
and reside in the Local Machine zone, making the Local Machine security zone
a prime target for malicious users. Zone Elevation also disables JavaScript
navigation if there is no security context.
This policy setting allows administrators to define applications for
which they want this security feature to be prevented or allowed. If you enable this policy setting and enter
a Value of 1, elevation to more privileged zones can be prevented. If you
enter a Value of 0, elevation to any zone is allowed. The Value Name is the
name of the executable. If a Value Name is empty or the Value is not 0 or 1,
the policy setting is ignored. Do not
enter the Internet Explorer processes in this list: use the related Internet
Explorer Processes policy to enable or disable IE processes. If the All
Processes policy setting is enabled, the processes configured in this box
take precedence over that setting. If
you disable or do not configure this policy setting, the security feature is
allowed. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl!ListBox_Support_FEATURE_ZONE_ELEVATION |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Protection From Zone Elevation |
All Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
Internet Explorer places restrictions on each Web page it
opens. The restrictions are dependent upon the location of the Web page (Internet, Intranet, Local Machine zone, and
so on). For example, Web pages on the local computer have the fewest security
restrictions and reside in the Local Machine zone, making the Local Machine
security zone a prime target for malicious users. If you enable this policy setting, any zone
can be protected from zone elevation for all processes. If you disable or do not configure this
policy setting, processes other than Internet Explorer or those listed in the
Process List receive no such protection. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!* |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Information Bar |
Internet Explorer Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether the
Information Bar is displayed for Internet Explorer processes when file or code installs are restricted. By default, the
Information Bar is displayed for Internet Explorer processes. If you enable this policy setting, the
Information Bar will be displayed for Internet Explorer Processes. If you disable this policy setting, the
Information Bar will not be displayed for Internet Explorer processes. If you do not configure this policy
setting, the Information Bar will be displayed for Internet Explorer
Processes. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!(Reserved),
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!explorer.exe,
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!iexplore.exe,
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!(Reserved),
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!explorer.exe,
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!iexplore.exe |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Information Bar |
Process List |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether the
Information Bar is displayed for specific processes when file or code installs are restricted. By default, the
Information Bar is not displayed for any process when file or code installs
are restricted (except for the Internet Explorer Processes, for which the
Information Bar is displayed by default).
If you enable this policy setting and enter a Value of 1, the
Information Bar is displayed. If you enter a Value of 0 the Information Bar
is not displayed. The Value Name is the name of the executable. If a Value Name
is empty or the Value is not 0 or 1, the policy setting is ignored. Do not enter the Internet Explorer
processes in this list: use the related Internet Explorer Processes policy to
enable or disable for IE processes. If the All Processes policy setting is
enabled, the processes configured in this box take precedence over that
setting. If you disable or do not
configure this policy setting, the Information Bar is not displayed for the
specified processes. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl!ListBox_Support_FEATURE_SECURITYBAND |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Information Bar |
All Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether the
Information Bar is displayed for processes other than the Internet Explorer processes when file or code installs are
restricted. By default, the Information Bar is not displayed for any process
when file or code installs are restricted (except for the Internet Explorer
Processes, for which the Information Bar is displayed by default). If you enable this policy setting, the
Information Bar will be displayed for all processes. If you disable or do not configure this
policy setting, the Information Bar will not be displayed for all processes
other than Internet Explorer or those listed in the Process List. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!* |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Restrict ActiveX Install |
Internet Explorer Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting enables blocking of ActiveX control
installation prompts for Internet Explorer processes. If you enable
this policy setting, prompting for ActiveX control installations will be
blocked for Internet Explorer processes.
If you disable this policy setting, prompting for ActiveX control
installations will not be blocked for Internet Explorer processes. If you do not configure this policy
setting, the user's preference will be used to determine whether to block
ActiveX control installations for Internet Explorer processes. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!(Reserved),
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!explorer.exe,
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!iexplore.exe,
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!(Reserved),
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!explorer.exe,
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!iexplore.exe |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Restrict ActiveX Install |
Process List |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting enables applications hosting the Web
Browser Control to block automatic prompting of ActiveX control installation.
If you enable this policy setting and enter a Value of 1, automatic
prompting of ActiveX control installation is blocked. If you enter a Value of
0, automatic prompting of ActiveX control installation is allowed. The Value
Name is the name of the executable. If a Value Name is empty or the Value is
not 0 or 1, the policy setting is ignored.
Do not enter the Internet Explorer processes in this list: use the related
Internet Explorer Processes policy to enable or disable IE processes. If the
All Processes policy setting is enabled, the processes configured in this box
take precedence over that setting. If
you disable or do not configure this policy setting, the security feature is
allowed. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl!ListBox_Support_FEATURE_RESTRICT_ACTIVEXINSTALL |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Restrict ActiveX Install |
All Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting enables applications hosting the Web
Browser Control to block automatic prompting of ActiveX control installation.
If you enable this policy setting, the Web Browser Control will block
automatic prompting of ActiveX control installation for all processes. If you disable or do not configure this
policy setting, the Web Browser Control will not block automatic prompting of
ActiveX control installation for all processes. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!* |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Restrict File Download |
Internet Explorer Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting enables blocking of file download prompts
that are not user initiated. If you
enable this policy setting, file download prompts
that are not user initiated will be blocked for Internet Explorer
processes. If you disable this policy
setting, prompting will occur for file downloads that are not user initiated
for Internet Explorer processes. If
you do not configure this policy setting, the user's preference determines
whether to prompt for file downloads that are not user initiated for Internet
Explorer processes. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!(Reserved),
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!explorer.exe,
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!iexplore.exe,
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!(Reserved),
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!explorer.exe,
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!iexplore.exe |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Restrict File Download |
Process List |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting enables applications hosting the Web
Browser Control to block automatic prompting of file downloads that are not user initiated. If you enable this policy setting and enter
a Value of 1, automatic prompting of non-initiated file downloads is blocked.
If you enter a Value of 0, automatic prompting of non-initiated file
downloads is allowed. The Value Name is the name of the executable. If a
Value Name is empty or the Value is not 0 or 1, the policy setting is
ignored. Do not enter the Internet
Explorer processes in this list: use the related Internet Explorer Processes
policy to enable or disable IE processes. If the All Processes policy setting
is enabled, the processes configured in this box take precedence over that
setting. If you disable or do not
configure this policy setting, the security feature is allowed. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl!ListBox_Support_FEATURE_RESTRICT_FILEDOWNLOAD |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Restrict File Download |
All Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting enables applications hosting the Web
Browser Control to block automatic prompting of file downloads that are not user initiated. If you enable this policy setting, the Web
Browser Control will block automatic prompting of file downloads that are not
user initiated for all processes. If
you disable this policy setting, the Web Browser Control will not block
automatic prompting of file downloads that are not user initiated for all
processes. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!* |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Add-on Management |
Deny all add-ons unless specifically allowed in the Add-on
List |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to ensure that any Internet
Explorer add-ons not listed in the 'Add-on List' policy setting are denied. By
default, the 'Add-on List' policy setting defines a list of add-ons to be
allowed or denied through Group Policy. However, users can still use the
Add-on Manager within Internet Explorer to manage add-ons not listed within
the 'Add-on List' policy setting. This policy setting effectively removes
this option from users - all add-ons are assumed to be denied unless they are
specifically allowed through the 'Add-on List' policy setting. If you enable this policy setting, Internet
Explorer only allows add-ins that are specifically listed (and allowed)
through the 'Add-on List' policy setting.
If you disable or do not configure this policy setting, users may use
Add-on Manager to allow or deny any add-ons that are not included in the
'Add-on List' policy setting. Note: If
an add-on is listed in the 'Add-on List' policy setting, the user cannot
change its state through Add-on Manager (unless its value has been set to
allow user management - see the 'Add-on List' policy for more details). |
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!RestrictToList |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Add-on Management |
Add-on List |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage a list of add-ons to
be allowed or denied by Internet Explorer.
This list can be used with the 'Deny all
add-ons unless specifically allowed in the Add-on List' policy setting, which
defines whether add-ons not listed here are assumed to be denied. If you enable this policy setting, you can
enter a list of add-ons to be allowed or denied by Internet Explorer. For
each entry that you add to the list, enter the following information: Name of the Value - the CLSID (class
identifier) for the add-on you wish to add to the list. The CLSID should be in brackets for
example, ‘{000000000-0000-0000-0000-0000000000000}’. The CLSID for an add-on
can be obtained by reading the OBJECT tag from a Web page on which the add-on
is referenced. Value - A number
indicating whether Internet Explorer should deny or allow the add-on to be
loaded. To specify that an add-on should be denied enter a 0 (zero) into this
field. To specify that an add-on should be allowed, enter a 1 (one) into this
field. To specify that an add-on should be allowed and also permit the user
to manage the add-on through Add-on Manager, enter a 2 (two) into this
field. If you disable this policy
setting, the list is deleted. The 'Deny all add-ons unless specifically
allowed in the Add-on List' policy setting will still determine whether
add-ons not in this list are assumed to be denied. |
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!ListBox_Support_CLSID |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Add-on Management |
Process List |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether the listed
processes respect add-on management user preferences
(as entered into Add-on Manager) or policy settings. By default, only
Internet Explorer processes use the add-on management user preferences and
policy settings. This policy setting allows you to extend support for these
user preferences and policy settings to specific processes listed in the
process list. If you enable this
policy setting and enter a Value of 1, the process entered will respect the
add-on management user preferences and policy settings. If you enter a Value
of 0, the add-on management user preferences and policy settings are ignored
by the specified process. The Value Name is the name of the executable. If a
Value Name is empty or the Value is not 0 or 1, the policy setting is
ignored. Do not enter Internet
Explorer processes in this list because these processes always respect add-on
management user preferences and policy settings. If the All Processes policy
setting is enabled, the processes configured in this policy setting take
precedence over that setting. If you
do not configure this policy, processes other than the Internet Explorer
processes will not be affected by add-on management user preferences or
policy settings (unless “All Processes” is enabled). |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl!ListBox_Support_FEATURE_ADDON_MANAGEMENT |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Add-on Management |
All Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether processes
respect add-on management user preferences (as reflected by Add-on Manager) or policy settings. By default, any process other than the
Internet Explorer processes or those listed in the 'Process List' policy
setting ignore add-on management user preferences and policy settings. If you enable this policy setting, all
processes will respect add-on management user preferences and policy
settings. If you disable or do not
configure this policy setting, all processes will not respect add-on
management user preferences or policy settings. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT!* |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Network Protocol Lockdown |
Internet Explorer Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
Windows Explorer and Internet Explorer may be configured to
prevent active content obtained through restricted protocols from running in an unsafe manner. This policy
setting controls whether restricting content obtained through restricted
protocols is prevented or allowed. If
you enable this policy setting, restricting content obtained through
restricted protocols is allowed for Windows Explorer and Internet Explorer
processes. For example, you can restrict active content from pages served
over the http and https protocols by adding the value names http and https. If you disable this policy setting,
restricting content obtained through restricted protocols is prevented for
Windows Explorer and Internet Explorer processes. If you do not configure this policy
setting, the policy setting is ignored. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!(Reserved),
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!explorer.exe,
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!iexplore.exe,
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!(Reserved),
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!explorer.exe,
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!iexplore.exe |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Network Protocol Lockdown |
Process List |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
Internet Explorer may be configured to prevent active content
obtained through restricted protocols from running in an unsafe manner. This policy setting controls whether
restricting content obtained through restricted protocols is prevented or
allowed. This policy setting allows
administrators to define applications for which they want restricting content
obtained through restricted protocols to be prevented or allowed. If you enable this policy setting and enter
a Value of 1, restricting content obtained through restricted protocols is
allowed. If you enter a Value of 0, restricting content obtained through
restricted protocols is blocked. The Value Name is the name of the
executable. If a Value Name is empty or the Value is not 0 or 1, the policy
setting is ignored. Do not enter the
Windows Explorer or Internet Explorer processes in this list: use the related
Internet Explorer Processes policy to enable or disable these processes. If
the All Processes policy setting is enabled, the processes configured in this
box take precedence over that setting.
If you disable or do not configure this policy setting, the security
feature is allowed. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl!ListBox_Support_FEATURE_PROTOCOL_LOCKDOWN |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Network Protocol Lockdown |
All Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
Internet Explorer may be configured to prevent active content
obtained through restricted protocols from running in an unsafe manner. This policy setting controls whether
restricting content obtained through restricted protocols is prevented or
allowed. If you enable this policy
setting, restricting content obtained through restricted protocols is allowed
for all processes other than Windows Explorer or Internet Explorer. If you disable this policy setting,
restricting content obtained through restricted protocols is prevented for
all processes other than Windows Explorer or Internet Explorer. If you do not configure this policy
setting, no policy is enforced for processes other than Windows Explorer and
Internet Explorer. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!* |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Network Protocol Lockdown\Restricted Protocols Per
Security Zone |
Internet Zone Restricted Protocols |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
For each zone, the Network Protocol Lockdown security
restriction may be configured to prevent active content obtained through restricted protocols from running in an
unsafe manner, either by prompting the user, or simply disabling the content.
For each zone, this list of protocols may be configured here, and applies to
all processes which have opted in to the security restriction. If you enable this policy setting for a
zone, this sets the list of protocols to be restricted if that zone is set to
Prompt or Disable for Allow active content over restricted protocols to
access my computer. If you disable or
do not configure this policy setting for a zone, no protocols are restricted
for that zone, regardless of the setting for Allow active content over
restricted protocols to access my computer.
Note. If policy for a zone is
set in both Computer Configuration and User Configuration, both lists of
protocols will be restricted for that zone. |
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\RestrictedProtocols!ListBox_Support_3 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Network Protocol Lockdown\Restricted Protocols Per
Security Zone |
Intranet Zone Restricted Protocols |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
For each zone, the Network Protocol Lockdown security
restriction may be configured to prevent active content obtained through restricted protocols from running in an
unsafe manner, either by prompting the user, or simply disabling the content.
For each zone, this list of protocols may be configured here, and applies to
all processes which have opted in to the security restriction. If you enable this policy setting for a
zone, this sets the list of protocols to be restricted if that zone is set to
Prompt or Disable for Allow active content over restricted protocols to
access my computer. If you disable or
do not configure this policy setting for a zone, no protocols are restricted
for that zone, regardless of the setting for Allow active content over
restricted protocols to access my computer.
Note. If policy for a zone is
set in both Computer Configuration and User Configuration, both lists of
protocols will be restricted for that zone. |
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\RestrictedProtocols!ListBox_Support_1 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Network Protocol Lockdown\Restricted Protocols Per
Security Zone |
Trusted Sites Zone Restricted Protocols |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
For each zone, the Network Protocol Lockdown security
restriction may be configured to prevent active content obtained through restricted protocols from running in an
unsafe manner, either by prompting the user, or simply disabling the content.
For each zone, this list of protocols may be configured here, and applies to
all processes which have opted in to the security restriction. If you enable this policy setting for a
zone, this sets the list of protocols to be restricted if that zone is set to
Prompt or Disable for Allow active content over restricted protocols to
access my computer. If you disable or
do not configure this policy setting for a zone, no protocols are restricted
for that zone, regardless of the setting for Allow active content over
restricted protocols to access my computer.
Note. If policy for a zone is
set in both Computer Configuration and User Configuration, both lists of
protocols will be restricted for that zone. |
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\RestrictedProtocols!ListBox_Support_2 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Network Protocol Lockdown\Restricted Protocols Per
Security Zone |
Restricted Sites Zone Restricted Protocols |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
For each zone, the Network Protocol Lockdown security
restriction may be configured to prevent active content obtained through restricted protocols from running in an
unsafe manner, either by prompting the user, or simply disabling the content.
For each zone, this list of protocols may be configured here, and applies to
all processes which have opted in to the security restriction. If you enable this policy setting for a
zone, this sets the list of protocols to be restricted if that zone is set to
Prompt or Disable for Allow active content over restricted protocols to
access my computer. If you disable or
do not configure this policy setting for a zone, no protocols are restricted
for that zone, regardless of the setting for Allow active content over
restricted protocols to access my computer.
Note. If policy for a zone is
set in both Computer Configuration and User Configuration, both lists of
protocols will be restricted for that zone. |
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\RestrictedProtocols!ListBox_Support_4 |
|
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Network Protocol Lockdown\Restricted Protocols Per
Security Zone |
Local Machine Zone Restricted Protocols |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
For each zone, the Network Protocol Lockdown security
restriction may be configured to prevent active content obtained through restricted protocols from running in an
unsafe manner, either by prompting the user, or simply disabling the content.
For each zone, this list of protocols may be configured here, and applies to
all processes which have opted in to the security restriction. If you enable this policy setting for a
zone, this sets the list of protocols to be restricted if that zone is set to
Prompt or Disable for Allow active content over restricted protocols to
access my computer. If you disable or
do not configure this policy setting for a zone, no protocols are restricted
for that zone, regardless of the setting for Allow active content over
restricted protocols to access my computer.
Note. If policy for a zone is
set in both Computer Configuration and User Configuration, both lists of
protocols will be restricted for that zone. |
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\RestrictedProtocols!ListBox_Support_0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|