Computer/User Node Policy Path Full Policy Name Supported on Help/Explain Text Registry Settings
USER Administrative Templates\Windows Components\Internet Explorer Search: Disable Search Customization at least Internet Explorer v5.0 Makes the Customize button in the Search Assistant appear dimmed.  The Search Assistant is a tool that appears in the Search bar to help users search the Internet.  If you enable this policy, users cannot change their Search Assistant settings, such as setting default search engines for specific tasks.  If you disable this policy or do not configure it, users can change their settings for the Search Assistant.  This policy is designed to help administrators maintain consistent settings for searching across an organization. HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoSearchCustomization
USER Administrative Templates\Windows Components\Internet Explorer Search: Disable Find Files via F3 within the browser at least Internet Explorer v5.0 Disables using the F3 key to search in Internet Explorer and Windows Explorer.  If you enable this policy, the search functionality of the F3 key is disabled. Users cannot press F3 to search the Internet (from Internet Explorer) or to search the hard disk (from Windows Explorer). If the user presses F3, a prompt appears that informs the user that this feature has been disabled.  If you disable this policy or do not configure it, users can press F3 to search the Internet (from Internet Explorer) or the hard disk (from Windows Explorer).  This policy is intended for situations in which administrators do not want users to explore the Internet or the hard disk.  This policy can be used in coordination with the File Menu: Disable Open menu option policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Browser Menus), which prevents users from opening files by using the browser. HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoFindFiles
USER Administrative Templates\Windows Components\Internet Explorer Disable external branding of Internet Explorer at least Internet Explorer v5.0 Prevents branding of Internet programs, such as customization of Internet Explorer and Outlook Express logos and title bars, by another party.  If you enable this policy, it prevents customization of the browser by another party, such as an Internet service provider or Internet content provider.  If you disable this policy or do not configure it, users could install customizations from another party-for example, when signing up for Internet services.  This policy is intended for administrators who want to maintain a consistent browser across an organization. HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoExternalBranding
USER Administrative Templates\Windows Components\Internet Explorer Disable importing and exporting of favorites at least Internet Explorer v5.0 Prevents users from exporting or importing favorite links by using the Import/Export Wizard.  If you enable this policy, the Import/Export Wizard cannot import or export favorite links or cookies, which are small text files that contain settings for Web sites.  If you disable this policy or do not configure it, users can import and export favorites in Internet Explorer by clicking the File menu, clicking Import and Export, and then running the Import/Export Wizard.  Note: If you enable this policy, users can still view screens in the wizard, but when users click Finish, a prompt will appear that states that this feature has been disabled. HKCU\Software\Policies\Microsoft\Internet Explorer!DisableImportExportFavorites
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel Disable the General page at least Internet Explorer v5.0 Removes the General tab from the interface in the Internet Options dialog box.  If you enable this policy, users are unable to see and change settings for the home page, the cache, history, Web page appearance, and accessibility.  If you disable this policy or do not configure it, users can see and change these settings.  When you set this policy, you do not need to set the following Internet Explorer policies (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\), because this policy removes the General tab from the interface:  Disable changing home page settings  Disable changing Temporary Internet files settings  Disable changing history settings  Disable changing color settings  Disable changing link color settings  Disable changing font settings  Disable changing language settings  Disable changing accessibility settings HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!GeneralTab
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel Disable the Security page at least Internet Explorer v5.0 Removes the Security tab from the interface in the Internet Options dialog box.  If you enable this policy, it prevents users from seeing and changing settings for security zones, such as scripting, downloads, and user authentication.  If you disable this policy or do not configure it, users can see and change these settings.  When you set this policy, you do not need to set the following Internet Explorer policies, because this policy removes the Security tab from the interface:  Security zones: Do not allow users to change policies  Security zones: Do not allow users to add/delete sites HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!SecurityTab
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel Disable the Content page at least Internet Explorer v5.0 Removes the Content tab from the interface in the Internet Options dialog box.  If you enable this policy, users are prevented from seeing and changing ratings, certificates, AutoComplete, Wallet, and Profile Assistant settings.  If you disable this policy or do not configure it, users can see and change these settings.  When you set this policy, you do not need to set the following policies for the Content tab, because this policy removes the Content tab from the interface:  Disable changing ratings settings  Disable changing certificate settings  Disable changing Profile Assistant settings  Disable AutoComplete for forms  Do not allow AutoComplete to save passwords HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!ContentTab
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel Disable the Connections page at least Internet Explorer v5.0 Removes the Connections tab from the interface in the Internet Options dialog box.  If you enable this policy, users are prevented from seeing and changing connection and proxy settings.  If you disable this policy or do not configure it, users can see and change these settings.  When you set this policy, you do not need to set the following policies for the Content tab, because this policy removes the Connections tab from the interface:  Disable Internet Connection Wizard  Disable changing connection settings  Disable changing proxy settings  Disable changing Automatic Configuration settings HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!ConnectionsTab
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel Disable the Programs page at least Internet Explorer v5.0 Removes the Programs tab from the interface in the Internet Options dialog box.  If you enable this policy, users are prevented from seeing and changing default settings for Internet programs.  If you disable this policy or do not configure it, users can see and change these settings.  When you set this policy, you do not need to set the following policies for the Programs tab, because this policy removes the Programs tab from the interface:  Disable changing Messaging settings  Disable changing Calendar and Contact settings  Disable the Reset Web Settings feature  Disable changing default browser check HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!ProgramsTab
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel Disable the Privacy page at least Internet Explorer v5.0 Removes the Privacy tab from the interface in the Internet Options dialog box.  If you enable this policy, users are prevented from seeing and changing default settings for privacy.  If you disable this policy or do not configure it, users can see and change these settings. HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!PrivacyTab
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel Disable the Advanced page at least Internet Explorer v5.0 Removes the Advanced tab from the interface in the Internet Options dialog box.  If you enable this policy, users are prevented from seeing and changing advanced Internet settings, such as security, multimedia, and printing.  If you disable this policy or do not configure it, users can see and change these settings.  When you set this policy, you do not need to set the Disable changing Advanced page settings policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\), because this policy removes the Advanced tab from the interface. HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!AdvancedTab
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Run .NET Framework-reliant components signed with Authenticode at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.  If you enable this policy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute signed managed components.  If you disable this policy setting, Internet Explorer will not execute signed managed components.  If you do not configure this policy setting, Internet Explorer will execute signed managed components. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2001
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Run .NET Framework-reliant components not signed with Authenticode at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.  If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.  If you disable this policy setting, Internet Explorer will not execute unsigned managed components.  If you do not configure this policy setting, Internet Explorer will execute unsigned managed components. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2004
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Download signed ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.  If you enable this policy, users can download signed controls without user intervention. If you select Prompt in the drop-down box, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded.  If you disable the policy setting, signed controls cannot be downloaded.  If you do not configure this policy setting, users are queried whether to download controls signed by publishers who aren't trusted.  Code signed by trusted publishers is silently downloaded. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1001
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Download unsigned ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an untrusted zone.  If you enable this policy setting, users can run unsigned controls without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to allow the unsigned control to run.  If you disable this policy setting, users cannot run unsigned controls.  If you do not configure this policy setting, users cannot run unsigned controls. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1004
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Initialize and script ActiveX controls not marked as safe at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage ActiveX controls not marked as safe.  If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.  If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.  If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.  If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1201
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Run ActiveX controls and plugins at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.  If you enable this policy setting, controls and plug-ins can run without user intervention.  If you selected Prompt in the drop-down box, users are asked to choose whether to allow the controls or plug-in to run.  If you disable this policy setting, controls and plug-ins are prevented from running.  If you do not configure this policy setting, controls and plug-ins can run without user intervention. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1200
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Script ActiveX controls marked safe for scripting at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.  If you enable this policy setting, script interaction can occur automatically without user intervention.  If you select Prompt in the drop-down box, users are queried to choose whether to allow script interaction.  If you disable this policy setting, script interaction is prevented from occurring.  If you do not configure this policy setting, script interaction can occur automatically without user intervention. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1405
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Allow file downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download, not the zone from which the file is delivered.  If you enable this policy setting, files can be downloaded from the zone.  If you disable this policy setting, files are prevented from being downloaded from the zone.   If you do not configure this policy setting, files can be downloaded from the zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1803
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Allow font downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether pages of the zone may download HTML fonts.  If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.  If you disable this policy setting, HTML fonts are prevented from downloading.  If you do not configure this policy setting, HTML fonts can be downloaded automatically. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1604
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Java permissions at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage permissions for Java applets.  If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually.  Low Safety enables applets to perform all operations.  Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.   High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.  If you disable this policy setting, Java applets cannot run.  If you do not configure this policy setting, the permission is set to High Safety. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1C00
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Access data sources across domains at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).  If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.  If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.  If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1406
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Allow active content over restricted protocols to access my computer at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script, ActiveX, Java and Binary Behaviors. The list of restricted protocols may be set in the Intranet Zone Restricted Protocols section under Network Protocol Lockdown policy.  If you enable this policy setting, no Intranet Zone content accessed is affected, even for protocols on the restricted list. If you select Prompt from the drop-down box, the Information Bar will appear to allow control over questionable content accessed over any restricted protocols; content over other protocols is unaffected.  If you disable this policy setting, all attempts to access such content over the restricted protocols is blocked.  If you do not configure this policy setting, the Information Bar will appear to allow control over questionable content accessed over any restricted protocols when the Network Protocol Lockdown security feature is enabled. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2300
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Automatic prompting for file downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.  If you enable this setting, users will receive a file download dialog for automatic download attempts.  If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Information Bar instead of the file download dialog. Users can then click the Information Bar to allow the file download prompt. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2200
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Automatic prompting for ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting manages whether users will be automatically prompted for ActiveX control installations.  If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.  If you disable this policy setting, ActiveX control installations will be blocked using the Information Bar. Users can click on the Information Bar to allow the ActiveX control prompt.  If you do not configure this policy setting, ActiveX control installations will be blocked using the Information Bar. Users can click on the Information Bar to allow the ActiveX control prompt. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2201
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Allow META REFRESH at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.   If you enable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to another Web page.  If you disable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page.  If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to another Web page. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1608
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Allow script-initiated windows without size or position constraints at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.  If you enable this policy setting, Windows Restrictions security will not apply in this zone. The security zone runs without the added layer of security provided by this feature.  If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process.  If you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2102
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Allow binary and script behaviors at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.  If you enable this policy setting, binary and script behaviors are available. If you select Administrator approved in the drop-down box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available.  If you disable this policy setting, binary and script behaviors are not available unless applications have implemented a custom security manager.  If you do not configure this policy setting, binary and script behaviors are available. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2000
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Display mixed content at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.  If you enable this policy setting, and the drop-down box is set to Enable, the user does not receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure items?) and nonsecure content can be displayed.  If the drop-down box is set to Prompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content.  If you disable this policy setting, users cannot receive the security information message and nonsecure content cannot be displayed.  If you do not configure this policy setting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1609
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Do not prompt for client certificate selection when no certificates or only one certificate exists. at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.  If you enable this policy setting, Internet Explorer does not prompt users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate.  If you disable this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate.  If you do not configure this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1A04
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Allow drag and drop or copy and paste files at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.  If you enable this policy setting, users can drag files or copy and paste files from this zone automatically. If you select Prompt in the drop-down box, users are queried to choose whether to drag or copy files from this zone.  If you disable this policy setting, users are prevented from dragging files or copying and pasting files from this zone.  If you do not configure this policy setting, users can drag files or copy and paste files from this zone automatically. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1802
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Allow installation of desktop items at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting, users can install desktop items from this zone automatically.  If you select Prompt in the drop-down box, users are queried to choose whether to install desktop items from this zone.  If you disable this policy setting, users are prevented from installing desktop items from this zone.   If you do not configure this policy setting, users are queried to choose whether to install desktop items from this zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1800
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Launching applications and files in an IFRAME at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.   If you enable this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone.  If you disable this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in this zone.  If you do not configure this policy setting, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1804
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Navigate sub-frames across different domains at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage the opening of sub-frames and access of applications across different domains.  If you enable this policy setting, users can open sub-frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow sub-frames or access to applications from other domains.  If you disable this policy setting, users cannot open sub-frames or access applications from different domains.  If you do not configure this policy setting, users can open sub-frames from other domains and access applications from other domains. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1607
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Open files based on content, not file extension at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.  If you enable this policy setting, the MIME Sniffing Safety Feature will not apply in this zone. The security zone will run without the added layer of security provided by this feature.  If you disable this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the feature control setting for the process.  If you do not configure this policy setting, the MIME Sniffing Safety Feature will not apply in this zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2100
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Software channel permissions at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage software channel permissions.  If you enable this policy setting, you can choose the following options from the drop-down box.  Low safety to allow users to be notified of software updates by e-mail, software packages to be automatically downloaded to users' computers, and software packages to be automatically installed on users' computers.  Medium safety to allow users to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' computers.  High safety to prevent users from being notified of software updates by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automatically installed on users' computers.  If you disable this policy setting, permissions are set to high safety.  If you do not configure this policy setting, permissions are set to Medium safety. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1E05
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Submit non-encrypted form data at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.  If you enable this policy setting, information using HTML forms on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow information using HTML forms on pages in this zone to be submitted.  If you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted.  If you do not configure this policy setting, users are queried to choose whether to allow information using HTML forms on pages in this zone to be submitted. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1601
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Use Pop-up Blocker at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.  If you enable this policy setting, most unwanted pop-up windows are prevented from appearing.  If you disable this policy setting, pop-up windows are not prevented from appearing.  If you do not configure this policy setting, most unwanted pop-up windows are prevented from appearing. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1809
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Userdata persistence at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.  If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.  If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.  If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1606
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Web sites in less privileged Web content zones can navigate into this zone at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether Web sites from less privileged zones, such as Restricted Sites, can navigate into this zone.  If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone.  The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.  If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.  If you do not configure this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2101
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Allow active scripting at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether script code on pages in the zone is run.  If you enable this policy setting, script code on pages in the zone can run automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow script code on pages in the zone to run.  If you disable this policy setting, script code on pages in the zone is prevented from running.  If you do not configure this policy setting, script code on pages in the zone can run automatically. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1400
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Allow paste operations via script at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste) in a specified region.  If you enable this policy setting, a script can perform a clipboard operation.  If you select Prompt in the drop-down box, users are queried as to whether to perform clipboard operations.  If you disable this policy setting, a script cannot perform a clipboard operation.  If you do not configure this policy setting, a script can perform a clipboard operation. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1407
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Scripting of Java applets at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether applets are exposed to scripts within the zone.  If you enable this policy setting, scripts can access applets automatically without user intervention.  If you select Prompt in the drop-down box, users are queried to choose whether to allow scripts to access applets.  If you disable this policy setting, scripts are prevented from accessing applets.  If you do not configure this policy setting, scripts can access applets automatically without user intervention. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1402
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Logon options at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage settings for logon options.  If you enable this policy setting, you can choose from the following logon options.  Anonymous logon to disable HTTP authentication and use the guest account only for the Common Internet File System (CIFS) protocol.  Prompt for user name and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder of the session.  Automatic logon only in Intranet zone to query users for user IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session.  Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not supported by the server, the user is queried to provide the user name and password.  If you disable this policy setting, logon is set to Automatic logon only in Intranet zone.  If you do not configure this policy setting, logon is set to Automatic logon only in Intranet zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1A00
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone Run .NET Framework-reliant components signed with Authenticode at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.  If you enable this policy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute signed managed components.  If you disable this policy setting, Internet Explorer will not execute signed managed components.  If you do not configure this policy setting, Internet Explorer will not execute signed managed components. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2001
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone Run .NET Framework-reliant components not signed with Authenticode at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.  If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.  If you disable this policy setting, Internet Explorer will not execute unsigned managed components.  If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2004
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone Download signed ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.  If you enable this policy, users can download signed controls without user intervention. If you select Prompt in the drop-down box, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded.  If you disable the policy setting, signed controls cannot be downloaded.  If you do not configure this policy setting, users are queried whether to download controls signed by publishers who aren't trusted.  Code signed by trusted publishers is silently downloaded. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1001
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone Download unsigned ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an untrusted zone.  If you enable this policy setting, users can run unsigned controls without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to allow the unsigned control to run.  If you disable this policy setting, users cannot run unsigned controls.  If you do not configure this policy setting, users cannot run unsigned controls. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1004
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone Initialize and script ActiveX controls not marked as safe at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage ActiveX controls not marked as safe.  If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.  If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.  If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.  If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1201
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone Run ActiveX controls and plugins at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.  If you enable this policy setting, controls and plug-ins can run without user intervention.  If you selected Prompt in the drop-down box, users are asked to choose whether to allow the controls or plug-in to run.  If you disable this policy setting, controls and plug-ins are prevented from running.  If you do not configure this policy setting, controls and plug-ins are prevented from running. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1200
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone Script ActiveX controls marked safe for scripting at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.  If you enable this policy setting, script interaction can occur automatically without user intervention.  If you select Prompt in the drop-down box, users are queried to choose whether to allow script interaction.  If you disable this policy setting, script interaction is prevented from occurring.  If you do not configure this policy setting, script interaction can occur automatically without user intervention. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1405
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone Allow file downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download, not the zone from which the file is delivered.  If you enable this policy setting, files can be downloaded from the zone.  If you disable this policy setting, files are prevented from being downloaded from the zone.   If you do not configure this policy setting, files can be downloaded from the zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1803
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone Allow font downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether pages of the zone may download HTML fonts.  If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.  If you disable this policy setting, HTML fonts are prevented from downloading.  If you do not configure this policy setting, HTML fonts can be downloaded automatically. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1604
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone Java permissions at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage permissions for Java applets.  If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually.  Low Safety enables applets to perform all operations.  Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.   High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.  If you disable this policy setting, Java applets cannot run.  If you do not configure this policy setting, Java applets are disabled. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1C00
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone Access data sources across domains at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).  If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.  If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.  If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1406
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone Automatic prompting for file downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.  If you enable this setting, users will receive a file download dialog for automatic download attempts.  If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Information Bar instead of the file download dialog. Users can then click the Information Bar to allow the file download prompt. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2200
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone Automatic prompting for ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting manages whether users will be automatically prompted for ActiveX control installations.  If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.  If you disable this policy setting, ActiveX control installations will be blocked using the Information Bar. Users can click on the Information Bar to allow the ActiveX control prompt.  If you do not configure this policy setting, ActiveX control installations will be blocked using the Information Bar. Users can click on the Information Bar to allow the ActiveX control prompt. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2201
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone Allow META REFRESH at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.   If you enable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to another Web page.  If you disable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page.  If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to another Web page. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1608
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone Allow script-initiated windows without size or position constraints at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.  If you enable this policy setting, Windows Restrictions security will not apply in this zone. The security zone runs without the added layer of security provided by this feature.  If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process.  If you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2102
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone Allow binary and script behaviors at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.  If you enable this policy setting, binary and script behaviors are available. If you select Administrator approved in the drop-down box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available.  If you disable this policy setting, binary and script behaviors are not available unless applications have implemented a custom security manager.  If you do not configure this policy setting, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2000
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone Display mixed content at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.  If you enable this policy setting, and the drop-down box is set to Enable, the user does not receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure items?) and nonsecure content can be displayed.  If the drop-down box is set to Prompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content.  If you disable this policy setting, users cannot receive the security information message and nonsecure content cannot be displayed.  If you do not configure this policy setting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1609
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone Do not prompt for client certificate selection when no certificates or only one certificate exists. at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.  If you enable this policy setting, Internet Explorer does not prompt users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate.  If you disable this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate.  If you do not configure this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1A04
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone Allow drag and drop or copy and paste files at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.  If you enable this policy setting, users can drag files or copy and paste files from this zone automatically. If you select Prompt in the drop-down box, users are queried to choose whether to drag or copy files from this zone.  If you disable this policy setting, users are prevented from dragging files or copying and pasting files from this zone.  If you do not configure this policy setting, users can drag files or copy and paste files from this zone automatically. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1802
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone Allow installation of desktop items at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting, users can install desktop items from this zone automatically.  If you select Prompt in the drop-down box, users are queried to choose whether to install desktop items from this zone.  If you disable this policy setting, users are prevented from installing desktop items from this zone.   If you do not configure this policy setting, users are queried to choose whether to install desktop items from this zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1800
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone Launching applications and files in an IFRAME at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.   If you enable this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone.  If you disable this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in this zone.  If you do not configure this policy setting, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1804
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone Navigate sub-frames across different domains at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage the opening of sub-frames and access of applications across different domains.  If you enable this policy setting, users can open sub-frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow sub-frames or access to applications from other domains.  If you disable this policy setting, users cannot open sub-frames or access applications from different domains.  If you do not configure this policy setting, users can open sub-frames from other domains and access applications from other domains. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1607
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone Open files based on content, not file extension at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.  If you enable this policy setting, the MIME Sniffing Safety Feature will not apply in this zone. The security zone will run without the added layer of security provided by this feature.  If you disable this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the feature control setting for the process.  If you do not configure this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the feature control setting for the process. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2100
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone Software channel permissions at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage software channel permissions.  If you enable this policy setting, you can choose the following options from the drop-down box.  Low safety to allow users to be notified of software updates by e-mail, software packages to be automatically downloaded to users' computers, and software packages to be automatically installed on users' computers.  Medium safety to allow users to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' computers.  High safety to prevent users from being notified of software updates by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automatically installed on users' computers.  If you disable this policy setting, permissions are set to high safety.  If you do not configure this policy setting, permissions are set to Low safety. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1E05
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone Submit non-encrypted form data at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.  If you enable this policy setting, information using HTML forms on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow information using HTML forms on pages in this zone to be submitted.  If you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted.  If you do not configure this policy setting, users are queried to choose whether to allow information using HTML forms on pages in this zone to be submitted. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1601
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone Use Pop-up Blocker at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.  If you enable this policy setting, most unwanted pop-up windows are prevented from appearing.  If you disable this policy setting, pop-up windows are not prevented from appearing.  If you do not configure this policy setting, most unwanted pop-up windows are prevented from appearing. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1809
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone Userdata persistence at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.  If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.  If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.  If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1606
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone Web sites in less privileged Web content zones can navigate into this zone at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.  If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.  If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.  If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2101
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone Allow active scripting at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether script code on pages in the zone is run.  If you enable this policy setting, script code on pages in the zone can run automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow script code on pages in the zone to run.  If you disable this policy setting, script code on pages in the zone is prevented from running.  If you do not configure this policy setting, users are queried to choose whether to allow script code on pages in the Local Machine zone to run. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1400
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone Allow paste operations via script at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste) in a specified region.  If you enable this policy setting, a script can perform a clipboard operation.  If you select Prompt in the drop-down box, users are queried as to whether to perform clipboard operations.  If you disable this policy setting, a script cannot perform a clipboard operation.  If you do not configure this policy setting, a script can perform a clipboard operation. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1407
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone Scripting of Java applets at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether applets are exposed to scripts within the zone.  If you enable this policy setting, scripts can access applets automatically without user intervention.  If you select Prompt in the drop-down box, users are queried to choose whether to allow scripts to access applets.  If you disable this policy setting, scripts are prevented from accessing applets.  If you do not configure this policy setting, scripts can access applets automatically without user intervention. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1402
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone Logon options at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage settings for logon options.  If you enable this policy setting, you can choose from the following logon options.  Anonymous logon to disable HTTP authentication and use the guest account only for the Common Internet File System (CIFS) protocol.  Prompt for user name and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder of the session.  Automatic logon only in Intranet zone to query users for user IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session.  Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not supported by the server, the user is queried to provide the user name and password.  If you disable this policy setting, logon is set to Automatic logon only in Intranet zone.  If you do not configure this policy setting, logon is set to Automatic logon only in Intranet zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1A00
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Run .NET Framework-reliant components signed with Authenticode at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.  If you enable this policy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute signed managed components.  If you disable this policy setting, Internet Explorer will not execute signed managed components.  If you do not configure this policy setting, Internet Explorer will execute signed managed components. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2001
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Run .NET Framework-reliant components not signed with Authenticode at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.  If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.  If you disable this policy setting, Internet Explorer will not execute unsigned managed components.  If you do not configure this policy setting, Internet Explorer will execute unsigned managed components. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2004
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Download signed ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.  If you enable this policy, users can download signed controls without user intervention. If you select Prompt in the drop-down box, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded.  If you disable the policy setting, signed controls cannot be downloaded.  If you do not configure this policy setting, users are queried whether to download controls signed by publishers who aren't trusted.  Code signed by trusted publishers is silently downloaded. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1001
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Download unsigned ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an untrusted zone.  If you enable this policy setting, users can run unsigned controls without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to allow the unsigned control to run.  If you disable this policy setting, users cannot run unsigned controls.  If you do not configure this policy setting, users cannot run unsigned controls. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1004
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Initialize and script ActiveX controls not marked as safe at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage ActiveX controls not marked as safe.  If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.  If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.  If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.  If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1201
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Run ActiveX controls and plugins at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.  If you enable this policy setting, controls and plug-ins can run without user intervention.  If you selected Prompt in the drop-down box, users are asked to choose whether to allow the controls or plug-in to run.  If you disable this policy setting, controls and plug-ins are prevented from running.  If you do not configure this policy setting, controls and plug-ins can run without user intervention. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1200
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Script ActiveX controls marked safe for scripting at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.  If you enable this policy setting, script interaction can occur automatically without user intervention.  If you select Prompt in the drop-down box, users are queried to choose whether to allow script interaction.  If you disable this policy setting, script interaction is prevented from occurring.  If you do not configure this policy setting, script interaction can occur automatically without user intervention. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1405
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Allow file downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download, not the zone from which the file is delivered.  If you enable this policy setting, files can be downloaded from the zone.  If you disable this policy setting, files are prevented from being downloaded from the zone.   If you do not configure this policy setting, files can be downloaded from the zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1803
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Allow font downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether pages of the zone may download HTML fonts.  If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.  If you disable this policy setting, HTML fonts are prevented from downloading.  If you do not configure this policy setting, HTML fonts can be downloaded automatically. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1604
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Java permissions at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage permissions for Java applets.  If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually.  Low Safety enables applets to perform all operations.  Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.  High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.  If you disable this policy setting, Java applets cannot run.  If you do not configure this policy setting, the permission is set to Medium Safety. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1C00
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Access data sources across domains at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).  If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.  If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.  If you do not configure this policy setting, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1406
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Allow active content over restricted protocols to access my computer at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script, ActiveX, Java and Binary Behaviors. The list of restricted protocols may be set in the Intranet Zone Restricted Protocols section under Network Protocol Lockdown policy.  If you enable this policy setting, no Intranet Zone content accessed is affected, even for protocols on the restricted list. If you select Prompt from the drop-down box, the Information Bar will appear to allow control over questionable content accessed over any restricted protocols; content over other protocols is unaffected.  If you disable this policy setting, all attempts to access such content over the restricted protocols is blocked.  If you do not configure this policy setting, the Information Bar will appear to allow control over questionable content accessed over any restricted protocols when the Network Protocol Lockdown security feature is enabled. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2300
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Automatic prompting for file downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.  If you enable this setting, users will receive a file download dialog for automatic download attempts.  If you disable or do not configure this setting, users will receive a file download dialog for automatic download attempts. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2200
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Automatic prompting for ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting manages whether users will be automatically prompted for ActiveX control installations.  If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.  If you disable this policy setting, ActiveX control installations will be blocked using the Information Bar. Users can click on the Information Bar to allow the ActiveX control prompt.  If you do not configure this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2201
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Allow META REFRESH at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.   If you enable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to another Web page.  If you disable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page.  If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to another Web page. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1608
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Allow script-initiated windows without size or position constraints at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.  If you enable this policy setting, Windows Restrictions security will not apply in this zone. The security zone runs without the added layer of security provided by this feature.  If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process.  If you do not configure this policy setting, Windows Restrictions security will not apply in this zone. The security zone runs without the added layer of security provided by this feature. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2102
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Allow binary and script behaviors at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.  If you enable this policy setting, binary and script behaviors are available. If you select Administrator approved in the drop-down box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available.  If you disable this policy setting, binary and script behaviors are not available unless applications have implemented a custom security manager.  If you do not configure this policy setting, binary and script behaviors are available. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2000
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Display mixed content at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.  If you enable this policy setting, and the drop-down box is set to Enable, the user does not receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure items?) and nonsecure content can be displayed.  If the drop-down box is set to Prompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content.  If you disable this policy setting, users cannot receive the security information message and nonsecure content cannot be displayed.  If you do not configure this policy setting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1609
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Do not prompt for client certificate selection when no certificates or only one certificate exists. at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.  If you enable this policy setting, Internet Explorer does not prompt users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate.  If you disable this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate.  If you do not configure this policy setting, Internet Explorer does not prompt users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1A04
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Allow drag and drop or copy and paste files at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.  If you enable this policy setting, users can drag files or copy and paste files from this zone automatically. If you select Prompt in the drop-down box, users are queried to choose whether to drag or copy files from this zone.  If you disable this policy setting, users are prevented from dragging files or copying and pasting files from this zone.  If you do not configure this policy setting, users can drag files or copy and paste files from this zone automatically. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1802
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Allow installation of desktop items at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting, users can install desktop items from this zone automatically.  If you select Prompt in the drop-down box, users are queried to choose whether to install desktop items from this zone.  If you disable this policy setting, users are prevented from installing desktop items from this zone.   If you do not configure this policy setting, users are queried to choose whether to install desktop items from this zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1800
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Launching applications and files in an IFRAME at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.   If you enable this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone.  If you disable this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in this zone.  If you do not configure this policy setting, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1804
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Navigate sub-frames across different domains at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage the opening of sub-frames and access of applications across different domains.  If you enable this policy setting, users can open sub-frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow sub-frames or access to applications from other domains.  If you disable this policy setting, users cannot open sub-frames or access applications from different domains.  If you do not configure this policy setting, users can open sub-frames from other domains and access applications from other domains. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1607
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Open files based on content, not file extension at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.  If you enable this policy setting, the MIME Sniffing Safety Feature will not apply in this zone. The security zone will run without the added layer of security provided by this feature.  If you disable this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the feature control setting for the process.  If you do not configure this policy setting, the MIME Sniffing Safety Feature will not apply in this zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2100
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Software channel permissions at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage software channel permissions.  If you enable this policy setting, you can choose the following options from the drop-down box.  Low safety to allow users to be notified of software updates by e-mail, software packages to be automatically downloaded to users' computers, and software packages to be automatically installed on users' computers.  Medium safety to allow users to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' computers.  High safety to prevent users from being notified of software updates by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automatically installed on users' computers.  If you disable this policy setting, permissions are set to high safety.  If you do not configure this policy setting, permissions are set to Medium safety. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1E05
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Submit non-encrypted form data at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.  If you enable this policy setting, information using HTML forms on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow information using HTML forms on pages in this zone to be submitted.  If you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted.  If you do not configure this policy setting, information using HTML forms on pages in this zone can be submitted automatically. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1601
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Use Pop-up Blocker at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.  If you enable this policy setting, most unwanted pop-up windows are prevented from appearing.  If you disable this policy setting, pop-up windows are not prevented from appearing.  If you do not configure this policy setting, pop-up windows are not prevented from appearing. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1809
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Userdata persistence at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.  If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.  If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.  If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1606
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Web sites in less privileged Web content zones can navigate into this zone at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether Web sites from less privileged zones, such as Restricted Sites, can navigate into this zone.  If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone.  The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.  If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.  If you do not configure this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2101
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Allow active scripting at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether script code on pages in the zone is run.  If you enable this policy setting, script code on pages in the zone can run automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow script code on pages in the zone to run.  If you disable this policy setting, script code on pages in the zone is prevented from running.  If you do not configure this policy setting, script code on pages in the zone can run automatically. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1400
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Allow paste operations via script at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste) in a specified region.  If you enable this policy setting, a script can perform a clipboard operation.  If you select Prompt in the drop-down box, users are queried as to whether to perform clipboard operations.  If you disable this policy setting, a script cannot perform a clipboard operation.  If you do not configure this policy setting, a script can perform a clipboard operation. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1407
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Scripting of Java applets at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether applets are exposed to scripts within the zone.  If you enable this policy setting, scripts can access applets automatically without user intervention.  If you select Prompt in the drop-down box, users are queried to choose whether to allow scripts to access applets.  If you disable this policy setting, scripts are prevented from accessing applets.  If you do not configure this policy setting, scripts can access applets automatically without user intervention. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1402
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Logon options at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage settings for logon options.  If you enable this policy setting, you can choose from the following logon options.  Anonymous logon to disable HTTP authentication and use the guest account only for the Common Internet File System (CIFS) protocol.  Prompt for user name and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder of the session.  Automatic logon only in Intranet zone to query users for user IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session.  Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not supported by the server, the user is queried to provide the user name and password.  If you disable this policy setting, logon is set to Automatic logon only in Intranet zone.  If you do not configure this policy setting, logon is set to Automatic logon only in Intranet zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1A00
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone Run .NET Framework-reliant components signed with Authenticode at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.  If you enable this policy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute signed managed components.  If you disable this policy setting, Internet Explorer will not execute signed managed components.  If you do not configure this policy setting, Internet Explorer will not execute signed managed components. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2001
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone Run .NET Framework-reliant components not signed with Authenticode at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.  If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.  If you disable this policy setting, Internet Explorer will not execute unsigned managed components.  If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2004
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone Download signed ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.  If you enable this policy, users can download signed controls without user intervention. If you select Prompt in the drop-down box, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded.  If you disable the policy setting, signed controls cannot be downloaded.  If you do not configure this policy setting, users are queried whether to download controls signed by publishers who aren't trusted.  Code signed by trusted publishers is silently downloaded. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1001
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone Download unsigned ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an untrusted zone.  If you enable this policy setting, users can run unsigned controls without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to allow the unsigned control to run.  If you disable this policy setting, users cannot run unsigned controls.  If you do not configure this policy setting, users cannot run unsigned controls. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1004
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone Initialize and script ActiveX controls not marked as safe at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage ActiveX controls not marked as safe.  If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.  If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.  If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.  If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1201
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone Run ActiveX controls and plugins at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.  If you enable this policy setting, controls and plug-ins can run without user intervention.  If you selected Prompt in the drop-down box, users are asked to choose whether to allow the controls or plug-in to run.  If you disable this policy setting, controls and plug-ins are prevented from running.  If you do not configure this policy setting, controls and plug-ins are prevented from running. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1200
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone Script ActiveX controls marked safe for scripting at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.  If you enable this policy setting, script interaction can occur automatically without user intervention.  If you select Prompt in the drop-down box, users are queried to choose whether to allow script interaction.  If you disable this policy setting, script interaction is prevented from occurring.  If you do not configure this policy setting, script interaction can occur automatically without user intervention. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1405
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone Allow file downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download, not the zone from which the file is delivered.  If you enable this policy setting, files can be downloaded from the zone.  If you disable this policy setting, files are prevented from being downloaded from the zone.   If you do not configure this policy setting, files can be downloaded from the zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1803
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone Allow font downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether pages of the zone may download HTML fonts.  If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.  If you disable this policy setting, HTML fonts are prevented from downloading.  If you do not configure this policy setting, HTML fonts can be downloaded automatically. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1604
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone Java permissions at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage permissions for Java applets.  If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually.  Low Safety enables applets to perform all operations.  Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.   High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.  If you disable this policy setting, Java applets cannot run.  If you do not configure this policy setting, Java applets are disabled. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1C00
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone Access data sources across domains at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).  If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.  If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.  If you do not configure this policy setting, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1406
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone Automatic prompting for file downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.  If you enable this setting, users will receive a file download dialog for automatic download attempts.  If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Information Bar instead of the file download dialog. Users can then click the Information Bar to allow the file download prompt. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2200
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone Automatic prompting for ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting manages whether users will be automatically prompted for ActiveX control installations.  If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.  If you disable this policy setting, ActiveX control installations will be blocked using the Information Bar. Users can click on the Information Bar to allow the ActiveX control prompt.  If you do not configure this policy setting, ActiveX control installations will be blocked using the Information Bar. Users can click on the Information Bar to allow the ActiveX control prompt. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2201
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone Allow META REFRESH at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.   If you enable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to another Web page.  If you disable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page.  If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to another Web page. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1608
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone Allow script-initiated windows without size or position constraints at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.  If you enable this policy setting, Windows Restrictions security will not apply in this zone. The security zone runs without the added layer of security provided by this feature.  If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process.  If you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2102
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone Allow binary and script behaviors at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.  If you enable this policy setting, binary and script behaviors are available. If you select Administrator approved in the drop-down box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available.  If you disable this policy setting, binary and script behaviors are not available unless applications have implemented a custom security manager.  If you do not configure this policy setting, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2000
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone Display mixed content at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.  If you enable this policy setting, and the drop-down box is set to Enable, the user does not receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure items?) and nonsecure content can be displayed.  If the drop-down box is set to Prompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content.  If you disable this policy setting, users cannot receive the security information message and nonsecure content cannot be displayed.  If you do not configure this policy setting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1609
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone Do not prompt for client certificate selection when no certificates or only one certificate exists. at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.  If you enable this policy setting, Internet Explorer does not prompt users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate.  If you disable this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate.  If you do not configure this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1A04
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone Allow drag and drop or copy and paste files at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.  If you enable this policy setting, users can drag files or copy and paste files from this zone automatically. If you select Prompt in the drop-down box, users are queried to choose whether to drag or copy files from this zone.  If you disable this policy setting, users are prevented from dragging files or copying and pasting files from this zone.  If you do not configure this policy setting, users can drag files or copy and paste files from this zone automatically. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1802
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone Allow installation of desktop items at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting, users can install desktop items from this zone automatically.  If you select Prompt in the drop-down box, users are queried to choose whether to install desktop items from this zone.  If you disable this policy setting, users are prevented from installing desktop items from this zone.   If you do not configure this policy setting, users are queried to choose whether to install desktop items from this zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1800
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone Launching applications and files in an IFRAME at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.   If you enable this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone.  If you disable this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in this zone.  If you do not configure this policy setting, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1804
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone Navigate sub-frames across different domains at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage the opening of sub-frames and access of applications across different domains.  If you enable this policy setting, users can open sub-frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow sub-frames or access to applications from other domains.  If you disable this policy setting, users cannot open sub-frames or access applications from different domains.  If you do not configure this policy setting, users can open sub-frames from other domains and access applications from other domains. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1607
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone Open files based on content, not file extension at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.  If you enable this policy setting, the MIME Sniffing Safety Feature will not apply in this zone. The security zone will run without the added layer of security provided by this feature.  If you disable this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the feature control setting for the process.  If you do not configure this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the feature control setting for the process. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2100
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone Software channel permissions at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage software channel permissions.  If you enable this policy setting, you can choose the following options from the drop-down box.  Low safety to allow users to be notified of software updates by e-mail, software packages to be automatically downloaded to users' computers, and software packages to be automatically installed on users' computers.  Medium safety to allow users to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' computers.  High safety to prevent users from being notified of software updates by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automatically installed on users' computers.  If you disable this policy setting, permissions are set to high safety.  If you do not configure this policy setting, permissions are set to Low safety. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1E05
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone Submit non-encrypted form data at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.  If you enable this policy setting, information using HTML forms on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow information using HTML forms on pages in this zone to be submitted.  If you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted.  If you do not configure this policy setting, information using HTML forms on pages in this zone can be submitted automatically. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1601
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone Use Pop-up Blocker at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.  If you enable this policy setting, most unwanted pop-up windows are prevented from appearing.  If you disable this policy setting, pop-up windows are not prevented from appearing.  If you do not configure this policy setting, pop-up windows are not prevented from appearing. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1809
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone Userdata persistence at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.  If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.  If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.  If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1606
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone Web sites in less privileged Web content zones can navigate into this zone at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.  If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.  If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.  If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2101
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone Allow active scripting at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether script code on pages in the zone is run.  If you enable this policy setting, script code on pages in the zone can run automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow script code on pages in the zone to run.  If you disable this policy setting, script code on pages in the zone is prevented from running.  If you do not configure this policy setting, users are queried to choose whether to allow script code on pages in the Local Machine zone to run. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1400
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone Allow paste operations via script at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste) in a specified region.  If you enable this policy setting, a script can perform a clipboard operation.  If you select Prompt in the drop-down box, users are queried as to whether to perform clipboard operations.  If you disable this policy setting, a script cannot perform a clipboard operation.  If you do not configure this policy setting, a script can perform a clipboard operation. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1407
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone Scripting of Java applets at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether applets are exposed to scripts within the zone.  If you enable this policy setting, scripts can access applets automatically without user intervention.  If you select Prompt in the drop-down box, users are queried to choose whether to allow scripts to access applets.  If you disable this policy setting, scripts are prevented from accessing applets.  If you do not configure this policy setting, scripts can access applets automatically without user intervention. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1402
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone Logon options at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage settings for logon options.  If you enable this policy setting, you can choose from the following logon options.  Anonymous logon to disable HTTP authentication and use the guest account only for the Common Internet File System (CIFS) protocol.  Prompt for user name and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder of the session.  Automatic logon only in Intranet zone to query users for user IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session.  Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not supported by the server, the user is queried to provide the user name and password.  If you disable this policy setting, logon is set to Automatic logon only in Intranet zone.  If you do not configure this policy setting, logon is set to Automatic logon only in Intranet zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1A00
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Run .NET Framework-reliant components signed with Authenticode at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.  If you enable this policy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute signed managed components.  If you disable this policy setting, Internet Explorer will not execute signed managed components.  If you do not configure this policy setting, Internet Explorer will execute signed managed components. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2001
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Run .NET Framework-reliant components not signed with Authenticode at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.  If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.  If you disable this policy setting, Internet Explorer will not execute unsigned managed components.  If you do not configure this policy setting, Internet Explorer will execute unsigned managed components. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2004
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Download signed ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.  If you enable this policy, users can download signed controls without user intervention. If you select Prompt in the drop-down box, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded.  If you disable the policy setting, signed controls cannot be downloaded.  If you do not configure this policy setting, users can download signed controls without user intervention. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1001
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Download unsigned ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an untrusted zone.  If you enable this policy setting, users can run unsigned controls without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to allow the unsigned control to run.  If you disable this policy setting, users cannot run unsigned controls.  If you do not configure this policy setting, users are queried to choose whether to allow the unsigned control to run. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1004
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Initialize and script ActiveX controls not marked as safe at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage ActiveX controls not marked as safe.  If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.  If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.  If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.  If you do not configure this policy setting, users are queried whether to allow the control to be loaded with parameters or scripted. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1201
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Run ActiveX controls and plugins at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.  If you enable this policy setting, controls and plug-ins can run without user intervention.  If you selected Prompt in the drop-down box, users are asked to choose whether to allow the controls or plug-in to run.  If you disable this policy setting, controls and plug-ins are prevented from running.  If you do not configure this policy setting, controls and plug-ins can run without user intervention. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1200
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Script ActiveX controls marked safe for scripting at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.  If you enable this policy setting, script interaction can occur automatically without user intervention.  If you select Prompt in the drop-down box, users are queried to choose whether to allow script interaction.  If you disable this policy setting, script interaction is prevented from occurring.  If you do not configure this policy setting, script interaction can occur automatically without user intervention. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1405
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Allow file downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download, not the zone from which the file is delivered.  If you enable this policy setting, files can be downloaded from the zone.  If you disable this policy setting, files are prevented from being downloaded from the zone.   If you do not configure this policy setting, files can be downloaded from the zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1803
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Allow font downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether pages of the zone may download HTML fonts.  If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.  If you disable this policy setting, HTML fonts are prevented from downloading.  If you do not configure this policy setting, HTML fonts can be downloaded automatically. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1604
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Java permissions at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage permissions for Java applets.  If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually.  Low Safety enables applets to perform all operations.  Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.  High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.  If you disable this policy setting, Java applets cannot run.  If you do not configure this policy setting, the permission is set to Low Safety. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1C00
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Access data sources across domains at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).  If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.  If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.  If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1406
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Allow active content over restricted protocols to access my computer at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script, ActiveX, Java and Binary Behaviors. The list of restricted protocols may be set in the Intranet Zone Restricted Protocols section under Network Protocol Lockdown policy.  If you enable this policy setting, no Intranet Zone content accessed is affected, even for protocols on the restricted list. If you select Prompt from the drop-down box, the Information Bar will appear to allow control over questionable content accessed over any restricted protocols; content over other protocols is unaffected.  If you disable this policy setting, all attempts to access such content over the restricted protocols is blocked.  If you do not configure this policy setting, the Information Bar will appear to allow control over questionable content accessed over any restricted protocols when the Network Protocol Lockdown security feature is enabled. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2300
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Automatic prompting for file downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.  If you enable this setting, users will receive a file download dialog for automatic download attempts.  If you disable or do not configure this setting, users will receive a file download dialog for automatic download attempts. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2200
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Automatic prompting for ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting manages whether users will be automatically prompted for ActiveX control installations.  If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.  If you disable this policy setting, ActiveX control installations will be blocked using the Information Bar. Users can click on the Information Bar to allow the ActiveX control prompt.  If you do not configure this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2201
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Allow META REFRESH at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.   If you enable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to another Web page.  If you disable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page.  If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to another Web page. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1608
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Allow script-initiated windows without size or position constraints at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.  If you enable this policy setting, Windows Restrictions security will not apply in this zone. The security zone runs without the added layer of security provided by this feature.  If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process.  If you do not configure this policy setting, Windows Restrictions security will not apply in this zone. The security zone runs without the added layer of security provided by this feature. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2102
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Allow binary and script behaviors at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.  If you enable this policy setting, binary and script behaviors are available. If you select Administrator approved in the drop-down box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available.  If you disable this policy setting, binary and script behaviors are not available unless applications have implemented a custom security manager.  If you do not configure this policy setting, binary and script behaviors are available. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2000
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Display mixed content at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.  If you enable this policy setting, and the drop-down box is set to Enable, the user does not receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure items?) and nonsecure content can be displayed.  If the drop-down box is set to Prompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content.  If you disable this policy setting, users cannot receive the security information message and nonsecure content cannot be displayed.  If you do not configure this policy setting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1609
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Do not prompt for client certificate selection when no certificates or only one certificate exists. at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.  If you enable this policy setting, Internet Explorer does not prompt users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate.  If you disable this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate.  If you do not configure this policy setting, Internet Explorer does not prompt users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1A04
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Allow drag and drop or copy and paste files at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.  If you enable this policy setting, users can drag files or copy and paste files from this zone automatically. If you select Prompt in the drop-down box, users are queried to choose whether to drag or copy files from this zone.  If you disable this policy setting, users are prevented from dragging files or copying and pasting files from this zone.  If you do not configure this policy setting, users can drag files or copy and paste files from this zone automatically. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1802
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Allow installation of desktop items at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting, users can install desktop items from this zone automatically.  If you select Prompt in the drop-down box, users are queried to choose whether to install desktop items from this zone.  If you disable this policy setting, users are prevented from installing desktop items from this zone.   If you do not configure this policy setting, users can install desktop items from this zone automatically. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1800
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Launching applications and files in an IFRAME at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.   If you enable this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone.  If you disable this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in this zone.  If you do not configure this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user intervention. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1804
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Navigate sub-frames across different domains at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage the opening of sub-frames and access of applications across different domains.  If you enable this policy setting, users can open sub-frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow sub-frames or access to applications from other domains.  If you disable this policy setting, users cannot open sub-frames or access applications from different domains.  If you do not configure this policy setting, users can open sub-frames from other domains and access applications from other domains. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1607
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Open files based on content, not file extension at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.  If you enable this policy setting, the MIME Sniffing Safety Feature will not apply in this zone. The security zone will run without the added layer of security provided by this feature.  If you disable this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the feature control setting for the process.  If you do not configure this policy setting, the MIME Sniffing Safety Feature will not apply in this zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2100
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Software channel permissions at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage software channel permissions.  If you enable this policy setting, you can choose the following options from the drop-down box.  Low safety to allow users to be notified of software updates by e-mail, software packages to be automatically downloaded to users' computers, and software packages to be automatically installed on users' computers.  Medium safety to allow users to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' computers.  High safety to prevent users from being notified of software updates by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automatically installed on users' computers.  If you disable this policy setting, permissions are set to high safety.  If you do not configure this policy setting, permissions are set to Low safety. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1E05
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Submit non-encrypted form data at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.  If you enable this policy setting, information using HTML forms on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow information using HTML forms on pages in this zone to be submitted.  If you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted.  If you do not configure this policy setting, information using HTML forms on pages in this zone can be submitted automatically. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1601
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Use Pop-up Blocker at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.  If you enable this policy setting, most unwanted pop-up windows are prevented from appearing.  If you disable this policy setting, pop-up windows are not prevented from appearing.  If you do not configure this policy setting, pop-up windows are not prevented from appearing. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1809
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Userdata persistence at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.  If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.  If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.  If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1606
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Web sites in less privileged Web content zones can navigate into this zone at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether Web sites from less privileged zones, such as Restricted Sites, can navigate into this zone.  If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone.  The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.  If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.  If you do not configure this policy setting, a warning is issued to the user that potentially risky navigation is about to occur. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2101
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Allow active scripting at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether script code on pages in the zone is run.  If you enable this policy setting, script code on pages in the zone can run automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow script code on pages in the zone to run.  If you disable this policy setting, script code on pages in the zone is prevented from running.  If you do not configure this policy setting, script code on pages in the zone can run automatically. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1400
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Allow paste operations via script at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste) in a specified region.  If you enable this policy setting, a script can perform a clipboard operation.  If you select Prompt in the drop-down box, users are queried as to whether to perform clipboard operations.  If you disable this policy setting, a script cannot perform a clipboard operation.  If you do not configure this policy setting, a script can perform a clipboard operation. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1407
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Scripting of Java applets at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether applets are exposed to scripts within the zone.  If you enable this policy setting, scripts can access applets automatically without user intervention.  If you select Prompt in the drop-down box, users are queried to choose whether to allow scripts to access applets.  If you disable this policy setting, scripts are prevented from accessing applets.  If you do not configure this policy setting, scripts can access applets automatically without user intervention. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1402
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Logon options at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage settings for logon options.  If you enable this policy setting, you can choose from the following logon options.  Anonymous logon to disable HTTP authentication and use the guest account only for the Common Internet File System (CIFS) protocol.  Prompt for user name and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder of the session.  Automatic logon only in Intranet zone to query users for user IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session.  Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not supported by the server, the user is queried to provide the user name and password.  If you disable this policy setting, logon is set to Automatic logon only in Intranet zone.  If you do not configure this policy setting, logon is set to Automatic logon with current username and password. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1A00
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone Run .NET Framework-reliant components signed with Authenticode at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.  If you enable this policy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute signed managed components.  If you disable this policy setting, Internet Explorer will not execute signed managed components.  If you do not configure this policy setting, Internet Explorer will not execute signed managed components. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2001
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone Run .NET Framework-reliant components not signed with Authenticode at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.  If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.  If you disable this policy setting, Internet Explorer will not execute unsigned managed components.  If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2004
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone Download signed ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.  If you enable this policy, users can download signed controls without user intervention. If you select Prompt in the drop-down box, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded.  If you disable the policy setting, signed controls cannot be downloaded.  If you do not configure this policy setting, users can download signed controls without user intervention. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1001
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone Download unsigned ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an untrusted zone.  If you enable this policy setting, users can run unsigned controls without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to allow the unsigned control to run.  If you disable this policy setting, users cannot run unsigned controls.  If you do not configure this policy setting, users cannot run unsigned controls. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1004
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone Initialize and script ActiveX controls not marked as safe at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage ActiveX controls not marked as safe.  If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.  If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.  If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.  If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1201
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone Run ActiveX controls and plugins at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.  If you enable this policy setting, controls and plug-ins can run without user intervention.  If you selected Prompt in the drop-down box, users are asked to choose whether to allow the controls or plug-in to run.  If you disable this policy setting, controls and plug-ins are prevented from running.  If you do not configure this policy setting, controls and plug-ins are prevented from running. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1200
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone Script ActiveX controls marked safe for scripting at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.  If you enable this policy setting, script interaction can occur automatically without user intervention.  If you select Prompt in the drop-down box, users are queried to choose whether to allow script interaction.  If you disable this policy setting, script interaction is prevented from occurring.  If you do not configure this policy setting, script interaction can occur automatically without user intervention. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1405
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone Allow file downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download, not the zone from which the file is delivered.  If you enable this policy setting, files can be downloaded from the zone.  If you disable this policy setting, files are prevented from being downloaded from the zone.   If you do not configure this policy setting, files can be downloaded from the zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1803
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone Allow font downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether pages of the zone may download HTML fonts.  If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.  If you disable this policy setting, HTML fonts are prevented from downloading.  If you do not configure this policy setting, HTML fonts can be downloaded automatically. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1604
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone Java permissions at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage permissions for Java applets.  If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually.  Low Safety enables applets to perform all operations.  Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.   High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.  If you disable this policy setting, Java applets cannot run.  If you do not configure this policy setting, Java applets are disabled. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1C00
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone Access data sources across domains at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).  If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.  If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.  If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1406
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone Automatic prompting for file downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.  If you enable this setting, users will receive a file download dialog for automatic download attempts.  If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Information Bar instead of the file download dialog. Users can then click the Information Bar to allow the file download prompt. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2200
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone Automatic prompting for ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting manages whether users will be automatically prompted for ActiveX control installations.  If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.  If you disable this policy setting, ActiveX control installations will be blocked using the Information Bar. Users can click on the Information Bar to allow the ActiveX control prompt.  If you do not configure this policy setting, ActiveX control installations will be blocked using the Information Bar. Users can click on the Information Bar to allow the ActiveX control prompt. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2201
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone Allow META REFRESH at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.   If you enable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to another Web page.  If you disable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page.  If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to another Web page. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1608
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone Allow script-initiated windows without size or position constraints at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.  If you enable this policy setting, Windows Restrictions security will not apply in this zone. The security zone runs without the added layer of security provided by this feature.  If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process.  If you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2102
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone Allow binary and script behaviors at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.  If you enable this policy setting, binary and script behaviors are available. If you select Administrator approved in the drop-down box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available.  If you disable this policy setting, binary and script behaviors are not available unless applications have implemented a custom security manager.  If you do not configure this policy setting, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2000
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone Display mixed content at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.  If you enable this policy setting, and the drop-down box is set to Enable, the user does not receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure items?) and nonsecure content can be displayed.  If the drop-down box is set to Prompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content.  If you disable this policy setting, users cannot receive the security information message and nonsecure content cannot be displayed.  If you do not configure this policy setting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1609
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone Do not prompt for client certificate selection when no certificates or only one certificate exists. at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.  If you enable this policy setting, Internet Explorer does not prompt users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate.  If you disable this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate.  If you do not configure this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1A04
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone Allow drag and drop or copy and paste files at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.  If you enable this policy setting, users can drag files or copy and paste files from this zone automatically. If you select Prompt in the drop-down box, users are queried to choose whether to drag or copy files from this zone.  If you disable this policy setting, users are prevented from dragging files or copying and pasting files from this zone.  If you do not configure this policy setting, users can drag files or copy and paste files from this zone automatically. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1802
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone Allow installation of desktop items at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting, users can install desktop items from this zone automatically.  If you select Prompt in the drop-down box, users are queried to choose whether to install desktop items from this zone.  If you disable this policy setting, users are prevented from installing desktop items from this zone.   If you do not configure this policy setting, users can install desktop items from this zone automatically. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1800
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone Launching applications and files in an IFRAME at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.   If you enable this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone.  If you disable this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in this zone.  If you do not configure this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user intervention. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1804
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone Navigate sub-frames across different domains at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage the opening of sub-frames and access of applications across different domains.  If you enable this policy setting, users can open sub-frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow sub-frames or access to applications from other domains.  If you disable this policy setting, users cannot open sub-frames or access applications from different domains.  If you do not configure this policy setting, users can open sub-frames from other domains and access applications from other domains. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1607
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone Open files based on content, not file extension at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.  If you enable this policy setting, the MIME Sniffing Safety Feature will not apply in this zone. The security zone will run without the added layer of security provided by this feature.  If you disable this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the feature control setting for the process.  If you do not configure this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the feature control setting for the process. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2100
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone Software channel permissions at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage software channel permissions.  If you enable this policy setting, you can choose the following options from the drop-down box.  Low safety to allow users to be notified of software updates by e-mail, software packages to be automatically downloaded to users' computers, and software packages to be automatically installed on users' computers.  Medium safety to allow users to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' computers.  High safety to prevent users from being notified of software updates by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automatically installed on users' computers.  If you disable this policy setting, permissions are set to high safety.  If you do not configure this policy setting, permissions are set to Low safety. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1E05
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone Submit non-encrypted form data at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.  If you enable this policy setting, information using HTML forms on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow information using HTML forms on pages in this zone to be submitted.  If you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted.  If you do not configure this policy setting, information using HTML forms on pages in this zone can be submitted automatically. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1601
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone Use Pop-up Blocker at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.  If you enable this policy setting, most unwanted pop-up windows are prevented from appearing.  If you disable this policy setting, pop-up windows are not prevented from appearing.  If you do not configure this policy setting, pop-up windows are not prevented from appearing. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1809
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone Userdata persistence at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.  If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.  If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.  If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1606
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone Web sites in less privileged Web content zones can navigate into this zone at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.  If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.  If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.  If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2101
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone Allow active scripting at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether script code on pages in the zone is run.  If you enable this policy setting, script code on pages in the zone can run automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow script code on pages in the zone to run.  If you disable this policy setting, script code on pages in the zone is prevented from running.  If you do not configure this policy setting, users are queried to choose whether to allow script code on pages in the Local Machine zone to run. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1400
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone Allow paste operations via script at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste) in a specified region.  If you enable this policy setting, a script can perform a clipboard operation.  If you select Prompt in the drop-down box, users are queried as to whether to perform clipboard operations.  If you disable this policy setting, a script cannot perform a clipboard operation.  If you do not configure this policy setting, a script can perform a clipboard operation. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1407
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone Scripting of Java applets at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether applets are exposed to scripts within the zone.  If you enable this policy setting, scripts can access applets automatically without user intervention.  If you select Prompt in the drop-down box, users are queried to choose whether to allow scripts to access applets.  If you disable this policy setting, scripts are prevented from accessing applets.  If you do not configure this policy setting, scripts can access applets automatically without user intervention. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1402
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone Logon options at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage settings for logon options.  If you enable this policy setting, you can choose from the following logon options.  Anonymous logon to disable HTTP authentication and use the guest account only for the Common Internet File System (CIFS) protocol.  Prompt for user name and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder of the session.  Automatic logon only in Intranet zone to query users for user IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session.  Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not supported by the server, the user is queried to provide the user name and password.  If you disable this policy setting, logon is set to Automatic logon only in Intranet zone.  If you do not configure this policy setting, logon is set to Automatic logon with current username and password. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1A00
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Run .NET Framework-reliant components signed with Authenticode at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.  If you enable this policy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute signed managed components.  If you disable this policy setting, Internet Explorer will not execute signed managed components.  If you do not configure this policy setting, Internet Explorer will not execute signed managed components. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2001
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Run .NET Framework-reliant components not signed with Authenticode at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.  If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.  If you disable this policy setting, Internet Explorer will not execute unsigned managed components.  If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2004
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Download signed ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.  If you enable this policy, users can download signed controls without user intervention. If you select Prompt in the drop-down box, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded.  If you disable the policy setting, signed controls cannot be downloaded.  If you do not configure this policy setting, signed controls cannot be downloaded. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1001
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Download unsigned ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an untrusted zone.  If you enable this policy setting, users can run unsigned controls without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to allow the unsigned control to run.  If you disable this policy setting, users cannot run unsigned controls.  If you do not configure this policy setting, users cannot run unsigned controls. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1004
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Initialize and script ActiveX controls not marked as safe at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage ActiveX controls not marked as safe.  If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.  If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.  If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.  If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1201
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Run ActiveX controls and plugins at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.  If you enable this policy setting, controls and plug-ins can run without user intervention.  If you selected Prompt in the drop-down box, users are asked to choose whether to allow the controls or plug-in to run.  If you disable this policy setting, controls and plug-ins are prevented from running.  If you do not configure this policy setting, controls and plug-ins are prevented from running. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1200
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Script ActiveX controls marked safe for scripting at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.  If you enable this policy setting, script interaction can occur automatically without user intervention.  If you select Prompt in the drop-down box, users are queried to choose whether to allow script interaction.  If you disable this policy setting, script interaction is prevented from occurring.  If you do not configure this policy setting, script interaction is prevented from occurring. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1405
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Allow file downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download, not the zone from which the file is delivered.  If you enable this policy setting, files can be downloaded from the zone.  If you disable this policy setting, files are prevented from being downloaded from the zone.   If you do not configure this policy setting, files are prevented from being downloaded from the zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1803
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Allow font downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether pages of the zone may download HTML fonts.  If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.  If you disable this policy setting, HTML fonts are prevented from downloading.  If you do not configure this policy setting, users are queried whether to allow HTML fonts to download. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1604
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Java permissions at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage permissions for Java applets.  If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually.  Low Safety enables applets to perform all operations.  Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.   High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.  If you disable this policy setting, Java applets cannot run.  If you do not configure this policy setting, Java applets are disabled. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1C00
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Access data sources across domains at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).  If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.  If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.  If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1406
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Allow active content over restricted protocols to access my computer at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Trusted Sites Zone can run active content such as script, ActiveX, Java and Binary Behaviors. The list of restricted protocols may be set in the Trusted Sites Zone Restricted Protocols section under Network Protocol Lockdown policy.  If you enable this policy setting, no Trusted Sites Zone content accessed is affected, even for protocols on the restricted list. If you select Prompt from the drop-down box, the Information Bar will appear to allow control over questionable content accessed over any restricted protocols; content over other protocols is unaffected.  If you disable this policy setting, all attempts to access such content over the restricted protocols is blocked.  If you do not configure this policy setting, all attempts to access such content over the restricted protocols is blocked when the Network Protocol Lockdown security feature is enabled. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2300
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Automatic prompting for file downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.  If you enable this setting, users will receive a file download dialog for automatic download attempts.  If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Information Bar instead of the file download dialog. Users can then click the Information Bar to allow the file download prompt. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2200
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Automatic prompting for ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting manages whether users will be automatically prompted for ActiveX control installations.  If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.  If you disable this policy setting, ActiveX control installations will be blocked using the Information Bar. Users can click on the Information Bar to allow the ActiveX control prompt.  If you do not configure this policy setting, ActiveX control installations will be blocked using the Information Bar. Users can click on the Information Bar to allow the ActiveX control prompt. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2201
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Allow META REFRESH at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.   If you enable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to another Web page.  If you disable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page.  If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1608
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Allow script-initiated windows without size or position constraints at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.  If you enable this policy setting, Windows Restrictions security will not apply in this zone. The security zone runs without the added layer of security provided by this feature.  If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process.  If you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2102
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Allow binary and script behaviors at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.  If you enable this policy setting, binary and script behaviors are available. If you select Administrator approved in the drop-down box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available.  If you disable this policy setting, binary and script behaviors are not available unless applications have implemented a custom security manager.  If you do not configure this policy setting, binary and script behaviors are not available unless applications have implemented a custom security manager. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2000
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Display mixed content at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.  If you enable this policy setting, and the drop-down box is set to Enable, the user does not receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure items?) and nonsecure content can be displayed.  If the drop-down box is set to Prompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content.  If you disable this policy setting, users cannot receive the security information message and nonsecure content cannot be displayed.  If you do not configure this policy setting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1609
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Do not prompt for client certificate selection when no certificates or only one certificate exists. at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.  If you enable this policy setting, Internet Explorer does not prompt users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate.  If you disable this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate.  If you do not configure this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1A04
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Allow drag and drop or copy and paste files at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.  If you enable this policy setting, users can drag files or copy and paste files from this zone automatically. If you select Prompt in the drop-down box, users are queried to choose whether to drag or copy files from this zone.  If you disable this policy setting, users are prevented from dragging files or copying and pasting files from this zone.  If you do not configure this policy setting, users are queried to choose whether to drag or copy files from this zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1802
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Allow installation of desktop items at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting, users can install desktop items from this zone automatically.  If you select Prompt in the drop-down box, users are queried to choose whether to install desktop items from this zone.  If you disable this policy setting, users are prevented from installing desktop items from this zone.   If you do not configure this policy setting, users are prevented from installing desktop items from this zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1800
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Launching applications and files in an IFRAME at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.   If you enable this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone.  If you disable this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in this zone.  If you do not configure this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in this zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1804
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Navigate sub-frames across different domains at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage the opening of sub-frames and access of applications across different domains.  If you enable this policy setting, users can open additional sub-frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow additional sub-frames or access to applications from other domains.  If you disable this policy setting, users cannot open other sub-frames or access applications from different domains.  If you do not configure this policy setting, users cannot open other sub-frames or access applications from different domains. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1607
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Open files based on content, not file extension at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.  If you enable this policy setting, the MIME Sniffing Safety Feature will not apply in this zone. The security zone will run without the added layer of security provided by this feature.  If you disable this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the feature control setting for the process.  If you do not configure this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the feature control setting for the process. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2100
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Software channel permissions at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage software channel permissions.  If you enable this policy setting, you can choose the following options from the drop-down box.  Low safety to allow users to be notified of software updates by e-mail, software packages to be automatically downloaded to users' computers, and software packages to be automatically installed on users' computers.  Medium safety to allow users to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' computers.  High safety to prevent users from being notified of software updates by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automatically installed on users' computers.  If you disable this policy setting, permissions are set to high safety.  If you do not configure this policy setting, permissions are set to High safety. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1E05
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Submit non-encrypted form data at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.  If you enable this policy setting, information using HTML forms on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow information using HTML forms on pages in this zone to be submitted.  If you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted.  If you do not configure this policy setting, users are queried to choose whether to allow information using HTML forms on pages in this zone to be submitted. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1601
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Use Pop-up Blocker at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.  If you enable this policy setting, most unwanted pop-up windows are prevented from appearing.  If you disable this policy setting, pop-up windows are not prevented from appearing.  If you do not configure this policy setting, most unwanted pop-up windows are prevented from appearing. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1809
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Userdata persistence at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.  If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.  If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.  If you do not configure this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1606
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Web sites in less privileged Web content zones can navigate into this zone at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.  If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.  If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.  If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2101
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Allow active scripting at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether script code on pages in the zone is run.  If you enable this policy setting, script code on pages in the zone can run automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow script code on pages in the zone to run.  If you disable this policy setting, script code on pages in the zone is prevented from running.  If you do not configure this policy setting, script code on pages in the zone is prevented from running. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1400
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Allow paste operations via script at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste) in a specified region.  If you enable this policy setting, a script can perform a clipboard operation.  If you select Prompt in the drop-down box, users are queried as to whether to perform clipboard operations.  If you disable this policy setting, a script cannot perform a clipboard operation.  If you do not configure this policy setting, a script cannot perform a clipboard operation. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1407
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Scripting of Java applets at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether applets are exposed to scripts within the zone.  If you enable this policy setting, scripts can access applets automatically without user intervention.  If you select Prompt in the drop-down box, users are queried to choose whether to allow scripts to access applets.  If you disable this policy setting, scripts are prevented from accessing applets.  If you do not configure this policy setting, scripts are prevented from accessing applets. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1402
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Logon options at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage settings for logon options.  If you enable this policy setting, you can choose from the following logon options.  Anonymous logon to disable HTTP authentication and use the guest account only for the Common Internet File System (CIFS) protocol.  Prompt for user name and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder of the session.  Automatic logon only in Intranet zone to query users for user IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session.  Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not supported by the server, the user is queried to provide the user name and password.  If you disable this policy setting, logon is set to Automatic logon only in Intranet zone.  If you do not configure this policy setting, logon is set to Prompt for username and password. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1A00
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone Run .NET Framework-reliant components signed with Authenticode at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.  If you enable this policy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute signed managed components.  If you disable this policy setting, Internet Explorer will not execute signed managed components.  If you do not configure this policy setting, Internet Explorer will not execute signed managed components. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2001
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone Run .NET Framework-reliant components not signed with Authenticode at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.  If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.  If you disable this policy setting, Internet Explorer will not execute unsigned managed components.  If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2004
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone Download signed ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.  If you enable this policy, users can download signed controls without user intervention. If you select Prompt in the drop-down box, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded.  If you disable the policy setting, signed controls cannot be downloaded.  If you do not configure this policy setting, signed controls cannot be downloaded. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1001
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone Download unsigned ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an untrusted zone.  If you enable this policy setting, users can run unsigned controls without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to allow the unsigned control to run.  If you disable this policy setting, users cannot run unsigned controls.  If you do not configure this policy setting, users cannot run unsigned controls. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1004
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone Initialize and script ActiveX controls not marked as safe at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage ActiveX controls not marked as safe.  If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.  If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.  If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.  If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1201
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone Run ActiveX controls and plugins at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.  If you enable this policy setting, controls and plug-ins can run without user intervention.  If you selected Prompt in the drop-down box, users are asked to choose whether to allow the controls or plug-in to run.  If you disable this policy setting, controls and plug-ins are prevented from running.  If you do not configure this policy setting, controls and plug-ins are prevented from running. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1200
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone Script ActiveX controls marked safe for scripting at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.  If you enable this policy setting, script interaction can occur automatically without user intervention.  If you select Prompt in the drop-down box, users are queried to choose whether to allow script interaction.  If you disable this policy setting, script interaction is prevented from occurring.  If you do not configure this policy setting, script interaction is prevented from occurring. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1405
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone Allow file downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download, not the zone from which the file is delivered.  If you enable this policy setting, files can be downloaded from the zone.  If you disable this policy setting, files are prevented from being downloaded from the zone.   If you do not configure this policy setting, files are prevented from being downloaded from the zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1803
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone Allow font downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether pages of the zone may download HTML fonts.  If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.  If you disable this policy setting, HTML fonts are prevented from downloading.  If you do not configure this policy setting, users are queried whether to allow HTML fonts to download. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1604
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone Java permissions at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage permissions for Java applets.  If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually.  Low Safety enables applets to perform all operations.  Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.   High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.  If you disable this policy setting, Java applets cannot run.  If you do not configure this policy setting, Java applets are disabled. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1C00
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone Access data sources across domains at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).  If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.  If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.  If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1406
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone Automatic prompting for file downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.  If you enable this setting, users will receive a file download dialog for automatic download attempts.  If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Information Bar instead of the file download dialog. Users can then click the Information Bar to allow the file download prompt. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2200
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone Automatic prompting for ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting manages whether users will be automatically prompted for ActiveX control installations.  If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.  If you disable this policy setting, ActiveX control installations will be blocked using the Information Bar. Users can click on the Information Bar to allow the ActiveX control prompt.  If you do not configure this policy setting, ActiveX control installations will be blocked using the Information Bar. Users can click on the Information Bar to allow the ActiveX control prompt. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2201
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone Allow META REFRESH at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.   If you enable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to another Web page.  If you disable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page.  If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1608
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone Allow script-initiated windows without size or position constraints at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.  If you enable this policy setting, Windows Restrictions security will not apply in this zone. The security zone runs without the added layer of security provided by this feature.  If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process.  If you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2102
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone Allow binary and script behaviors at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.  If you enable this policy setting, binary and script behaviors are available. If you select Administrator approved in the drop-down box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available.  If you disable this policy setting, binary and script behaviors are not available unless applications have implemented a custom security manager.  If you do not configure this policy setting, binary and script behaviors are not available unless applications have implemented a custom security manager. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2000
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone Display mixed content at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.  If you enable this policy setting, and the drop-down box is set to Enable, the user does not receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure items?) and nonsecure content can be displayed.  If the drop-down box is set to Prompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content.  If you disable this policy setting, users cannot receive the security information message and nonsecure content cannot be displayed.  If you do not configure this policy setting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1609
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone Do not prompt for client certificate selection when no certificates or only one certificate exists. at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.  If you enable this policy setting, Internet Explorer does not prompt users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate.  If you disable this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate.  If you do not configure this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1A04
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone Allow drag and drop or copy and paste files at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.  If you enable this policy setting, users can drag files or copy and paste files from this zone automatically. If you select Prompt in the drop-down box, users are queried to choose whether to drag or copy files from this zone.  If you disable this policy setting, users are prevented from dragging files or copying and pasting files from this zone.  If you do not configure this policy setting, users are queried to choose whether to drag or copy files from this zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1802
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone Allow installation of desktop items at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting, users can install desktop items from this zone automatically.  If you select Prompt in the drop-down box, users are queried to choose whether to install desktop items from this zone.  If you disable this policy setting, users are prevented from installing desktop items from this zone.   If you do not configure this policy setting, users are prevented from installing desktop items from this zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1800
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone Launching applications and files in an IFRAME at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.   If you enable this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone.  If you disable this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in this zone.  If you do not configure this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in this zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1804
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone Navigate sub-frames across different domains at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage the opening of sub-frames and access of applications across different domains.  If you enable this policy setting, users can open additional sub-frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow additional sub-frames or access to applications from other domains.  If you disable this policy setting, users cannot open other sub-frames or access applications from different domains.  If you do not configure this policy setting, users cannot open other sub-frames or access applications from different domains. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1607
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone Open files based on content, not file extension at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.  If you enable this policy setting, the MIME Sniffing Safety Feature will not apply in this zone. The security zone will run without the added layer of security provided by this feature.  If you disable this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the feature control setting for the process.  If you do not configure this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the feature control setting for the process. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2100
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone Software channel permissions at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage software channel permissions.  If you enable this policy setting, you can choose the following options from the drop-down box.  Low safety to allow users to be notified of software updates by e-mail, software packages to be automatically downloaded to users' computers, and software packages to be automatically installed on users' computers.  Medium safety to allow users to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' computers.  High safety to prevent users from being notified of software updates by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automatically installed on users' computers.  If you disable this policy setting, permissions are set to high safety.  If you do not configure this policy setting, permissions are set to Low safety. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1E05
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone Submit non-encrypted form data at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.  If you enable this policy setting, information using HTML forms on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow information using HTML forms on pages in this zone to be submitted.  If you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted.  If you do not configure this policy setting, users are queried to choose whether to allow information using HTML forms on pages in this zone to be submitted. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1601
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone Use Pop-up Blocker at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.  If you enable this policy setting, most unwanted pop-up windows are prevented from appearing.  If you disable this policy setting, pop-up windows are not prevented from appearing.  If you do not configure this policy setting, most unwanted pop-up windows are prevented from appearing. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1809
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone Userdata persistence at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.  If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.  If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.  If you do not configure this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1606
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone Web sites in less privileged Web content zones can navigate into this zone at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.  If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.  If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.  If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2101
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone Allow active scripting at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether script code on pages in the zone is run.  If you enable this policy setting, script code on pages in the zone can run automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow script code on pages in the zone to run.  If you disable this policy setting, script code on pages in the zone is prevented from running.  If you do not configure this policy setting, script code on pages in the zone is prevented from running. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1400
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone Allow paste operations via script at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste) in a specified region.  If you enable this policy setting, a script can perform a clipboard operation.  If you select Prompt in the drop-down box, users are queried as to whether to perform clipboard operations.  If you disable this policy setting, a script cannot perform a clipboard operation.  If you do not configure this policy setting, a script cannot perform a clipboard operation. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1407
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone Scripting of Java applets at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether applets are exposed to scripts within the zone.  If you enable this policy setting, scripts can access applets automatically without user intervention.  If you select Prompt in the drop-down box, users are queried to choose whether to allow scripts to access applets.  If you disable this policy setting, scripts are prevented from accessing applets.  If you do not configure this policy setting, scripts are prevented from accessing applets. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1402
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone Logon options at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage settings for logon options.  If you enable this policy setting, you can choose from the following logon options.  Anonymous logon to disable HTTP authentication and use the guest account only for the Common Internet File System (CIFS) protocol.  Prompt for user name and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder of the session.  Automatic logon only in Intranet zone to query users for user IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session.  Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not supported by the server, the user is queried to provide the user name and password.  If you disable this policy setting, logon is set to Automatic logon only in Intranet zone.  If you do not configure this policy setting, logon is set to Prompt for username and password. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1A00
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Run .NET Framework-reliant components signed with Authenticode at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.  If you enable this policy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute signed managed components.  If you disable this policy setting, Internet Explorer will not execute signed managed components.  If you do not configure this policy setting, Internet Explorer will not execute signed managed components. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2001
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Run .NET Framework-reliant components not signed with Authenticode at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.  If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.  If you disable this policy setting, Internet Explorer will not execute unsigned managed components.  If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2004
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Download signed ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.  If you enable this policy, users can download signed controls without user intervention. If you select Prompt in the drop-down box, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded.  If you disable the policy setting, signed controls cannot be downloaded.  If you do not configure this policy setting, users can download signed controls without user intervention. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1001
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Download unsigned ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an untrusted zone.  If you enable this policy setting, users can run unsigned controls without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to allow the unsigned control to run.  If you disable this policy setting, users cannot run unsigned controls.  If you do not configure this policy setting, users can run unsigned controls without user intervention. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1004
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Initialize and script ActiveX controls not marked as safe at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage ActiveX controls not marked as safe.  If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.  If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.  If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.  If you do not configure this policy setting, users are queried whether to allow the control to be loaded with parameters or scripted. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1201
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Run ActiveX controls and plugins at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.  If you enable this policy setting, controls and plug-ins can run without user intervention.  If you selected Prompt in the drop-down box, users are asked to choose whether to allow the controls or plug-in to run.  If you disable this policy setting, controls and plug-ins are prevented from running.  If you do not configure this policy setting, controls and plug-ins can run without user intervention. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1200
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Script ActiveX controls marked safe for scripting at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.  If you enable this policy setting, script interaction can occur automatically without user intervention.  If you select Prompt in the drop-down box, users are queried to choose whether to allow script interaction.  If you disable this policy setting, script interaction is prevented from occurring.  If you do not configure this policy setting, script interaction can occur automatically without user intervention. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1405
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Allow file downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download, not the zone from which the file is delivered.  If you enable this policy setting, files can be downloaded from the zone.  If you disable this policy setting, files are prevented from being downloaded from the zone.   If you do not configure this policy setting, files can be downloaded from the zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1803
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Allow font downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether pages of the zone may download HTML fonts.  If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.  If you disable this policy setting, HTML fonts are prevented from downloading.  If you do not configure this policy setting, HTML fonts can be downloaded automatically. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1604
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Java permissions at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage permissions for Java applets.  If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually.  Low Safety enables applets to perform all operations.  Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.  High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.  If you disable this policy setting, Java applets cannot run.  If you do not configure this policy setting, the permission is set to Medium Safety. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1C00
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Access data sources across domains at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).  If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.  If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.  If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1406
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Allow active content over restricted protocols to access my computer at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script, ActiveX, Java and Binary Behaviors. The list of restricted protocols may be set in the Intranet Zone Restricted Protocols section under Network Protocol Lockdown policy.  If you enable this policy setting, no Intranet Zone content accessed is affected, even for protocols on the restricted list. If you select Prompt from the drop-down box, the Information Bar will appear to allow control over questionable content accessed over any restricted protocols; content over other protocols is unaffected.  If you disable this policy setting, all attempts to access such content over the restricted protocols is blocked.  If you do not configure this policy setting, the Information Bar will appear to allow control over questionable content accessed over any restricted protocols when the Network Protocol Lockdown security feature is enabled. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2300
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Automatic prompting for file downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.  If you enable this setting, users will receive a file download dialog for automatic download attempts.  If you disable or do not configure this setting, users will receive a file download dialog for automatic download attempts. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2200
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Automatic prompting for ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting manages whether users will be automatically prompted for ActiveX control installations.  If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.  If you disable this policy setting, ActiveX control installations will be blocked using the Information Bar. Users can click on the Information Bar to allow the ActiveX control prompt.  If you do not configure this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2201
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Allow META REFRESH at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.   If you enable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to another Web page.  If you disable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page.  If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to another Web page. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1608
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Allow script-initiated windows without size or position constraints at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.  If you enable this policy setting, Windows Restrictions security will not apply in this zone. The security zone runs without the added layer of security provided by this feature.  If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process.  If you do not configure this policy setting, Windows Restrictions security will not apply in this zone. The security zone runs without the added layer of security provided by this feature. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2102
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Allow binary and script behaviors at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.  If you enable this policy setting, binary and script behaviors are available. If you select Administrator approved in the drop-down box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available.  If you disable this policy setting, binary and script behaviors are not available unless applications have implemented a custom security manager.  If you do not configure this policy setting, binary and script behaviors are available. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2000
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Display mixed content at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.  If you enable this policy setting, and the drop-down box is set to Enable, the user does not receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure items?) and nonsecure content can be displayed.  If the drop-down box is set to Prompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content.  If you disable this policy setting, users cannot receive the security information message and nonsecure content cannot be displayed.  If you do not configure this policy setting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1609
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Do not prompt for client certificate selection when no certificates or only one certificate exists. at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.  If you enable this policy setting, Internet Explorer does not prompt users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate.  If you disable this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate.  If you do not configure this policy setting, Internet Explorer does not prompt users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1A04
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Allow drag and drop or copy and paste files at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.  If you enable this policy setting, users can drag files or copy and paste files from this zone automatically. If you select Prompt in the drop-down box, users are queried to choose whether to drag or copy files from this zone.  If you disable this policy setting, users are prevented from dragging files or copying and pasting files from this zone.  If you do not configure this policy setting, users can drag files or copy and paste files from this zone automatically. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1802
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Allow installation of desktop items at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting, users can install desktop items from this zone automatically.  If you select Prompt in the drop-down box, users are queried to choose whether to install desktop items from this zone.  If you disable this policy setting, users are prevented from installing desktop items from this zone.   If you do not configure this policy setting, users can install desktop items from this zone automatically. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1800
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Launching applications and files in an IFRAME at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.   If you enable this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone.  If you disable this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in this zone.  If you do not configure this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user intervention. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1804
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Navigate sub-frames across different domains at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage the opening of sub-frames and access of applications across different domains.  If you enable this policy setting, users can open sub-frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow sub-frames or access to applications from other domains.  If you disable this policy setting, users cannot open sub-frames or access applications from different domains.  If you do not configure this policy setting, users can open sub-frames from other domains and access applications from other domains. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1607
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Open files based on content, not file extension at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.  If you enable this policy setting, the MIME Sniffing Safety Feature will not apply in this zone. The security zone will run without the added layer of security provided by this feature.  If you disable this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the feature control setting for the process.  If you do not configure this policy setting, the MIME Sniffing Safety Feature will not apply in this zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2100
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Software channel permissions at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage software channel permissions.  If you enable this policy setting, you can choose the following options from the drop-down box.  Low safety to allow users to be notified of software updates by e-mail, software packages to be automatically downloaded to users' computers, and software packages to be automatically installed on users' computers.  Medium safety to allow users to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' computers.  High safety to prevent users from being notified of software updates by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automatically installed on users' computers.  If you disable this policy setting, permissions are set to high safety.  If you do not configure this policy setting, permissions are set to Low safety. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1E05
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Submit non-encrypted form data at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.  If you enable this policy setting, information using HTML forms on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow information using HTML forms on pages in this zone to be submitted.  If you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted.  If you do not configure this policy setting, information using HTML forms on pages in this zone can be submitted automatically. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1601
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Use Pop-up Blocker at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.  If you enable this policy setting, most unwanted pop-up windows are prevented from appearing.  If you disable this policy setting, pop-up windows are not prevented from appearing.  If you do not configure this policy setting, pop-up windows are not prevented from appearing. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1809
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Userdata persistence at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.  If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.  If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.  If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1606
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Web sites in less privileged Web content zones can navigate into this zone at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.  If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.  If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.  If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2101
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Allow active scripting at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether script code on pages in the zone is run.  If you enable this policy setting, script code on pages in the zone can run automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow script code on pages in the zone to run.  If you disable this policy setting, script code on pages in the zone is prevented from running.  If you do not configure this policy setting, script code on pages in the zone can run automatically. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1400
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Allow paste operations via script at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste) in a specified region.  If you enable this policy setting, a script can perform a clipboard operation.  If you select Prompt in the drop-down box, users are queried as to whether to perform clipboard operations.  If you disable this policy setting, a script cannot perform a clipboard operation.  If you do not configure this policy setting, a script can perform a clipboard operation. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1407
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Scripting of Java applets at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether applets are exposed to scripts within the zone.  If you enable this policy setting, scripts can access applets automatically without user intervention.  If you select Prompt in the drop-down box, users are queried to choose whether to allow scripts to access applets.  If you disable this policy setting, scripts are prevented from accessing applets.  If you do not configure this policy setting, scripts can access applets automatically without user intervention. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1402
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Logon options at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage settings for logon options.  If you enable this policy setting, you can choose from the following logon options.  Anonymous logon to disable HTTP authentication and use the guest account only for the Common Internet File System (CIFS) protocol.  Prompt for user name and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder of the session.  Automatic logon only in Intranet zone to query users for user IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session.  Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not supported by the server, the user is queried to provide the user name and password.  If you disable this policy setting, logon is set to Automatic logon only in Intranet zone.  If you do not configure this policy setting, logon is set to Automatic logon with current username and password. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1A00
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Run .NET Framework-reliant components signed with Authenticode at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.  If you enable this policy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute signed managed components.  If you disable this policy setting, Internet Explorer will not execute signed managed components.  If you do not configure this policy setting, Internet Explorer will not execute signed managed components. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2001
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Run .NET Framework-reliant components not signed with Authenticode at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.  If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.  If you disable this policy setting, Internet Explorer will not execute unsigned managed components.  If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2004
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Download signed ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.  If you enable this policy, users can download signed controls without user intervention. If you select Prompt in the drop-down box, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded.  If you disable the policy setting, signed controls cannot be downloaded.  If you do not configure this policy setting, users can download signed controls without user intervention. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1001
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Download unsigned ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an untrusted zone.  If you enable this policy setting, users can run unsigned controls without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to allow the unsigned control to run.  If you disable this policy setting, users cannot run unsigned controls.  If you do not configure this policy setting, users cannot run unsigned controls. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1004
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Initialize and script ActiveX controls not marked as safe at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage ActiveX controls not marked as safe.  If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.  If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.  If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.  If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1201
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Run ActiveX controls and plugins at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.  If you enable this policy setting, controls and plug-ins can run without user intervention.  If you selected Prompt in the drop-down box, users are asked to choose whether to allow the controls or plug-in to run.  If you disable this policy setting, controls and plug-ins are prevented from running.  If you do not configure this policy setting, controls and plug-ins are prevented from running. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1200
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Script ActiveX controls marked safe for scripting at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.  If you enable this policy setting, script interaction can occur automatically without user intervention.  If you select Prompt in the drop-down box, users are queried to choose whether to allow script interaction.  If you disable this policy setting, script interaction is prevented from occurring.  If you do not configure this policy setting, script interaction can occur automatically without user intervention. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1405
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Allow file downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download, not the zone from which the file is delivered.  If you enable this policy setting, files can be downloaded from the zone.  If you disable this policy setting, files are prevented from being downloaded from the zone.   If you do not configure this policy setting, files can be downloaded from the zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1803
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Allow font downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether pages of the zone may download HTML fonts.  If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.  If you disable this policy setting, HTML fonts are prevented from downloading.  If you do not configure this policy setting, HTML fonts can be downloaded automatically. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1604
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Java permissions at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage permissions for Java applets.  If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually.  Low Safety enables applets to perform all operations.  Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.   High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.  If you disable this policy setting, Java applets cannot run.  If you do not configure this policy setting, Java applets are disabled. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1C00
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Access data sources across domains at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).  If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.  If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.  If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1406
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Automatic prompting for file downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.  If you enable this setting, users will receive a file download dialog for automatic download attempts.  If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Information Bar instead of the file download dialog. Users can then click the Information Bar to allow the file download prompt. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2200
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Automatic prompting for ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting manages whether users will be automatically prompted for ActiveX control installations.  If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.  If you disable this policy setting, ActiveX control installations will be blocked using the Information Bar. Users can click on the Information Bar to allow the ActiveX control prompt.  If you do not configure this policy setting, ActiveX control installations will be blocked using the Information Bar. Users can click on the Information Bar to allow the ActiveX control prompt. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2201
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Allow META REFRESH at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.   If you enable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to another Web page.  If you disable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page.  If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to another Web page. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1608
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Allow script-initiated windows without size or position constraints at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.  If you enable this policy setting, Windows Restrictions security will not apply in this zone. The security zone runs without the added layer of security provided by this feature.  If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process.  If you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2102
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Allow binary and script behaviors at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.  If you enable this policy setting, binary and script behaviors are available. If you select Administrator approved in the drop-down box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available.  If you disable this policy setting, binary and script behaviors are not available unless applications have implemented a custom security manager.  If you do not configure this policy setting, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2000
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Display mixed content at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.  If you enable this policy setting, and the drop-down box is set to Enable, the user does not receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure items?) and nonsecure content can be displayed.  If the drop-down box is set to Prompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content.  If you disable this policy setting, users cannot receive the security information message and nonsecure content cannot be displayed.  If you do not configure this policy setting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1609
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Do not prompt for client certificate selection when no certificates or only one certificate exists. at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.  If you enable this policy setting, Internet Explorer does not prompt users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate.  If you disable this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate.  If you do not configure this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1A04
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Allow drag and drop or copy and paste files at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.  If you enable this policy setting, users can drag files or copy and paste files from this zone automatically. If you select Prompt in the drop-down box, users are queried to choose whether to drag or copy files from this zone.  If you disable this policy setting, users are prevented from dragging files or copying and pasting files from this zone.  If you do not configure this policy setting, users can drag files or copy and paste files from this zone automatically. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1802
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Allow installation of desktop items at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting, users can install desktop items from this zone automatically.  If you select Prompt in the drop-down box, users are queried to choose whether to install desktop items from this zone.  If you disable this policy setting, users are prevented from installing desktop items from this zone.   If you do not configure this policy setting, users can install desktop items from this zone automatically. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1800
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Launching applications and files in an IFRAME at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.   If you enable this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone.  If you disable this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in this zone.  If you do not configure this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user intervention. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1804
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Navigate sub-frames across different domains at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage the opening of sub-frames and access of applications across different domains.  If you enable this policy setting, users can open sub-frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow sub-frames or access to applications from other domains.  If you disable this policy setting, users cannot open sub-frames or access applications from different domains.  If you do not configure this policy setting, users can open sub-frames from other domains and access applications from other domains. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1607
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Open files based on content, not file extension at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.  If you enable this policy setting, the MIME Sniffing Safety Feature will not apply in this zone. The security zone will run without the added layer of security provided by this feature.  If you disable this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the feature control setting for the process.  If you do not configure this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the feature control setting for the process. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2100
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Software channel permissions at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage software channel permissions.  If you enable this policy setting, you can choose the following options from the drop-down box.  Low safety to allow users to be notified of software updates by e-mail, software packages to be automatically downloaded to users' computers, and software packages to be automatically installed on users' computers.  Medium safety to allow users to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' computers.  High safety to prevent users from being notified of software updates by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automatically installed on users' computers.  If you disable this policy setting, permissions are set to high safety.  If you do not configure this policy setting, permissions are set to Low safety. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1E05
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Submit non-encrypted form data at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.  If you enable this policy setting, information using HTML forms on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow information using HTML forms on pages in this zone to be submitted.  If you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted.  If you do not configure this policy setting, information using HTML forms on pages in this zone can be submitted automatically. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1601
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Use Pop-up Blocker at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.  If you enable this policy setting, most unwanted pop-up windows are prevented from appearing.  If you disable this policy setting, pop-up windows are not prevented from appearing.  If you do not configure this policy setting, pop-up windows are not prevented from appearing. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1809
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Userdata persistence at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.  If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.  If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.  If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1606
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Web sites in less privileged Web content zones can navigate into this zone at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.  If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.  If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.  If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2101
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Allow active scripting at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether script code on pages in the zone is run.  If you enable this policy setting, script code on pages in the zone can run automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow script code on pages in the zone to run.  If you disable this policy setting, script code on pages in the zone is prevented from running.  If you do not configure this policy setting, users are queried to choose whether to allow script code on pages in the Local Machine zone to run. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1400
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Allow paste operations via script at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste) in a specified region.  If you enable this policy setting, a script can perform a clipboard operation.  If you select Prompt in the drop-down box, users are queried as to whether to perform clipboard operations.  If you disable this policy setting, a script cannot perform a clipboard operation.  If you do not configure this policy setting, a script can perform a clipboard operation. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1407
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Scripting of Java applets at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether applets are exposed to scripts within the zone.  If you enable this policy setting, scripts can access applets automatically without user intervention.  If you select Prompt in the drop-down box, users are queried to choose whether to allow scripts to access applets.  If you disable this policy setting, scripts are prevented from accessing applets.  If you do not configure this policy setting, scripts can access applets automatically without user intervention. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1402
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Logon options at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage settings for logon options.  If you enable this policy setting, you can choose from the following logon options.  Anonymous logon to disable HTTP authentication and use the guest account only for the Common Internet File System (CIFS) protocol.  Prompt for user name and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder of the session.  Automatic logon only in Intranet zone to query users for user IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session.  Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not supported by the server, the user is queried to provide the user name and password.  If you disable this policy setting, logon is set to Automatic logon only in Intranet zone.  If you do not configure this policy setting, logon is set to Automatic logon with current username and password. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1A00
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page Site to Zone Assignment List at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage a list of sites that you want to associate with a particular security zone. These zone numbers have associated security settings that apply to all of the sites in the zone.  Internet Explorer has 4 security zones, numbered 1-4, and these are used by this policy setting to associate sites to zones. They are: (1) Intranet zone, (2) Trusted Sites zone, (3) Internet zone, and (4) Restricted Sites zone. Security settings can be set for each of these zones through other policy settings, and their default settings are: Trusted Sites zone (Low template), Intranet zone (Medium-Low template), Internet zone (Medium template), and Restricted Sites zone (High template). (The Local Machine zone and its locked down equivalent have special security settings that protect your local computer.)  If you enable this policy setting, you can enter a list of sites and their related zone numbers. The association of a site with a zone will ensure that the security settings for the specified zone are applied to the site.  For each entry that you add to the list, enter the following information:  Valuename – A host for an intranet site, or a fully qualified domain name for other sites. The valuename may also include a specific protocol. For example, if you enter http://www.contoso.com as the valuename, other protocols are not affected. If you enter just www.contoso.com, then all protocols are affected for that site, including http, https, ftp, and so on. The site may also be expressed as an IP address (e.g., 127.0.0.1) or range (e.g., 127.0.0.1-10). To avoid creating conflicting policies, do not include additional characters after the domain such as trailing slashes or URL path. For example, policy settings for www.contoso.com and www.contoso.com/mail would be treated as the same policy setting by Internet Explorer, and would therefore be in conflict.  Value - A number indicating the zone with which this site should be associated for security settings. The Internet Explorer zones described above are 1-4.  If you disable this policy setting, any such list is deleted and no site-to-zone assignments are permitted.  If this policy is not configured, users may choose their own site-to-zone assignments. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!ListBox_Support_ZoneMapKey
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page Intranet Sites: Include all local (intranet) sites not listed in other zones at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting controls whether local sites which are not explicitly mapped into any Security Zone are forced into the local Intranet security zone.  If you enable this policy setting, local sites which are not explicitly mapped into a zone are considered to be in the Intranet Zone.  If you disable this policy setting, local sites which are not explicitly mapped into a zone will not be considered to be in the Intranet Zone (so would typically be in the Internet Zone).  If you do not configure this policy setting, users choose whether to force local sites into the Intranet Zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap!IntranetName
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page Intranet Sites: Include all sites that bypass the proxy server at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting controls whether sites which bypass the proxy server are mapped into the local Intranet security zone.  If you enable this policy setting, sites which bypass the proxy server are mapped into the Intranet Zone.  If you disable this policy setting, sites which bypass the proxy server aren't necessarily mapped into the Intranet Zone (other rules might map one there).  If you do not configure this policy setting, users choose whether sites which bypass the proxy server are mapped into the Intranet Zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap!ProxyByPass
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page Intranet Sites: Include all network paths (UNCs) at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting controls whether URLs representing UNCs are mapped into the local Intranet security zone.  If you enable this policy setting, all network paths are mapped into the Intranet Zone.  If you disable this policy setting, network paths are not necessarily mapped into the Intranet Zone (other rules might map one there).  If you do not configure this policy setting, users choose whether network paths are mapped into the Intranet Zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap!UNCAsIntranet
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page Internet Zone Template at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.  If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.   If you disable this template policy setting, no security level is configured.  If you do not configure this template policy setting, no security level is configured.  Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.  Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Template Policies!InternetZoneTemplate, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Template Policies!Internet, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2300, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2300, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2300, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2300, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2300
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page Intranet Zone Template at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.  If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.   If you disable this template policy setting, no security level is configured.  If you do not configure this template policy setting, no security level is configured.  Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.  Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Intranet Settings\Template Policies!IntranetZoneTemplate, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Intranet Settings\Template Policies!Intranet, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2300, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2300, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2300, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2300, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2300
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page Trusted Sites Zone Template at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.  If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.   If you disable this template policy setting, no security level is configured.  If you do not configure this template policy setting, no security level is configured.  Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.  Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Trusted Sites Settings\Template Policies!TrustedSitesZoneTemplate, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Trusted Sites Settings\Template Policies!Trusted Sites, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2300, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2300, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2300, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2300, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2300
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page Restricted Sites Zone Template at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.  If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.   If you disable this template policy setting, no security level is configured.  If you do not configure this template policy setting, no security level is configured.  Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.  Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Restricted Sites Settings\Template Policies!RestrictedSitesZoneTemplate, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Restricted Sites Settings\Template Policies!Restricted Sites, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2300, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2300, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2300, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2300, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2300
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page Local Machine Zone Template at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.  If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.   If you disable this template policy setting, no security level is configured.  If you do not configure this template policy setting, no security level is configured.  Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.  Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Local Machine Zone Settings\Template Policies!LocalMachineZoneTemplate, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Local Machine Zone Settings\Template Policies!Local Machine Zone, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2300, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2300, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2300, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2300, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2300
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page Locked-Down Local Machine Zone Template  at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.  If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.   If you disable this template policy setting, no security level is configured.  If you do not configure this template policy setting, no security level is configured.  Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.  Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Local Machine Zone Lockdown Settings\Template Policies!LocalMachineZoneLockdownTemplate, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Local Machine Zone Lockdown Settings\Template Policies!Locked-Down Local Machine Zone, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2201
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page Locked-Down Internet Zone Template  at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.  If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.   If you disable this template policy setting, no security level is configured.  If you do not configure this template policy setting, no security level is configured.  Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.  Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Lockdown Settings\Template Policies!InternetZoneLockdownTemplate, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Lockdown Settings\Template Policies!Locked-Down Internet, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2201
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page Locked-Down Intranet Zone Template  at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.  If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.   If you disable this template policy setting, no security level is configured.  If you do not configure this template policy setting, no security level is configured.  Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.  Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Intranet Lockdown Settings\Template Policies!IntranetZoneLockdownTemplate, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Intranet Lockdown Settings\Template Policies!Locked-Down Intranet, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2201
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page Locked-Down Trusted Sites Zone Template  at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.  If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.   If you disable this template policy setting, no security level is configured.  If you do not configure this template policy setting, no security level is configured.  Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.  Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Trusted Sites Lockdown Settings\Template Policies!TrustedSitesZoneLockdownTemplate, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Trusted Sites Lockdown Settings\Template Policies!Locked-Down Trusted Sites, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2201
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page Locked-Down Restricted Sites Zone Template  at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.  If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.   If you disable this template policy setting, no security level is configured.  If you do not configure this template policy setting, no security level is configured.  Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.  Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Restricted Sites Lockdown Settings\Template Policies!RestrictedSitesZoneLockdownTemplate, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Restricted Sites Lockdown Settings\Template Policies!Locked-Down Restricted Sites, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2201
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page Automatically check for Internet Explorer updates at least Internet Explorer v6.0 in Windows 2003 Service Pack 1 This policy setting allows you to manage whether Internet Explorer checks the Internet for newer versions. When Internet Explorer is set to do this, the checks occur approximately every 30 days, and users are prompted to install new versions as they become available.  If you enable this policy setting, Internet Explorer checks the Internet for a new version approximately every 30 days and prompts the user to download new versions when they are available.  If you disable this policy setting, Internet Explorer does not check the Internet for new versions of the browser, so does not prompt users to install them.  If you do not configure this policy setting, Internet Explorer does not check the Internet for new versions of the browser, so does not prompt users to install them. HKCU\Software\Policies\Microsoft\Internet Explorer\Main!NoUpdateCheck
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page Allow Install On Demand (Internet Explorer) at least Internet Explorer v6.0 in Windows 2003 Service Pack 1 This policy setting allows you to manage whether users can automatically download and install Web components (such as fonts) that can installed by Internet Explorer Active Setup.  For example, if you open a Web page that requires Japanese-text display support, Internet Explorer could prompt the user to download the Japanese Language Pack component if it is not already installed.  If you enable this policy setting, Web components such as fonts will be automatically installed as necessary.  If you disable this policy setting, users will be prompted when Web Components such as fonts would be downloaded.  If you do not configure this policy, users will be prompted when Web Components such as fonts would be downloaded. HKCU\Software\Policies\Microsoft\Internet Explorer\Main!NoJITSetup
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page Allow Install On Demand (except Internet Explorer) at least Internet Explorer v6.0 in Windows 2003 Service Pack 1 This policy setting allows you to manage whether users can download and install self-installing program files (non-Internet Explorer components) that are registered with Internet Explorer (such as Windows Media Player, Macromedia, and Java) that are required in order to view web pages as intended.  If you enable this policy setting, non-Internet Explorer components will be automatically installed as necessary.  If you disable this policy setting, users will be prompted when non-Internet Explorer components would be installed.  If you do not configure this policy setting, non-Internet Explorer components will be automatically installed as necessary. HKCU\Software\Policies\Microsoft\Internet Explorer\Main!NoWebJITSetup
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page Allow third-party browser extensions at least Internet Explorer v6.0 in Windows 2003 Service Pack 1 This policy setting allows you to manage whether Internet Explorer will launch COM add-ons known as browser helper objects, such as toolbars. Browser helper objects may contain flaws such as buffer overruns which impact Internet Explorer’s performance or stability.  If you enable this policy setting, Internet Explorer automatically launches any browser helper objects that are installed on the user's computer.  If you disable this policy setting, browser helper objects do not launch.  If you do not configure this policy, Internet Explorer automatically launches any browser helper objects that are installed on the user's computer. HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Enable Browser Extensions
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page Play animations in web pages at least Internet Explorer v6.0 in Windows 2003 Service Pack 1 This policy setting allows you to manage whether Internet Explorer will display animated pictures found in Web content. Generally only animated GIF files are affected by this setting; active Web content such as java applets are not.  If you enable this policy setting, Internet Explorer will play animated pictures found in Web content.  If you disable this policy setting, Internet Explorer will not play or download animated pictures, helping pages display more quickly.  If you do not configure this policy setting, Internet Explorer will play animated pictures found in Web content. HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Play_Animations
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page Play sounds in web pages at least Internet Explorer v6.0 in Windows 2003 Service Pack 1 This policy setting allows you to manage whether Internet Explorer will play sounds found in web content. Generally only sound files such as MIDI files are affected by this setting; active Web content such as java applets are not.  If you enable this policy setting, Internet Explorer will play sounds found in Web content.  If you disable this policy setting, Internet Explorer will not play or download sounds in Web content, helping pages display more quickly.  If you enable this policy setting, Internet Explorer will play sounds found in Web content. HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Play_Background_Sounds
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page Play videos in web pages at least Internet Explorer v6.0 in Windows 2003 Service Pack 1 This policy setting allows you to manage whether Internet Explorer will display videos found in Web content. Generally only embedded video files are affected by this setting; active Web content such as java applets are not.  If you enable this policy setting, Internet Explorer will play videos found in Web content.  If you disable this policy setting, Internet Explorer will not play or download videos, helping pages display more quickly.  If you do not configure this policy setting, Internet Explorer will play videos found in Web content. HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Display Inline Videos
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page Allow active content from CDs to run on user machines at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users receive a dialog requesting permission for active content on a CD to run.  If you enable this policy setting, active content on a CD will run without a prompt.  If you disable this policy setting, active content on a CD will always prompt before running.  If you do not configure this policy, users can choose whether to be prompted before running active content on a CD. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Settings!LOCALMACHINE_CD_UNLOCK
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page Allow software to run or install even if the signature is invalid at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether software, such as ActiveX controls and file downloads, can be installed or run by the user even though the signature is invalid. An invalid signature might indicate that someone has tampered with the file.  If you enable this policy setting, users will be prompted to install or run files with an invalid signature.  If you disable this policy setting, users cannot run or install files with an invalid signature.  If you do not configure this policy, users can choose to run or install files with an invalid signature. HKCU\Software\Policies\Microsoft\Internet Explorer\Download!RunInvalidSignatures
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page Check for server certificate revocation at least Internet Explorer v6.0 in Windows 2003 Service Pack 1 This policy setting allows you to manage whether Internet Explorer will check revocation status of servers' certificates. Certificates are revoked when they have been compromised or are no longer valid, and this option protects users from submitting confidential data to a site that may be fraudulent or not secure.  If you enable this policy setting, Internet Explorer will check to see if server certificates have been revoked.  If you disable this policy setting, Internet Explorer will not check server certificates to see if they have been revoked.  If you do not configure this policy setting, Internet Explorer will not check server certificates to see if they have been revoked. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!CertificateRevocation
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page Check for signatures on downloaded programs at least Internet Explorer v6.0 in Windows 2003 Service Pack 1 This policy setting allows you to manage whether Internet Explorer checks for digital signatures (which identifies the publisher of signed software and verifies it hasn't been modified or tampered with) on user computers before downloading executable programs.  If you enable this policy setting, Internet Explorer will check the digital signatures of executable programs and display their identities before downloading them to user computers.  If you disable this policy setting, Internet Explorer will not check the digital signatures of executable programs or display their identities before downloading them to user computers.  If you do not configure this policy, Internet Explorer will not check the digital signatures of executable programs or display their identities before downloading them to user computers. HKCU\Software\Policies\Microsoft\Internet Explorer\Main!CheckExeSignatures
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page Do not save encrypted pages to disk at least Internet Explorer v6.0 in Windows 2003 Service Pack 1 This policy setting allows you to manage whether Internet Explorer will save encrypted pages that contain secure (HTTPS) information such as passwords and credit card numbers to the Internet Explorer cache, which may be insecure.  If you enable this policy setting, Internet Explorer will not save encrypted pages containing secure (HTTPS) information to the cache.  If you disable this policy setting, Internet Explorer will save encrypted pages containing secure (HTTPS) information to the cache.  If you do not configure this policy, Internet Explorer will save encrypted pages containing secure (HTTPS) information to the cache. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!DisableCachingOfSSLPages
USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page Empty Temporary Internet Files folder when browser is closed at least Internet Explorer v6.0 in Windows 2003 Service Pack 1 This policy setting allows you to manage whether Internet Explorer deletes the contents of the Temporary Internet Files folder after all browser windows are closed. This protects against storing dangerous files on the computer, or storing sensitive files that other users could see, in addition to managing total disk space usage.  If you enable this policy setting, Internet Explorer will delete the contents of the user's Temporary Internet Files folder when all browser windows are closed.  If you disable this policy setting, Internet Explorer will not delete the contents of the user's Temporary Internet Files folder when browser windows are closed.  If you do not configure this policy, Internet Explorer will not delete the contents of the Temporary Internet Files folder when browser windows are closed. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Cache!Persistent
USER Administrative Templates\Windows Components\Internet Explorer Disable changing Advanced page settings at least Internet Explorer v5.0 Prevents users from changing settings on the Advanced tab in the Internet Options dialog box.  If you enable this policy, users are prevented from changing advanced Internet settings, such as security, multimedia, and printing. Users cannot select or clear the check boxes on the Advanced tab.  If you disable this policy or do not configure it, users can select or clear settings on the Advanced tab.  If you set the Disable the Advanced page policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), you do not need to set this policy, because the Disable the Advanced page policy removes the Advanced tab from the interface. HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!Advanced
USER Administrative Templates\Windows Components\Internet Explorer Disable changing home page settings at least Internet Explorer v5.0 Prevents users from changing the home page of the browser. The home page is the first page that appears when users start the browser.  If you enable this policy, the settings in the Home Page area on the General tab in the Internet Options dialog box appear dimmed.  If you disable this policy or do not configure it, users can change their home page.  If you set the Disable the General page policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), you do not need to set this policy, because the Disable the General page policy removes the General tab from the interface.  This policy is intended for administrators who want to maintain a consistent home page across their organization. HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!HomePage
USER Administrative Templates\Windows Components\Internet Explorer Use Automatic Detection for dial-up connections at least Internet Explorer v5.0 Specifies that Automatic Detection will be used to configure dial-up settings for users.  Automatic Detection uses a DHCP (Dynamic Host Configuration Protocol) or DNS server to customize the browser the first time it is started.  If you enable this policy, users' dial-up settings will be configured by Automatic Detection.  If you disable this policy or do not configure it, dial-up settings will not be configured by Automatic Detection, unless specified by the user. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!DialupAutodetect
USER Administrative Templates\Windows Components\Internet Explorer Disable caching of Auto-Proxy scripts at least Internet Explorer v5.0 Prevents automatic proxy scripts, which interact with a server to automatically configure users' proxy settings, from being stored in the users' cache.  If you enable this policy, automatic proxy scripts will not be stored temporarily on the users' computer.  If you disable this policy or do not configure it, automatic proxy scripts can be stored in the users' cache. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!EnableAutoProxyResultCache
USER Administrative Templates\Windows Components\Internet Explorer Display error message on proxy script download failure at least Internet Explorer v5.0 Specifies that error messages will be displayed to users if problems occur with proxy scripts.  If you enable this policy, error messages will be displayed when the browser does not download or run a script to set proxy settings.  If you disable this policy or do not configure it, error messages will not be displayed when problems occur with proxy scripts. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!DisplayScriptDownloadFailureUI
USER Administrative Templates\Windows Components\Internet Explorer Disable changing Temporary Internet files settings at least Internet Explorer v5.0 Prevents users from changing the browser cache settings, such as the location and amount of disk space to use for the Temporary Internet Files folder.  If you enable this policy, the browser cache settings appear dimmed. These settings are found in the dialog box that appears when users click the General tab and then click the Settings button in the Internet Options dialog box.  If you disable this policy or do not configure it, users can change their cache settings.  If you set the Disable the General page policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), you do not need to set this policy, because the Disable the General page policy removes the General tab from the interface. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!Cache
USER Administrative Templates\Windows Components\Internet Explorer Disable changing history settings at least Internet Explorer v5.0 Prevents users from changing the history settings for the browser.  If you enable this policy, the settings in the History area on the General tab in the Internet Options dialog box appear dimmed.  If you disable this policy or do not configure it, users can change the number of days to store Web page information and clear Web page history.  If you set the Disable the General page policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), you do not need to set this policy, because the Disable the General page policy removes the General tab from the interface. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!History
USER Administrative Templates\Windows Components\Internet Explorer Disable changing color settings at least Internet Explorer v5.0 Prevents users from changing the default Web page colors.  If you enable this policy, the color settings for Web pages appear dimmed. The settings are located in the Colors area in the dialog box that appears when the user clicks the General tab and then clicks the Colors button in the Internet Options dialog box.  If you disable this policy or do not configure it, users can change the default background and text color of Web pages.  If you set the Disable the General page policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), you do not need to set this policy, because the Disable the General page policy removes the General tab from the interface.  Note: The default Web page colors are ignored on Web pages in which the author has specified the background and text colors. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!Colors
USER Administrative Templates\Windows Components\Internet Explorer Disable changing link color settings at least Internet Explorer v5.0 Prevents users from changing the colors of links on Web pages.  If you enable this policy, the color settings for links appear dimmed. The settings are located in the Links area of the dialog box that appears when users click the General tab and then click the Colors button in the Internet Options dialog box.  If you disable this policy or do not configure it, users can change the default color of links on Web pages.  If you set the Disable the General page policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), you do not need to set this policy, because the Disable the General page policy removes the General tab from the interface.  Note: The default link colors are ignored on Web pages on which the author has specified link colors. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!links
USER Administrative Templates\Windows Components\Internet Explorer Disable changing font settings at least Internet Explorer v5.0 Prevents users from changing font settings.  If you enable this policy, the Font button on the General tab in the Internet Options dialog box appears dimmed.  If you disable this policy or do not configure it, users can change the default fonts for viewing Web pages.  If you set the Disable the General page policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), you do not need to set this policy, because the Disable the General page policy removes the General tab from the interface.  Note: The default font settings colors are ignored in cases in which the Web page author has specified the font attributes. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!Fonts
USER Administrative Templates\Windows Components\Internet Explorer Disable changing language settings at least Internet Explorer v5.0 Prevents users from changing language settings.  If you enable this policy, the Languages button on the General tab in the Internet Options dialog box appears dimmed.  If you disable this policy or do not configure it, users can change the language settings for viewing Web sites for languages in which the character set has been installed.  If you set the Disable the General page policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), you do not need to set this policy, because the Disable the General page policy removes the General tab from the interface. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!Languages
USER Administrative Templates\Windows Components\Internet Explorer Disable changing accessibility settings at least Internet Explorer v5.0 Prevents users from changing accessibility settings.  If you enable this policy, the Accessibility button on the General tab in the Internet Options dialog box appears dimmed.  If you disable this policy or do not configure it, users can change accessibility settings, such as overriding fonts and colors on Web pages.  If you set the Disable the General page policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), you do not need to set this policy, because the Disable the General page policy removes the General tab from the interface. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!Accessibility
USER Administrative Templates\Windows Components\Internet Explorer Disable Internet Connection wizard at least Internet Explorer v5.0 Prevents users from running the Internet Connection Wizard.  If you enable this policy, the Setup button on the Connections tab in the Internet Options dialog box appears dimmed.  Users will also be prevented from running the wizard by clicking the Connect to the Internet icon on the desktop or by clicking Start, pointing to Programs, pointing to Accessories, pointing to Communications, and then clicking Internet Connection Wizard.  If you disable this policy or do not configure it, users can change their connection settings by running the Internet Connection Wizard.  Note: This policy overlaps with the Disable the Connections page policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), which removes the Connections tab from the interface. Removing the Connections tab from the interface, however, does not prevent users from running the Internet Connection Wizard from the desktop or the Start menu. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!Connwiz Admin Lock
USER Administrative Templates\Windows Components\Internet Explorer Disable changing connection settings at least Internet Explorer v5.0 Prevents users from changing dial-up settings.  If you enable this policy, the Settings button on the Connections tab in the Internet Options dialog box appears dimmed.  If you disable this policy or do not configure it, users can change their settings for dial-up connections.  If you set the Disable the Connections page policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), you do not need to set this policy, because the Disable the Connections page policy removes the Connections tab from the interface. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!Connection Settings
USER Administrative Templates\Windows Components\Internet Explorer Disable changing proxy settings at least Internet Explorer v5.0 Prevents users from changing proxy settings.  If you enable this policy, the proxy settings appear dimmed. These settings are in the Proxy Server area of the Local Area Network (LAN) Settings dialog box, which appears when the user clicks the Connections tab and then clicks the LAN Settings button in the Internet Options dialog box.  If you set the Disable the Connections page policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), you do not need to set this policy, because the Disable the Connections page policy removes the Connections tab from the interface. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!Proxy
USER Administrative Templates\Windows Components\Internet Explorer Disable changing Automatic Configuration settings at least Internet Explorer v5.0 Prevents users from changing automatic configuration settings. Automatic configuration is a process that administrators can use to update browser settings periodically.  If you enable this policy, the automatic configuration settings appear dimmed. The settings are located in the Automatic Configuration area of the Local Area Network (LAN) Settings dialog box. To see the Local Area Network (LAN) Settings dialog box, users open the Internet Options dialog box, click the Connections tab, and then click the LAN Settings button.  If you disable this policy or do not configure it, the user can change automatic configuration settings.  This policy is intended to enable administrators to ensure that users' settings are updated uniformly through automatic configuration.  The Disable the Connections page policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), which removes the Connections tab from Internet Explorer in Control Panel, takes precedence over this policy. If it is enabled, this policy is ignored. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!Autoconfig
USER Administrative Templates\Windows Components\Internet Explorer Turn off pop-up management at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage pop-up management functionality in Internet Explorer.  If you enable this policy setting, the Control Panel information relating to pop-up management will be unavailable (grayed out) and all other pop-up manager controls, notifications, and dialog boxes will not appear. Pop-up windows will continue to function as they did in Windows XP Service Pack 1 or earlier, although windows launched off screen will continue to be re-positioned onscreen.  If you disable or do not configure this policy setting, the popup management feature will be functional. HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoPopupManagement
USER Administrative Templates\Windows Components\Internet Explorer Pop-up allow list at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage a list of web sites that will be allowed to open pop-up windows regardless of the Internet Explorer process's Pop-Up Blocker settings.  If you enable this policy setting, you can enter a list of sites which will be allowed to open pop-up windows regardless of user settings. Users will not be able to view or edit this list of sites. Only the domain name is allowed, so www.contoso.com is valid, but not http://www.contoso.com. Wildcards are allowed, so *.contoso.com is also valid.  If you disable this policy setting, the list is deleted and users may not create their own lists of sites.  If this policy is not configured, users will be able to view and edit their own lists of sites. HKCU\Software\Policies\Microsoft\Internet Explorer\New Windows!ListBox_Support_Allow
USER Administrative Templates\Windows Components\Internet Explorer Disable changing ratings settings at least Internet Explorer v5.0 Prevents users from changing ratings that help control the type of Internet content that can be viewed.  If you enable this policy, the settings in the Content Advisor area on the Content tab in the Internet Options dialog box appear dimmed.  If you disable this policy or do not configure it, users can change their ratings settings.  The Disable the Ratings page policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), which removes the Ratings tab from Internet Explorer in Control Panel, takes precedence over this policy. If it is enabled, this policy is ignored. HKCU\Software\Policies\Microsoft\Internet Explorer\New Windows\Allow!Ratings
USER Administrative Templates\Windows Components\Internet Explorer Disable changing certificate settings at least Internet Explorer v5.0 Prevents users from changing certificate settings in Internet Explorer. Certificates are used to verify the identity of software publishers.  If you enable this policy, the settings in the Certificates area on the Content tab in the Internet Options dialog box appear dimmed.  If you disable this policy or do not configure it, users can import new certificates, remove approved publishers, and change settings for certificates that have already been accepted.  The Disable the Content page policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), which removes the Content tab from Internet Explorer in Control Panel, takes precedence over this policy. If it is enabled, this policy is ignored.  Caution: If you enable this policy, users can still run the Certificate Manager Import Wizard by double-clicking a software publishing certificate (.spc) file. This wizard enables users to import and configure settings for certificates from software publishers that haven't already been configured for Internet Explorer. HKCU\Software\Policies\Microsoft\Internet Explorer\New Windows\Allow!Certificates
USER Administrative Templates\Windows Components\Internet Explorer Disable changing Profile Assistant settings at least Internet Explorer v5.0 Prevents users from changing Profile Assistant settings.  If you enable this policy, the My Profile button appears dimmed in the Personal Information area on the Content tab in the Internet Options dialog box.  If you disable this policy or do not configure it, users can change their profile information, such as their street and e-mail addresses.  The Disable the Connections page policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), which removes the Connections tab from Internet Explorer in Control Panel, takes precedence over this policy. If it is enabled, this policy is ignored. HKCU\Software\Policies\Microsoft\Internet Explorer\New Windows\Allow!Profiles
USER Administrative Templates\Windows Components\Internet Explorer Disable AutoComplete for forms at least Internet Explorer v5.0 Prevents Microsoft Internet Explorer from automatically completing forms, such as filling in a name or a password that the user has entered previously on a Web page.  If you enable this policy, the Forms check box appears dimmed. To display the Forms check box, users open the Internet Options dialog box, click the Content tab, and then click the AutoComplete button.  If you disable this policy or do not configure it, users can enable the automatic completion of forms.  The Disable the Content page policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), which removes the Content tab from Internet Explorer in Control Panel, takes precedence over this policy. If it is enabled, this policy is ignored.  Caution: If you enable this policy after users have used their browser with form automatic completion enabled, it will not clear the automatic completion history for forms that users have already filled out. HKCU\Software\Policies\Microsoft\Internet Explorer\New Windows\Allow!FormSuggest
USER Administrative Templates\Windows Components\Internet Explorer Do not allow AutoComplete to save passwords at least Internet Explorer v5.0 Disables automatic completion of user names and passwords in forms on Web pages, and prevents users from being prompted to save passwords.  If you enable this policy, the User Names and Passwords on Forms and Prompt Me to Save Passwords check boxes appear dimmed. To display these check boxes, users open the Internet Options dialog box, click the Content tab, and then click the AutoComplete button.  If you disable this policy or don't configure it, users can determine whether Internet Explorer automatically completes user names and passwords on forms and prompts them to save passwords.  The Disable the Content page policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), which removes the Content tab from Internet Explorer in Control Panel, takes precedence over this policy. If it is enabled, this policy is ignored. HKCU\Software\Policies\Microsoft\Internet Explorer\New Windows\Allow!FormSuggest Passwords
USER Administrative Templates\Windows Components\Internet Explorer Disable changing Messaging settings at least Internet Explorer v5.0 Prevents users from changing the default programs for messaging tasks.  If you enable this policy, the E-mail, Newsgroups, and Internet Call options in the Internet Programs area appear dimmed. To display these options, users open the Internet Options dialog box, and then click the Programs tab.  If you disable this policy or do not configure it, users can determine which programs to use for sending mail, viewing newsgroups, and placing Internet calls, if programs that perform these tasks are installed.  The Disable the Programs page policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), which removes the Programs tab from Internet Explorer in Control Panel, takes precedence over this policy. If it is enabled, this policy is ignored. HKCU\Software\Policies\Microsoft\Internet Explorer\New Windows\Allow!Messaging
USER Administrative Templates\Windows Components\Internet Explorer Disable changing Calendar and Contact settings at least Internet Explorer v5.0 Prevents users from changing the default programs for managing schedules and contacts.  If you enable this policy, the Calendar and Contact check boxes appear dimmed in the Internet Programs area. To display these options, users open the Internet Options dialog box, and then click the Programs tab.  If you disable this policy or do not configure it, users can determine which programs to use for managing schedules and contacts, if programs that perform these tasks are installed.  This Disable the Programs Page policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel) takes precedence over this policy. If it is enabled, this policy is ignored. HKCU\Software\Policies\Microsoft\Internet Explorer\New Windows\Allow!CalendarContact
USER Administrative Templates\Windows Components\Internet Explorer Disable the Reset Web Settings feature at least Internet Explorer v5.0 Prevents users from restoring default settings for home and search pages.  If you enable this policy, the Reset Web Settings button on the Programs tab in the Internet Options dialog box appears dimmed.  If you disable this policy or do not configure it, users can restore the default settings for home and search pages.  The Disable the Programs page policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), which removes the Programs tab from Internet Explorer in Control Panel, takes precedence over this policy. If it is enabled, this policy is ignored. HKCU\Software\Policies\Microsoft\Internet Explorer\New Windows\Allow!ResetWebSettings
USER Administrative Templates\Windows Components\Internet Explorer Disable changing default browser check at least Internet Explorer v5.0 Prevents Microsoft Internet Explorer from checking to see whether it is the default browser.  If you enable this policy, the Internet Explorer Should Check to See Whether It Is the Default Browser check box on the Programs tab in the Internet Options dialog box appears dimmed.  If you disable this policy or do not configure it, users can determine whether Internet Explorer will check to see if it is the default browser. When Internet Explorer performs this check, it prompts the user to specify which browser to use as the default.  This policy is intended for organizations that do not want users to determine which browser should be their default.  The Disable the Programs page policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), which removes the Programs tab from Internet Explorer in Control Panel, takes precedence over this policy. If it is enabled, this policy is ignored. HKCU\Software\Policies\Microsoft\Internet Explorer\New Windows\Allow!Check_If_Default
USER Administrative Templates\Windows Components\Internet Explorer Turn off Crash Detection at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage the crash detection feature of add-on Management.  If you enable this policy setting, a crash in Internet Explorer will exhibit behavior found in Windows XP Professional Service Pack 1 and earlier, namely to invoke Windows Error Reporting. All policy settings for Windows Error Reporting continue to apply.  If you disable or do not configure this policy setting, the crash detection feature for add-on management will be functional. HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoCrashDetection
USER Administrative Templates\Windows Components\Internet Explorer Do not allow users to enable or disable add-ons at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users have the ability to allow or deny add-ons through Add-On Manager.  If you enable this policy setting, users cannot enable or disable add-ons through Add-On Manager. The only exception occurs if an add-on has been specifically entered into the 'Add-On List' policy setting in such a way as to allow users to continue to manage the add-on. In this case, the user can still manage the add-on through the Add-On Manager.  If you disable or do not configure this policy setting, the appropriate controls in the Add-On Manager will be available to the user. HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoExtensionManagement
USER Administrative Templates\Windows Components\Internet Explorer Identity Manager: Prevent users from using Identities at least Internet Explorer v5.0 Prevents users from configuring unique identities by using Identity Manager.  Identity Manager enables users to create multiple accounts, such as e-mail accounts, on the same computer. Each user has a unique identity, with a different password and different program preferences.  If you enable this policy, users will not be able to create new identities, manage existing identities, or switch identities. The Switch Identity option will be removed from the File menu in Address Book.  If you disable this policy or do not configure it, users can set up and change identities. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Identities!Locked Down
USER Administrative Templates\Windows Components\Internet Explorer Configure Outlook Express at least Internet Explorer v6.0 Allows Administrators to enable and disable the ability for Outlook Express users to save or open attachments that can potentially contain a virus.  If you check the block attachments setting, users will be unable to open or save attachments that could potentially contain a virus.  Users will not be able to disable the blocking of attachments in options.  If the block attachments setting is not checked, the user can specify to enable or disable the blocking of attachments in options. HKCU\Software\Microsoft\Outlook Express!BlockExeAttachments
USER Administrative Templates\Windows Components\Internet Explorer\Offline Pages Disable adding channels at least Internet Explorer v5.0 Prevents users from adding channels to Internet Explorer.  Channels are Web sites that are updated automatically on your computer, according to a schedule specified by the channel provider.  If you enable this policy, the Add Active Channel button, which appears on a channel that users haven't yet subscribed to, will be disabled. Users also cannot add content that is based on a channel, such as some of the Active Desktop items from Microsoft's Active Desktop Gallery, to their desktop.  If you disable this policy or do not configure it, users can add channels to the Channel bar or to their desktop.  Note: Most channel providers use the words Add Active Channel for this option; however, a few use different words, such as Subscribe. HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoAddingChannels
USER Administrative Templates\Windows Components\Internet Explorer\Offline Pages Disable removing channels at least Internet Explorer v5.0 Prevents users from disabling channel synchronization in Microsoft Internet Explorer.  Channels are Web sites that are automatically updated on your computer according to a schedule specified by the channel provider.  If you enable this policy, users cannot prevent channels from being synchronized.  If you disable this policy or do not configure it, users can disable the synchronization of channels.  This policy is intended to help administrators ensure that users' computers are being updated uniformly across their organization.  Note: This policy does not prevent users from removing active content from the desktop interface. HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoRemovingChannels
USER Administrative Templates\Windows Components\Internet Explorer\Offline Pages Disable adding schedules for offline pages at least Internet Explorer v5.0 Prevents users from specifying that Web pages can be downloaded for viewing offline. When users make Web pages available for offline viewing, they can view the content when their computer is not connected to the Internet.  If you enable this policy, users cannot add new schedules for downloading offline content. The Make Available Offline check box will be dimmed in the Add Favorite dialog box.  If you disable this policy or do not configure it, users can add new offline content schedules.  This policy is intended for organizations that are concerned about server load for downloading content.  The Hide Favorites menu policy (located in User Configuration\Administrative Templates\Windows Components\Internet Explorer) takes precedence over this policy. If it is enabled, this policy is ignored. HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoAddingSubscriptions
USER Administrative Templates\Windows Components\Internet Explorer\Offline Pages Disable editing schedules for offline pages at least Internet Explorer v5.0 Prevents users from editing an existing schedule for downloading Web pages for offline viewing.  When users make Web pages available for offline viewing, they can view content when their computer is not connected to the Internet.  If you enable this policy, users cannot display the schedule properties of pages that have been set up for offline viewing. If users click the Tools menu, click Synchronize, select a Web page, and then click the Properties button, no properties are displayed. Users do not receive an alert stating that the command is unavailable.  If you disable this policy or do not configure it, users can edit an existing schedule for downloading Web content for offline viewing.  This policy is intended for organizations that are concerned about server load for downloading content.  The Hide Favorites menu policy (located in User Configuration\Administrative Templates\Windows Components\Internet Explorer) takes precedence over this policy. If it is enabled, this policy is ignored. HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoEditingSubscriptions
USER Administrative Templates\Windows Components\Internet Explorer\Offline Pages Disable removing schedules for offline pages at least Internet Explorer v5.0 Prevents users from clearing the preconfigured settings for Web pages to be downloaded for offline viewing.  When users make Web pages available for offline viewing, they can view content when their computer is not connected to the Internet.  If you enable this policy, the Make Available Offline check box in the Organize Favorites Favorite dialog box and the Make This Page Available Offline check box will be selected but dimmed. To display the Make This Page Available Offline check box, users click the Tools menu, click Synchronize, and then click the Properties button.  If you disable this policy or do not configure it, users can remove the preconfigured settings for pages to be downloaded for offline viewing.  This policy is intended for organizations that are concerned about server load for downloading content.  The Hide Favorites menu policy (located in User Configuration\Administrative Templates\Windows Components\Internet Explorer) takes precedence over this policy. If it is enabled, this policy is ignored. HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoRemovingSubscriptions
USER Administrative Templates\Windows Components\Internet Explorer\Offline Pages Disable offline page hit logging at least Internet Explorer v5.0 Prevents channel providers from recording information about when their channel pages are viewed by users who are working offline.  If you enable this policy, it disables any channel logging settings set by channel providers in the channel definition format (.cdf) file. The .cdf file determines the schedule and other settings for downloading Web content.  If you disable this policy or do not configure it, channel providers can record information about when their channel pages are viewed by users who are working offline. HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoChannelLogging
USER Administrative Templates\Windows Components\Internet Explorer\Offline Pages Disable all scheduled offline pages at least Internet Explorer v5.0 Disables existing schedules for downloading Web pages for offline viewing.  When users make Web pages available for offline viewing, they can view content when their computer is not connected to the Internet.  If you enable this policy, the check boxes for schedules on the Schedule tab of the Web page properties are cleared and users cannot select them. To display this tab, users click the Tools menu, click Synchronize, select a Web page, click the Properties button, and then click the Schedule tab.  If you disable this policy, then Web pages can be updated on the schedules specified on the Schedule tab.  This policy is intended for organizations that are concerned about server load for downloading content.  The Hide Favorites menu policy (located in User Configuration\Administrative Templates\Windows Components\Internet Explorer) takes precedence over this policy. If it is enabled, this policy is ignored. HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoScheduledUpdates
USER Administrative Templates\Windows Components\Internet Explorer\Offline Pages Disable channel user interface completely at least Internet Explorer v5.0 Prevents users from viewing the Channel bar interface. Channels are Web sites that are automatically updated on their computer according to a schedule specified by the channel provider.  If you enable this policy, the Channel bar interface will be disabled, and users cannot select the Internet Explorer Channel Bar check box on the Web tab in the Display Properties dialog box.  If you disable this policy or do not configure it, users can view and subscribe to channels from the Channel bar interface. HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoChannelUI
USER Administrative Templates\Windows Components\Internet Explorer\Offline Pages Disable downloading of site subscription content at least Internet Explorer v5.0 Prevents content from being downloaded from Web sites that users have subscribed to.  When users make Web pages available for offline viewing, they can view content when their computer is not connected to the Internet.  If you enable this policy, content will not be downloaded from Web sites that users have subscribed to. However, synchronization with the Web pages will still occur to determine if any content has been updated since the last time the user synchronized with or visited the page.  If you disable this policy or do not configure it, content will not be prevented from being downloaded.  The Disable downloading of site subscription content policy and the Hide Favorites menu policy (located in User Configuration\Administrative Templates\Windows Components\Internet Explorer) take precedence over this policy. If either policy is enabled, this policy is ignored. HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoSubscriptionContent
USER Administrative Templates\Windows Components\Internet Explorer\Offline Pages Disable editing and creating of schedule groups at least Internet Explorer v5.0 Prevents users from adding, editing, or removing schedules for offline viewing of Web pages and groups of Web pages that users have subscribed to.  A subscription group is a favorite Web page plus the Web pages it links to.  If you enable this policy, the Add, Remove, and Edit buttons on the Schedule tab in the Web page Properties dialog box are dimmed. To display this tab, users click the Tools menu, click Synchronize, select a Web page, click the Properties button, and then click the Schedule tab.  If you disable this policy or do not configure it, users can add, remove, and edit schedules for Web sites and groups of Web sites.  The Disable editing schedules for offline pages policy and the Hide Favorites menu policy (located in User Configuration\Administrative Templates\Windows Components\Internet Explorer) take precedence over this policy. If either policy is enabled, this policy is ignored. HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoEditingScheduleGroups
USER Administrative Templates\Windows Components\Internet Explorer\Offline Pages Subscription Limits at least Internet Explorer v5.0 Restricts the amount of information downloaded for offline viewing.  If you enable this policy, you can set limits to the size and number of pages that users can download. If users attempt to exceed the number of subscriptions, a prompt will appear that states that they cannot set up more Web sites for offline viewing.  If you disable this policy or do not configure it, then users can determine the amount of content that is searched for new information and downloaded.  Caution: Although the Maximum Number of Offline Pages option determines how many levels of a Web site are searched for new information, it does not change the user interface in the Offline Favorites wizard.  Note: The begin and end times for downloading are measured in minutes after midnight. The Maximum Offline Page Crawl Depth setting specifies how many levels of a Web site are searched for new information. HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!MaxSubscriptionSize, HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!MaxSubscriptionCount, HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!MinUpdateInterval, HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!UpdateExcludeBegin, HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!UpdateExcludeEnd, HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!MaxWebcrawlLevels
USER Administrative Templates\Windows Components\Internet Explorer\Browser menus File menu: Disable Save As... menu option at least Internet Explorer v5.0 Prevents users from saving Web pages from the browser File menu to their hard disk or to a network share.  If you enable this policy, the Save As command on the File menu will be removed.  If you disable this policy or do not configure it, users can save Web pages for later viewing.  This policy takes precedence over the File Menu: Disable Save As Web Page Complete policy, which prevents users from saving the entire contents that are displayed or run from a Web Page, such as graphics, scripts, and linked files, but does not prevent users from saving the text of a Web page.  Caution: If you enable this policy, users are not prevented from saving Web content by pointing to a link on a Web page, clicking the right mouse button, and then clicking Save Target As. HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoBrowserSaveAs
USER Administrative Templates\Windows Components\Internet Explorer\Browser menus File menu: Disable New menu option at least Internet Explorer v5.0 Prevents users from opening a new browser window from the File menu.  If this policy is enabled, users cannot open a new browser window by clicking the File menu, pointing to the New menu, and then clicking Window. The user interface is not changed, but a new window will not be opened, and users will be informed that the command is not available.  If you disable this policy or do not configure it, users can open a new browser window from the File menu.  Caution: This policy does not prevent users from opening a new browser window by right-clicking, and then clicking the Open in New Window command. To prevent users from using the shortcut menu to open new browser windows, you should also set the Disable Open in New Window menu option policy, which disables this command on the shortcut menu, or the Disable context menu policy, which disables the entire shortcut menu. HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoFileNew
USER Administrative Templates\Windows Components\Internet Explorer\Browser menus File menu: Disable Open menu option at least Internet Explorer v5.0 Prevents users from opening a file or Web page from the File menu in Internet Explorer.  If you enable this policy, the Open dialog box will not appear when users click the Open command on the File menu. If users click the Open command, they will be notified that the command is not available.  If you disable this policy or do not configure it, users can open a Web page from the browser File menu.  Caution: This policy does not prevent users from right-clicking a link on a Web page, and then clicking the Open or Open in New Window command. To prevent users from opening Web pages by using the shortcut menu, set the Disable Open in New Window menu option policy, which disables this command on the shortcut menu, or the Disable context menu policy, which disables the entire shortcut menu. HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoFileOpen
USER Administrative Templates\Windows Components\Internet Explorer\Browser menus File menu: Disable Save As Web Page Complete at least Internet Explorer v5.0 Prevents users from saving the complete contents that are displayed on or run from a Web page, including the graphics, scripts, linked files, and other elements. It does not prevent users from saving the text of a Web page.  If you enable this policy, the Web Page, Complete file type option will be removed from the Save as Type box in the Save Web Page dialog box. Users can still save Web pages as hypertext markup language (HTML) files or as text files, but graphics, scripts, and other elements are not saved. To display the Save Web Page dialog box, users click the File menu, and then click the Save As command.  If you disable this policy or do not configure it, users can save all elements on a Web page.  The File menu: Disable Save As... menu option policy, which removes the Save As command, takes precedence over this policy. If it is enabled, this policy is ignored. HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoBrowserSaveWebComplete
USER Administrative Templates\Windows Components\Internet Explorer\Browser menus File menu: Disable closing the browser and Explorer windows at least Internet Explorer v5.0 Prevents users from closing Microsoft Internet Explorer and Windows Explorer.  If you enable this policy, the Close command on the File menu will appear dimmed.  If you disable this policy or do not configure it, users are not prevented from closing the browser or Windows Explorer.  Note: The Close button in the top right corner of the program will not work; if users click the Close button, they will be informed that the command is not available. HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoBrowserClose
USER Administrative Templates\Windows Components\Internet Explorer\Browser menus View menu: Disable Source menu option at least Internet Explorer v5.0 Prevents users from viewing the HTML source of Web pages by clicking the Source command on the View menu.  If you enable this policy, the Source command on the View menu will appear dimmed.  If you disable this policy or do not configure it, then users can view the HTML source of Web pages from the browser View menu.  Caution: This policy does not prevent users from viewing the HTML source of a Web page by right-clicking a Web page to open the shortcut menu, and then clicking View Source. To prevent users from viewing the HTML source of a Web page from the shortcut menu, set the Disable context menu policy, which disables the entire shortcut menu. HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoViewSource
USER Administrative Templates\Windows Components\Internet Explorer\Browser menus View menu: Disable Full Screen menu option at least Internet Explorer v5.0 Prevents users from displaying the browser in full-screen (kiosk) mode, without the standard toolbar.  If you enable this policy, the Full Screen command on the View menu will appear dimmed, and pressing F11 will not display the browser in a full screen.  If you disable this policy or do not configure it, users can display the browser in a full screen.  This policy is intended to prevent users from displaying the browser without toolbars, which might be confusing for some beginning users. HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoTheaterMode
USER Administrative Templates\Windows Components\Internet Explorer\Browser menus Hide Favorites menu at least Internet Explorer v5.0 Prevents users from adding, removing, or editing the list of Favorite links.  The Favorites list is a way to store popular links for future use.  If you enable this policy, the Favorites menu is removed from the interface, and the Favorites button on the browser toolbar appears dimmed. The Add to Favorites command on the shortcut menu is disabled; when users click it, they are informed that the command is unavailable.  If you disable this policy or do not configure it, users can manage their Favorites list.  This policy is intended to ensure that users maintain consistent lists of favorites across your organization.  Note: If you enable this policy, users also cannot click Synchronize on the Tools menu to manage their favorite links that are set up for offline viewing. HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoFavorites
USER Administrative Templates\Windows Components\Internet Explorer\Browser menus Tools menu: Disable Internet Options... menu option at least Internet Explorer v5.0 Prevents users from opening the Internet Options dialog box from the Tools menu in Microsoft Internet Explorer.  If you enable this policy, users cannot change their Internet options, such as default home page, cache size, and connection and proxy settings, from the browser Tools menu. When users click the Internet Options command on the Tools menu, they are informed that the command is unavailable.  If you disable this policy or do not configure it, users can change their Internet settings from the browser Tools menu.  Caution: This policy does not prevent users from viewing and changing Internet settings by clicking the Internet Options icon in Windows Control Panel.  Also, see policies for Internet options in the \Administrative Templates\Windows Components\Internet Explorer and in \Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel folders. HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoBrowserOptions
USER Administrative Templates\Windows Components\Internet Explorer\Browser menus Help menu: Remove 'Tip of the Day' menu option at least Internet Explorer v5.0 Prevents users from viewing or changing the Tip of the Day interface in Microsoft Internet Explorer.  If you enable this policy, the Tip of the Day command is removed from the Help menu.  If you disable this policy or do not configure it, users can enable or disable the Tip of the Day, which appears at the bottom of the browser. HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoHelpItemTipOfTheDay
USER Administrative Templates\Windows Components\Internet Explorer\Browser menus Help menu: Remove 'For Netscape Users' menu option at least Internet Explorer v5.0 Prevents users from displaying tips for users who are switching from Netscape.  If you enable this policy, the For Netscape Users command is removed from the Help menu.  If you disable this policy or do not configure it, users can display content about switching from Netscape by clicking the For Netscape Users command on the Help menu.  Caution: Enabling this policy does not remove the tips for Netscape users from the Microsoft Internet Explorer Help file. HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoHelpItemNetscapeHelp
USER Administrative Templates\Windows Components\Internet Explorer\Browser menus Help menu: Remove 'Tour' menu option Prevents users from running the Internet Explorer Tour from the Help menu in Internet Explorer.  If you enable this policy, the Tour command is removed from the Help menu.  If you disable this policy or do not configure it, users can run the tour from the Help menu. HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoHelpItemTutorial
USER Administrative Templates\Windows Components\Internet Explorer\Browser menus Help menu: Remove 'Send Feedback' menu option at least Internet Explorer v5.0 Prevents users from sending feedback to Microsoft by clicking the Send Feedback command on the Help menu.  If you enable this policy, the Send Feedback command is removed from the Help menu.  If you disable this policy or do not configure it, users can fill out an Internet form to provide feedback about Microsoft products. HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoHelpItemSendFeedback
USER Administrative Templates\Windows Components\Internet Explorer\Browser menus Disable Context menu at least Internet Explorer v5.0 Prevents the shortcut menu from appearing when users click the right mouse button while using the browser.  If you enable this policy, the shortcut menu will not appear when users point to a Web page, and then click the right mouse button.  If you disable this policy or do not configure it, users can use the shortcut menu.  This policy can be used to ensure that the shortcut menu is not used as an alternate method of running commands that have been removed from other parts of the interface. HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoBrowserContextMenu
USER Administrative Templates\Windows Components\Internet Explorer\Browser menus Disable Open in New Window menu option at least Internet Explorer v5.0 Prevents using the shortcut menu to open a link in a new browser window.  If you enable this policy, users cannot point to a link, click the right mouse button, and then click the Open in New Window command.  If you disable this policy or do not configure it, users can open a Web page in a new browser window by using the shortcut menu.  This policy can be used in coordination with the File menu: Disable New menu option policy, which prevents users from opening the browser in a new window by clicking the File menu, pointing to New, and then clicking Window.  Note: When users click the Open in New Window command, the link will not open in a new window and they will be informed that the command is not available. HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoOpeninNewWnd
USER Administrative Templates\Windows Components\Internet Explorer\Browser menus Disable Save this program to disk option at least Internet Explorer v5.0 Prevents users from saving a program or file that Microsoft Internet Explorer has downloaded to the hard disk.  If you enable this policy, users cannot save a program to disk by clicking the Save This Program to Disk command while attempting to download a file. The file will not be downloaded and users will be informed that the command is not available.  If you disable this policy or do not configure it, users can download programs from their browsers. HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoSelectDownloadDir
USER Administrative Templates\Windows Components\Internet Explorer\Toolbars Disable customizing browser toolbar buttons at least Internet Explorer v5.0 Prevents users from determining which buttons appear on the Microsoft Internet Explorer and Windows Explorer standard toolbars.  If you enable this policy, the Customize command on the Toolbars submenu of the View menu will be removed.  If you disable this policy or do not configure it, users can customize which buttons appear on the Internet Explorer and Windows Explorer toolbars.  This policy can be used in coordination with the Disable customizing browser toolbars policy, which prevents users from determining which toolbars are displayed in Internet Explorer and Windows Explorer. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoToolbarCustomize
USER Administrative Templates\Windows Components\Internet Explorer\Toolbars Disable customizing browser toolbars at least Internet Explorer v5.0 Prevents users from determining which toolbars are displayed in Microsoft Internet Explorer and Windows Explorer.  If you enable this policy, the list of toolbars, which users can display by clicking the View menu and then pointing to the Toolbars command, will appear dimmed.  If you disable this policy or do not configure it, users can determine which toolbars are displayed in Windows Explorer and Internet Explorer.  This policy can be used in coordination with the Disable customizing browser toolbar buttons policy, which prevents users from adding or removing toolbars from Internet Explorer. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoBandCustomize
USER Administrative Templates\Windows Components\Internet Explorer\Toolbars Configure Toolbar Buttons at least Internet Explorer v5.0 Specifies which buttons will be displayed on the standard toolbar in Microsoft Internet Explorer.  If you enable this policy, you can specify whether or not each button will be displayed by selecting or clearing the check boxes for each button.  If you disable this policy or do not configure it, the standard toolbar will be displayed with its default settings, unless users customize it. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!SpecifyDefaultButtons, HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!Btn_Back, HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!Btn_Forward, HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!Btn_Stop, HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!Btn_Refresh, HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!Btn_Home, HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!Btn_Search, HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!Btn_Favorites, HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!Btn_History, HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!Btn_Folders, HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!Btn_Fullscreen, HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!Btn_Tools, HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!Btn_MailNews, HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!Btn_Size, HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!Btn_Print, HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!Btn_Edit, HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!Btn_Discussions, HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!Btn_Cut, HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!Btn_Copy, HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!Btn_Paste, HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!Btn_Encoding
USER Administrative Templates\Windows Components\Internet Explorer\Persistence Behavior File size limits for Local Machine zone at least Internet Explorer v5.0 Limits the amount of storage that a page or site using the DHTML Persistence behavior can use for the Local Computer security zone.  If you enable this policy, you can specify the persistence storage amount per domain or per document for this security zone.  If you disable this policy or do not configure it, you cannot set this limit.  Note: This setting does not appear in the user interface. HKCU\Software\Policies\Microsoft\Internet Explorer\Persistence\0!DomainLimit, HKCU\Software\Policies\Microsoft\Internet Explorer\Persistence\0!DocumentLimit
USER Administrative Templates\Windows Components\Internet Explorer\Persistence Behavior File size limits for Intranet zone at least Internet Explorer v5.0 Limits the amount of storage that a page or site using the DHTML Persistence behavior can use for the Local Intranet security zone.  If you enable this policy, you can specify the persistence storage amount per domain or per document for this security zone.  If you disable this policy or do not configure it, you cannot set this limit.  Note: This setting does not appear in the user interface. HKCU\Software\Policies\Microsoft\Internet Explorer\Persistence\1!DomainLimit, HKCU\Software\Policies\Microsoft\Internet Explorer\Persistence\1!DocumentLimit
USER Administrative Templates\Windows Components\Internet Explorer\Persistence Behavior File size limits for Trusted Sites zone at least Internet Explorer v5.0 Limits the amount of storage that a page or site using the DHTML Persistence behavior can use for the Trusted Sites security zone.  If you enable this policy, you can specify the persistence storage amount per domain or per document for this security zone.  If you disable this policy or do not configure it, you cannot set this limit.  Note: This setting does not appear in the user interface. HKCU\Software\Policies\Microsoft\Internet Explorer\Persistence\2!DomainLimit, HKCU\Software\Policies\Microsoft\Internet Explorer\Persistence\2!DocumentLimit
USER Administrative Templates\Windows Components\Internet Explorer\Persistence Behavior File size limits for Internet zone at least Internet Explorer v5.0 Limits the amount of storage that a page or site using the DHTML Persistence behavior can use for the Internet security zone.  If you enable this policy, you can specify the persistence storage amount per domain or per document for this security zone.  If you disable this policy or do not configure it, you cannot set this limit.  Note: This setting does not appear in the user interface. HKCU\Software\Policies\Microsoft\Internet Explorer\Persistence\3!DomainLimit, HKCU\Software\Policies\Microsoft\Internet Explorer\Persistence\3!DocumentLimit
USER Administrative Templates\Windows Components\Internet Explorer\Persistence Behavior File size limits for Restricted Sites zone at least Internet Explorer v5.0 Limits the amount of storage that a page or site using the DHTML Persistence behavior can use for the Restricted Sites security zone.  If you enable this policy, you can specify the persistence storage amount per domain or per document for this security zone.  If you disable this policy or do not configure it, you cannot set this limit.  Note: This setting does not appear in the user interface. HKCU\Software\Policies\Microsoft\Internet Explorer\Persistence\4!DomainLimit, HKCU\Software\Policies\Microsoft\Internet Explorer\Persistence\4!DocumentLimit
USER Administrative Templates\Windows Components\Internet Explorer\Administrator Approved Controls Media Player at least Internet Explorer v5.0 Designates the Media Player ActiveX control as administrator-approved.  This control is used for playing sounds, videos, and other media.  If you enable this policy, this control can be run in security zones in which you specify that administrator-approved controls can be run.  If you disable this policy or do not configure it, this control will not be designated as administrator-approved.  To specify how administrator-approved controls are handled for each security zone, carry out the following steps:  1. In Group Policy, click User Configuration, click Internet Explorer Maintenance, and then click Security.  2. Double-click Security Zones and Content Ratings, click Import the Current Security Zones Settings, and then click Modify Settings.  3. Select the content zone in which you want to manage ActiveX controls, and then click Custom Level.  4. In the Run ActiveX Controls and Plug-ins area, click Administrator Approved. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{05589FA1-C356-11CE-BF01-00AA0055595A}, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{22D6F312-B0F6-11D0-94AB-0080C74C7E95}
USER Administrative Templates\Windows Components\Internet Explorer\Administrator Approved Controls Menu Controls at least Internet Explorer v5.0 Designates a set of Microsoft ActiveX controls used to manipulate pop-up menus in the browser as administrator-approved.  If you enable this policy, these controls can be run in security zones in which you specify that administrator-approved controls can be run.  If you disable this policy or do not configure it, these controls will not be designated as administrator-approved.  To specify a control as administrator-approved, click Enabled, and then select the check box for the control:  -- MCSiMenu - enables Web authors to control the placement and appearance of Windows pop-up menus on Web pages -- Popup Menu Object - enables Web authors to add pop-up menus to Web pages  To specify how administrator-approved controls are handled for each security zone, carry out the following steps:  1. In Group Policy, click User Configuration, click Internet Explorer Maintenance, and then click Security.  2. Double-click Security Zones and Content Ratings, click Import the Current Security Zones Settings, and then click Modify Settings.  3. Select the content zone in which you want to manage ActiveX controls, and then click Custom Level.  4. In the Run ActiveX Controls and Plug-ins area, click Administrator Approved. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{275E2FE0-7486-11D0-89D6-00A0C90C9B67}, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{7823A620-9DD9-11CF-A662-00AA00C066D2}, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{F5131C24-E56D-11CF-B78A-444553540000}
USER Administrative Templates\Windows Components\Internet Explorer\Administrator Approved Controls Microsoft Agent at least Internet Explorer v5.0 Designates the Microsoft Agent ActiveX control as administrator-approved.  Microsoft Agent is a set of software services that supports the presentation of software agents as interactive personalities within the Microsoft Windows interface.  If you enable this policy, this control can be run in security zones in which you specify that administrator-approved controls can be run.  If you disable this policy or do not configure it, these controls will not be designated as administrator-approved.  To specify how administrator-approved controls are handled for each security zone, carry out the following steps:  1. In Group Policy, click User Configuration, click Internet Explorer Maintenance, and then click Security.  2. Double-click Security Zones and Content Ratings, click Import the Current Security Zones Settings, and then click Modify Settings.  3. Select the content zone in which you want to manage ActiveX controls, and then click Custom Level.  4. In the Run ActiveX Controls and Plug-ins area, click Administrator Approved. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F}
USER Administrative Templates\Windows Components\Internet Explorer\Administrator Approved Controls Microsoft Chat at least Internet Explorer v5.0 Designates the Microsoft Chat ActiveX control as administrator-approved.  This control is used by Web authors to build text-based and graphical-based Chat communities for real-time conversations on the Web.  If you enable this policy, this control can be run in security zones in which you specify that administrator-approved controls can be run.  If you disable this policy or do not configure it, this control will not be designated as administrator-approved.  To specify how administrator-approved controls are handled for each security zone, carry out the following steps:  1. In Group Policy, click User Configuration, click Internet Explorer Maintenance, and then click Security.  2. Double-click Security Zones and Content Ratings, click Import the Current Security Zones Settings, and then click Modify Settings.  3. Select the content zone in which you want to manage ActiveX controls, and then click Custom Level.  4. In the Run ActiveX Controls and Plug-ins area, click Administrator Approved. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{D6526FE0-E651-11CF-99CB-00C04FD64497}
USER Administrative Templates\Windows Components\Internet Explorer\Administrator Approved Controls Microsoft Survey Control at least Internet Explorer v5.0 HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{BD1F006E-174F-11D2-95C0-00C04F9A8CFA}
USER Administrative Templates\Windows Components\Internet Explorer\Administrator Approved Controls Shockwave Flash at least Internet Explorer v5.0 HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{D27CDB6E-AE6D-11CF-96B8-444553540000}
USER Administrative Templates\Windows Components\Internet Explorer\Administrator Approved Controls NetShow File Transfer Control at least Internet Explorer v5.0 HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{26F24A93-1DA2-11D0-A334-00AA004A5FC5}
USER Administrative Templates\Windows Components\Internet Explorer\Administrator Approved Controls DHTML Edit Control at least Internet Explorer v5.0 HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{2D360201-FFF5-11D1-8D03-00A0C959BC0A}
USER Administrative Templates\Windows Components\Internet Explorer\Administrator Approved Controls Microsoft Scriptlet Component at least Internet Explorer v5.0 HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{AE24FDAE-03C6-11D1-8B76-0080C744F389}
USER Administrative Templates\Windows Components\Internet Explorer\Administrator Approved Controls Carpoint at least Internet Explorer v5.0 Designates the Microsoft Network (MSN) Carpoint automatic pricing control as administrator-approved.  This control enables enhanced pricing functionality on the Carpoint Web site, where users can shop for and obtain information about vehicles.  If you enable this policy, this control can be run in security zones in which you specify that administrator-approved controls can be run.  If you disable this policy or do not configure it, this control will not be designated as administrator-approved.  To specify how administrator-approved controls are handled for each security zone, carry out the following steps:  1. In Group Policy, click User Configuration, click Internet Explorer Maintenance, and then click Security.  2. Double-click Security Zones and Content Ratings, click Import the Current Security Zones Settings, and then click Modify Settings.  3. Select the content zone in which you want to manage ActiveX controls, and then click Custom Level.  4. In the Run ActiveX Controls and Plug-ins area, click Administrator Approved. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{DED22F57-FEE2-11D0-953B-00C04FD9152D}
USER Administrative Templates\Windows Components\Internet Explorer\Administrator Approved Controls Investor at least Internet Explorer v5.0 Designates a set of Microsoft Network (MSN) Investor controls as administrator-approved.  These controls enable users to view updated lists of stocks on their Web pages.  If you enable this policy, these controls can be run in security zones in which you specify that administrator-approved controls can be run.  If you disable this policy or do not configure it, these controls will not be designated as administrator-approved.  Select the check boxes for the controls that you want to designate as administrator-approved.  To specify how administrator-approved controls are handled for each security zone, carry out the following steps:  1. In Group Policy, click User Configuration, click Internet Explorer Maintenance, and then click Security.  2. Double-click Security Zones and Content Ratings, click Import the Current Security Zones Settings, and then click Modify Settings.  3. Select the content zone in which you want to manage ActiveX controls, and then click Custom Level.  4. In the Run ActiveX Controls and Plug-ins area, click Administrator Approved. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{9276B91A-E780-11d2-8A8D-00C04FA31D93}, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{52ADE293-85E8-11D2-BB22-00104B0EA281}
USER Administrative Templates\Windows Components\Internet Explorer\Administrator Approved Controls MSNBC at least Internet Explorer v5.0 Designates a set of MSNBC controls as administrator-approved.  These controls enable enhanced browsing of news reports on the MSNBC Web site.  If you enable this policy, these controls can be run in security zones in which you specify that administrator-approved controls can be run.  If you disable this policy or do not configure it, these controls will not be designated as administrator-approved.  Select the check boxes for the controls that you want to designate as administrator-approved.  To specify how administrator-approved controls are handled for each security zone, carry out the following steps:  1. In Group Policy, click User Configuration, click Internet Explorer Maintenance, and then click Security.  2. Double-click Security Zones and Content Ratings, click Import the Current Security Zones Settings, and then click Modify Settings.  3. Select the content zone in which you want to manage ActiveX controls, and then click Custom Level.  4. In the Run ActiveX Controls and Plug-ins area, click Administrator Approved. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{2FF18E10-DE11-11D1-8161-00A0C90DD90C}
USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Binary Behavior Security Restriction Internet Explorer Processes at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 Internet Explorer contains dynamic binary behaviors: components that encapsulate specific functionality for the HTML elements to which they are attached. This policy setting controls whether the Binary Behavior Security Restriction setting is prevented or allowed.  If you enable this policy setting, binary behaviors are prevented for the Windows Explorer and Internet Explorer processes.  If you disable this policy setting, binary behaviors are allowed for the Windows Explorer and Internet Explorer processes.  If you do not configure this policy setting, binary behaviors are prevented for the Windows Explorer and Internet Explorer processes. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!(Reserved), HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!explorer.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!iexplore.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!(Reserved), HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!explorer.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!iexplore.exe
USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Binary Behavior Security Restriction Process List at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 Internet Explorer contains dynamic binary behaviors: components that encapsulate specific functionality for the HTML elements to which they are attached. This policy setting controls whether the Binary Behavior Security Restriction setting  is prevented or allowed.  This policy setting allows administrators to define applications for which they want this security feature to be prevented or allowed.  If you enable this policy setting and enter a Value of 1 binary behaviors are prevented. If you enter a Value of 0 binary behaviors are allowed. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.  Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.  If you disable or do not configure this policy setting, the security feature is allowed.   HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_BEHAVIORS
USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Binary Behavior Security Restriction All Processes at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 Internet Explorer contains dynamic binary behaviors: components that encapsulate specific functionality for the HTML elements to which they are attached. This policy setting controls whether the Binary Behavior Security Restriction setting is prevented or allowed.  If you enable this policy setting, binary behaviors are prevented for all processes. Any use of binary behaviors for HTML rendering is blocked.  If you disable or do not configure this policy setting, binary behaviors are allowed for all processes. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!*
USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Binary Behavior Security Restriction Admin-approved behaviors at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 For each zone, the Binary and Scripted Behavior security restrictions may be configured to allow only a list of admin-approved behaviors. This list may be configured here, and applies to all processes which have opted in to the behavior, and to all zones. (Behaviors are components that encapsulate specific functionality or behavior on a page.)  If you enable this policy setting, this sets the list of behaviors permitted in each zone for which Script and Binary Behaviors is set to 'admin-approved'. Behaviors must be entered in #package#behavior notation, e.g., #default#vml.  If you disable this policy setting, no behaviors will be allowed in zones set to 'admin-approved', just as if those zones were set to 'disable'.  If you do not configure this policy setting, only VML will be allowed in zones set to 'admin-approved'.  Note.  If this policy is set in both Computer Configuration and User Configuration, both lists of behaviors will be allowed as appropriate. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!ListBox_Support_AllowedBehaviors
USER Administrative Templates\Windows Components\Internet Explorer\Security Features\MK Protocol Security Restriction Internet Explorer Processes at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 The MK Protocol Security Restriction policy setting reduces attack surface area by preventing the MK protocol. Resources hosted on the MK protocol will fail.  If you enable this policy setting, the MK Protocol is prevented for Windows Explorer and Internet Explorer, and resources hosted on the MK protocol will fail.  If you disable this policy setting, applications can use the MK protocol API. Resources hosted on the MK protocol will work for the Windows Explorer and Internet Explorer processes.  If you do not configure this policy setting, the MK Protocol is prevented for Windows Explorer and Internet Explorer, and resources hosted on the MK protocol will fail. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!(Reserved), HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!explorer.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!iexplore.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!(Reserved), HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!explorer.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!iexplore.exe
USER Administrative Templates\Windows Components\Internet Explorer\Security Features\MK Protocol Security Restriction Process List at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 The MK Protocol Security Restriction policy setting reduces attack surface area by preventing the MK protocol. Resources hosted on the MK protocol will fail.  This policy setting allows administrators to define applications for which they want this security feature to be prevented or allowed.   If you enable this policy setting and enter a Value of 1, use of the MK protocol is prevented. If you enter a Value of 0, use of the MK protocol is allowed. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.  Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.   If you disable or do not configure this policy setting, the policy setting is ignored.   HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_DISABLE_MK_PROTOCOL
USER Administrative Templates\Windows Components\Internet Explorer\Security Features\MK Protocol Security Restriction All Processes at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 The MK Protocol Security Restriction policy setting reduces attack surface area by preventing the MK protocol. Resources hosted on the MK protocol will fail.  If you enable this policy setting, the MK Protocol is disabled for all processes. Any use of the MK Protocol is blocked.  If you disable or do not configure this policy setting, the MK Protocol is enabled. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!*
USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Local Machine Zone Lockdown Security Internet Explorer Processes at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 Internet Explorer places zone restrictions on each Web page it opens, which are dependent upon the location of the Web page (Internet, Intranet, Local Machine zone, etc.). Web pages on the local computer have the fewest security restrictions and reside in the Local Machine zone.  Local Machine zone security applies to all local files and content processed by Internet Explorer. This feature helps to mitigate attacks where the Local Machine zone is used as an attack vector to load malicious HTML code.  If you enable this policy setting, the Local Machine zone security applies to all local files and content processed by Internet Explorer.  If you disable this policy setting, Local Machine zone security is not applied to local files or content processed by Internet Explorer.  If you do not configure this policy setting, the Local Machine zone security applies to all local files and content processed by Internet Explorer. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!(Reserved), HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!explorer.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!iexplore.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!(Reserved), HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!explorer.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!iexplore.exe
USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Local Machine Zone Lockdown Security Process List at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 Internet Explorer places zone restrictions on each Web page it opens, which are dependent upon the location of the Web page (Internet, Intranet, Local Machine zone, and so on). Web pages on the local computer have the fewest security restrictions and reside in the Local Machine zone.  Local Machine zone security applies to all local files and content. This feature helps to mitigate attacks where the Local Machine zone is used as an attack vector to load malicious HTML code.  If you enable this policy setting and enter a value of 1, Local Machine Zone security applies. If you enter a value of 0, Local Machine Zone security does not apply. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.  Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.  If you disable or do not configure this policy setting, the security feature is allowed. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_LOCALMACHINE_LOCKDOWN
USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Local Machine Zone Lockdown Security All Processes at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 Internet Explorer places zone restrictions on each Web page it opens, which are dependent upon the location of the Web page (Internet, Intranet, Local Machine zone, etc.). Web pages on the local computer have the fewest security restrictions and reside in the Local Machine zone.  Local Machine zone security applies to all local files and content. This feature helps to mitigate attacks where the Local Machine zone is used as an attack vector to load malicious HTML code.  If you enable this policy setting, the Local Machine zone security applies to all local files and content processed by any process other than Internet Explorer or those defined in a process list.  If you disable or do not configure this policy setting, Local Machine zone security is not applied to local files or content processed by any process other than Internet Explorer or those defined in a process list. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!*
USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Consistent Mime Handling Internet Explorer Processes at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files received through a Web server.  This policy setting determines whether Internet Explorer requires that all file-type information provided by Web servers be consistent. For example, if the MIME type of a file is text/plain but the MIME sniff indicates that the file is really an executable file, Internet Explorer renames the file by saving it in the Internet Explorer cache and changing its extension.  If you enable this policy setting, Internet Explorer requires consistent MIME data for all received files.  If you disable this policy setting, Internet Explorer will not require consistent MIME data for all received files.  If you do not configure this policy setting, Internet Explorer requires consistent MIME data for all received files. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!(Reserved), HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!explorer.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!iexplore.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!(Reserved), HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!explorer.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!iexplore.exe
USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Consistent Mime Handling Process List at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files received through a Web server.  This policy setting determines whether Internet Explorer requires that all file-type information provided by Web servers be consistent. For example, if the MIME type of a file is text/plain but the MIME sniff indicates that the file is really an executable file, Internet Explorer renames the file by saving it in the Internet Explorer cache and changing its extension.  This policy setting allows administrators to define applications for which they want this security feature to be prevented or allowed.  If you enable this policy setting and enter a Value of 1, MIME handling is in effect. If you enter a Value of 0 file-type information is allowed to be inconsistent. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.  Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.  If you disable or do not configure this policy setting, the security feature is allowed.   HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_MIME_HANDLING
USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Consistent Mime Handling All Processes at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files received through a Web server.  This policy setting determines whether Internet Explorer requires that all file-type information provided by Web servers be consistent. For example, if the MIME type of a file is text/plain but the MIME sniff indicates that the file is really an executable file, Internet Explorer renames the file by saving it in the Internet Explorer cache and changing its extension.  If you enable this policy setting, Consistent Mime Handling is enabled for all processes.  If you disable or do not configure this policy setting, Consistent Mime Handling is prevented for all processes. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!*
USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Mime Sniffing Safety Feature Internet Explorer Processes at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting determines whether Internet Explorer MIME sniffing will prevent promotion of a file of one type to a more dangerous file type.  If you enable this policy setting, MIME sniffing will never promote a file of one type to a more dangerous file type.  If you disable this policy setting, Internet Explorer processes will allow a MIME sniff promoting a file of one type to a more dangerous file type.  If you do not configure this policy setting, MIME sniffing will never promote a file of one type to a more dangerous file type. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!(Reserved), HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!explorer.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!iexplore.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!(Reserved), HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!explorer.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!iexplore.exe
USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Mime Sniffing Safety Feature Process List at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting determines whether Internet Explorer MIME sniffing will prevent promotion of a file of one type to a more dangerous file type.  This policy setting allows administrators to define applications for which they want this security feature to be prevented or allowed.  If you enable this policy setting and enter a Value of 1, this protection will be in effect. If you enter a Value of 0, any file may be promoted to more dangerous file types. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.  Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.  If you disable or do not configure this policy setting, the security feature is allowed. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_MIME_SNIFFING
USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Mime Sniffing Safety Feature All Processes at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting determines whether Internet Explorer MIME sniffing will prevent promotion of a file of one type to a more dangerous file type.  If you enable this policy setting, the Mime Sniffing Safety Feature is enabled for all processes.  If you disable or do not configure this policy setting, the Mime Sniffing Safety Feature is disabled for all processes. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!*
USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Object Caching Protection Internet Explorer Processes at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting defines whether a reference to an object is accessible when the user navigates within the same domain or to a new domain.  If you enable this policy setting, an object reference is no longer accessible when navigating within or across domains for Internet Explorer processes.  If you disable this policy setting, an object reference is retained when navigating within or across domains for Internet Explorer processes.  If you do not configure this policy setting, an object reference is no longer accessible when navigating within or across domains for Internet Explorer processes. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!(Reserved), HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!explorer.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!iexplore.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!(Reserved), HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!explorer.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!iexplore.exe
USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Object Caching Protection Process List at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting defines whether a reference to an object is accessible when the user navigates within the same domain or to a new domain.  This policy setting allows administrators to define applications for which they want this security feature to be prevented or allowed.  If you enable this policy setting and enter a Value of 1, references to objects are inaccessible after navigation. If you enter a Value of 0, references to objects are still accessible after navigation. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.  Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.  If you disable or do not configure this policy setting, the security feature is allowed. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_OBJECT_CACHING
USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Object Caching Protection All Processes at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting defines whether a reference to an object is accessible when the user navigates within the same domain or to a new domain.  If you enable this policy setting, object reference is no longer accessible when navigating within or across domains for all processes.  If you disable or do not configure this policy setting, object reference is retained when navigating within or across domains in the Restricted Zone sites. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!*
USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Scripted Window Security Restrictions Internet Explorer Processes at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 Internet Explorer allows scripts to programmatically open, resize, and reposition windows of various types. The Window Restrictions security feature restricts popup windows and prohibits scripts from displaying windows in which the title and status bars are not visible to the user or obfuscate other Windows’ title and status bars.  If you enable this policy setting, popup windows and other restrictions apply for Windows Explorer and Internet Explorer processes.  If you disable this policy setting, scripts can continue to create popup windows and windows that obfuscate other windows.  If you do not configure this policy setting, popup windows and other restrictions apply for Windows Explorer and Internet Explorer processes. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!(Reserved), HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!explorer.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!iexplore.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!(Reserved), HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!explorer.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!iexplore.exe
USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Scripted Window Security Restrictions Process List at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 Internet Explorer allows scripts to programmatically open, resize, and reposition windows of various types. The Window Restrictions security feature restricts popup windows and prohibits scripts from displaying windows in which the title and status bars are not visible to the user or obfuscate other Windows’ title and status bars.  This policy setting allows administrators to define applications for which they want this security feature to be prevented or allowed.  If you enable this policy setting and enter a Value of 1, such windows may not be opened. If you enter a Value of 0, windows have none of these restrictions. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.  Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.  If you disable or do not configure this policy setting, the security feature is allowed. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_WINDOW_RESTRICTIONS
USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Scripted Window Security Restrictions All Processes at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 Internet Explorer allows scripts to programmatically open, resize, and reposition windows of various types. The Window Restrictions security feature restricts popup windows and prohibits scripts from displaying windows in which the title and status bars are not visible to the user or obfuscate other Windows’ title and status bars.  If you enable this policy setting, scripted windows are restricted for all processes.  If you disable or do not configure this policy setting, scripted windows are not restricted. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!*
USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Protection From Zone Elevation Internet Explorer Processes at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 Internet Explorer places restrictions on each Web page it opens. The restrictions are dependent upon the location of the Web page (Internet, Intranet, Local Machine zone, etc.). Web pages on the local computer have the fewest security restrictions and reside in the Local Machine zone, making the Local Machine security zone a prime target for malicious users. Zone Elevation also disables JavaScript navigation if there is no security context.  If you enable this policy setting, any zone can be protected from zone elevation by Internet Explorer processes.  If you disable this policy setting, no zone receives such protection for Internet Explorer processes.  If you do not configure this policy setting, any zone can be protected from zone elevation by Internet Explorer processes. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!(Reserved), HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!explorer.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!iexplore.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!(Reserved), HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!explorer.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!iexplore.exe
USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Protection From Zone Elevation Process List at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 Internet Explorer places restrictions on each Web page it opens. The restrictions are dependent upon the location of the Web page (Internet, Intranet, Local Machine zone, and so on). Web pages on the local computer have the fewest security restrictions and reside in the Local Machine zone, making the Local Machine security zone a prime target for malicious users. Zone Elevation also disables JavaScript navigation if there is no security context.  This policy setting allows administrators to define applications for which they want this security feature to be prevented or allowed.  If you enable this policy setting and enter a Value of 1, elevation to more privileged zones can be prevented. If you enter a Value of 0, elevation to any zone is allowed. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.  Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.  If you disable or do not configure this policy setting, the security feature is allowed. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_ZONE_ELEVATION
USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Protection From Zone Elevation All Processes at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 Internet Explorer places restrictions on each Web page it opens. The restrictions are dependent upon the location of the Web page (Internet, Intranet, Local Machine zone, and so on). For example, Web pages on the local computer have the fewest security restrictions and reside in the Local Machine zone, making the Local Machine security zone a prime target for malicious users.  If you enable this policy setting, any zone can be protected from zone elevation for all processes.  If you disable or do not configure this policy setting, processes other than Internet Explorer or those listed in the Process List receive no such protection. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!*
USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Information Bar Internet Explorer Processes at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether the Information Bar is displayed for Internet Explorer processes when file or code installs are restricted. By default, the Information Bar is displayed for Internet Explorer processes.  If you enable this policy setting, the Information Bar will be displayed for Internet Explorer Processes.  If you disable this policy setting, the Information Bar will not be displayed for Internet Explorer processes.  If you do not configure this policy setting, the Information Bar will be displayed for Internet Explorer Processes. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!(Reserved), HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!explorer.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!iexplore.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!(Reserved), HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!explorer.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!iexplore.exe
USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Information Bar Process List at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether the Information Bar is displayed for specific processes when file or code installs are restricted. By default, the Information Bar is not displayed for any process when file or code installs are restricted (except for the Internet Explorer Processes, for which the Information Bar is displayed by default).  If you enable this policy setting and enter a Value of 1, the Information Bar is displayed. If you enter a Value of 0 the Information Bar is not displayed. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.  Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable for IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.   If you disable or do not configure this policy setting, the Information Bar is not displayed for the specified processes. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_SECURITYBAND
USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Information Bar All Processes at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether the Information Bar is displayed for processes other than the Internet Explorer processes when file or code installs are restricted. By default, the Information Bar is not displayed for any process when file or code installs are restricted (except for the Internet Explorer Processes, for which the Information Bar is displayed by default).   If you enable this policy setting, the Information Bar will be displayed for all processes.  If you disable or do not configure this policy setting, the Information Bar will not be displayed for all processes other than Internet Explorer or those listed in the Process List. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!*
USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Restrict ActiveX Install Internet Explorer Processes at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting enables blocking of ActiveX control installation prompts for Internet Explorer processes.  If you enable this policy setting, prompting for ActiveX control installations will be blocked for Internet Explorer processes.  If you disable this policy setting, prompting for ActiveX control installations will not be blocked for Internet Explorer processes.  If you do not configure this policy setting, the user's preference will be used to determine whether to block ActiveX control installations for Internet Explorer processes. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!(Reserved), HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!explorer.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!iexplore.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!(Reserved), HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!explorer.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!iexplore.exe
USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Restrict ActiveX Install Process List at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting enables applications hosting the Web Browser Control to block automatic prompting of ActiveX control installation.  If you enable this policy setting and enter a Value of 1, automatic prompting of ActiveX control installation is blocked. If you enter a Value of 0, automatic prompting of ActiveX control installation is allowed. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.  Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.  If you disable or do not configure this policy setting, the security feature is allowed. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_RESTRICT_ACTIVEXINSTALL
USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Restrict ActiveX Install All Processes at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting enables applications hosting the Web Browser Control to block automatic prompting of ActiveX control installation.  If you enable this policy setting, the Web Browser Control will block automatic prompting of ActiveX control installation for all processes.  If you disable or do not configure this policy setting, the Web Browser Control will not block automatic prompting of ActiveX control installation for all processes. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!*
USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Restrict File Download Internet Explorer Processes at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting enables blocking of file download prompts that are not user initiated.  If you enable this policy setting, file download prompts that are not user initiated will be blocked for Internet Explorer processes.  If you disable this policy setting, prompting will occur for file downloads that are not user initiated for Internet Explorer processes.  If you do not configure this policy setting, the user's preference determines whether to prompt for file downloads that are not user initiated for Internet Explorer processes. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!(Reserved), HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!explorer.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!iexplore.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!(Reserved), HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!explorer.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!iexplore.exe
USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Restrict File Download Process List at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting enables applications hosting the Web Browser Control to block automatic prompting of file downloads that are not user initiated.  If you enable this policy setting and enter a Value of 1, automatic prompting of non-initiated file downloads is blocked. If you enter a Value of 0, automatic prompting of non-initiated file downloads is allowed. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.  Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.  If you disable or do not configure this policy setting, the security feature is allowed. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_RESTRICT_FILEDOWNLOAD
USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Restrict File Download All Processes at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting enables applications hosting the Web Browser Control to block automatic prompting of file downloads that are not user initiated.  If you enable this policy setting, the Web Browser Control will block automatic prompting of file downloads that are not user initiated for all processes.  If you disable this policy setting, the Web Browser Control will not block automatic prompting of file downloads that are not user initiated for all processes. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!*
USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management Deny all add-ons unless specifically allowed in the Add-on List at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to ensure that any Internet Explorer add-ons not listed in the 'Add-on List' policy setting are denied.  By default, the 'Add-on List' policy setting defines a list of add-ons to be allowed or denied through Group Policy. However, users can still use the Add-on Manager within Internet Explorer to manage add-ons not listed within the 'Add-on List' policy setting. This policy setting effectively removes this option from users - all add-ons are assumed to be denied unless they are specifically allowed through the 'Add-on List' policy setting.  If you enable this policy setting, Internet Explorer only allows add-ins that are specifically listed (and allowed) through the 'Add-on List' policy setting.  If you disable or do not configure this policy setting, users may use Add-on Manager to allow or deny any add-ons that are not included in the 'Add-on List' policy setting.  Note: If an add-on is listed in the 'Add-on List' policy setting, the user cannot change its state through Add-on Manager (unless its value has been set to allow user management - see the 'Add-on List' policy for more details). HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!RestrictToList
USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management Add-on List at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage a list of add-ons to be allowed or denied by Internet Explorer.  This list can be used with the 'Deny all add-ons unless specifically allowed in the Add-on List' policy setting, which defines whether add-ons not listed here are assumed to be denied.  If you enable this policy setting, you can enter a list of add-ons to be allowed or denied by Internet Explorer. For each entry that you add to the list, enter the following information:  Name of the Value - the CLSID (class identifier) for the add-on you wish to add to the list.  The CLSID should be in brackets for example, ‘{000000000-0000-0000-0000-0000000000000}’. The CLSID for an add-on can be obtained by reading the OBJECT tag from a Web page on which the add-on is referenced.  Value - A number indicating whether Internet Explorer should deny or allow the add-on to be loaded. To specify that an add-on should be denied enter a 0 (zero) into this field. To specify that an add-on should be allowed, enter a 1 (one) into this field. To specify that an add-on should be allowed and also permit the user to manage the add-on through Add-on Manager, enter a 2 (two) into this field.  If you disable this policy setting, the list is deleted. The 'Deny all add-ons unless specifically allowed in the Add-on List' policy setting will still determine whether add-ons not in this list are assumed to be denied. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!ListBox_Support_CLSID
USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management Process List at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether the listed processes respect add-on management user preferences (as entered into Add-on Manager) or policy settings. By default, only Internet Explorer processes use the add-on management user preferences and policy settings. This policy setting allows you to extend support for these user preferences and policy settings to specific processes listed in the process list.  If you enable this policy setting and enter a Value of 1, the process entered will respect the add-on management user preferences and policy settings. If you enter a Value of 0, the add-on management user preferences and policy settings are ignored by the specified process. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.  Do not enter Internet Explorer processes in this list because these processes always respect add-on management user preferences and policy settings. If the All Processes policy setting is enabled, the processes configured in this policy setting take precedence over that setting.  If you do not configure this policy, processes other than the Internet Explorer processes will not be affected by add-on management user preferences or policy settings (unless “All Processes” is enabled). HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_ADDON_MANAGEMENT
USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management All Processes at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether processes respect add-on management user preferences (as reflected by Add-on Manager) or policy settings.  By default, any process other than the Internet Explorer processes or those listed in the 'Process List' policy setting ignore add-on management user preferences and policy settings.  If you enable this policy setting, all processes will respect add-on management user preferences and policy settings.  If you disable or do not configure this policy setting, all processes will not respect add-on management user preferences or policy settings. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT!*
USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown Internet Explorer Processes at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 Windows Explorer and Internet Explorer may be configured to prevent active content obtained through restricted protocols from running in an unsafe manner. This policy setting controls whether restricting content obtained through restricted protocols is prevented or allowed.  If you enable this policy setting, restricting content obtained through restricted protocols is allowed for Windows Explorer and Internet Explorer processes. For example, you can restrict active content from pages served over the http and https protocols by adding the value names http and https.  If you disable this policy setting, restricting content obtained through restricted protocols is prevented for Windows Explorer and Internet Explorer processes.  If you do not configure this policy setting, the policy setting is ignored. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!(Reserved), HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!explorer.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!iexplore.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!(Reserved), HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!explorer.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!iexplore.exe
USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown Process List at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 Internet Explorer may be configured to prevent active content obtained through restricted protocols from running in an unsafe manner. This policy setting controls whether restricting content obtained through restricted protocols is prevented or allowed.  This policy setting allows administrators to define applications for which they want restricting content obtained through restricted protocols to be prevented or allowed.  If you enable this policy setting and enter a Value of 1, restricting content obtained through restricted protocols is allowed. If you enter a Value of 0, restricting content obtained through restricted protocols is blocked. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.  Do not enter the Windows Explorer or Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable these processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.  If you disable or do not configure this policy setting, the security feature is allowed. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_PROTOCOL_LOCKDOWN
USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown All Processes at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 Internet Explorer may be configured to prevent active content obtained through restricted protocols from running in an unsafe manner. This policy setting controls whether restricting content obtained through restricted protocols is prevented or allowed.  If you enable this policy setting, restricting content obtained through restricted protocols is allowed for all processes other than Windows Explorer or Internet Explorer.  If you disable this policy setting, restricting content obtained through restricted protocols is prevented for all processes other than Windows Explorer or Internet Explorer.  If you do not configure this policy setting, no policy is enforced for processes other than Windows Explorer and Internet Explorer. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!*
USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown\Restricted Protocols Per Security Zone Internet Zone Restricted Protocols at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 For each zone, the Network Protocol Lockdown security restriction may be configured to prevent active content obtained through restricted protocols from running in an unsafe manner, either by prompting the user, or simply disabling the content. For each zone, this list of protocols may be configured here, and applies to all processes which have opted in to the security restriction.  If you enable this policy setting for a zone, this sets the list of protocols to be restricted if that zone is set to Prompt or Disable for Allow active content over restricted protocols to access my computer.  If you disable or do not configure this policy setting for a zone, no protocols are restricted for that zone, regardless of the setting for Allow active content over restricted protocols to access my computer.  Note.  If policy for a zone is set in both Computer Configuration and User Configuration, both lists of protocols will be restricted for that zone. HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols!ListBox_Support_3
USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown\Restricted Protocols Per Security Zone Intranet Zone Restricted Protocols at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 For each zone, the Network Protocol Lockdown security restriction may be configured to prevent active content obtained through restricted protocols from running in an unsafe manner, either by prompting the user, or simply disabling the content. For each zone, this list of protocols may be configured here, and applies to all processes which have opted in to the security restriction.  If you enable this policy setting for a zone, this sets the list of protocols to be restricted if that zone is set to Prompt or Disable for Allow active content over restricted protocols to access my computer.  If you disable or do not configure this policy setting for a zone, no protocols are restricted for that zone, regardless of the setting for Allow active content over restricted protocols to access my computer.  Note.  If policy for a zone is set in both Computer Configuration and User Configuration, both lists of protocols will be restricted for that zone. HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols!ListBox_Support_1
USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown\Restricted Protocols Per Security Zone Trusted Sites Zone Restricted Protocols at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 For each zone, the Network Protocol Lockdown security restriction may be configured to prevent active content obtained through restricted protocols from running in an unsafe manner, either by prompting the user, or simply disabling the content. For each zone, this list of protocols may be configured here, and applies to all processes which have opted in to the security restriction.  If you enable this policy setting for a zone, this sets the list of protocols to be restricted if that zone is set to Prompt or Disable for Allow active content over restricted protocols to access my computer.  If you disable or do not configure this policy setting for a zone, no protocols are restricted for that zone, regardless of the setting for Allow active content over restricted protocols to access my computer.  Note.  If policy for a zone is set in both Computer Configuration and User Configuration, both lists of protocols will be restricted for that zone. HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols!ListBox_Support_2
USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown\Restricted Protocols Per Security Zone Restricted Sites Zone Restricted Protocols at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 For each zone, the Network Protocol Lockdown security restriction may be configured to prevent active content obtained through restricted protocols from running in an unsafe manner, either by prompting the user, or simply disabling the content. For each zone, this list of protocols may be configured here, and applies to all processes which have opted in to the security restriction.  If you enable this policy setting for a zone, this sets the list of protocols to be restricted if that zone is set to Prompt or Disable for Allow active content over restricted protocols to access my computer.  If you disable or do not configure this policy setting for a zone, no protocols are restricted for that zone, regardless of the setting for Allow active content over restricted protocols to access my computer.  Note.  If policy for a zone is set in both Computer Configuration and User Configuration, both lists of protocols will be restricted for that zone. HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols!ListBox_Support_4
USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown\Restricted Protocols Per Security Zone Local Machine Zone Restricted Protocols at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 For each zone, the Network Protocol Lockdown security restriction may be configured to prevent active content obtained through restricted protocols from running in an unsafe manner, either by prompting the user, or simply disabling the content. For each zone, this list of protocols may be configured here, and applies to all processes which have opted in to the security restriction.  If you enable this policy setting for a zone, this sets the list of protocols to be restricted if that zone is set to Prompt or Disable for Allow active content over restricted protocols to access my computer.  If you disable or do not configure this policy setting for a zone, no protocols are restricted for that zone, regardless of the setting for Allow active content over restricted protocols to access my computer.  Note.  If policy for a zone is set in both Computer Configuration and User Configuration, both lists of protocols will be restricted for that zone. HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols!ListBox_Support_0
MACHINE Administrative Templates\Windows Components\Internet Explorer Security Zones: Use only machine settings  at least Internet Explorer v5.0 Applies security zone information to all users of the same computer. A security zone is a group of Web sites with the same security level.  If you enable this policy, changes that the user makes to a security zone will apply to all users of that computer.  If you disable this policy or do not configure it, users of the same computer can establish their own security zone settings.  This policy is intended to ensure that security zone settings apply uniformly to the same computer and do not vary from user to user.  Also, see the Security zones: Do not allow users to change policies policy. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!Security_HKLM_only
MACHINE Administrative Templates\Windows Components\Internet Explorer Security Zones: Do not allow users to change policies at least Internet Explorer v5.0 Prevents users from changing security zone settings. A security zone is a group of Web sites with the same security level.  If you enable this policy, the Custom Level button and security-level slider on the Security tab in the Internet Options dialog box are disabled.  If you disable this policy or do not configure it, users can change the settings for security zones.  This policy prevents users from changing security zone settings established by the administrator.  Note: The Disable the Security page policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), which removes the Security tab from Internet Explorer in Control Panel, takes precedence over this policy. If it is enabled, this policy is ignored.  Also, see the Security zones: Use only machine settings policy. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!Security_options_edit
MACHINE Administrative Templates\Windows Components\Internet Explorer Security Zones: Do not allow users to add/delete sites at least Internet Explorer v5.0 Prevents users from adding or removing sites from security zones. A security zone is a group of Web sites with the same security level.  If you enable this policy, the site management settings for security zones are disabled. (To see the site management settings for security zones, in the Internet Options dialog box, click the Security tab, and then click the Sites button.)  If you disable this policy or do not configure it, users can add Web sites to or remove sites from the Trusted Sites and Restricted Sites zones, and alter settings for the Local Intranet zone.  This policy prevents users from changing site management settings for security zones established by the administrator.  Note:  The Disable the Security page policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), which removes the Security tab from the interface, takes precedence over this policy. If it is enabled, this policy is ignored.  Also, see the Security zones: Use only machine settings policy. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!Security_zones_map_edit
MACHINE Administrative Templates\Windows Components\Internet Explorer Make proxy settings per-machine (rather than per-user) at least Internet Explorer v5.0 Applies proxy settings to all users of the same computer.  If you enable this policy, users cannot set user-specific proxy settings. They must use the zones created for all users of the computer.  If you disable this policy or do not configure it, users of the same computer can establish their own proxy settings.  This policy is intended to ensure that proxy settings apply uniformly to the same computer and do not vary from user to user. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!ProxySettingsPerUser
MACHINE Administrative Templates\Windows Components\Internet Explorer Disable Automatic Install of Internet Explorer components at least Internet Explorer v5.0 Prevents Internet Explorer from automatically installing components.  If you enable this policy, it prevents Internet Explorer from downloading a component when users browse to a Web site that needs that component.  If you disable this policy or do not configure it, users will be prompted to download and install a component when visiting a Web site that uses that component.  This policy is intended to help the administrator control which components the user installs. HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoJITSetup
MACHINE Administrative Templates\Windows Components\Internet Explorer Disable Periodic Check for Internet Explorer software updates at least Internet Explorer v5.0 Prevents Internet Explorer from checking whether a new version of the browser is available.  If you enable this policy, it prevents Internet Explorer from checking to see whether it is the latest available browser version and notifying users if a new version is available.  If you disable this policy or do not configure it, Internet Explorer checks every 30 days by default, and then notifies users if a new version is available.  This policy is intended to help the administrator maintain version control for Internet Explorer by preventing users from being notified about new versions of the browser. HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoUpdateCheck
MACHINE Administrative Templates\Windows Components\Internet Explorer Disable software update shell notifications on program launch at least Internet Explorer v5.0 Specifies that programs using the Microsoft Software Distribution Channel will not notify users when they install new components. The Software Distribution Channel is a means of updating software dynamically on users' computers by using Open Software Distribution (.osd) technologies.  If you enable this policy, users will not be notified if their programs are updated using Software Distribution Channels.  If you disable this policy or do not configure it, users will be notified before their programs are updated.  This policy is intended for administrators who want to use Software Distribution Channels to update their users' programs without user intervention. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoMSAppLogo5ChannelNotify
MACHINE Administrative Templates\Windows Components\Internet Explorer Disable showing the splash screen at least Internet Explorer v5.0 Prevents the Internet Explorer splash screen from appearing when users start the browser.  If you enable this policy, the splash screen, which displays the program name, licensing, and copyright information, is not displayed.  If you disable this policy or do not configure it, the splash screen will be displayed when users start their browsers. HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoSplash
MACHINE Administrative Templates\Windows Components\Internet Explorer Turn off Crash Detection at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage the crash detection feature of add-on Management.  If you enable this policy setting, a crash in Internet Explorer will exhibit behavior found in Windows XP Professional Service Pack 1 and earlier, namely to invoke Windows Error Reporting. All policy settings for Windows Error Reporting continue to apply.  If you disable or do not configure this policy setting, the crash detection feature for add-on management will be functional. HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoCrashDetection
MACHINE Administrative Templates\Windows Components\Internet Explorer Do not allow users to enable or disable add-ons at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users have the ability to allow or deny add-ons through Add-On Manager.  If you enable this policy setting, users cannot enable or disable add-ons through Add-On Manager. The only exception occurs if an add-on has been specifically entered into the 'Add-On List' policy setting in such a way as to allow users to continue to manage the add-on. In this case, the user can still manage the add-on through the Add-On Manager.  If you disable or do not configure this policy setting, the appropriate controls in the Add-On Manager will be available to the user. HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoExtensionManagement
MACHINE Administrative Templates\Windows Components\Internet Explorer Turn off pop-up management at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage pop-up management functionality in Internet Explorer.  If you enable this policy setting, the Control Panel information relating to pop-up management will be unavailable (grayed out) and all other pop-up manager controls, notifications, and dialog boxes will not appear. Pop-up windows will continue to function as they did in Windows XP Service Pack 1 or earlier, although windows launched off screen will continue to be re-positioned onscreen.  If you disable or do not configure this policy setting, the popup management feature will be functional. HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoPopupManagement
MACHINE Administrative Templates\Windows Components\Internet Explorer Pop-up allow list at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage a list of web sites that will be allowed to open pop-up windows regardless of the Internet Explorer process's Pop-Up Blocker settings.  If you enable this policy setting, you can enter a list of sites which will be allowed to open pop-up windows regardless of user settings. Users will not be able to view or edit this list of sites. Only the domain name is allowed, so www.contoso.com is valid, but not http://www.contoso.com. Wildcards are allowed, so *.contoso.com is also valid.  If you disable this policy setting, the list is deleted and users may not create their own lists of sites.  If this policy is not configured, users will be able to view and edit their own lists of sites. HKLM\Software\Policies\Microsoft\Internet Explorer\New Windows!ListBox_Support_Allow
MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel Disable the General page at least Internet Explorer v5.0 Removes the General tab from the interface in the Internet Options dialog box.  If you enable this policy, users are unable to see and change settings for the home page, the cache, history, Web page appearance, and accessibility.  If you disable this policy or do not configure it, users can see and change these settings.  When you set this policy, you do not need to set the following Internet Explorer policies (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\), because this policy removes the General tab from the interface:  Disable changing home page settings  Disable changing Temporary Internet files settings  Disable changing history settings  Disable changing color settings  Disable changing link color settings  Disable changing font settings  Disable changing language settings  Disable changing accessibility settings HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!GeneralTab
MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel Disable the Security page at least Internet Explorer v5.0 Removes the Security tab from the interface in the Internet Options dialog box.  If you enable this policy, it prevents users from seeing and changing settings for security zones, such as scripting, downloads, and user authentication.  If you disable this policy or do not configure it, users can see and change these settings.  When you set this policy, you do not need to set the following Internet Explorer policies, because this policy removes the Security tab from the interface:  Security zones: Do not allow users to change policies  Security zones: Do not allow users to add/delete sites HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!SecurityTab
MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel Disable the Content page at least Internet Explorer v5.0 Removes the Content tab from the interface in the Internet Options dialog box.  If you enable this policy, users are prevented from seeing and changing ratings, certificates, AutoComplete, Wallet, and Profile Assistant settings.  If you disable this policy or do not configure it, users can see and change these settings.  When you set this policy, you do not need to set the following policies for the Content tab, because this policy removes the Content tab from the interface:  Disable changing ratings settings  Disable changing certificate settings  Disable changing Profile Assistant settings  Disable AutoComplete for forms  Do not allow AutoComplete to save passwords HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!ContentTab
MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel Disable the Connections page at least Internet Explorer v5.0 Removes the Connections tab from the interface in the Internet Options dialog box.  If you enable this policy, users are prevented from seeing and changing connection and proxy settings.  If you disable this policy or do not configure it, users can see and change these settings.  When you set this policy, you do not need to set the following policies for the Content tab, because this policy removes the Connections tab from the interface:  Disable Internet Connection Wizard  Disable changing connection settings  Disable changing proxy settings  Disable changing Automatic Configuration settings HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!ConnectionsTab
MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel Disable the Programs page at least Internet Explorer v5.0 Removes the Programs tab from the interface in the Internet Options dialog box.  If you enable this policy, users are prevented from seeing and changing default settings for Internet programs.  If you disable this policy or do not configure it, users can see and change these settings.  When you set this policy, you do not need to set the following policies for the Programs tab, because this policy removes the Programs tab from the interface:  Disable changing Messaging settings  Disable changing Calendar and Contact settings  Disable the Reset Web Settings feature  Disable changing default browser check HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!ProgramsTab
MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel Disable the Privacy page at least Internet Explorer v5.0 Removes the Privacy tab from the interface in the Internet Options dialog box.  If you enable this policy, users are prevented from seeing and changing default settings for privacy.  If you disable this policy or do not configure it, users can see and change these settings. HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!PrivacyTab
MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel Disable the Advanced page at least Internet Explorer v5.0 Removes the Advanced tab from the interface in the Internet Options dialog box.  If you enable this policy, users are prevented from seeing and changing advanced Internet settings, such as security, multimedia, and printing.  If you disable this policy or do not configure it, users can see and change these settings.  When you set this policy, you do not need to set the Disable changing Advanced page settings policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\), because this policy removes the Advanced tab from the interface. HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!AdvancedTab
MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Run .NET Framework-reliant components signed with Authenticode at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.  If you enable this policy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute signed managed components.  If you disable this policy setting, Internet Explorer will not execute signed managed components.  If you do not configure this policy setting, Internet Explorer will execute signed managed components. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2001
MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Run .NET Framework-reliant components not signed with Authenticode at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.  If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.  If you disable this policy setting, Internet Explorer will not execute unsigned managed components.  If you do not configure this policy setting, Internet Explorer will execute unsigned managed components. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2004
MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Download signed ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.  If you enable this policy, users can download signed controls without user intervention. If you select Prompt in the drop-down box, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded.  If you disable the policy setting, signed controls cannot be downloaded.  If you do not configure this policy setting, users are queried whether to download controls signed by publishers who aren't trusted.  Code signed by trusted publishers is silently downloaded. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1001
MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Download unsigned ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an untrusted zone.  If you enable this policy setting, users can run unsigned controls without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to allow the unsigned control to run.  If you disable this policy setting, users cannot run unsigned controls.  If you do not configure this policy setting, users cannot run unsigned controls. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1004
MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Initialize and script ActiveX controls not marked as safe at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage ActiveX controls not marked as safe.  If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.  If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.  If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.  If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1201
MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Run ActiveX controls and plugins at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.  If you enable this policy setting, controls and plug-ins can run without user intervention.  If you selected Prompt in the drop-down box, users are asked to choose whether to allow the controls or plug-in to run.  If you disable this policy setting, controls and plug-ins are prevented from running.  If you do not configure this policy setting, controls and plug-ins can run without user intervention. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1200
MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Script ActiveX controls marked safe for scripting at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.  If you enable this policy setting, script interaction can occur automatically without user intervention.  If you select Prompt in the drop-down box, users are queried to choose whether to allow script interaction.  If you disable this policy setting, script interaction is prevented from occurring.  If you do not configure this policy setting, script interaction can occur automatically without user intervention. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1405
MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Allow file downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download, not the zone from which the file is delivered.  If you enable this policy setting, files can be downloaded from the zone.  If you disable this policy setting, files are prevented from being downloaded from the zone.   If you do not configure this policy setting, files can be downloaded from the zone. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1803
MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Allow font downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether pages of the zone may download HTML fonts.  If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.  If you disable this policy setting, HTML fonts are prevented from downloading.  If you do not configure this policy setting, HTML fonts can be downloaded automatically. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1604
MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Java permissions at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage permissions for Java applets.  If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually.  Low Safety enables applets to perform all operations.  Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.   High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.  If you disable this policy setting, Java applets cannot run.  If you do not configure this policy setting, the permission is set to High Safety. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1C00
MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Access data sources across domains at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).  If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.  If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.  If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1406
MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Allow active content over restricted protocols to access my computer at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script, ActiveX, Java and Binary Behaviors. The list of restricted protocols may be set in the Intranet Zone Restricted Protocols section under Network Protocol Lockdown policy.  If you enable this policy setting, no Intranet Zone content accessed is affected, even for protocols on the restricted list. If you select Prompt from the drop-down box, the Information Bar will appear to allow control over questionable content accessed over any restricted protocols; content over other protocols is unaffected.  If you disable this policy setting, all attempts to access such content over the restricted protocols is blocked.  If you do not configure this policy setting, the Information Bar will appear to allow control over questionable content accessed over any restricted protocols when the Network Protocol Lockdown security feature is enabled. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2300
MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Automatic prompting for file downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.  If you enable this setting, users will receive a file download dialog for automatic download attempts.  If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Information Bar instead of the file download dialog. Users can then click the Information Bar to allow the file download prompt. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2200
MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Automatic prompting for ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting manages whether users will be automatically prompted for ActiveX control installations.  If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.  If you disable this policy setting, ActiveX control installations will be blocked using the Information Bar. Users can click on the Information Bar to allow the ActiveX control prompt.  If you do not configure this policy setting, ActiveX control installations will be blocked using the Information Bar. Users can click on the Information Bar to allow the ActiveX control prompt. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2201
MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Allow META REFRESH at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.   If you enable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to another Web page.  If you disable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page.  If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to another Web page. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1608
MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Allow script-initiated windows without size or position constraints at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.  If you enable this policy setting, Windows Restrictions security will not apply in this zone. The security zone runs without the added layer of security provided by this feature.  If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process.  If you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2102
MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Allow binary and script behaviors at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.  If you enable this policy setting, binary and script behaviors are available. If you select Administrator approved in the drop-down box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available.  If you disable this policy setting, binary and script behaviors are not available unless applications have implemented a custom security manager.  If you do not configure this policy setting, binary and script behaviors are available. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2000
MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Display mixed content at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.  If you enable this policy setting, and the drop-down box is set to Enable, the user does not receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure items?) and nonsecure content can be displayed.  If the drop-down box is set to Prompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content.  If you disable this policy setting, users cannot receive the security information message and nonsecure content cannot be displayed.  If you do not configure this policy setting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1609
MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Do not prompt for client certificate selection when no certificates or only one certificate exists. at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.  If you enable this policy setting, Internet Explorer does not prompt users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate.  If you disable this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate.  If you do not configure this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1A04
MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Allow drag and drop or copy and paste files at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.  If you enable this policy setting, users can drag files or copy and paste files from this zone automatically. If you select Prompt in the drop-down box, users are queried to choose whether to drag or copy files from this zone.  If you disable this policy setting, users are prevented from dragging files or copying and pasting files from this zone.  If you do not configure this policy setting, users can drag files or copy and paste files from this zone automatically. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1802
MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Allow installation of desktop items at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting, users can install desktop items from this zone automatically.  If you select Prompt in the drop-down box, users are queried to choose whether to install desktop items from this zone.  If you disable this policy setting, users are prevented from installing desktop items from this zone.   If you do not configure this policy setting, users are queried to choose whether to install desktop items from this zone. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1800
MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Launching applications and files in an IFRAME at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.   If you enable this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone.  If you disable this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in this zone.  If you do not configure this policy setting, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1804
MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Navigate sub-frames across different domains at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage the opening of sub-frames and access of applications across different domains.  If you enable this policy setting, users can open sub-frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow sub-frames or access to applications from other domains.  If you disable this policy setting, users cannot open sub-frames or access applications from different domains.  If you do not configure this policy setting, users can open sub-frames from other domains and access applications from other domains. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1607
MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Open files based on content, not file extension at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.  If you enable this policy setting, the MIME Sniffing Safety Feature will not apply in this zone. The security zone will run without the added layer of security provided by this feature.  If you disable this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the feature control setting for the process.  If you do not configure this policy setting, the MIME Sniffing Safety Feature will not apply in this zone. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2100
MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Software channel permissions at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage software channel permissions.  If you enable this policy setting, you can choose the following options from the drop-down box.  Low safety to allow users to be notified of software updates by e-mail, software packages to be automatically downloaded to users' computers, and software packages to be automatically installed on users' computers.  Medium safety to allow users to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' computers.  High safety to prevent users from being notified of software updates by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automatically installed on users' computers.  If you disable this policy setting, permissions are set to high safety.  If you do not configure this policy setting, permissions are set to Medium safety. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1E05
MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Submit non-encrypted form data at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.  If you enable this policy setting, information using HTML forms on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow information using HTML forms on pages in this zone to be submitted.  If you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted.  If you do not configure this policy setting, users are queried to choose whether to allow information using HTML forms on pages in this zone to be submitted. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1601
MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Use Pop-up Blocker at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.  If you enable this policy setting, most unwanted pop-up windows are prevented from appearing.  If you disable this policy setting, pop-up windows are not prevented from appearing.  If you do not configure this policy setting, most unwanted pop-up windows are prevented from appearing. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1809
MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Userdata persistence at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.  If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.  If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.  If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1606
MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Web sites in less privileged Web content zones can navigate into this zone at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether Web sites from less privileged zones, such as Restricted Sites, can navigate into this zone.  If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone.  The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.  If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.  If you do not configure this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2101
MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Allow active scripting at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether script code on pages in the zone is run.  If you enable this policy setting, script code on pages in the zone can run automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow script code on pages in the zone to run.  If you disable this policy setting, script code on pages in the zone is prevented from running.  If you do not configure this policy setting, script code on pages in the zone can run automatically. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1400
MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Allow paste operations via script at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste) in a specified region.  If you enable this policy setting, a script can perform a clipboard operation.  If you select Prompt in the drop-down box, users are queried as to whether to perform clipboard operations.  If you disable this policy setting, a script cannot perform a clipboard operation.  If you do not configure this policy setting, a script can perform a clipboard operation. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1407
MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Scripting of Java applets at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether applets are exposed to scripts within the zone.  If you enable this policy setting, scripts can access applets automatically without user intervention.  If you select Prompt in the drop-down box, users are queried to choose whether to allow scripts to access applets.  If you disable this policy setting, scripts are prevented from accessing applets.  If you do not configure this policy setting, scripts can access applets automatically without user intervention. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1402
MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Logon options at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage settings for logon options.  If you enable this policy setting, you can choose from the following logon options.  Anonymous logon to disable HTTP authentication and use the guest account only for the Common Internet File System (CIFS) protocol.  Prompt for user name and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder of the session.  Automatic logon only in Intranet zone to query users for user IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session.  Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not supported by the server, the user is queried to provide the user name and password.  If you disable this policy setting, logon is set to Automatic logon only in Intranet zone.  If you do not configure this policy setting, logon is set to Automatic logon only in Intranet zone. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1A00
MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone Run .NET Framework-reliant components signed with Authenticode at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.  If you enable this policy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute signed managed components.  If you disable this policy setting, Internet Explorer will not execute signed managed components.  If you do not configure this policy setting, Internet Explorer will not execute signed managed components. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2001
MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone Run .NET Framework-reliant components not signed with Authenticode at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.  If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.  If you disable this policy setting, Internet Explorer will not execute unsigned managed components.  If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2004
MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone Download signed ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.  If you enable this policy, users can download signed controls without user intervention. If you select Prompt in the drop-down box, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded.  If you disable the policy setting, signed controls cannot be downloaded.  If you do not configure this policy setting, users are queried whether to download controls signed by publishers who aren't trusted.  Code signed by trusted publishers is silently downloaded. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1001
MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone Download unsigned ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an untrusted zone.  If you enable this policy setting, users can run unsigned controls without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to allow the unsigned control to run.  If you disable this policy setting, users cannot run unsigned controls.  If you do not configure this policy setting, users cannot run unsigned controls. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1004
MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone Initialize and script ActiveX controls not marked as safe at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage ActiveX controls not marked as safe.  If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.  If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.  If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.  If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1201
MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone Run ActiveX controls and plugins at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.  If you enable this policy setting, controls and plug-ins can run without user intervention.  If you selected Prompt in the drop-down box, users are asked to choose whether to allow the controls or plug-in to run.  If you disable this policy setting, controls and plug-ins are prevented from running.  If you do not configure this policy setting, controls and plug-ins are prevented from running. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1200
MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone Script ActiveX controls marked safe for scripting at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.  If you enable this policy setting, script interaction can occur automatically without user intervention.  If you select Prompt in the drop-down box, users are queried to choose whether to allow script interaction.  If you disable this policy setting, script interaction is prevented from occurring.  If you do not configure this policy setting, script interaction can occur automatically without user intervention. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1405
MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone Allow file downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download, not the zone from which the file is delivered.  If you enable this policy setting, files can be downloaded from the zone.  If you disable this policy setting, files are prevented from being downloaded from the zone.   If you do not configure this policy setting, files can be downloaded from the zone. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1803
MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone Allow font downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether pages of the zone may download HTML fonts.  If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.  If you disable this policy setting, HTML fonts are prevented from downloading.  If you do not configure this policy setting, HTML fonts can be downloaded automatically. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1604
MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone Java permissions at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage permissions for Java applets.  If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually.  Low Safety enables applets to perform all operations.  Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.   High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.  If you disable this policy setting, Java applets cannot run.  If you do not configure this policy setting, Java applets are disabled. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1C00
MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone Access data sources across domains at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).  If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.  If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.  If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1406
MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone Automatic prompting for file downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.  If you enable this setting, users will receive a file download dialog for automatic download attempts.  If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Information Bar instead of the file download dialog. Users can then click the Information Bar to allow the file download prompt. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2200
MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone Automatic prompting for ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting manages whether users will be automatically prompted for ActiveX control installations.  If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.  If you disable this policy setting, ActiveX control installations will be blocked using the Information Bar. Users can click on the Information Bar to allow the ActiveX control prompt.  If you do not configure this policy setting, ActiveX control installations will be blocked using the Information Bar. Users can click on the Information Bar to allow the ActiveX control prompt. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2201
MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone Allow META REFRESH at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.   If you enable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to another Web page.  If you disable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page.  If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to another Web page. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1608
MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone Allow script-initiated windows without size or position constraints at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.  If you enable this policy setting, Windows Restrictions security will not apply in this zone. The security zone runs without the added layer of security provided by this feature.  If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process.  If you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2102
MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone Allow binary and script behaviors at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.  If you enable this policy setting, binary and script behaviors are available. If you select Administrator approved in the drop-down box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available.  If you disable this policy setting, binary and script behaviors are not available unless applications have implemented a custom security manager.  If you do not configure this policy setting, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2000
MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone Display mixed content at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.  If you enable this policy setting, and the drop-down box is set to Enable, the user does not receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure items?) and nonsecure content can be displayed.  If the drop-down box is set to Prompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content.  If you disable this policy setting, users cannot receive the security information message and nonsecure content cannot be displayed.  If you do not configure this policy setting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1609
MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone Do not prompt for client certificate selection when no certificates or only one certificate exists. at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.  If you enable this policy setting, Internet Explorer does not prompt users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate.  If you disable this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate.  If you do not configure this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1A04
MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone Allow drag and drop or copy and paste files at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.  If you enable this policy setting, users can drag files or copy and paste files from this zone automatically. If you select Prompt in the drop-down box, users are queried to choose whether to drag or copy files from this zone.  If you disable this policy setting, users are prevented from dragging files or copying and pasting files from this zone.  If you do not configure this policy setting, users can drag files or copy and paste files from this zone automatically. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1802
MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone Allow installation of desktop items at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting, users can install desktop items from this zone automatically.  If you select Prompt in the drop-down box, users are queried to choose whether to install desktop items from this zone.  If you disable this policy setting, users are prevented from installing desktop items from this zone.   If you do not configure this policy setting, users are queried to choose whether to install desktop items from this zone. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1800
MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone Launching applications and files in an IFRAME at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.   If you enable this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone.  If you disable this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in this zone.  If you do not configure this policy setting, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1804
MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone Navigate sub-frames across different domains at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage the opening of sub-frames and access of applications across different domains.  If you enable this policy setting, users can open sub-frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow sub-frames or access to applications from other domains.  If you disable this policy setting, users cannot open sub-frames or access applications from different domains.  If you do not configure this policy setting, users can open sub-frames from other domains and access applications from other domains. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1607
MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone Open files based on content, not file extension at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.  If you enable this policy setting, the MIME Sniffing Safety Feature will not apply in this zone. The security zone will run without the added layer of security provided by this feature.  If you disable this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the feature control setting for the process.  If you do not configure this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the feature control setting for the process. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2100
MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone Software channel permissions at least Internet Explorer v6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 This policy setting allows you to manage software channel permissions.  If you enable this policy setting, you can choose the following options from the drop-down box.  Low safety to allow users to be notified of software updates by e-mail, software packages to be automatically downloaded to users' computers, and software packages to be automatically installed on users' computers.  Medium safety to allow users to be notified of software up