This worksheet provides a historical list of policy settings added after the release of Windows Server 2003.
Introduced .adm File Computer/User Node Policy Path Full Policy Name Supported on Help/Explain Text Registry Settings
Windows XP SP2 System MACHINE Administrative Templates\System\User Profiles Leave Windows Installer and Group Policy Software Installation Data At least Microsoft Windows XP Professional with SP2 Determines whether the system retains a roaming userís Windows Installer and Group Policy based software installation data on their profile deletion.By default User profile deletes all information related to a roaming user (which includes the userís settings, data, Windows Installer related data etc.) when their profile is deleted. As a result, the next time a roaming user whose profile was previously deleted on that client logs on, they will need to reinstall all apps published via policy at logon increasing logon time. You can use this policy to change this behavior.If you enable this setting, Windows will not delete Windows Installer or Group Policy software installation data for roaming users when profiles are deleted from the machine. This will improve the performance of Group Policy based Software Installation during user logon when a user profile is deleted and that user subsequently logs on to the machine.If you disable or do not configure this policy, Windows will delete the entire profile for roaming users, including the Windows Installer and Group Policy software installation data when those profiles are deleted.Note: If this policy is enabled for a machine, local administrator action is required to remove the Windows Installer or Group Poliy software installation data stored in the registry and file system of roaming usersí profiles on the machine. HKLM\Software\Policies\Microsoft\Windows\System!LeaveAppMgmtData
Windows XP SP2 System MACHINE Administrative Templates\System\Remote Procedure Call Restrictions for Unauthenticated RPC clients At least Microsoft Windows XP Professional with SP2 If you enable this setting, it directs the RPC Runtime on an RPC server to restrict unauthenticated RPC clients connecting to RPC servers running on a machine. A client will be considered an authenticated client if it uses a named pipe to communicate with the server or if it uses RPC Security. RPC Interfaces that have specifically asked to be accessible by unauthenticated clients may be exempt from this restriction, depending on the selected value for this policy.If you disable this setting or do not configure it, the value of Authenticated will be used for Windows XP and the value of None will be used for Server SKUs that support this policy setting. If you enable it, the following values are available:--None allows all RPC clients to connect to RPC Servers running on the machine on which the policy is applied.--Authenticated allows only authenticated RPC Clients (per the definition above) to connect to RPC Servers running on the machine on which the policy is applied. Interfaces that have asked to be exempt from this restriction will be granted an exemption.-- Authenticated without exceptions allows only authenticated RPC Clients (per the definition above) to connect to RPC Servers running on the machine on which the policy is applied. No exceptions are allowed. HKLM\Software\Policies\Microsoft\Windows NT\Rpc\MinimumConnectionTimeout!RestrictRemoteClients
Windows XP SP2 System MACHINE Administrative Templates\System\Remote Procedure Call RPC Endpoint Mapper Client Authentication At least Microsoft Windows XP Professional with SP2 Enabling this setting directs RPC Clients that need to communicate with the Endpoint Mapper Service to authenticate as long as the RPC call for which the endpoint needs to be resolved has authentication information.Disabling this setting will cause RPC Clients that need to communicate with the Endpoint Mapper Service to not authenticate. The Endpoint Mapper Service on machines running Windows NT4 (all service packs) cannot process authentication information supplied in this manner. This means that enabling this setting on a client machine will prevent that client from communicating with a Windows NT4 server using RPC if endpoint resolution is needed.By default, RPC Clients will not use authentication to communicate with the RPC Server Endpoint Mapper Service when asking for the endpoint of a server. HKLM\Software\Policies\Microsoft\Windows NT\Rpc\MinimumConnectionTimeout!EnableAuthEpResolution
Windows XP SP2 System MACHINE Administrative Templates\System\Internet Communication Management Restrict Internet communication At least Microsoft Windows XP Professional with SP2 Specifies whether Windows can access the Internet to accomplish tasks that require Internet resources.If this setting is enabled, all of the the policy settings listed in the Internet Communication settings section will be set to enabled.If this setting is disabled, all of the the policy settings listed in the 'Internet Communication settings' section will be set to disabled.If this setting is not configured, all of the the policy settings in the 'Internet Communication settings' section will be set to not configured. HKLM\Software\Policies\Microsoft\InternetManagement!RestrictCommunication, HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoPublishingWizard, HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoWebServices, HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoOnlinePrintsWizard, HKLM\Software\Policies\Microsoft\Messenger\Client!CEIP, HKLM\Software\Policies\Microsoft\PCHealth\HelpSvc!Headlines, HKLM\Software\Policies\Microsoft\PCHealth\HelpSvc!MicrosoftKBSearch, HKLM\Software\Policies\Microsoft\PCHealth\ErrorReporting!DoReport, HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoInternetOpenWith, HKLM\Software\Policies\Microsoft\Windows\Internet Connection Wizard!ExitOnMSICW, HKLM\Software\Policies\Microsoft\EventViewer!MicrosoftEventVwrDisableLinks, HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\AuthRoot!DisableRootAutoUpdate, HKLM\Software\Policies\Microsoft\Windows\Registration Wizard Control!NoRegistration, HKLM\Software\Policies\Microsoft\SearchCompanion!DisableContentFileUpdates, HKLM\Software\Policies\Microsoft\Windows NT\Printers!DisableHTTPPrinting, HKLM\Software\Policies\Microsoft\Windows NT\Printers!DisableWebPnPDownload, HKLM\Software\Policies\Microsoft\Windows\DriverSearching!DontSearchWindowsUpdate, HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate!DisableWindowsUpdateAccess, HKLM\Software\Policies\Microsoft\WindowsMovieMaker!CodecDownload, HKLM\Software\Policies\Microsoft\WindowsMovieMaker!WebHelp, HKLM\Software\Policies\Microsoft\WindowsMovieMaker!WebPublish, HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoPublishingWizard, HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoWebServices, HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoOnlinePrintsWizard, HKLM\Software\Policies\Microsoft\Messenger\Client!CEIP, HKLM\Software\Policies\Microsoft\PCHealth\HelpSvc!Headlines, HKLM\Software\Policies\Microsoft\PCHealth\HelpSvc!MicrosoftKBSearch, HKLM\Software\Policies\Microsoft\PCHealth\ErrorReporting!DoReport, HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoInternetOpenWith, HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!NoAutoUpdate, HKLM\Software\Policies\Microsoft\Windows\Internet Connection Wizard!ExitOnMSICW, HKLM\Software\Policies\Microsoft\EventViewer!MicrosoftEventVwrDisableLinks, HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\AuthRoot!DisableRootAutoUpdate, HKLM\Software\Policies\Microsoft\Windows\Registration Wizard Control!NoRegistration, HKLM\Software\Policies\Microsoft\SearchCompanion!DisableContentFileUpdates, HKLM\Software\Policies\Microsoft\Windows NT\Printers!DisableHTTPPrinting, HKLM\Software\Policies\Microsoft\Windows NT\Printers!DisableWebPnPDownload, HKLM\Software\Policies\Microsoft\Windows\DriverSearching!DontSearchWindowsUpdate, HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate!DisableWindowsUpdateAccess, HKLM\Software\Policies\Microsoft\WindowsMovieMaker!CodecDownload, HKLM\Software\Policies\Microsoft\WindowsMovieMaker!WebHelp, HKLM\Software\Policies\Microsoft\WindowsMovieMaker!WebPublish
Windows XP SP2 System MACHINE Administrative Templates\System\Internet Communication Management\Internet Communication settings Turn off the Publish to Web task for files and folders At least Microsoft Windows XP Professional with SP2 Specifies whether the tasks Publish this file to the Web, Publish this folder to the Web, and Publish the selected items to the Web, are available from File and Folder Tasks in Windows folders.The Web Publishing Wizard is used to download a list of providers and allow users to publish content to the Web.If you enable this setting, these tasks are removed from the File and Folder tasks in Windows folders.If you disable or do not configure this setting, the tasks will be shown. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoPublishingWizard
Windows XP SP2 System MACHINE Administrative Templates\System\Internet Communication Management\Internet Communication settings Turn off Internet download for Web publishing and online ordering wizards At least Microsoft Windows XP Professional with SP2 or Windows Server 2003 family Specifies whether Windows should download a list of providers for the Web publishing and online ordering wizards.These wizards allow users to select from a list of companies that provide services such as online storage and photographic printing.By default, Windows displays providers downloaded from a Windows Web site in addition to providers specified in the registry.If you enable this setting, Windows will not download providers and only the service providers that are cached in the local registry will be displayed.If you disable or do not configure this setting, a list of providers will be downloaded when the user uses the Web publishing or online ordering wizards.See the documentation for the Web publishing and online ordering wizards for more information, including details on specifying service providers in the registry. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoWebServices
Windows XP SP2 System MACHINE Administrative Templates\System\Internet Communication Management\Internet Communication settings Turn off the Order Prints picture task At least Microsoft Windows XP Professional with SP2 or Windows Server 2003 family Specifies whether the Order Prints Online task is available from Picture Tasks in Windows folders.The Order Prints Online Wizard is used to download a list of providers and allow users to order prints online.If you enable this setting, the task Order Prints Online is removed from Picture Tasks in Windows Explorer folders.If you disable or do not configure this setting, the task is displayed. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoOnlinePrintsWizard
Windows XP SP2 System MACHINE Administrative Templates\System\Internet Communication Management\Internet Communication settings Turn off the Windows Messenger Customer Experience Improvement Program At least Microsoft Windows XP Professional with SP2 or Windows Server 2003 family Specifies whether Windows Messenger collects anonymous information about how Windows Messenger software and service is used.With the Customer Experience Improvement program, users can allow Microsoft to collect anonymous information about how the product is used.This information is used to improve the product in future releases.If you enable this setting, Windows Messenger will not collect usage information and the user settings to enable the collection of usage information will not be shown.If you disable this setting, Windows Messenger will collect anonymous usage information and the setting will not be shown.If you do not configure this setting, users will have the choice to opt-in and allow information to be collected. HKLM\Software\Policies\Microsoft\Messenger\Client!CEIP
Windows XP SP2 System MACHINE Administrative Templates\System\Internet Communication Management\Internet Communication settings Turn off Help and Support Center Did you know? content At least Microsoft Windows XP Professional with SP2 Specifies whether to show the Did you know? section of Help and Support Center.This content is dynamically updated when users who are connected to the Internet open Help and Support Center, and provides up-to-date information about Windows and the computer.If you enable this setting, the Help and Support Center will no longer retrieve nor display Did you know? content.If you disable or do not configure this setting, the Help and Support Center will retrieve and display Did you know? content.You might want to enable this setting for users who do not have Internet access, because the content in the Did you know? section will remain static indefinitely without an Internet connection. HKLM\Software\Policies\Microsoft\PCHealth\HelpSvc!Headlines
Windows XP SP2 System MACHINE Administrative Templates\System\Internet Communication Management\Internet Communication settings Turn off Help and Support Center Microsoft Knowledge Base search At least Microsoft Windows XP Professional with SP2 Specifies whether users can perform a Microsoft Knowledge Base search from the Help and Support Center.The Knowledge Base is an online source of technical support information and self-help tools for Microsoft products and is searched as part of all Help and Support Center searches with the default search options.If you enable this setting, it will remove the Knowledge Base section from the Help and Support Center Set search options page and only help content on the local computer will be searched.†† If you disable this setting or do not configure it, the Knowledge Base will be searched if the user has a connection to the Internet and has not disabled the Knowledge Base search from the Search Options page. HKLM\Software\Policies\Microsoft\PCHealth\HelpSvc!MicrosoftKBSearch
Windows XP SP2 System MACHINE Administrative Templates\System\Internet Communication Management\Internet Communication settings Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com At least Microsoft Windows XP Professional with SP2 Specifies whether the Internet Connection Wizard can connect to Microsoft to download a list of Internet Service Providers (ISPs).If you enable this setting, the Choose a list of Internet Service Providers path in the Internet Connection Wizard will cause the wizard to exit.This prevents users from retrieving the list of ISPs, which resides on Microsoft servers.If you disable or do not configure this setting, users will be able to connect to Microsoft to download a list of ISPs for their area. HKLM\Software\Policies\Microsoft\Windows\Internet Connection Wizard!ExitOnMSICW
Windows XP SP2 System MACHINE Administrative Templates\System\Internet Communication Management\Internet Communication settings Turn off Event Viewer Events.asp links At least Microsoft Windows XP Professional with SP2 Specifies whether Events.asp hyperlinks are available for events within the Event Viewer application.The Event Viewer normally makes all HTTP(S) URLs into hot links that activate the Internet browser when clicked. In addition, More Information is placed at the end of the description text if the event is created by a Microsoft component. This text contains a link (URL) that, if clicked, sends information about the event to Microsoft, and allows users to learn more about why that event occurred.If you enable this setting, event description URL links are not activated and the text More Information is not displayed at the end of the description.If you disable or do not configure this setting, the user can click the hyperlink which prompts the user and then sends information about the event over the internet to Microsoft.Also, see Events.asp URL, Events.asp program, and Events.asp Program Command Line Parameters settings in Administrative Templates/Windows Components/Event Viewer. HKLM\Software\Policies\Microsoft\EventViewer!MicrosoftEventVwrDisableLinks
Windows XP SP2 System MACHINE Administrative Templates\System\Internet Communication Management\Internet Communication settings Turn off Automatic Root Certificates Update At least Microsoft Windows XP Professional with SP2 Specifies whether to automatically update root certificates using the Windows Update Web site.†† Typically, a certificate is used when you use a secure Web site or when you send and receive secure e-mail. Anyone can issue certificates, but to have transactions that are as secure as possible, certificates must be issued by a trusted certificate authority (CA). Microsoft has included a list in Windows XP and other products of companies and organizations that it considers trusted authorities.If you enable this setting, when you are presented with a certificate issued by an untrusted root authority your computer will not contact the Windows Update web site to see if Microsoft has added the CA to its list of trusted authorities.If you disable or do not configure this setting, your computer will contact the Windows Update Web site. HKLM\Software\Policies\Microsoft\SystemCertificates\AuthRoot!DisableRootAutoUpdate
Windows XP SP2 System MACHINE Administrative Templates\System\Internet Communication Management\Internet Communication settings Turn off Registration if URL connection is referring to Microsoft.com At least Microsoft Windows XP Professional with SP2 Specifies whether the Windows Registration Wizard connects to Microsoft.com for online registration.If you enable this setting, it blocks users from connecting to Microsoft.com for online registration and users cannot register their copy of Windows online.If you disable or do not configure this setting, users can connect to Microsoft.com to complete the online Windows Registration.Note that registration is optional and involves submitting some personal information to Microsoft. However, Windows Product Activation is required but does not involve submitting any personal information (except the country/region you live in). HKLM\Software\Policies\Microsoft\Windows\Registration Wizard Control!NoRegistration
Windows XP SP2 System MACHINE Administrative Templates\System\Internet Communication Management\Internet Communication settings Turn off Search Companion content file updates At least Microsoft Windows XP Professional with SP2 Specifies whether Search Companion should automatically download content updates during local and Internet searches.When the user searches the local machine or the Internet, Search Companion occasionally connects to Microsoft to download an updated privacy policy and additional content files used to format and display results.If you enable this setting, Search Companion will not download content updates during searches.If you disable or do not configure this setting, Search Companion will download content updates unless the user is using Classic Search.Note: Internet searches will still send the search text and information about the search to Microsoft and the chosen search provider.Choosing Classic Search will turn off the Search Companion feature completely. HKLM\Software\Policies\Microsoft\SearchCompanion!DisableContentFileUpdates
Windows XP SP2 System MACHINE Administrative Templates\System\Internet Communication Management\Internet Communication settings Turn off printing over HTTP At least Microsoft Windows XP Professional with SP2 Specifies whether to allow printing over HTTP from this client.Printing over HTTP allows a client to print to printers on the intranet as well as the Internet.Note: This setting affects the client side of Internet printing only. It does not prevent this machine from acting as an Internet Printing server and making its shared printers available via HTTP.If you enable this setting, it prevents this client from printing to Internet printers over HTTP.If you disable or do not configure this setting, users will be able to choose to print to Internet printers over HTTP.Also see the Web-based Printing setting in Computer Configuration/Administrative Templates/Printers. HKLM\Software\Policies\Microsoft\Windows NT\Printers!DisableHTTPPrinting
Windows XP SP2 System MACHINE Administrative Templates\System\Internet Communication Management\Internet Communication settings Turn off downloading of print drivers over HTTP At least Microsoft Windows XP Professional with SP2 Specifies whether to allow this client to download print driver packages over HTTP.To set up HTTP printing, non-inbox drivers need to be downloaded over HTTP.Note: This setting does not prevent the client from printing to printers on the Intranet or the Internet over HTTP.It only prohibits downloading drivers that are not already installed locally.If you enable this setting, print drivers will not be downloaded over HTTP.If you disable this setting or do not configure it, users will be able to download print drivers over HTTP. HKLM\Software\Policies\Microsoft\Windows NT\Printers!DisableWebPnPDownload
Windows XP SP2 System MACHINE Administrative Templates\System\Internet Communication Management\Internet Communication settings Turn off Windows Update device driver searching At least Microsoft Windows XP Professional with SP2 This policy specifies whether Windows searches Windows Update for device drivers when no local drivers for a device are present.If you enable this setting, Windows Update will not be searched when a new device is installed.If you disable this setting, Windows Update will always be searched for drivers when no local drivers are present.If you do not configure this setting, searching Windows Update will be optional when installing a device.Also see Turn off Windows Update device driver search prompt in Administrative Templates/System which governs whether an administrator is prompted before searching Windows Update for device drivers if a driver is not found locally. HKLM\Software\Policies\Microsoft\Windows\DriverSearching!DontSearchWindowsUpdate
Windows XP SP2 System MACHINE Administrative Templates\System\Internet Communication Management\Internet Communication settings Turn off Windows Movie Maker automatic codec downloads At least Microsoft Windows XP Professional with SP2 Specifies whether Windows Movie Maker automatically downloads codecs.Windows Movie Maker can be configured so that codecs are downloaded automatically if the required codecs are not installed on the computer.If you enable this setting, Windows Movie Maker will not attempt to download missing codecs for imported audio and video files.If you disable or do not configure this setting, Windows Movie Maker might attempt to download missing codecs for imported audio and video files. HKLM\Software\Policies\Microsoft\WindowsMovieMaker!CodecDownload
Windows XP SP2 System MACHINE Administrative Templates\System\Internet Communication Management\Internet Communication settings Turn off Windows Movie Maker online Web links At least Microsoft Windows XP Professional with SP2 Specifies whether links to Web sites are available in Windows Movie Maker. These links include the Windows Movie Maker on the Web and Privacy Statement commands that appear on the Help menu, as well as the Learn more about video filters hyperlink in the Options dialog box and the sign up now hyperlink in the The Web saving option in the Save Movie Wizard.The Windows Movie Maker on the Web command lets users go directly to the Windows Movie Maker Web site to get more information, and the Privacy Statement command lets users view information about privacy issues in respect to Windows Movie Maker. The Learn more about video filters hyperlink lets users learn more about video filters and their role in saving movies process in Windows Movie Maker.The sign up now hyperlink lets users sign up with a video hosting provider on the Web.If you enable this setting, the previously mentioned links to Web sites from Windows Movie Maker are disabled and cannot be selected.If you disable or do not configure this setting, the previously mentioned links to Web sites from Windows Movie Maker are enabled and can be selected. HKLM\Software\Policies\Microsoft\WindowsMovieMaker!WebHelp
Windows XP SP2 System MACHINE Administrative Templates\System\Internet Communication Management\Internet Communication settings Turn off Windows Movie Maker saving to online video hosting provider At least Microsoft Windows XP Professional with SP2 Specifies whether users can send a final movie to a video hosting provider on the Web by choosing The Web saving option in the Save Movie Wizard of Windows Movie Maker.When users create a movie in Windows Movie Maker, they can choose to share it in a variety of ways through the Save Movie Wizard. The Web saving option lets users send their movies to a video hosting provider.If you enable this setting, users cannot choose The Web saving option in the Save Movie Wizard of Windows Movie Maker and cannot send a movie to a video hosting provider on the Web.If you disable or do not configure this setting, users can choose The Web saving option in the Save Movie Wizard of Windows Movie Maker and can send a movie to a video hosting provider on the Web. HKLM\Software\Policies\Microsoft\WindowsMovieMaker!WebPublish
Windows XP SP2 System MACHINE Administrative Templates\System Turn off Windows Update device driver search prompt At least Microsoft Windows XP Professional with SP2 Specifies whether the administrator will be prompted about going to Windows Update to search for device drivers using the Internet.Note: This setting only has effect if Turn off Windows Update device driver searching in Administrative Templates/System/Internet Communication Management/Internet Communication settings is disabled or not configured.If this setting is enabled, administrators will not be prompted to search Windows Update.If this setting is disabled or not configured and Turn off Windows Update device driver searching is disabled or not configured, the administrator will be prompted for consent before going to Windows Update to search for device drivers. HKLM\Software\Policies\Microsoft\Windows\DriverSearching!DontPromptForWindowsUpdate
Windows XP SP2 System MACHINE Administrative Templates\System\Distributed COM\Application Compatibility Settings Allow local activation security check exemptions At least Microsoft Windows XP Professional with SP2 Allows you to specify that local computer administrators can supplement the Define Activation Security Check exemptions list.If you enable this policy setting, and DCOM does not find an explicit entry for a DCOM server application id (appid) in the Define Activation Security Check exemptions policy (if enabled), DCOM will look for an entry in the locally configured list.If you disable this policy setting, DCOM will not look in the locally configured DCOM activation security check exemption list.If you do not configure this policy setting, DCOM will only look in the locally configured exemption list if the Define Activation Security Check exemptions policy is not configured. HKLM\Software\Policies\Microsoft\Windows NT\DCOM\AppCompat!AllowLocalActivationSecurityCheckExemptionList
Windows XP SP2 System MACHINE Administrative Templates\System\Distributed COM\Application Compatibility Settings Define Activation Security Check exemptions At least Microsoft Windows XP Professional with SP2 Allows you to view and change a list of DCOM server application ids (appids) which are exempted from the DCOM Activation security check.DCOM uses two such lists, one configured via Group Policy through this policy setting, and the other via the actions of local computer administrators.DCOM ignores the second list when this policy setting is configured, unless the Allow local activation security check exemptions policy is enabled.DCOM server appids added to this policy must be listed in curly-brace format.For example: {b5dcb061-cefb-42e0-a1be-e6a6438133fe}.If you enter a non-existent or improperly formatted appid DCOM will add it to the list without checking for errors.If you enable this policy setting, you can view and change the list of DCOM activation security check exemptions defined by Group Policy settings. If you add an appid to this list and set its value to 1, DCOM will not enforce the Activation security check for that DCOM server.†† If you add an appid to this list and set its value to 0 DCOM will always enforce the Activation security check for that DCOM server regardless of local settings.If you disable this policy setting, the appid exemption list defined by Group Policy is deleted, and the one defined by local computer administrators is used.If you do not configure this policy setting, the appid exemption list defined by local computer administrators is used.Notes:The DCOM Activation security check is done after a DCOM server process is started, but before an object activation request is dispatched to the server process.†† This access check is done against the DCOM server's custom launch permission security descriptor if it exists, or otherwise against the configured defaults.If the DCOM server's custom launch permission contains explicit DENY entries this may mean that object activations that would have previously succeeded for such specified users, once the DCOM server process was up and running, might now fail instead.†† The proper action in this situation is to re-configure the DCOM server's custom launch permission settings for correct security settings, but this policy setting may be used in the short-term as an application compatibility deployment aid.DCOM servers added to this exemption list are only exempted if their custom launch permissions do not contain specific LocalLaunch, RemoteLaunch, LocalActivate, or RemoteActivate grant or deny entries for any users or groups.Also note, exemptions for DCOM Server Appids added to this list will apply to both 32-bit and 64-bit versions of the server if present. HKLM\Software\Policies\Microsoft\Windows NT\DCOM\AppCompat!ListBox_Support_ActivationSecurityCheckExemptionList
Windows XP SP2 System MACHINE Administrative Templates\Network\Microsoft Peer-to-Peer Networking Services Turn off Microsoft Peer-to-Peer Networking Services At least Microsoft Windows XP Professional with SP2 Allows configuration of components of the operating system used by a client computer to connect to a network. This includes DNS settings and Offline Files. HKLM\Software\policies\Microsoft\Peernet!Disabled
Windows XP SP2 System MACHINE Administrative Templates\Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Global Clouds Set the Seed Server At least Microsoft Windows XP Professional with SP2 The Peer Name Resolution Protocol (PNRP) allows for distributed resolution of a name to an IPV6 address and port number. HKLM\Software\policies\Microsoft\Peernet\Pnrp\IPv6-Global!SeedServer, HKLM\Software\policies\Microsoft\Peernet\Pnrp\IPv6-Global!DontIncludeMicrosoftSeedServer
Windows XP SP2 System MACHINE Administrative Templates\Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Global Clouds Turn off Multicast Bootstrap At least Microsoft Windows XP Professional with SP2 HKLM\Software\policies\Microsoft\Peernet\Pnrp\IPv6-Global!DisableMulticastBootstrap
Windows XP SP2 System MACHINE Administrative Templates\Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Site-Local Clouds Set the Seed Server At least Microsoft Windows XP Professional with SP2 HKLM\Software\policies\Microsoft\Peernet\Pnrp\IPv6-SiteLocal!SeedServer
Windows XP SP2 System MACHINE Administrative Templates\Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Site-Local Clouds Turn off Multicast Bootstrap At least Microsoft Windows XP Professional with SP2 HKLM\Software\policies\Microsoft\Peernet\Pnrp\IPv6-SiteLocal!DisableMulticastBootstrap
Windows XP SP2 System MACHINE Administrative Templates\Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Link-Local Clouds Set the Seed Server At least Microsoft Windows XP Professional with SP2 HKLM\Software\policies\Microsoft\Peernet\Pnrp\IPv6-LinkLocal!SeedServer
Windows XP SP2 System MACHINE Administrative Templates\Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Link-Local Clouds Turn off Multicast Bootstrap At least Microsoft Windows XP Professional with SP2 HKLM\Software\policies\Microsoft\Peernet\Pnrp\IPv6-LinkLocal!DisableMulticastBootstrap
Windows XP SP2 System MACHINE Administrative Templates\Network\Network Connections\Windows Firewall\Domain Profile Windows Firewall: Protect all network connections At least Microsoft Windows XP Professional with SP2 Turns on Windows Firewall, which replaces Internet Connection Firewall on all computers that are running Windows XP Service Pack 2.If you enable this policy setting, Windows Firewall runs and ignores the Computer Configuration\Administrative Templates\Network\Network Connections\Prohibit use of Internet Connection Firewall on your DNS domain network policy setting.If you disable this policy setting, Windows Firewall does not run. This is the only way to ensure that Windows Firewall does not run and administrators who log on locally cannot start it.If you do not configure this policy setting, administrators can use the Windows Firewall component in Control Panel to turn Windows Firewall on or off, unless the Prohibit use of Internet Connection Firewall on your DNS domain network policy setting overrides. HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile!EnableFirewall
Windows XP SP2 System MACHINE Administrative Templates\Network\Network Connections\Windows Firewall\Domain Profile Windows Firewall: Do not allow exceptions At least Microsoft Windows XP Professional with SP2 Specifies that Windows Firewall blocks all unsolicited incoming messages. This policy setting overrides all other Windows Firewall policy settings that allow such messages.If you enable this policy setting, in the Windows Firewall component of Control Panel, the Don't allow exceptions check box is selected and administrators cannot clear it. You should also enable the Windows Firewall: Protect all network connections policy setting; otherwise, administrators who log on locally can work around the Windows Firewall: Do not allow exceptions policy setting by turning off the firewall.If you disable this policy setting, Windows Firewall applies other policy settings that allow unsolicited incoming messages. In the Windows Firewall component of Control Panel, the Don't allow exceptions check box is cleared and administrators cannot select it.If you do not configure this policy setting, Windows Firewall applies other policy settings that allow unsolicited incoming messages. In the Windows Firewall component of Control Panel, the Don't allow exceptions check box is cleared by default, but administrators can change it. HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile!DoNotAllowExceptions
Windows XP SP2 System MACHINE Administrative Templates\Network\Network Connections\Windows Firewall\Domain Profile Windows Firewall: Define program exceptions At least Microsoft Windows XP Professional with SP2 Allows you to view and change the program exceptions list defined by Group Policy. Windows Firewall uses two program exception lists: one is defined by Group Policy settings and the other is defined by the Windows Firewall component in Control Panel.If you enable this policy setting, you can view and change the program exceptions list defined by Group Policy. If you add a program to this list and set its status to Enabled, that program can receive unsolicited incoming messages on any port that it asks Windows Firewall to open, even if that port is blocked by another policy setting, such as the Windows Firewall: Define port exceptions policy setting. To view the program list, enable the policy setting and then click the Show button. To add a program, enable the policy setting, note the syntax, click the Show button, click the Add button, and then type a definition string that uses the syntax format. To remove a program, click its definition, and then click the Remove button. To edit a definition, remove the current definition from the list and add a new one with different parameters. To allow administrators to add programs to the local program exceptions list that is defined by the Windows Firewall component in Control Panel, also enable the Windows Firewall: Allow local program exceptions policy setting.If you disable this policy setting, the program exceptions list defined by Group Policy is deleted. If a local program exceptions list exists, it is ignored unless you enable the Windows Firewall: Allow local program exceptions policy setting.If you do not configure this policy setting, Windows Firewall uses only the local program exceptions list that administrators define by using the Windows Firewall component in Control Panel.Note: If you type an invalid definition string, Windows Firewall adds it to the list without checking for errors. This allows you to add programs that you have not installed yet, but be aware that you can accidentally create multiple entries for the same program with conflicting Scope or Status values. Scope parameters are combined for multiple entries.Note: If you set the Status parameter of a definition string to disabled, Windows Firewall ignores port requests made by that program and ignores other definitions that set the Status of that program to enabled. Therefore, if you set the Status to disabled, you prevent administrators from allowing the program to ask Windows Firewall to open additional ports. However, even if the Status is disabled, the program can still receive unsolicited incoming messages through a port if another policy setting opens that port.Note: Windows Firewall opens ports for the program only when the program is running and listening for incoming messages. If the program is not running, or is running but not listening for those messages, Windows Firewall does not open its ports. HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications!Enabled
Windows XP SP2 System MACHINE Administrative Templates\Network\Network Connections\Windows Firewall\Domain Profile Windows Firewall: Allow local program exceptions At least Microsoft Windows XP Professional with SP2 Allows administrators to use the Windows Firewall component in Control Panel to define a local program exceptions list. Windows Firewall uses two program exceptions lists; the other is defined by the Windows Firewall: Define program exceptions policy setting.If you enable this policy setting, the Windows Firewall component in Control Panel allows administrators to define a local program exceptions list.If you disable this policy setting, the Windows Firewall component in Control Panel does not allow administrators to define a local program exceptions list.If you do not configure this policy setting, the ability of administrators to define a local program exceptions list depends on the configuration of the Windows Firewall: Define program exceptions policy setting. If that setting is not configured, administrators can define a local program exceptions list. If it is enabled or disabled, administrators cannot define a local program exceptions list. HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications!AllowUserPrefMerge
Windows XP SP2 System MACHINE Administrative Templates\Network\Network Connections\Windows Firewall\Domain Profile Windows Firewall: Allow remote administration exception At least Microsoft Windows XP Professional with SP2 Allows remote administration of this computer using administrative tools such as the Microsoft Management Console (MMC) and Windows Management Instrumentation (WMI). To do this, Windows Firewall opens TCP ports 135 and 445. Services typically use these ports to communicate using remote procedure calls (RPC) and Distributed Component Object Model (DCOM). This policy setting also allows SVCHOST.EXE and LSASS.EXE to receive unsolicited incoming messages and allows hosted services to open additional dynamically-assigned ports, typically in the range of 1024 to 1034.If you enable this policy setting, Windows Firewall allows the computer to receive the unsolicited incoming messages associated with remote administration. You must specify the IP addresses or subnets from which these incoming messages are allowed.If you disable or do not configure this policy setting, Windows Firewall does not open TCP port 135 or 445. Also, Windows Firewall prevents SVCHOST.EXE and LSASS.EXE from receiving unsolicited incoming messages, and prevents hosted services from opening additional dynamically-assigned ports. Because disabling this policy setting does not block TCP port 445, it does not conflict with the Windows Firewall: Allow file and printer sharing exception policy setting.Note: Malicious users often attempt to attack networks and computers using RPC and DCOM. We recommend that you contact the manufacturers of your critical programs to determine if they are hosted by SVCHOST.exe or LSASS.exe or if they require RPC and DCOM communication. If they do not, then do not enable this policy setting.Note: If any policy setting opens TCP port 445, Windows Firewall allows inbound ICMP echo request messages (the message sent by the Ping utility), even if the Windows Firewall: Allow ICMP exceptions policy setting would block them. Policy settings that can open TCP port 445 include Windows Firewall: Allow file and printer sharing exception, Windows Firewall: Allow remote administration exception, and Windows Firewall: Define port exceptions. HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings!Enabled, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings!RemoteAddresses
Windows XP SP2 System MACHINE Administrative Templates\Network\Network Connections\Windows Firewall\Domain Profile Windows Firewall: Allow file and printer sharing exception At least Microsoft Windows XP Professional with SP2 Allows file and printer sharing. To do this, Windows Firewall opens UDP ports 137 and 138, and TCP ports 139 and 445.If you enable this policy setting, Windows Firewall opens these ports so that this computer can receive print jobs and requests for access to shared files. You must specify the IP addresses or subnets from which these incoming messages are allowed. In the Windows Firewall component of Control Panel, the File and Printer Sharing check box is selected and administrators cannot clear it.If you disable this policy setting, Windows Firewall blocks these ports, which prevents this computer from sharing files and printers. If an administrator attempts to open any of these ports by adding them to a local port exceptions list, Windows Firewall does not open the port. In the Windows Firewall component of Control Panel, the File and Printer Sharing check box is cleared and administrators cannot select it.If you do not configure this policy setting, Windows Firewall does not open these ports. Therefore, the computer cannot share files or printers unless an administrator uses other policy settings to open the required ports. In the Windows Firewall component of Control Panel, the File and Printer Sharing check box is cleared. Administrators can change this check box.Note: If any policy setting opens TCP port 445, Windows Firewall allows inbound ICMP echo requests (the message sent by the Ping utility), even if the Windows Firewall: Allow ICMP exceptions policy setting would block them. Policy settings that can open TCP port 445 include Windows Firewall: Allow file and printer sharing exception, Windows Firewall: Allow remote administration exception, and Windows Firewall: Define port exceptions. HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint!Enabled, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint!RemoteAddresses
Windows XP SP2 System MACHINE Administrative Templates\Network\Network Connections\Windows Firewall\Domain Profile Windows Firewall: Allow ICMP exceptions At least Microsoft Windows XP Professional with SP2 Defines the set of Internet Control Message Protocol (ICMP) message types that Windows Firewall allows. Utilities can use ICMP messages to determine the status of other computers. For example, Ping uses the echo request message. If you do not enable the Allow inbound echo request message type, Windows Firewall blocks echo request messages sent by Ping running on other computers, but it does not block outbound echo request messages sent by Ping running on this computer.If you enable this policy setting, you must specify which ICMP message types Windows Firewall allows this computer to send or receive.If you disable this policy setting, Windows Firewall blocks all unsolicited incoming ICMP message types and the listed outgoing ICMP message types. As a result, utilities that use the blocked ICMP messages will not be able to send those messages to or from this computer. Administrators cannot use the Windows Firewall component in Control Panel to enable any message types. If you enable this policy setting and allow certain message types, then later disable this policy setting, Windows Firewall deletes the list of message types that you had enabled.If you do not configure this policy setting, Windows Firewall behaves as if you had disabled it, except that administrators can use the Windows Firewall component in Control Panel to enable or disable message types.Note: If any policy setting opens TCP port 445, Windows Firewall allows inbound echo requests, even if the Windows Firewall: Allow ICMP exceptions policy setting would block them. Policy settings that can open TCP port 445 include Windows Firewall: Allow file and printer sharing exception, Windows Firewall: Allow remote administration exception, and Windows Firewall: Define port exceptions.Note: Other Windows Firewall policy settings affect only incoming messages, but several of the options of the Windows Firewall: Allow ICMP exceptions policy setting affect outgoing communication. HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings!AllowOutboundDestinationUnreachable, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings!AllowOutboundSourceQuench, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings!AllowRedirect, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings!AllowInboundEchoRequest, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings!AllowInboundRouterRequest, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings!AllowOutboundTimeExceeded, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings!AllowOutboundParameterProblem, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings!AllowInboundTimestampRequest, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings!AllowInboundMaskRequest, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings!AllowOutboundPacketTooBig
Windows XP SP2 System MACHINE Administrative Templates\Network\Network Connections\Windows Firewall\Domain Profile Windows Firewall: Allow Remote Desktop exception At least Microsoft Windows XP Professional with SP2 Allows this computer to receive Remote Desktop requests. To do this, Windows Firewall opens TCP port 3389.†† If you enable this policy setting, Windows Firewall opens this port so that this computer can receive Remote Desktop requests. You must specify the IP addresses or subnets from which these incoming messages are allowed. In the Windows Firewall component of Control Panel, the Remote Desktop check box is selected and administrators cannot clear it.†† If you disable this policy setting, Windows Firewall blocks this port, which prevents this computer from receiving Remote Desktop requests. If an administrator attempts to open this port by adding it to a local port exceptions list, Windows Firewall does not open the port. In the Windows Firewall component of Control Panel, the Remote Desktop check box is cleared and administrators cannot select it.If you do not configure this policy setting, Windows Firewall does not open this port. Therefore, the computer cannot receive Remote Desktop requests unless an administrator uses other policy settings to open the port. In the Windows Firewall component of Control Panel, the Remote Desktop check box is cleared. Administrators can change this check box. HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop!Enabled, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop!RemoteAddresses
Windows XP SP2 System MACHINE Administrative Templates\Network\Network Connections\Windows Firewall\Domain Profile Windows Firewall: Allow UPnP framework exception At least Microsoft Windows XP Professional with SP2 Allows this computer to receive unsolicited Plug and Play messages sent by network devices, such as routers with built-in firewalls. To do this, Windows Firewall opens TCP port 2869 and UDP port 1900.†† If you enable this policy setting, Windows Firewall opens these ports so that this computer can receive Plug and Play messages. You must specify the IP addresses or subnets from which these incoming messages are allowed. In the Windows Firewall component of Control Panel, the UPnP framework check box is selected and administrators cannot clear it.†† If you disable this policy setting, Windows Firewall blocks these ports, which prevents this computer from receiving Plug and Play messages. If an administrator attempts to open these ports by adding them to a local port exceptions list, Windows Firewall does not open the ports. In the Windows Firewall component of Control Panel, the UPnP framework check box is cleared and administrators cannot select it.If you do not configure this policy setting, Windows Firewall does not open these ports. Therefore, the computer cannot receive Plug and Play messages unless an administrator uses other policy settings to open the required ports or enable the required programs. In the Windows Firewall component of Control Panel, the UPnP framework check box is cleared. Administrators can change this check box. HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\UPnPFramework!Enabled, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\UPnPFramework!RemoteAddresses
Windows XP SP2 System MACHINE Administrative Templates\Network\Network Connections\Windows Firewall\Domain Profile Windows Firewall: Prohibit notifications At least Microsoft Windows XP Professional with SP2 Prevents Windows Firewall from displaying notifications to the user when a program requests that Windows Firewall add the program to the program exceptions list.If you enable this policy setting, Windows Firewall prevents the display of these notifications.If you disable this policy setting, Windows Firewall allows the display of these notifications. In the Windows Firewall component of Control Panel, the Display a notification when Windows Firewall blocks a program check box is selected and administrators cannot clear it.If you do not configure this policy setting, Windows Firewall behaves as if the policy setting were disabled, except that in the Windows Firewall component of Control Panel, the Display a notification when Windows Firewall blocks a program check box is selected by default, and administrators can change it. HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\UPnPFramework!DisableNotifications
Windows XP SP2 System MACHINE Administrative Templates\Network\Network Connections\Windows Firewall\Domain Profile Windows Firewall: Allow logging At least Microsoft Windows XP Professional with SP2 Allows Windows Firewall to record information about the unsolicited incoming messages that it receives.If you enable this policy setting, Windows Firewall writes the information to a log file. You must provide the name, location, and maximum size of the log file. The location can contain environment variables. You must also specify whether to record information about incoming messages that the firewall blocks (drops) and information about successful incoming and outgoing connections. Windows Firewall does not provide an option to log successful incoming messages.If you disable this policy setting, Windows Firewall does not record information in the log file. If you enable this policy setting, and Windows Firewall creates the log file and adds information, then upon disabling this policy setting, Windows Firewall leaves the log file intact. In the Windows Firewall component of Control Panel, the Security Logging settings are cleared and administrators cannot select them.If you do not configure this policy setting, Windows Firewall behaves as if the policy setting were disabled, except that administrators can choose whether to select the Security Logging settings. HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging!LogDroppedPackets, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging!LogSuccessfulConnections, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging!LogDroppedPackets, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging!LogSuccessfulConnections, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging!LogFilePath, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging!LogFileSize
Windows XP SP2 System MACHINE Administrative Templates\Network\Network Connections\Windows Firewall\Domain Profile Windows Firewall: Prohibit unicast response to multicast or broadcast requests At least Microsoft Windows XP Professional with SP2 Prevents this computer from receiving unicast responses to its outgoing multicast or broadcast messages.If you enable this policy setting, and this computer sends multicast or broadcast messages to other computers, Windows Firewall blocks the unicast responses sent by those other computers.If you disable or do not configure this policy setting, and this computer sends a multicast or broadcast message to other computers, Windows Firewall waits as long as three seconds for unicast responses from the other computers and then blocks all later responses.Note: This policy setting has no effect if the unicast message is a response to a Dynamic Host Configuration Protocol (DHCP) broadcast message sent by this computer. Windows Firewall always permits those DHCP unicast responses. However, this policy setting can interfere with the NetBIOS messages that detect name conflicts. HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging!DisableUnicastResponsesToMulticastBroadcast
Windows XP SP2 System MACHINE Administrative Templates\Network\Network Connections\Windows Firewall\Domain Profile Windows Firewall: Define port exceptions At least Microsoft Windows XP Professional with SP2 Allows you to view and change the port exceptions list defined by Group Policy. Windows Firewall uses two port exception lists: one is defined by Group Policy settings and the other is defined by the Windows Firewall component in Control Panel.If you enable this policy setting, you can view and change the port exceptions list defined by Group Policy. To view this port exceptions list, enable the policy setting and then click the Show button. To add a port, enable the policy setting, note the syntax, click the Show button, click the Add button, and then type a definition string that uses the syntax format. To remove a port, click its definition, and then click the Remove button. To edit a definition, remove the current definition from the list and add a new one with different parameters. To allow administrators to add ports to the local port exceptions list that is defined by the Windows Firewall component in Control Panel, also enable the Windows Firewall: Allow local port exceptions policy setting.If you disable this policy setting, the port exceptions list defined by Group Policy is deleted, but other policy settings can continue to open or block ports. Also, if a local port exceptions list exists, it is ignored unless you enable the Windows Firewall: Allow local port exceptions policy setting.If you do not configure this policy setting, Windows Firewall uses only the local port exceptions list that administrators define by using the Windows Firewall component in Control Panel. Other policy settings can continue to open or block ports.Note: If you type an invalid definition string, Windows Firewall adds it to the list without checking for errors, and therefore you can accidentally create multiple entries for the same port with conflicting Scope or Status values. Scope parameters are combined for multiple entries. If entries have different Status values, any definition with the Status set to disabled overrides all definitions with the Status set to enabled, and the port does not receive messages. Therefore, if you set the Status of a port to disabled, you can prevent administrators from using the Windows Firewall component in Control Panel to enable the port.Note: The only effect of setting the Status value to disabled is that Windows Firewall ignores other definitions for that port that set the Status to enabled. If another policy setting opens a port, or if a program in the program exceptions list asks Windows Firewall to open a port, Windows Firewall opens the port.Note: If any policy setting opens TCP port 445, Windows Firewall allows inbound ICMP echo request messages (the message sent by the Ping utility), even if the Windows Firewall: Allow ICMP exceptions policy setting would block them. Policy settings that can open TCP port 445 include Windows Firewall: Allow file and printer sharing exception, Windows Firewall: Allow remote administration exception, and Windows Firewall: Define port exceptions. HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts!Enabled
Windows XP SP2 System MACHINE Administrative Templates\Network\Network Connections\Windows Firewall\Domain Profile Windows Firewall: Allow local port exceptions At least Microsoft Windows XP Professional with SP2 Allows administrators to use the Windows Firewall component in Control Panel to define a local port exceptions list. Windows Firewall uses two port exceptions lists; the other is defined by the Windows Firewall: Define port exceptions policy setting.If you enable this policy setting, the Windows Firewall component in Control Panel allows administrators to define a local port exceptions list.If you disable this policy setting, the Windows Firewall component in Control Panel does not allow administrators to define a local port exceptions list.If you do not configure this policy setting, the ability of administrators to define a local port exceptions list depends on the configuration of the Windows Firewall: Define port exceptions policy setting. If that setting is not configured, administrators can define a local port exceptions list. If it is enabled or disabled, administrators cannot define a local port exceptions list. HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts!AllowUserPrefMerge
Windows XP SP2 System MACHINE Administrative Templates\Network\Network Connections\Windows Firewall\Standard Profile Windows Firewall: Protect all network connections At least Microsoft Windows XP Professional with SP2 Turns on Windows Firewall, which replaces Internet Connection Firewall on all computers that are running Windows XP Service Pack 2.If you enable this policy setting, Windows Firewall runs and ignores the Computer Configuration\Administrative Templates\Network\Network Connections\Prohibit use of Internet Connection Firewall on your DNS domain network policy setting.If you disable this policy setting, Windows Firewall does not run. This is the only way to ensure that Windows Firewall does not run and administrators who log on locally cannot start it.If you do not configure this policy setting, administrators can use the Windows Firewall component in Control Panel to turn Windows Firewall on or off, unless the Prohibit use of Internet Connection Firewall on your DNS domain network policy setting overrides. HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile!EnableFirewall
Windows XP SP2 System MACHINE Administrative Templates\Network\Network Connections\Windows Firewall\Standard Profile Windows Firewall: Do not allow exceptions At least Microsoft Windows XP Professional with SP2 Specifies that Windows Firewall blocks all unsolicited incoming messages. This policy setting overrides all other Windows Firewall policy settings that allow such messages.If you enable this policy setting, in the Windows Firewall component of Control Panel, the Don't allow exceptions check box is selected and administrators cannot clear it. You should also enable the Windows Firewall: Protect all network connections policy setting; otherwise, administrators who log on locally can work around the Windows Firewall: Do not allow exceptions policy setting by turning off the firewall.If you disable this policy setting, Windows Firewall applies other policy settings that allow unsolicited incoming messages. In the Windows Firewall component of Control Panel, the Don't allow exceptions check box is cleared and administrators cannot select it.If you do not configure this policy setting, Windows Firewall applies other policy settings that allow unsolicited incoming messages. In the Windows Firewall component of Control Panel, the Don't allow exceptions check box is cleared by default, but administrators can change it. HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile!DoNotAllowExceptions
Windows XP SP2 System MACHINE Administrative Templates\Network\Network Connections\Windows Firewall\Standard Profile Windows Firewall: Define program exceptions At least Microsoft Windows XP Professional with SP2 Allows you to view and change the program exceptions list defined by Group Policy. Windows Firewall uses two program exception lists: one is defined by Group Policy settings and the other is defined by the Windows Firewall component in Control Panel.If you enable this policy setting, you can view and change the program exceptions list defined by Group Policy. If you add a program to this list and set its status to Enabled, that program can receive unsolicited incoming messages on any port that it asks Windows Firewall to open, even if that port is blocked by another policy setting, such as the Windows Firewall: Define port exceptions policy setting. To view the program list, enable the policy setting and then click the Show button. To add a program, enable the policy setting, note the syntax, click the Show button, click the Add button, and then type a definition string that uses the syntax format. To remove a program, click its definition, and then click the Remove button. To edit a definition, remove the current definition from the list and add a new one with different parameters. To allow administrators to add programs to the local program exceptions list that is defined by the Windows Firewall component in Control Panel, also enable the Windows Firewall: Allow local program exceptions policy setting.If you disable this policy setting, the program exceptions list defined by Group Policy is deleted. If a local program exceptions list exists, it is ignored unless you enable the Windows Firewall: Allow local program exceptions policy setting.If you do not configure this policy setting, Windows Firewall uses only the local program exceptions list that administrators define by using the Windows Firewall component in Control Panel.Note: If you type an invalid definition string, Windows Firewall adds it to the list without checking for errors. This allows you to add programs that you have not installed yet, but be aware that you can accidentally create multiple entries for the same program with conflicting Scope or Status values. Scope parameters are combined for multiple entries.Note: If you set the Status parameter of a definition string to disabled, Windows Firewall ignores port requests made by that program and ignores other definitions that set the Status of that program to enabled. Therefore, if you set the Status to disabled, you prevent administrators from allowing the program to ask Windows Firewall to open additional ports. However, even if the Status is disabled, the program can still receive unsolicited incoming messages through a port if another policy setting opens that port.Note: Windows Firewall opens ports for the program only when the program is running and listening for incoming messages. If the program is not running, or is running but not listening for those messages, Windows Firewall does not open its ports. HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications!Enabled
Windows XP SP2 System MACHINE Administrative Templates\Network\Network Connections\Windows Firewall\Standard Profile Windows Firewall: Allow local program exceptions At least Microsoft Windows XP Professional with SP2 Allows administrators to use the Windows Firewall component in Control Panel to define a local program exceptions list. Windows Firewall uses two program exceptions lists; the other is defined by the Windows Firewall: Define program exceptions policy setting.If you enable this policy setting, the Windows Firewall component in Control Panel allows administrators to define a local program exceptions list.If you disable this policy setting, the Windows Firewall component in Control Panel does not allow administrators to define a local program exceptions list.If you do not configure this policy setting, the ability of administrators to define a local program exceptions list depends on the configuration of the Windows Firewall: Define program exceptions policy setting. If that setting is not configured, administrators can define a local program exceptions list. If it is enabled or disabled, administrators cannot define a local program exceptions list. HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications!AllowUserPrefMerge
Windows XP SP2 System MACHINE Administrative Templates\Network\Network Connections\Windows Firewall\Standard Profile Windows Firewall: Allow remote administration exception At least Microsoft Windows XP Professional with SP2 Allows remote administration of this computer using administrative tools such as the Microsoft Management Console (MMC) and Windows Management Instrumentation (WMI). To do this, Windows Firewall opens TCP ports 135 and 445. Services typically use these ports to communicate using remote procedure calls (RPC) and Distributed Component Object Model (DCOM). This policy setting also allows SVCHOST.EXE and LSASS.EXE to receive unsolicited incoming messages and allows hosted services to open additional dynamically-assigned ports, typically in the range of 1024 to 1034.If you enable this policy setting, Windows Firewall allows the computer to receive the unsolicited incoming messages associated with remote administration. You must specify the IP addresses or subnets from which these incoming messages are allowed.If you disable or do not configure this policy setting, Windows Firewall does not open TCP port 135 or 445. Also, Windows Firewall prevents SVCHOST.EXE and LSASS.EXE from receiving unsolicited incoming messages, and prevents hosted services from opening additional dynamically-assigned ports. Because disabling this policy setting does not block TCP port 445, it does not conflict with the Windows Firewall: Allow file and printer sharing exception policy setting.Note: Malicious users often attempt to attack networks and computers using RPC and DCOM. We recommend that you contact the manufacturers of your critical programs to determine if they are hosted by SVCHOST.exe or LSASS.exe or if they require RPC and DCOM communication. If they do not, then do not enable this policy setting.Note: If any policy setting opens TCP port 445, Windows Firewall allows inbound ICMP echo request messages (the message sent by the Ping utility), even if the Windows Firewall: Allow ICMP exceptions policy setting would block them. Policy settings that can open TCP port 445 include Windows Firewall: Allow file and printer sharing exception, Windows Firewall: Allow remote administration exception, and Windows Firewall: Define port exceptions. HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\RemoteAdminSettings!Enabled, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\RemoteAdminSettings!RemoteAddresses
Windows XP SP2 System MACHINE Administrative Templates\Network\Network Connections\Windows Firewall\Standard Profile Windows Firewall: Allow file and printer sharing exception At least Microsoft Windows XP Professional with SP2 Allows file and printer sharing. To do this, Windows Firewall opens UDP ports 137 and 138, and TCP ports 139 and 445.If you enable this policy setting, Windows Firewall opens these ports so that this computer can receive print jobs and requests for access to shared files. You must specify the IP addresses or subnets from which these incoming messages are allowed. In the Windows Firewall component of Control Panel, the File and Printer Sharing check box is selected and administrators cannot clear it.If you disable this policy setting, Windows Firewall blocks these ports, which prevents this computer from sharing files and printers. If an administrator attempts to open any of these ports by adding them to a local port exceptions list, Windows Firewall does not open the port. In the Windows Firewall component of Control Panel, the File and Printer Sharing check box is cleared and administrators cannot select it.If you do not configure this policy setting, Windows Firewall does not open these ports. Therefore, the computer cannot share files or printers unless an administrator uses other policy settings to open the required ports. In the Windows Firewall component of Control Panel, the File and Printer Sharing check box is cleared. Administrators can change this check box.Note: If any policy setting opens TCP port 445, Windows Firewall allows inbound ICMP echo requests (the message sent by the Ping utility), even if the Windows Firewall: Allow ICMP exceptions policy setting would block them. Policy settings that can open TCP port 445 include Windows Firewall: Allow file and printer sharing exception, Windows Firewall: Allow remote administration exception, and Windows Firewall: Define port exceptions. HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\FileAndPrint!Enabled, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\FileAndPrint!RemoteAddresses
Windows XP SP2 System MACHINE Administrative Templates\Network\Network Connections\Windows Firewall\Standard Profile Windows Firewall: Allow ICMP exceptions At least Microsoft Windows XP Professional with SP2 Defines the set of Internet Control Message Protocol (ICMP) message types that Windows Firewall allows. Utilities can use ICMP messages to determine the status of other computers. For example, Ping uses the echo request message. If you do not enable the Allow inbound echo request message type, Windows Firewall blocks echo request messages sent by Ping running on other computers, but it does not block outbound echo request messages sent by Ping running on this computer.If you enable this policy setting, you must specify which ICMP message types Windows Firewall allows this computer to send or receive.If you disable this policy setting, Windows Firewall blocks all unsolicited incoming ICMP message types and the listed outgoing ICMP message types. As a result, utilities that use the blocked ICMP messages will not be able to send those messages to or from this computer. Administrators cannot use the Windows Firewall component in Control Panel to enable any message types. If you enable this policy setting and allow certain message types, then later disable this policy setting, Windows Firewall deletes the list of message types that you had enabled.If you do not configure this policy setting, Windows Firewall behaves as if you had disabled it, except that administrators can use the Windows Firewall component in Control Panel to enable or disable message types.Note: If any policy setting opens TCP port 445, Windows Firewall allows inbound echo requests, even if the Windows Firewall: Allow ICMP exceptions policy setting would block them. Policy settings that can open TCP port 445 include Windows Firewall: Allow file and printer sharing exception, Windows Firewall: Allow remote administration exception, and Windows Firewall: Define port exceptions.Note: Other Windows Firewall policy settings affect only incoming messages, but several of the options of the Windows Firewall: Allow ICMP exceptions policy setting affect outgoing communication. HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings!AllowOutboundDestinationUnreachable, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings!AllowOutboundSourceQuench, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings!AllowRedirect, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings!AllowInboundEchoRequest, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings!AllowInboundRouterRequest, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings!AllowOutboundTimeExceeded, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings!AllowOutboundParameterProblem, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings!AllowInboundTimestampRequest, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings!AllowInboundMaskRequest, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings!AllowOutboundPacketTooBig
Windows XP SP2 System MACHINE Administrative Templates\Network\Network Connections\Windows Firewall\Standard Profile Windows Firewall: Allow Remote Desktop exception At least Microsoft Windows XP Professional with SP2 Allows this computer to receive Remote Desktop requests. To do this, Windows Firewall opens TCP port 3389.†† If you enable this policy setting, Windows Firewall opens this port so that this computer can receive Remote Desktop requests. You must specify the IP addresses or subnets from which these incoming messages are allowed. In the Windows Firewall component of Control Panel, the Remote Desktop check box is selected and administrators cannot clear it.†† If you disable this policy setting, Windows Firewall blocks this port, which prevents this computer from receiving Remote Desktop requests. If an administrator attempts to open this port by adding it to a local port exceptions list, Windows Firewall does not open the port. In the Windows Firewall component of Control Panel, the Remote Desktop check box is cleared and administrators cannot select it.If you do not configure this policy setting, Windows Firewall does not open this port. Therefore, the computer cannot receive Remote Desktop requests unless an administrator uses other policy settings to open the port. In the Windows Firewall component of Control Panel, the Remote Desktop check box is cleared. Administrators can change this check box. HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\RemoteDesktop!Enabled, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\RemoteDesktop!RemoteAddresses
Windows XP SP2 System MACHINE Administrative Templates\Network\Network Connections\Windows Firewall\Standard Profile Windows Firewall: Allow UPnP framework exception At least Microsoft Windows XP Professional with SP2 Allows this computer to receive unsolicited Plug and Play messages sent by network devices, such as routers with built-in firewalls. To do this, Windows Firewall opens TCP port 2869 and UDP port 1900.†† If you enable this policy setting, Windows Firewall opens these ports so that this computer can receive Plug and Play messages. You must specify the IP addresses or subnets from which these incoming messages are allowed. In the Windows Firewall component of Control Panel, the UPnP framework check box is selected and administrators cannot clear it.†† If you disable this policy setting, Windows Firewall blocks these ports, which prevents this computer from receiving Plug and Play messages. If an administrator attempts to open these ports by adding them to a local port exceptions list, Windows Firewall does not open the ports. In the Windows Firewall component of Control Panel, the UPnP framework check box is cleared and administrators cannot select it.If you do not configure this policy setting, Windows Firewall does not open these ports. Therefore, the computer cannot receive Plug and Play messages unless an administrator uses other policy settings to open the required ports or enable the required programs. In the Windows Firewall component of Control Panel, the UPnP framework check box is cleared. Administrators can change this check box. HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\UPnPFramework!Enabled, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\UPnPFramework!RemoteAddresses
Windows XP SP2 System MACHINE Administrative Templates\Network\Network Connections\Windows Firewall\Standard Profile Windows Firewall: Prohibit notifications At least Microsoft Windows XP Professional with SP2 Prevents Windows Firewall from displaying notifications to the user when a program requests that Windows Firewall add the program to the program exceptions list.If you enable this policy setting, Windows Firewall prevents the display of these notifications.If you disable this policy setting, Windows Firewall allows the display of these notifications. In the Windows Firewall component of Control Panel, the Display a notification when Windows Firewall blocks a program check box is selected and administrators cannot clear it.If you do not configure this policy setting, Windows Firewall behaves as if the policy setting were disabled, except that in the Windows Firewall component of Control Panel, the Display a notification when Windows Firewall blocks a program check box is selected by default, and administrators can change it. HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\UPnPFramework!DisableNotifications
Windows XP SP2 System MACHINE Administrative Templates\Network\Network Connections\Windows Firewall\Standard Profile Windows Firewall: Allow logging At least Microsoft Windows XP Professional with SP2 Allows Windows Firewall to record information about the unsolicited incoming messages that it receives.If you enable this policy setting, Windows Firewall writes the information to a log file. You must provide the name, location, and maximum size of the log file. The location can contain environment variables. You must also specify whether to record information about incoming messages that the firewall blocks (drops) and information about successful incoming and outgoing connections. Windows Firewall does not provide an option to log successful incoming messages.If you disable this policy setting, Windows Firewall does not record information in the log file. If you enable this policy setting, and Windows Firewall creates the log file and adds information, then upon disabling this policy setting, Windows Firewall leaves the log file intact. In the Windows Firewall component of Control Panel, the Security Logging settings are cleared and administrators cannot select them.If you do not configure this policy setting, Windows Firewall behaves as if the policy setting were disabled, except that administrators can choose whether to select the Security Logging settings. HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Logging!LogDroppedPackets, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Logging!LogSuccessfulConnections, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Logging!LogDroppedPackets, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Logging!LogSuccessfulConnections, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Logging!LogFilePath, HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Logging!LogFileSize
Windows XP SP2 System MACHINE Administrative Templates\Network\Network Connections\Windows Firewall\Standard Profile Windows Firewall: Prohibit unicast response to multicast or broadcast requests At least Microsoft Windows XP Professional with SP2 Prevents this computer from receiving unicast responses to its outgoing multicast or broadcast messages.If you enable this policy setting, and this computer sends multicast or broadcast messages to other computers, Windows Firewall blocks the unicast responses sent by those other computers.If you disable or do not configure this policy setting, and this computer sends a multicast or broadcast message to other computers, Windows Firewall waits as long as three seconds for unicast responses from the other computers and then blocks all later responses.Note: This policy setting has no effect if the unicast message is a response to a Dynamic Host Configuration Protocol (DHCP) broadcast message sent by this computer. Windows Firewall always permits those DHCP unicast responses. However, this policy setting can interfere with the NetBIOS messages that detect name conflicts. HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Logging!DisableUnicastResponsesToMulticastBroadcast
Windows XP SP2 System MACHINE Administrative Templates\Network\Network Connections\Windows Firewall\Standard Profile Windows Firewall: Define port exceptions At least Microsoft Windows XP Professional with SP2 Allows you to view and change the port exceptions list defined by Group Policy. Windows Firewall uses two port exception lists: one is defined by Group Policy settings and the other is defined by the Windows Firewall component in Control Panel.If you enable this policy setting, you can view and change the port exceptions list defined by Group Policy. To view this port exceptions list, enable the policy setting and then click the Show button. To add a port, enable the policy setting, note the syntax, click the Show button, click the Add button, and then type a definition string that uses the syntax format. To remove a port, click its definition, and then click the Remove button. To edit a definition, remove the current definition from the list and add a new one with different parameters. To allow administrators to add ports to the local port exceptions list that is defined by the Windows Firewall component in Control Panel, also enable the Windows Firewall: Allow local port exceptions policy setting.If you disable this policy setting, the port exceptions list defined by Group Policy is deleted, but other policy settings can continue to open or block ports. Also, if a local port exceptions list exists, it is ignored unless you enable the Windows Firewall: Allow local port exceptions policy setting.If you do not configure this policy setting, Windows Firewall uses only the local port exceptions list that administrators define by using the Windows Firewall component in Control Panel. Other policy settings can continue to open or block ports.Note: If you type an invalid definition string, Windows Firewall adds it to the list without checking for errors, and therefore you can accidentally create multiple entries for the same port with conflicting Scope or Status values. Scope parameters are combined for multiple entries. If entries have different Status values, any definition with the Status set to disabled overrides all definitions with the Status set to enabled, and the port does not receive messages. Therefore, if you set the Status of a port to disabled, you can prevent administrators from using the Windows Firewall component in Control Panel to enable the port.Note: The only effect of setting the Status value to disabled is that Windows Firewall ignores other definitions for that port that set the Status to enabled. If another policy setting opens a port, or if a program in the program exceptions list asks Windows Firewall to open a port, Windows Firewall opens the port.Note: If any policy setting opens TCP port 445, Windows Firewall allows inbound ICMP echo request messages (the message sent by the Ping utility), even if the Windows Firewall: Allow ICMP exceptions policy setting would block them. Policy settings that can open TCP port 445 include Windows Firewall: Allow file and printer sharing exception, Windows Firewall: Allow remote administration exception, and Windows Firewall: Define port exceptions. HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts!Enabled
Windows XP SP2 System MACHINE Administrative Templates\Network\Network Connections\Windows Firewall\Standard Profile Windows Firewall: Allow local port exceptions At least Microsoft Windows XP Professional with SP2 Allows administrators to use the Windows Firewall component in Control Panel to define a local port exceptions list. Windows Firewall uses two port exceptions lists; the other is defined by the Windows Firewall: Define port exceptions policy setting.If you enable this policy setting, the Windows Firewall component in Control Panel allows administrators to define a local port exceptions list.If you disable this policy setting, the Windows Firewall component in Control Panel does not allow administrators to define a local port exceptions list.If you do not configure this policy setting, the ability of administrators to define a local port exceptions list depends on the configuration of the Windows Firewall: Define port exceptions policy setting. If that setting is not configured, administrators can define a local port exceptions list. If it is enabled or disabled, administrators cannot define a local port exceptions list. HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts!AllowUserPrefMerge
Windows XP SP2 System MACHINE Administrative Templates\Network\Network Connections\Windows Firewall Windows Firewall: Allow authenticated IPSec bypass At least Microsoft Windows XP Professional with SP2 Allows unsolicited incoming messages from specified systems that authenticate using the IPSec transport.If you enable this policy setting, you must type a security descriptor containing a list of computers or groups of computers. If a computer on that list authenticates using IPSec, Windows Firewall does not block its unsolicited messages. This policy setting overrides other policy settings that would block those messages.If you disable or do not configure this policy setting, Windows Firewall makes no exception for messages sent by computers that authenticate using IPSec. If you enable this policy setting and add systems to the list, upon disabling this policy, Windows Firewall deletes the list.Note: You define entries in this list by using Security Descriptor Definition Language (SDDL) strings. For more information about the SDDL format, see the Windows Firewall deployment information at the Microsoft Web site (http://go.microsoft.com/fwlink/?LinkId=25131). HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\ICFv4!BypassFirewall
Windows XP SP2 System MACHINE Administrative Templates\Network\Background Intelligent Transfer Service Maximum network bandwith that BITS uses Windows Windows XP SP2 or computers with BITS 2.0 installed. Limits the network bandwidth that BITS uses for background transfers (this policy does not affect foreground transfers).Specify a limit to use during a specific time interval and a limit to use at all other times. For example, limit the use of network bandwidth to 10 Kbps from 8AM to 5PM, and use all available unused bandwidth the rest of the time.Specify the limit in kilobits per second (Kbps). Base the limit on the size of the network link, not the computerís network interface card (NIC). BITS uses approximately two kilobits if you specify a value less than two kilobits.To prevent BITS transfers from occurring, specify a limit of 0.†† If you disable or do not configure this policy, BITS uses all available unused bandwidth.Typically, you use this policy to prevent BITS transfers from competing for network bandwidth when the client has a fast network card (10Mbs), but is connected to the network via a slow link (56Kbs). HKLM\Software\Policies\Microsoft\Windows\BITS!EnableBITSMaxBandwidth, HKLM\Software\Policies\Microsoft\Windows\BITS!MaxTransferRateOnSchedule, HKLM\Software\Policies\Microsoft\Windows\BITS!MaxBandwidthValidFrom, HKLM\Software\Policies\Microsoft\Windows\BITS!MaxBandwidthValidTo, HKLM\Software\Policies\Microsoft\Windows\BITS!UseSystemMaximum, HKLM\Software\Policies\Microsoft\Windows\BITS!MaxTransferRateOffSchedule
Windows XP SP2 System MACHINE Administrative Templates\Windows Components\Event Viewer Events.asp URL At least Microsoft Windows XP Professional with SP2 This is the URL that will be passed to the Description area in the Event Properties dialog box. Change this value if you want to use a different Web server to handle event information requests. HKLM\Software\Policies\Microsoft\EventViewer!MicrosoftRedirectionURL
Windows XP SP2 System MACHINE Administrative Templates\Windows Components\Event Viewer Events.asp program At least Microsoft Windows XP Professional with SP2 This is the program that will be invoked when the user clicks the events.asp link. HKLM\Software\Policies\Microsoft\EventViewer!MicrosoftRedirectionProgram
Windows XP SP2 System MACHINE Administrative Templates\Windows Components\Event Viewer Events.asp program command line parameters At least Microsoft Windows XP Professional with SP2 This specifies the command line parameters that will be passed to the events.asp program HKLM\Software\Policies\Microsoft\EventViewer!MicrosoftRedirectionProgramCommandLineParameters
Windows XP SP2 System MACHINE Administrative Templates\Windows Components\Terminal Services\Client Do not allow passwords to be saved At least Microsoft Windows XP Professional with SP2 Controls whether passwords can be saved on this computer from Terminal Services clients.If you enable this setting the password saving checkbox in Terminal Services clients will be disabled and users will no longer be able to save passwords. When a user opens an RDP file using the Terminal Services client and saves his settings, any password that previously existed in the RDP file will be deleted.If you disable this setting or leave it not configured, the user will be able to save passwords using the Terminal Services client. HKLM\Software\Policies\Microsoft\Windows NT\Terminal Services!DisablePasswordSaving
Windows XP SP2 System MACHINE Administrative Templates\Windows Components\Windows Explorer Turn off shell protocol protected mode At least Microsoft Windows XP Professional with SP2 This policy setting allows you to configure the amount of functionality that the shell protocol can have. When using the full functionality of this protocol, applications can open folders and launch files. The protected mode reduces the functionality of this protocol allowing applications to only open a limited set of folders. Applications are not able to open files with this protocol when it is in the protected mode. It is recommended to leave this protocol in the protected mode to increase the security of Windows.If you enable this policy setting the protocol is fully enabled, allowing the opening of folders and files.If you disable this policy setting the protocol is in the protected mode, allowing applications to only open a limited set of folders.If you do not configure this policy setting the protocol is in the protected mode, allowing applications to only open a limited set of folders. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!PreXPSP2ShellProtocolBehavior
Windows XP SP2 System MACHINE Administrative Templates\Windows Components\Windows Movie Maker Do not allow Windows Movie Maker to run At least Microsoft Windows XP Professional with SP2 Specifies whether Windows Movie Maker can run.Windows Movie Maker is a feature of the Windows XP operating system that can be used to capture, edit, and then save video as a movie to share with others.If you enable this setting, Windows Movie Maker will not run.If you disable or do not configure this setting, Windows Movie Maker can be run. HKLM\Software\Policies\Microsoft\WindowsMovieMaker!MovieMaker
Windows XP SP2 System MACHINE Administrative Templates\Windows Components\Windows Update Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box At least Microsoft Windows XP Professional with SP2 This policy setting allows you to manage whether the 'Install Updates and Shut Down' option is displayed in the Shut Down Windows dialog box.If you enable this policy setting, 'Install Updates and Shut Down' will not appear as a choice in the Shut Down Windows dialog box, even if updates are available for installation when the user selects the Shut Down option in the Start menu.If you disable or do not configure this policy setting, the 'Install Updates and Shut Down' option will be available in the Shut Down Windows dialog box if updates are available when the user selects the Shut Down option in the Start menu. HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!NoAUShutdownOption
Windows XP SP2 System MACHINE Administrative Templates\Windows Components\Windows Update Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box At least Microsoft Windows XP Professional with SP2 This policy setting allows you to manage whether the 'Install Updates and Shut Down' option is allowed to be the default choice in the Shut Down Windows dialog.If you enable this policy setting, the user's last shut down choice (Hibernate, Restart, etc.) is the default option in the Shut Down Windows dialog box, regardless of whether the 'Install Updates and Shut Down' option is available in the 'What do you want the computer to do?' list.If you disable or do not configure this policy setting, the 'Install Updates and Shut Down' option will be the default option in the Shut Down Windows dialog box if updates are available for installation at the time the user selects the Shut Down option in the Start menu.Note that this policy setting has no impact if the Computer Configuration\Administrative Templates\Windows Components\Windows Update\Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box policy setting is enabled. HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!NoAUAsDefaultShutdownOption
Windows XP SP2 System USER Administrative Templates\Network\Network Connections Turn off notifications when a connection has only limited or no connectivity At least Microsoft Windows XP Professional with SP2 This policy setting allows you to manage whether notifications are shown to the user when a DHCP-configured connection is unable to retrieve an IP address from a DHCP server. This is often signified by the assignment of an automatic private IP addressĒ(i.e. an IP address in the range 169.254.*.*). This indicates that a DHCP server could not be reached or the DHCP server was reached but unable to respond to the request with a valid IP address. By default, a notification is displayed providing the user with information on how the problem can be resolved.If you enable this policy setting, this condition will not be reported as an error to the user.If you disable or do not configure this policy setting, a DHCP-configured connection that has not been assigned an IP address will be reported via a notification, providing the user with information as to how the problem can be resolved. HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_IpStateChecking
Windows XP SP2 System USER Administrative Templates\System\Internet Communication Management Restrict Internet communication At least Microsoft Windows XP Professional with SP2 Specifies whether Windows can access the Internet to accomplish tasks that require Internet resources.If this setting is enabled, all of the the policy settings listed in the Internet Communication settings section will be set to enabled.If this setting is disabled, all of the the policy settings listed in the 'Internet Communication settings' section will be set to disabled.If this setting is not configured, all of the the policy settings in the 'Internet Communication settings' section will be set to not configured. HKCU\Software\Policies\Microsoft\InternetManagement!RestrictCommunication, HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoPublishingWizard, HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoWebServices, HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoOnlinePrintsWizard, HKCU\Software\Policies\Microsoft\Messenger\Client!CEIP, HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoInternetOpenWith, HKCU\Software\Policies\Microsoft\Windows NT\Printers!DisableHTTPPrinting, HKCU\Software\Policies\Microsoft\Windows NT\Printers!DisableWebPnPDownload, HKCU\Software\Policies\Microsoft\WindowsMovieMaker!CodecDownload, HKCU\Software\Policies\Microsoft\WindowsMovieMaker!WebHelp, HKCU\Software\Policies\Microsoft\WindowsMovieMaker!WebPublish, HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoPublishingWizard, HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoWebServices, HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoOnlinePrintsWizard, HKCU\Software\Policies\Microsoft\Messenger\Client!CEIP, HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoInternetOpenWith, HKCU\Software\Policies\Microsoft\Windows NT\Printers!DisableHTTPPrinting, HKCU\Software\Policies\Microsoft\Windows NT\Printers!DisableWebPnPDownload, HKCU\Software\Policies\Microsoft\WindowsMovieMaker!CodecDownload, HKCU\Software\Policies\Microsoft\WindowsMovieMaker!WebHelp, HKCU\Software\Policies\Microsoft\WindowsMovieMaker!WebPublish
Windows XP SP2 System USER Administrative Templates\System\Internet Communication Management\Internet Communication settings Turn off the Publish to Web task for files and folders At least Microsoft Windows XP Professional with SP2 Specifies whether the tasks Publish this file to the Web, Publish this folder to the Web, and Publish the selected items to the Web, are available from File and Folder Tasks in Windows folders.The Web Publishing Wizard is used to download a list of providers and allow users to publish content to the Web.If you enable this setting, these tasks are removed from the File and Folder tasks in Windows folders.If you disable or do not configure this setting, the tasks will be shown. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoPublishingWizard
Windows XP SP2 System USER Administrative Templates\System\Internet Communication Management\Internet Communication settings Turn off Internet download for Web publishing and online ordering wizards At least Microsoft Windows XP Professional with SP2 or Windows Server 2003 family Specifies whether Windows should download a list of providers for the Web publishing and online ordering wizards.These wizards allow users to select from a list of companies that provide services such as online storage and photographic printing.By default, Windows displays providers downloaded from a Windows Web site in addition to providers specified in the registry.If you enable this setting, Windows will not download providers and only the service providers that are cached in the local registry will be displayed.If you disable or do not configure this setting, a list of providers will be downloaded when the user uses the Web publishing or online ordering wizards.See the documentation for the Web publishing and online ordering wizards for more information, including details on specifying service providers in the registry. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoWebServices
Windows XP SP2 System USER Administrative Templates\System\Internet Communication Management\Internet Communication settings Turn off the Order Prints picture task At least Microsoft Windows XP Professional with SP2 or Windows Server 2003 family Specifies whether the Order Prints Online task is available from Picture Tasks in Windows folders.The Order Prints Online Wizard is used to download a list of providers and allow users to order prints online.If you enable this setting, the task Order Prints Online is removed from Picture Tasks in Windows Explorer folders.If you disable or do not configure this setting, the task is displayed. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoOnlinePrintsWizard
Windows XP SP2 System USER Administrative Templates\System\Internet Communication Management\Internet Communication settings Turn off the Windows Messenger Customer Experience Improvement Program At least Microsoft Windows XP Professional with SP2 or Windows Server 2003 family Specifies whether Windows Messenger collects anonymous information about how Windows Messenger software and service is used.With the Customer Experience Improvement program, users can allow Microsoft to collect anonymous information about how the product is used.This information is used to improve the product in future releases.If you enable this setting, Windows Messenger will not collect usage information and the user settings to enable the collection of usage information will not be shown.If you disable this setting, Windows Messenger will collect anonymous usage information and the setting will not be shown.If you do not configure this setting, users will have the choice to opt-in and allow information to be collected. HKCU\Software\Policies\Microsoft\Messenger\Client!CEIP
Windows XP SP2 System USER Administrative Templates\System\Internet Communication Management\Internet Communication settings Turn off printing over HTTP At least Microsoft Windows XP Professional with SP2 Specifies whether to allow printing over HTTP from this client.Printing over HTTP allows a client to print to printers on the intranet as well as the Internet.Note: This setting affects the client side of Internet printing only. It does not prevent this machine from acting as an Internet Printing server and making its shared printers available via HTTP.If you enable this setting, it prevents this client from printing to Internet printers over HTTP.If you disable or do not configure this setting, users will be able to choose to print to Internet printers over HTTP.Also see the Web-based Printing setting in Computer Configuration/Administrative Templates/Printers. HKCU\Software\Policies\Microsoft\Windows NT\Printers!DisableHTTPPrinting
Windows XP SP2 System USER Administrative Templates\System\Internet Communication Management\Internet Communication settings Turn off downloading of print drivers over HTTP At least Microsoft Windows XP Professional with SP2 Specifies whether to allow this client to download print driver packages over HTTP.To set up HTTP printing, non-inbox drivers need to be downloaded over HTTP.Note: This setting does not prevent the client from printing to printers on the Intranet or the Internet over HTTP.It only prohibits downloading drivers that are not already installed locally.If you enable this setting, print drivers will not be downloaded over HTTP.If you disable this setting or do not configure it, users will be able to download print drivers over HTTP. HKCU\Software\Policies\Microsoft\Windows NT\Printers!DisableWebPnPDownload
Windows XP SP2 System USER Administrative Templates\System\Internet Communication Management\Internet Communication settings Turn off Windows Movie Maker automatic codec downloads At least Microsoft Windows XP Professional with SP2 Specifies whether Windows Movie Maker automatically downloads codecs.Windows Movie Maker can be configured so that codecs are downloaded automatically if the required codecs are not installed on the computer.If you enable this setting, Windows Movie Maker will not attempt to download missing codecs for imported audio and video files.If you disable or do not configure this setting, Windows Movie Maker might attempt to download missing codecs for imported audio and video files. HKCU\Software\Policies\Microsoft\WindowsMovieMaker!CodecDownload
Windows XP SP2 System USER Administrative Templates\System\Internet Communication Management\Internet Communication settings Turn off Windows Movie Maker online Web links At least Microsoft Windows XP Professional with SP2 Specifies whether links to Web sites are available in Windows Movie Maker. These links include the Windows Movie Maker on the Web and Privacy Statement commands that appear on the Help menu, as well as the Learn more about video filters hyperlink in the Options dialog box and the sign up now hyperlink in the The Web saving option in the Save Movie Wizard.The Windows Movie Maker on the Web command lets users go directly to the Windows Movie Maker Web site to get more information, and the Privacy Statement command lets users view information about privacy issues in respect to Windows Movie Maker. The Learn more about video filters hyperlink lets users learn more about video filters and their role in saving movies process in Windows Movie Maker.The sign up now hyperlink lets users sign up with a video hosting provider on the Web.If you enable this setting, the previously mentioned links to Web sites from Windows Movie Maker are disabled and cannot be selected.If you disable or do not configure this setting, the previously mentioned links to Web sites from Windows Movie Maker are enabled and can be selected. HKCU\Software\Policies\Microsoft\WindowsMovieMaker!WebHelp
Windows XP SP2 System USER Administrative Templates\System\Internet Communication Management\Internet Communication settings Turn off Windows Movie Maker saving to online video hosting provider At least Microsoft Windows XP Professional with SP2 Specifies whether users can send a final movie to a video hosting provider on the Web by choosing The Web saving option in the Save Movie Wizard of Windows Movie Maker.When users create a movie in Windows Movie Maker, they can choose to share it in a variety of ways through the Save Movie Wizard. The Web saving option lets users send their movies to a video hosting provider.If you enable this setting, users cannot choose The Web saving option in the Save Movie Wizard of Windows Movie Maker and cannot send a movie to a video hosting provider on the Web.If you disable or do not configure this setting, users can choose The Web saving option in the Save Movie Wizard of Windows Movie Maker and can send a movie to a video hosting provider on the Web. HKCU\Software\Policies\Microsoft\WindowsMovieMaker!WebPublish
Windows XP SP2 System USER Administrative Templates\System Turn off Windows Update device driver search prompt At least Microsoft Windows XP Professional with SP2 Specifies whether the administrator will be prompted about going to Windows Update to search for device drivers using the Internet.Note: This setting only has effect if Turn off Windows Update device driver searching in Administrative Templates/System/Internet Communication Management/Internet Communication settings is disabled or not configured.If this setting is enabled, administrators will not be prompted to search Windows Update.If this setting is disabled or not configured and Turn off Windows Update device driver searching is disabled or not configured, the administrator will be prompted for consent before going to Windows Update to search for device drivers. HKCU\Software\Policies\Microsoft\Windows\DriverSearching!DontPromptForWindowsUpdate
Windows XP SP2 System USER Administrative Templates\Windows Components\Attachment Manager Default risk level for file attachments At least Microsoft Windows XP Professional with SP2 This policy setting allows you to manage the default risk level for file types. To fully customize the risk level for file attachments, you may also need to configure the trust logic for file attachments.High Risk Ė If the attachment is in the list of high risk file types and is from the restricted zone, Windows blocks the user from accessing the file. If the file is from the Internet zone, Windows prompts the user before accessing the file.Moderate Risk - If the attachment is in the list of moderate risk file types and is from the restricted or Internet zone, Windows prompts the user before accessing the file.Low Risk - If the attachment is in the list of low risk file types, Windows will not prompt the user before accessing the file, regardless of the fileís zone information.If you enable this policy setting you can specify the default risk level for file types.If you disable this policy setting Windows sets the default risk level to moderate.If you do not configure this policy setting Windows sets the default risk level to moderate. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations!DefaultFileTypeRisk
Windows XP SP2 System USER Administrative Templates\Windows Components\Attachment Manager Inclusion list for high risk file types At least Microsoft Windows XP Professional with SP2 This policy setting allows you to configure the list of high risk file types. If the file attachment is in the list of high risk file types and is from the restricted zone, Windows blocks the user from accessing the file. If the file is from the Internet zone, Windows prompts the user before accessing the file. This inclusion list takes precedence over the Medium and Low risk inclusion lists (where an extension is listed in more than one inclusion list.)If you enable this policy setting you can create a custom list of high risk file types.If you disable this policy setting Windows uses its built in list of file types that pose a high risk.If you do not configure this policy setting Windows uses its built in list of high risk file types. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations!HighRiskFileTypes
Windows XP SP2 System USER Administrative Templates\Windows Components\Attachment Manager Inclusion list for moderate risk file types At least Microsoft Windows XP Professional with SP2 This policy setting allows you to configure the list of moderate risk file types. If the attachment is in the list of moderate risk file types and is from the restricted or Internet zone, Windows prompts the user before accessing the file. This inclusion list overrides the list of potentially high risk file types built into Windows and it takes precedence over the Low risk inclusion list but has a lower precedence than the High risk inclusion list (where an extension is listed in more than one inclusion list.)If you enable this policy setting you can specify file types which pose a moderate risk.If you disable this policy setting Windows uses its default trust logic.If you do not configure this policy setting Windows uses its default trust logic. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations!ModRiskFileTypes
Windows XP SP2 System USER Administrative Templates\Windows Components\Attachment Manager Inclusion list for low file types At least Microsoft Windows XP Professional with SP2 This policy setting allows you to configure the list of low risk file types. If the attachment is in the list of low risk file types, Windows will not prompt the user before accessing the file, regardless of the fileís zone information. This inclusion list overrides the list of high risk file types built into Windows and has a lower precedence than the High or Medium risk inclusion lists (where an extension is listed in more than one inclusion list.)If you enable this policy setting you can specify file types which pose a low risk.If you disable this policy setting Windows uses its default trust logic.If you do not configure this policy setting Windows uses its default trust logic. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations!LowRiskFileTypes
Windows XP SP2 System USER Administrative Templates\Windows Components\Attachment Manager Trust logic for file attachments At least Microsoft Windows XP Professional with SP2 This policy setting allows you to configure the logic that Windows uses to determine the risk for file attachments.Preferring the file handler instructs Windows to use the file handler data over the file type data. For example, trust notepad.exe, but donít trust .txt files.Preferring the file type instructs Windows to use the file type data over the file handler data. For example, trust .txt files, regardless of the file handler.Using both the file handler and type data is the most restrictive option. Windows chooses the more restrictive recommendation which will cause users to see more trust prompts than choosing the other options.If you enable this policy setting you can choose the order in which Windows processes risk assessment data.If you disable this policy Windows uses its default trust logic which prefers the file handler over the file type.If you do not configure this policy setting Windows uses its default trust logic which prefers the file handler over the file type. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments!UseTrustedHandlers
Windows XP SP2 System USER Administrative Templates\Windows Components\Attachment Manager Do not preserve zone information in file attachments At least Microsoft Windows XP Professional with SP2 This policy setting allows you to manage whether Windows marks file attachments with information about their zone of origin (i.e. restricted, Internet, intranet, local). This requires NTFS in order to function correctly, and will fail without notice on FAT32. By not preserving the zone information Windows cannot make proper risk assessments.If you enable this policy setting Windows does not mark file attachments with their zone information.If you disable this policy setting Windows marks file attachments with their zone information.If you do not configure this policy setting Windows marks file attachments with their zone information. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments!SaveZoneInformation
Windows XP SP2 System USER Administrative Templates\Windows Components\Attachment Manager Hide mechanisms to remove zone information At least Microsoft Windows XP Professional with SP2 This policy setting allows you to manage whether users can manually remove the zone information from saved file attachments by clicking the Unblock button in the fileís property sheet or by using a check box in the security warning dialog. Removing the zone information allows users to open potentially dangerous file attachments that Windows has blocked users from opening.If you enable this policy setting Windows hides the checkbox and Unblock button.If you disable this policy setting Windows shows the checkbox and Unblock button.If you do not configure this policy setting Windows shows the checkbox and Unblock button. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments!HideZoneInfoOnProperties
Windows XP SP2 System USER Administrative Templates\Windows Components\Attachment Manager Notify antivirus programs when opening attachments At least Microsoft Windows XP Professional with SP2 This policy setting allows you to manage the behavior for notifying registered antivirus programs. If multiple programs are registered, they will all be notified. If the registered antivirus program already performs on-access checks or scans files as they arrive on the computerís e-mail server because further calls would be redundant.†† If you enable this policy Windows tells the registered antivirus program to scan the file when a user opens a file attachment. If the antivirus program fails, the attachment is blocked from being opened.If you disable this policy Windows does not call the registered antivirus programs when file attachments are opened.If you do not configure this policy Windows does not call the registered antivirus programs when file attachments are opened. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments!ScanWithAntiVirus
Windows XP SP2 System USER Administrative Templates\Windows Components\Windows Explorer Turn off shell protocol protected mode At least Microsoft Windows XP Professional with SP2 This policy setting allows you to configure the amount of functionality that the shell protocol can have. When using the full functionality of this protocol, applications can open folders and launch files. The protected mode reduces the functionality of this protocol allowing applications to only open a limited set of folders. Applications are not able to open files with this protocol when it is in the protected mode. It is recommended to leave this protocol in the protected mode to increase the security of Windows.If you enable this policy setting the protocol is fully enabled, allowing the opening of folders and files.If you disable this policy setting the protocol is in the protected mode, allowing applications to only open a limited set of folders.If you do not configure this policy setting the protocol is in the protected mode, allowing applications to only open a limited set of folders. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!PreXPSP2ShellProtocolBehavior
Windows XP SP2 System USER Administrative Templates\Windows Components\Terminal Services\Client Do not allow passwords to be saved At least Microsoft Windows XP Professional with SP2 Controls whether a user can save passwords using a Terminal Services client.If you enable this setting the password saving checkbox in Terminal Services clients will be disabled and users will no longer be able to save passwords. When a user opens an RDP file using the Terminal Services client and saves his settings, any password that previously existed in the RDP file will be deleted.If you disable this setting or leave it not configured, the user will be able to save passwords using the Terminal Services client. HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!DisablePasswordSaving
Windows XP SP2 System USER Administrative Templates\Windows Components\Windows Update Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box At least Microsoft Windows XP Professional with SP2 This policy setting allows you to manage whether the 'Install Updates and Shut Down' option is displayed in the Shut Down Windows dialog box.If you enable this policy setting, 'Install Updates and Shut Down' will not appear as a choice in the Shut Down Windows dialog box, even if updates are available for installation when the user selects the Shut Down option in the Start menu.If you disable or do not configure this policy setting, the 'Install Updates and Shut Down' option will be available in the Shut Down Windows dialog box if updates are available when the user selects the Shut Down option in the Start menu. HKCU\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!NoAUShutdownOption
Windows XP SP2 System USER Administrative Templates\Windows Components\Windows Update Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box At least Microsoft Windows XP Professional with SP2 This policy setting allows you to manage whether the 'Install Updates and Shut Down' option is allowed to be the default choice in the Shut Down Windows dialog.If you enable this policy setting, the user's last shut down choice (Hibernate, Restart, etc.) is the default option in the Shut Down Windows dialog box, regardless of whether the 'Install Updates and Shut Down' option is available in the 'What do you want the computer to do?' list.If you disable or do not configure this policy setting, the 'Install Updates and Shut Down' option will be the default option in the Shut Down Windows dialog box if updates are available for installation at the time the user selects the Shut Down option in the Start menu.Note that this policy setting has no impact if the User Configuration\Administrative Templates\Windows Components\Windows Update\Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box policy setting is enabled. HKCU\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!NoAUAsDefaultShutdownOption
Windows XP SP2 System USER Administrative Templates\Windows Components\Windows Movie Maker Do not allow Windows Movie Maker to run At least Microsoft Windows XP Professional with SP2 Specifies whether Windows Movie Maker can run.Windows Movie Maker is a feature of the Windows XP operating system that can be used to capture, edit, and then save video as a movie to share with others.If you enable this setting, Windows Movie Maker will not run.If you disable or do not configure this setting, Windows Movie Maker can be run. HKCU\Software\Policies\Microsoft\WindowsMovieMaker!MovieMaker
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Run .NET Framework-reliant components signed with Authenticode at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute signed managed components.If you disable this policy setting, Internet Explorer will not execute signed managed components.If you do not configure this policy setting, Internet Explorer will execute signed managed components. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2001
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Run .NET Framework-reliant components not signed with Authenticode at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.If you disable this policy setting, Internet Explorer will not execute unsigned managed components.If you do not configure this policy setting, Internet Explorer will execute unsigned managed components. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2004
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Download signed ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy, users can download signed controls without user intervention. If you select Prompt in the drop-down box, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded.If you disable the policy setting, signed controls cannot be downloaded.If you do not configure this policy setting, users are queried whether to download controls signed by publishers who aren't trusted.Code signed by trusted publishers is silently downloaded. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1001
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Download unsigned ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an untrusted zone.If you enable this policy setting, users can run unsigned controls without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to allow the unsigned control to run.If you disable this policy setting, users cannot run unsigned controls.If you do not configure this policy setting, users cannot run unsigned controls. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1004
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Initialize and script ActiveX controls not marked as safe at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1201
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Run ActiveX controls and plugins at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting, controls and plug-ins can run without user intervention.If you selected Prompt in the drop-down box, users are asked to choose whether to allow the controls or plug-in to run.If you disable this policy setting, controls and plug-ins are prevented from running.If you do not configure this policy setting, controls and plug-ins can run without user intervention. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1200
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Script ActiveX controls marked safe for scripting at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting, script interaction can occur automatically without user intervention.If you select Prompt in the drop-down box, users are queried to choose whether to allow script interaction.If you disable this policy setting, script interaction is prevented from occurring.If you do not configure this policy setting, script interaction can occur automatically without user intervention. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1405
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Allow file downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download, not the zone from which the file is delivered.If you enable this policy setting, files can be downloaded from the zone.If you disable this policy setting, files are prevented from being downloaded from the zone.†† If you do not configure this policy setting, files can be downloaded from the zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1803
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Allow font downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.If you disable this policy setting, HTML fonts are prevented from downloading.If you do not configure this policy setting, HTML fonts can be downloaded automatically. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1604
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Java permissions at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage permissions for Java applets.If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually.Low Safety enables applets to perform all operations.Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.If you disable this policy setting, Java applets cannot run.If you do not configure this policy setting, the permission is set to High Safety. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1C00
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Access data sources across domains at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1406
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Allow active content over restricted protocols to access my computer at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Internet zone can run active content such as script, ActiveX, Java and Binary Behaviors. The list of restricted protocols may be set in the Internet Zone Restricted Protocols section under Network Protocol Lockdown policy.If you enable this policy setting, no Internet Zone content accessed is affected, even for protocols on the restricted list. If you select Prompt from the drop-down box, the Information Bar will appear to allow control over questionable content accessed over any restricted protocols; content over other protocols is unaffected.If you disable this policy setting, all attempts to access such content over the restricted protocols is blocked.If you do not configure this policy setting, no content is restricted. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2300
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Automatic prompting for file downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.If you enable this setting, users will receive a file download dialog for automatic download attempts.If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Information Bar instead of the file download dialog. Users can then click the Information Bar to allow the file download prompt. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2200
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Automatic prompting for ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.If you disable this policy setting, ActiveX control installations will be blocked using the Information Bar. Users can click on the Information Bar to allow the ActiveX control prompt.If you do not configure this policy setting, the userís preference will be used to determine whether to block ActiveX control installations using the Information Bar. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2201
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Allow META REFRESH at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.†† If you enable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting, can be redirected to another Web page.If you disable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting, cannot be redirected to another Web page.If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting, can be redirected to another Web page. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1608
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Allow script-initiated windows without size or position constraints at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting, Windows Restrictions security will not apply in this zone. The security zone runs without the added layer of security provided by this feature.If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process.If you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2102
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Allow binary and script behaviors at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting, binary and script behaviors are available. If you select Administrator approved in the drop-down box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available.If you disable this policy setting, binary and script behaviors are not available unless applications have implemented a custom security manager.If you do not configure this policy setting, binary and script behaviors are available. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2000
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Display mixed content at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting, and the drop-down box is set to Enable, the user does not receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure items?) and nonsecure content can be displayed.If the drop-down box is set to Prompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content.If you disable this policy setting, users cannot receive the security information message and nonsecure content cannot be displayed.If you do not configure this policy setting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1609
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Do not prompt for client certificate selection when no certificates or only one certificate exists. at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting, Internet Explorer does not prompt users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate.If you disable this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate.If you do not configure this policy setting, Internet Explorer does not prompt users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1A04
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Allow drag and drop or copy and paste files at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting, users can drag files or copy and paste files from this zone automatically. If you select Prompt in the drop-down box, users are queried to choose whether to drag or copy files from this zone.If you disable this policy setting, users are prevented from dragging files or copying and pasting files from this zone.If you do not configure this policy setting, users can drag files or copy and paste files from this zone automatically. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1802
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Allow installation of desktop items at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting, users can install desktop items from this zone automatically.If you select Prompt in the drop-down box, users are queried to choose whether to install desktop items from this zone.If you disable this policy setting, users are prevented from installing desktop items from this zone.†† If you do not configure this policy setting, users are queried to choose whether to install desktop items from this zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1800
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Launching applications and files in an IFRAME at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.†† If you enable this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone.If you disable this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in this zone.If you do not configure this policy setting, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1804
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Navigate sub-frames across different domains at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage the opening of sub-frames and access of applications across different domains.If you enable this policy setting, users can open sub-frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow sub-frames or access to applications from other domains.If you disable this policy setting, users cannot open sub-frames or access applications from different domains.If you do not configure this policy setting, users can open sub-frames from other domains and access applications from other domains. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1607
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Open files based on content, not file extension at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting, the MIME Sniffing Safety Feature will not apply in this zone. The security zone will run without the added layer of security provided by this feature.If you disable this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the feature control setting for the process.If you do not configure this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the MIME Sniffing Safety Feature control for the process. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2100
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Software channel permissions at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage software channel permissions.If you enable this policy setting, you can choose the following options from the drop-down box.Low safety to allow users to be notified of software updates by e-mail, software packages to be automatically downloaded to users' computers, and software packages to be automatically installed on users' computers.Medium safety to allow users to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' computers.High safety to prevent users from being notified of software updates by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automatically installed on users' computers.If you disable this policy setting, permissions are set to high safety.If you do not configure this policy setting, permissions are set to Medium safety. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1E05
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Submit non-encrypted form data at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting, information using HTML forms on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow information using HTML forms on pages in this zone to be submitted.If you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted.If you do not configure this policy setting, users are queried to choose whether to allow information using HTML forms on pages in this zone to be submitted. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1601
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Use Pop-up Blocker at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting, most unwanted pop-up windows are prevented from appearing.If you disable this policy setting, pop-up windows are not prevented from appearing.If you do not configure this policy setting, most unwanted pop-up windows are prevented from appearing. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1809
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Userdata persistence at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1606
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Web sites in less privileged Web content zones can navigate into this zone at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether Web sites from less privileged zones, such as Restricted Sites, can navigate into this zone.If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone.The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.If you do not configure this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2101
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Allow active scripting at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting, script code on pages in the zone can run automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow script code on pages in the zone to run.If you disable this policy setting, script code on pages in the zone is prevented from running.If you do not configure this policy setting, script code on pages in the zone can run automatically. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1400
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Allow paste operations via script at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste) in a specified region.If you enable this policy setting, a script can perform a clipboard operation.If you disable this policy setting, a script cannot perform a clipboard operation.If you do not configure this policy setting, a script can perform a clipboard operation. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1407
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Scripting of Java applets at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting, scripts can access applets automatically without user intervention.If you select Prompt in the drop-down box, users are queried to choose whether to allow scripts to access applets.If you disable this policy setting, scripts are prevented from accessing applets.If you do not configure this policy setting, scripts can access applets automatically without user intervention. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1402
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Logon options at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage settings for logon options.If you enable this policy setting, you can choose from the following logon options.Anonymous logon to disable HTTP authentication and use the guest account only for the Common Internet File System (CIFS) protocol.Prompt for user name and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder of the session.Automatic logon only in Intranet zone to query users for user IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session.Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not supported by the server, the user is queried to provide the user name and password.If you disable this policy setting, logon is set to Automatic logon only in Intranet zone.If you do not configure this policy setting, logon is set to Automatic logon only in Intranet zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1A00
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Run .NET Framework-reliant components signed with Authenticode at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute signed managed components.If you disable this policy setting, Internet Explorer will not execute signed managed components.If you do not configure this policy setting, Internet Explorer will execute signed managed components. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2001
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Run .NET Framework-reliant components not signed with Authenticode at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.If you disable this policy setting, Internet Explorer will not execute unsigned managed components.If you do not configure this policy setting, Internet Explorer will execute unsigned managed components. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2004
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Download signed ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy, users can download signed controls without user intervention. If you select Prompt in the drop-down box, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded.If you disable the policy setting, signed controls cannot be downloaded.If you do not configure this policy setting, users are queried whether to download controls signed by publishers who aren't trusted.Code signed by trusted publishers is silently downloaded. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1001
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Download unsigned ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an untrusted zone.If you enable this policy setting, users can run unsigned controls without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to allow the unsigned control to run.If you disable this policy setting, users cannot run unsigned controls.If you do not configure this policy setting, users cannot run unsigned controls. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1004
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Initialize and script ActiveX controls not marked as safe at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1201
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Run ActiveX controls and plugins at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting, controls and plug-ins can run without user intervention.If you selected Prompt in the drop-down box, users are asked to choose whether to allow the controls or plug-in to run.If you disable this policy setting, controls and plug-ins are prevented from running.If you do not configure this policy setting, controls and plug-ins can run without user intervention. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1200
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Script ActiveX controls marked safe for scripting at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting, script interaction can occur automatically without user intervention.If you select Prompt in the drop-down box, users are queried to choose whether to allow script interaction.If you disable this policy setting, script interaction is prevented from occurring.If you do not configure this policy setting, script interaction can occur automatically without user intervention. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1405
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Allow file downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download, not the zone from which the file is delivered.If you enable this policy setting, files can be downloaded from the zone.If you disable this policy setting, files are prevented from being downloaded from the zone.†† If you do not configure this policy setting, files can be downloaded from the zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1803
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Allow font downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.If you disable this policy setting, HTML fonts are prevented from downloading.If you do not configure this policy setting, HTML fonts can be downloaded automatically. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1604
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Java permissions at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage permissions for Java applets.If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually.Low Safety enables applets to perform all operations.Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.†† High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.If you disable this policy setting, Java applets cannot run.If you do not configure this policy setting, the permission is set to Medium Safety. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1C00
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Access data sources across domains at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.If you do not configure this policy setting, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1406
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Allow active content over restricted protocols to access my computer at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script, ActiveX, Java and Binary Behaviors. The list of restricted protocols may be set in the Intranet Zone Restricted Protocols section under Network Protocol Lockdown policy.If you enable this policy setting, no Intranet Zone content accessed is affected, even for protocols on the restricted list. If you select Prompt from the drop-down box, the Information Bar will appear to allow control over questionable content accessed over any restricted protocols; content over other protocols is unaffected.If you disable this policy setting, all attempts to access such content over the restricted protocols is blocked.If you do not configure this policy setting, no content is restricted. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2300
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Automatic prompting for file downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.If you enable this setting, users will receive a file download dialog for automatic download attempts.If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Information Bar instead of the file download dialog. Users can then click the Information Bar to allow the file download prompt. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2200
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Automatic prompting for ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.If you disable this policy setting, ActiveX control installations will be blocked using the Information Bar. Users can click on the Information Bar to allow the ActiveX control prompt.If you do not configure this policy setting, the userís preference will be used to determine whether to block ActiveX control installations using the Information Bar. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2201
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Allow META REFRESH at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.†† If you enable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting, can be redirected to another Web page.If you disable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting, cannot be redirected to another Web page.If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting, can be redirected to another Web page. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1608
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Allow script-initiated windows without size or position constraints at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting, Windows Restrictions security will not apply in this zone. The security zone runs without the added layer of security provided by this feature.If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process.If you do not configure this policy setting, Windows Restrictions security will not apply in this zone. The security zone runs without the added layer of security provided by this feature. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2102
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Allow binary and script behaviors at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting, binary and script behaviors are available. If you select Administrator approved in the drop-down box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available.If you disable this policy setting, binary and script behaviors are not available unless applications have implemented a custom security manager.If you do not configure this policy setting, binary and script behaviors are available. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2000
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Display mixed content at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.†† If you enable this policy setting, and the drop-down box is set to Enable, the user does not receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure items?) and nonsecure content can be displayed.If the drop-down box is set to Prompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content.If you disable this policy setting, users cannot receive the security information message and nonsecure content cannot be displayed.If you do not configure this policy setting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1609
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Do not prompt for client certificate selection when no certificates or only one certificate exists. at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting, Internet Explorer does not prompt users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate.If you disable this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate.If you do not configure this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1A04
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Allow drag and drop or copy and paste files at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting, users can drag files or copy and paste files from this zone automatically. If you select Prompt in the drop-down box, users are queried to choose whether to drag or copy files from this zone.If you disable this policy setting, users are prevented from dragging files or copying and pasting files from this zone.If you do not configure this policy setting, users can drag files or copy and paste files from this zone automatically. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1802
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Allow installation of desktop items at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting, users can install desktop items from this zone automatically.If you select Prompt in the drop-down box, users are queried to choose whether to install desktop items from this zone.If you disable this policy setting, users are prevented from installing desktop items from this zone.†† If you do not configure this policy setting, users are queried to choose whether to install desktop items from this zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1800
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Launching applications and files in an IFRAME at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.†† If you enable this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone.If you disable this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in this zone.If you do not configure this policy setting, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1804
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Navigate sub-frames across different domains at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage the opening of sub-frames and access of applications across different domains.If you enable this policy setting, users can open additional sub-frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow additional sub-frames or access to applications from other domains.If you disable this policy setting, users cannot open other sub-frames or access applications from different domains.If you do not configure this policy setting, users can open additional sub-frames from other domains and access applications from other domains. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1607
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Open files based on content, not file extension at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting, the MIME Sniffing Safety Feature will not apply in this zone. The security zone will run without the added layer of security provided by this feature.If you disable this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the feature control setting for the process.If you do not configure this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the MIME Sniffing Safety Feature control for the process. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2100
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Software channel permissions at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage software channel permissions.If you enable this policy setting, you can choose the following options from the drop-down box.Low safety to allow users to be notified of software updates by e-mail, software packages to be automatically downloaded to users' computers, and software packages to be automatically installed on users' computers.Medium safety to allow users to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' computers.High safety to prevent users from being notified of software updates by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automatically installed on users' computers.If you disable this policy setting, permissions are set to high safety.If you do not configure this policy setting, permissions are set to Medium safety. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1E05
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Submit non-encrypted form data at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting, information using HTML forms on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow information using HTML forms on pages in this zone to be submitted.If you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted.If you do not configure this policy setting, information using HTML forms on pages in this zone can be submitted automatically. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1601
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Use Pop-up Blocker at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting, most unwanted pop-up windows are prevented from appearing.If you disable this policy setting, pop-up windows are not prevented from appearing.If you do not configure this policy setting, pop-up windows are not prevented from appearing. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1809
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Userdata persistence at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1606
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Web sites in less privileged Web content zones can navigate into this zone at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.If you do not configure this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2101
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Allow active scripting at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting, script code on pages in the zone can run automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow script code on pages in the zone to run.If you disable this policy setting, script code on pages in the zone is prevented from running.If you do not configure this policy setting, script code on pages in the zone can run automatically. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1400
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Allow paste operations via script at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste) in a specified region.If you enable this policy setting, a script can perform a clipboard operation.If you disable this policy setting, a script cannot perform a clipboard operation.If you do not configure this policy setting, a script can perform a clipboard operation. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1407
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Scripting of Java applets at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting, scripts can access applets automatically without user intervention.If you select Prompt in the drop-down box, users are queried to choose whether to allow scripts to access applets.If you disable this policy setting, scripts are prevented from accessing applets.If you do not configure this policy setting, scripts can access applets automatically without user intervention. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1402
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Logon options at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage settings for logon options.If you enable this policy setting, you can choose from the following logon options.Anonymous logon to disable HTTP authentication and use the guest account only for the Common Internet File System (CIFS) protocol.Prompt for user name and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder of the session.Automatic logon only in Intranet zone to query users for user IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session.Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not supported by the server, the user is queried to provide the user name and password.If you disable this policy setting, logon is set to Automatic logon only in Intranet zone.If you do not configure this policy setting, logon is set to Automatic logon only in Intranet zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1A00
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Run .NET Framework-reliant components signed with Authenticode at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute signed managed components.If you disable this policy setting, Internet Explorer will not execute signed managed components.If you do not configure this policy setting, Internet Explorer will execute signed managed components. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2001
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Run .NET Framework-reliant components not signed with Authenticode at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.If you disable this policy setting, Internet Explorer will not execute unsigned managed components.If you do not configure this policy setting, Internet Explorer will execute unsigned managed components. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2004
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Download signed ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy, users can download signed controls without user intervention. If you select Prompt in the drop-down box, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded.If you disable the policy setting, signed controls cannot be downloaded.If you do not configure this policy setting, users can download signed controls without user intervention. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1001
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Download unsigned ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an untrusted zone.If you enable this policy setting, users can run unsigned controls without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to allow the unsigned control to run.If you disable this policy setting, users are queried to choose whether to allow the unsigned control to run. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1004
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Initialize and script ActiveX controls not marked as safe at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.If you do not configure this policy setting, users are queried whether to allow the control to be loaded with parameters or scripted.If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1201
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Run ActiveX controls and plugins at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting, controls and plug-ins can run without user intervention.If you selected Prompt in the drop-down box, users are asked to choose whether to allow the controls or plug-in to run.If you disable this policy setting, controls and plug-ins are prevented from running.If you do not configure this policy setting, controls and plug-ins can run without user intervention. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1200
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Script ActiveX controls marked safe for scripting at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting, script interaction can occur automatically without user intervention.If you select Prompt in the drop-down box, users are queried to choose whether to allow script interaction.If you disable this policy setting, script interaction is prevented from occurring.If you do not configure this policy setting, script interaction can occur automatically without user intervention. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1405
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Allow file downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download, not the zone from which the file is delivered.If you enable this policy setting, files can be downloaded from the zone.If you disable this policy setting, files are prevented from being downloaded from the zone.†† If you do not configure this policy setting, files can be downloaded from the zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1803
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Allow font downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.If you disable this policy setting, HTML fonts are prevented from downloading.If you do not configure this policy setting, HTML fonts can be downloaded automatically. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1604
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Java permissions at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage permissions for Java applets.If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually.Low Safety enables applets to perform all operations.Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.†† High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.If you disable this policy setting, Java applets cannot run.If you do not configure this policy setting, the permission is set to Low Safety. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1C00
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Access data sources across domains at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1406
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Allow active content over restricted protocols to access my computer at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Trusted Sites Zone can run active content such as script, ActiveX, Java and Binary Behaviors. The list of restricted protocols may be set in the Trusted Sites Zone Restricted Protocols section under Network Protocol Lockdown policy.If you enable this policy setting, no Trusted Sites Zone content accessed is affected, even for protocols on the restricted list. If you select Prompt from the drop-down box, the Information Bar will appear to allow control over questionable content accessed over any restricted protocols; content over other protocols is unaffected.If you disable this policy setting, all attempts to access such content over the restricted protocols is blocked.If you do not configure this policy setting, no content is restricted. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2300
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Automatic prompting for file downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.If you enable this setting, users will receive a file download dialog for automatic download attempts.If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Information Bar instead of the file download dialog. Users can then click the Information Bar to allow the file download prompt. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2200
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Automatic prompting for ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.If you disable this policy setting, ActiveX control installations will be blocked using the Information Bar. Users can click on the Information Bar to allow the ActiveX control prompt.If you do not configure this policy setting, the userís preference will be used to determine whether to block ActiveX control installations using the Information Bar. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2201
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Allow META REFRESH at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.†† If you enable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting, can be redirected to another Web page.If you disable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting, cannot be redirected to another Web page.If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting, can be redirected to another Web page. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1608
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Allow script-initiated windows without size or position constraints at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting, Windows Restrictions security will not apply in this zone. The security zone runs without the added layer of security provided by this feature.If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process.If you do not configure this policy setting, Windows Restrictions security will not apply in this zone. The security zone runs without the added layer of security provided by this feature. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2102
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Allow binary and script behaviors at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting, binary and script behaviors are available. If you select Administrator approved in the drop-down box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available.If you disable this policy setting, binary and script behaviors are not available unless applications have implemented a custom security manager.If you do not configure this policy setting, binary and script behaviors are available. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2000
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Display mixed content at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting, and the drop-down box is set to Enable, the user does not receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure items?) and nonsecure content can be displayed.If the drop-down box is set to Prompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content.If you disable this policy setting, users cannot receive the security information message and nonsecure content cannot be displayed.If you do not configure this policy setting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1609
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Do not prompt for client certificate selection when no certificates or only one certificate exists. at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting, Internet Explorer does not prompt users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate.If you disable this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate.If you do not configure this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1A04
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Allow drag and drop or copy and paste files at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting, users can drag files or copy and paste files from this zone automatically. If you select Prompt in the drop-down box, users are queried to choose whether to drag or copy files from this zone.If you disable this policy setting, users are prevented from dragging files or copying and pasting files from this zone.If you do not configure this policy setting, users can drag files or copy and paste files from this zone automatically. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1802
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Allow installation of desktop items at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting, users can install desktop items from this zone automatically.If you select Prompt in the drop-down box, users are queried to choose whether to install desktop items from this zone.If you disable this policy setting, users are prevented from installing desktop items from this zone.†† If you do not configure this policy setting, users can install desktop items from this zone automatically. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1800
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Launching applications and files in an IFRAME at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.†† If you enable this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone.If you disable this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in this zone.If you do not configure this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user intervention. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1804
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Navigate sub-frames across different domains at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage the opening of sub-frames and access of applications across different domains.If you enable this policy setting, users can open additional sub-frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow additional sub-frames or access to applications from other domains.If you disable this policy setting, users cannot open other sub-frames or access applications from different domains.If you do not configure this policy setting, users can open additional sub-frames from other domains and access applications from other domains. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1607
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Open files based on content, not file extension at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting, the MIME Sniffing Safety Feature will not apply in this zone. The security zone will run without the added layer of security provided by this feature.If you disable this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the feature control setting for the process.If you do not configure this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the MIME Sniffing Safety Feature control for the process. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2100
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Software channel permissions at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage software channel permissions.If you enable this policy setting, you can choose the following options from the drop-down box.Low safety to allow users to be notified of software updates by e-mail, software packages to be automatically downloaded to users' computers, and software packages to be automatically installed on users' computers.Medium safety to allow users to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' computers.High safety to prevent users from being notified of software updates by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automatically installed on users' computers.If you disable this policy setting, permissions are set to high safety.If you do not configure this policy setting, permissions are set to Low safety. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1E05
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Submit non-encrypted form data at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting, information using HTML forms on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow information using HTML forms on pages in this zone to be submitted.If you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted.If you do not configure this policy setting, information using HTML forms on pages in this zone can be submitted automatically. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1601
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Use Pop-up Blocker at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting, most unwanted pop-up windows are prevented from appearing.If you disable this policy setting, pop-up windows are not prevented from appearing.If you do not configure this policy setting, pop-up windows are not prevented from appearing. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1809
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Userdata persistence at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1606
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Web sites in less privileged Web content zones can navigate into this zone at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.If you do not configure this policy setting, a warning is issued to the user that potentially risky behavior is about to occur. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2101
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Allow active scripting at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting, script code on pages in the zone can run automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow script code on pages in the zone to run.If you disable this policy setting, script code on pages in the zone is prevented from running.If you do not configure this policy setting, script code on pages in the zone can run automatically. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1400
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Allow paste operations via script at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste) in a specified region.If you enable this policy setting, a script can perform a clipboard operation.If you disable this policy, a script cannot perform a clipboard operation.If you do not configure this policy setting, a script can perform a clipboard operation. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1407
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Scripting of Java applets at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting, scripts can access applets automatically without user intervention.If you select Prompt in the drop-down box, users are queried to choose whether to allow scripts to access applets.If you disable this policy setting, scripts are prevented from accessing applets.If you do not configure this policy setting, scripts can access applets automatically without user intervention. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1402
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Logon options at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage settings for logon options.If you enable this policy setting, you can choose from the following logon options.Anonymous logon to disable HTTP authentication and use the guest account only for the Common Internet File System (CIFS) protocol.Prompt for user name and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder of the session.Automatic logon only in Intranet zone to query users for user IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session.Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not supported by the server, the user is queried to provide the user name and password.If you disable this policy setting, logon is set to Automatic logon only in Intranet zone.If you do not configure this policy setting, logon is set to Automatic logon with current username and password. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1A00
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Run .NET Framework-reliant components signed with Authenticode at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute signed managed components.If you disable this policy setting, Internet Explorer will not execute signed managed components.If you do not configure this policy setting, Internet Explorer will not execute signed managed components. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2001
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Run .NET Framework-reliant components not signed with Authenticode at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.If you disable this policy setting, Internet Explorer will not execute unsigned managed components.If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2004
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Download signed ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy, users can download signed controls without user intervention. If you select Prompt in the drop-down box, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded.If you disable the policy setting, signed controls cannot be downloaded.If you do not configure this policy setting, signed controls cannot be downloaded. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1001
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Download unsigned ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an untrusted zone.If you enable this policy setting, users can run unsigned controls without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to allow the unsigned control to run.If you disable this policy setting, users cannot run unsigned controls.If you do not configure this policy setting, users cannot run unsigned controls. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1004
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Initialize and script ActiveX controls not marked as safe at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1201
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Run ActiveX controls and plugins at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting, controls and plug-ins can run without user intervention.If you selected Prompt in the drop-down box, users are asked to choose whether to allow the controls or plug-in to run.If you disable this policy setting, controls and plug-ins are prevented from running.If you do not configure this policy setting, controls and plug-ins are prevented from running. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1200
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Script ActiveX controls marked safe for scripting at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting, script interaction can occur automatically without user intervention.If you select Prompt in the drop-down box, users are queried to choose whether to allow script interaction.If you disable this policy setting, script interaction is prevented from occurring.If you do not configure this policy setting, script interaction is prevented from occurring. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1405
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Allow file downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download, not the zone from which the file is delivered.If you enable this policy setting, files can be downloaded from the zone.If you disable this policy setting, files are prevented from being downloaded from the zone.†† If you do not configure this policy setting, files are prevented from being downloaded from the zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1803
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Allow font downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.If you disable this policy setting, HTML fonts are prevented from downloading.If you do not configure this policy setting, users are queried whether to allow HTML fonts to download. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1604
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Java permissions at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage permissions for Java applets.If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually.Low Safety enables applets to perform all operations.Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.†† High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.If you disable this policy setting, Java applets cannot run.If you do not configure this policy setting, Java permissions are disabled. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1C00
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Access data sources across domains at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1406
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Allow active content over restricted protocols to access my computer at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Restricted Sites Zone can run active content such as script, ActiveX, Java and Binary Behaviors. The list of restricted protocols may be set in the Restricted Sites Zone Restricted Protocols section under Network Protocol Lockdown policy.If you enable this policy setting, no Restricted Sites Zone content accessed is affected, even for protocols on the restricted list. If you select Prompt from the drop-down box, the Information Bar will appear to allow control over questionable content accessed over any restricted protocols; content over other protocols is unaffected.If you disable this policy setting, all attempts to access such content over the restricted protocols is blocked.If you do not configure this policy setting, no content is restricted. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2300
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Automatic prompting for file downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.If you enable this setting, users will receive a file download dialog for automatic download attempts.If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Information Bar instead of the file download dialog. Users can then click the Information Bar to allow the file download prompt. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2200
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Automatic prompting for ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.If you disable this policy setting, ActiveX control installations will be blocked using the Information Bar. Users can click on the Information Bar to allow the ActiveX control prompt.If you do not configure this policy setting, the userís preference will be used to determine whether to block ActiveX control installations using the Information Bar. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2201
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Allow META REFRESH at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.†† If you enable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting, can be redirected to another Web page.If you disable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting, cannot be redirected to another Web page.If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting, cannot be redirected to another Web page. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1608
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Allow script-initiated windows without size or position constraints at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting, Windows Restrictions security will not apply in this zone. The security zone runs without the added layer of security provided by this feature.If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process.If you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2102
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Allow binary and script behaviors at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting, binary and script behaviors are available. If you select Administrator approved in the drop-down box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available.If you disable this policy setting, binary and script behaviors are not available unless applications have implemented a custom security manager.If you do not configure this policy setting, binary and script behaviors are not available unless applications have implemented a custom security manager. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2000
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Display mixed content at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting, and the drop-down box is set to Enable, the user does not receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure items?) and nonsecure content can be displayed.If the drop-down box is set to Prompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content.If you disable this policy setting, users cannot receive the security information message and nonsecure content cannot be displayed.If you do not configure this policy setting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1609
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Do not prompt for client certificate selection when no certificates or only one certificate exists. at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting, Internet Explorer does not prompt users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate.If you disable this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate.If you do not configure this policy setting, Internet Explorer does not prompt users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1A04
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Allow drag and drop or copy and paste files at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting, users can drag files or copy and paste files from this zone automatically. If you select Prompt in the drop-down box, users are queried to choose whether to drag or copy files from this zone.If you disable this policy setting, users are prevented from dragging files or copying and pasting files from this zone.If you do not configure this policy setting, users are queried to choose whether to drag or copy files from this zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1802
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Allow installation of desktop items at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting, users can install desktop items from this zone automatically.If you select Prompt in the drop-down box, users are queried to choose whether to install desktop items from this zone.If you disable this policy setting, users are prevented from installing desktop items from this zone.†† If you do not configure this policy setting, users cannot install desktop items from this zone automatically. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1800
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Launching applications and files in an IFRAME at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.†† If you enable this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone.If you disable this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in this zone.If you do not configure this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in this zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1804
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Navigate sub-frames across different domains at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage the opening of sub-frames and access of applications across different domains.If you enable this policy setting, users can open additional sub-frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow additional sub-frames or access to applications from other domains.If you disable this policy setting, users cannot open other sub-frames or access applications from different domains.If you do not configure this policy setting, users cannot open additional sub-frames from other domains and access applications from other domains. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1607
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Open files based on content, not file extension at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting, the MIME Sniffing Safety Feature will not apply in this zone. The security zone will run without the added layer of security provided by this feature.If you disable this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the feature control setting for the process.If you do not configure this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the feature control setting for the process. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2100
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Software channel permissions at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage software channel permissions.If you enable this policy setting, you can choose the following options from the drop-down box.Low safety to allow users to be notified of software updates by e-mail, software packages to be automatically downloaded to users' computers, and software packages to be automatically installed on users' computers.Medium safety to allow users to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' computers.High safety to prevent users from being notified of software updates by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automatically installed on users' computers.If you disable this policy setting, permissions are set to high safety.If you do not configure this policy setting, permissions are set High safety. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1E05
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Submit non-encrypted form data at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting, information using HTML forms on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow information using HTML forms on pages in this zone to be submitted.If you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted.If you do not configure this policy setting, users are queried to choose whether to allow information using HTML forms on pages in this zone to be submitted. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1601
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Use Pop-up Blocker at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting, most unwanted pop-up windows are prevented from appearing.If you disable this policy setting, pop-up windows are not prevented from appearing.If you do not configure this policy setting, most unwanted pop-up windows are prevented from appearing. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1809
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Userdata persistence at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1606
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Web sites in less privileged Web content zones can navigate into this zone at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether Web sites from less privileged zones, which could only be custom zones, can navigate into this zone.If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2101
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Allow active scripting at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting, script code on pages in the zone can run automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow script code on pages in the zone to run.If you disable this policy setting, script code on pages in the zone is prevented from running.If you do not configure this policy setting, script code on pages in the zone is prevented from running. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1400
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Allow paste operations via script at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste) in a specified region.If you enable this policy setting, a script can perform a clipboard operation.If you disable this policy setting, a script cannot perform a clipboard operation.If you do not configure this policy setting, a script cannot perform a clipboard operation. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1407
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Scripting of Java applets at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting, scripts can access applets automatically without user intervention.If you select Prompt in the drop-down box, users are queried to choose whether to allow scripts to access applets.If you disable this policy setting, scripts are prevented from accessing applets.If you do not configure this policy setting, scripts cannot access applets automatically without user intervention. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1402
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Logon options at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage settings for logon options.If you enable this policy setting, you can choose from the following logon options:Anonymous logon to disable HTTP authentication and use the guest account only for the Common Internet File System (CIFS) protocol.Prompt for user name and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder of the session.Automatic logon only in Intranet zone to query users for user IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session.Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not supported by the server, the user is queried to provide the user name and password.If you disable this policy setting, logon is set to Automatic logon only in Intranet zone.If you do not configure this policy setting, logon is set to Prompt for user name and password. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1A00
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Run .NET Framework-reliant components signed with Authenticode at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute signed managed components.If you disable this policy setting, Internet Explorer will not execute signed managed components.If you do not configure this policy setting, Internet Explorer will not execute signed managed components. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2001
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Run .NET Framework-reliant components not signed with Authenticode at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.If you disable this policy setting, Internet Explorer will not execute unsigned managed components.If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2004
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Download signed ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.†† If you enable this policy, users can download signed controls without user intervention. If you select Prompt in the drop-down box, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded.If you disable the policy setting, signed controls cannot be downloaded.If you do not configure this policy setting, users can download signed controls without user intervention. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1001
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Download unsigned ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an untrusted zone.If you enable this policy setting, users can run unsigned controls without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to allow the unsigned control to run.If you disable this policy setting, users cannot run unsigned controls.If you do not configure this policy setting, users can run unsigned controls without user intervention. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1004
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Initialize and script ActiveX controls not marked as safe at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.If you do not configure this policy setting, users are queried whether to allow the control to be loaded with parameters or scripted.If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1201
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Run ActiveX controls and plugins at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting, controls and plug-ins can run without user intervention.If you selected Prompt in the drop-down box, users are asked to choose whether to allow the controls or plug-in to run.If you disable this policy setting, controls and plug-ins are prevented from running.If you do not configure this policy setting, controls and plug-ins can run without user intervention. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1200
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Script ActiveX controls marked safe for scripting at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting, script interaction can occur automatically without user intervention.If you select Prompt in the drop-down box, users are queried to choose whether to allow script interaction.If you disable this policy setting, script interaction is prevented from occurring.If you do not configure this policy setting, script interaction can occur automatically without user intervention. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1405
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Allow file downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download, not the zone from which the file is delivered.If you enable this policy setting, files can be downloaded from the zone.If you disable this policy setting, files are prevented from being downloaded from the zone.†† If you do not configure this policy setting, files can be downloaded from the zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1803
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Allow font downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.If you disable this policy setting, HTML fonts are prevented from downloading.If you do not configure this policy setting, HTML fonts can be downloaded automatically. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1604
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Java permissions at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage permissions for Java applets.If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually.Low Safety enables applets to perform all operations.Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.†† High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.If you disable this policy setting, Java applets cannot run.If you do not configure this policy setting, the permission is set to Medium Safety. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1C00
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Access data sources across domains at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1406
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Allow active content over restricted protocols to access my computer at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Local Machine Zone can run active content such as script, ActiveX, Java and Binary Behaviors. The list of restricted protocols may be set in the Local Machine Zone Restricted Protocols section under Network Protocol Lockdown policy.If you enable this policy setting, no Local Machine Zone content accessed is affected, even for protocols on the restricted list. If you select Prompt from the drop-down box, the Information Bar will appear to allow control over questionable content accessed over any restricted protocols; content over other protocols is unaffected.If you disable this policy setting, all attempts to access such content over the restricted protocols is blocked.If you do not configure this policy setting, no content is restricted. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2300
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Automatic prompting for file downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.If you enable this setting, users will receive a file download dialog for automatic download attempts.If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Information Bar instead of the file download dialog. Users can then click the Information Bar to allow the file download prompt. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2200
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Automatic prompting for ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.If you disable this policy setting, ActiveX control installations will be blocked using the Information Bar. Users can click on the Information Bar to allow the ActiveX control prompt.If you do not configure this policy setting, the userís preference will be used to determine whether to block ActiveX control installations using the Information Bar. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2201
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Allow META REFRESH at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.†† If you enable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting, can be redirected to another Web page.If you disable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting, cannot be redirected to another Web page.If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting, can be redirected to another Web page. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1608
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Allow script-initiated windows without size or position constraints at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting, Windows Restrictions security will not apply in this zone. The security zone runs without the added layer of security provided by this feature.If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process.If you do not configure this policy setting, Windows Restrictions security will not apply in this zone. The security zone runs without the added layer of security provided by this feature. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2102
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Allow binary and script behaviors at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting, binary and script behaviors are available. If you select Administrator approved in the drop-down box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available.If you disable this policy setting, binary and script behaviors are not available unless applications have implemented a custom security manager.If you do not configure this policy setting, binary and script behaviors are available. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2000
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Display mixed content at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting, and the drop-down box is set to Enable, the user does not receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure items?) and nonsecure content can be displayed.If the drop-down box is set to Prompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content.If you disable this policy setting, users cannot receive the security information message and nonsecure content cannot be displayed.If you do not configure this policy setting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1609
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Do not prompt for client certificate selection when no certificates or only one certificate exists. at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting, Internet Explorer does not prompt users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate.If you disable this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate.If you do not configure this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1A04
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Allow drag and drop or copy and paste files at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting, users can drag files or copy and paste files from this zone automatically. If you select Prompt in the drop-down box, users are queried to choose whether to drag or copy files from this zone.If you disable this policy setting, users are prevented from dragging files or copying and pasting files from this zone.If you do not configure this policy setting, users can drag files or copy and paste files from this zone automatically. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1802
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Allow installation of desktop items at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting, users can install desktop items from this zone automatically.If you select Prompt in the drop-down box, users are queried to choose whether to install desktop items from this zone.If you disable this policy setting, users are prevented from installing desktop items from this zone.†† If you do not configure this policy setting, users can install desktop items from this zone automatically. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1800
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Launching applications and files in an IFRAME at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.†† If you enable this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone.If you disable this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in this zone.If you do not configure this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user intervention. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1804
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Navigate sub-frames across different domains at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage the opening of sub-frames and access of applications across different domains.If you enable this policy setting, users can open additional sub-frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow additional sub-frames or access to applications from other domains.If you disable this policy setting, users cannot open other sub-frames or access applications from different domains.If you do not configure this policy setting, users can open additional sub-frames from other domains and access applications from other domains. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1607
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Open files based on content, not file extension at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting, the MIME Sniffing Safety Feature will not apply in this zone. The security zone will run without the added layer of security provided by this feature.If you disable this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the feature control setting for the process.If you do not configure this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the feature control setting for the process. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2100
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Software channel permissions at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage software channel permissions.If you enable this policy setting, you can choose the following options from the drop-down box.Low safety to allow users to be notified of software updates by e-mail, software packages to be automatically downloaded to users' computers, and software packages to be automatically installed on users' computers.Medium safety to allow users to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' computers.High safety to prevent users from being notified of software updates by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automatically installed on users' computers.If you disable this policy setting, permissions are set to high safety.If you do not configure this policy setting, permissions are set to Low safety. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1E05
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Submit non-encrypted form data at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting, information using HTML forms on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow information using HTML forms on pages in this zone to be submitted.If you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted.If you do not configure this policy setting, information using HTML forms on pages in this zone can be submitted automatically. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1601
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Use Pop-up Blocker at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting, most unwanted pop-up windows are prevented from appearing.If you disable this policy setting, pop-up windows are not prevented from appearing.If you do not configure this policy setting, pop-up windows are not prevented from appearing. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1809
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Userdata persistence at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1606
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Web sites in less privileged Web content zones can navigate into this zone at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2101
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Allow active scripting at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting, script code on pages in the zone can run automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow script code on pages in the zone to run.If you disable this policy setting, script code on pages in the zone is prevented from running.If you do not configure this policy setting, script code on pages in the zone can run automatically. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1400
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Allow paste operations via script at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste) in a specified region.If you enable this policy setting, a script can perform a clipboard operation.If you disable this policy setting, a script cannot perform a clipboard operation.If you do not configure this policy setting, a script can perform a clipboard operation. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1407
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Scripting of Java applets at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting, scripts can access applets automatically without user intervention.If you select Prompt in the drop-down box, users are queried to choose whether to allow scripts to access applets.If you disable this policy setting, scripts are prevented from accessing applets.If you do not configure this policy setting, scripts can access applets automatically without user intervention. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1402
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Logon options at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage settings for logon options.If you enable this policy setting, you can choose from the following logon options.Anonymous logon to disable HTTP authentication and use the guest account only for the Common Internet File System (CIFS) protocol.Prompt for user name and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder of the session.Automatic logon only in Intranet zone to query users for user IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session.Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not supported by the server, the user is queried to provide the user name and password.If you disable this policy setting, logon is set to Automatic logon only in Intranet zone.If you do not configure this policy setting, logon is set to Automatic logon with current username and password. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1A00
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Run .NET Framework-reliant components signed with Authenticode at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute signed managed components.If you disable this policy setting, Internet Explorer will not execute signed managed components.If you do not configure this policy setting, Internet Explorer will not execute signed managed components. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2001
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Run .NET Framework-reliant components not signed with Authenticode at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.If you disable this policy setting, Internet Explorer will not execute unsigned managed components.If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2004
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Download signed ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy, users can download signed controls without user intervention. If you select Prompt in the drop-down box, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded.If you disable the policy setting, signed controls cannot be downloaded.If you do not configure this policy setting, users are queried whether to download controls signed by publishers who aren't trusted.Code signed by trusted publishers is silently downloaded. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1001
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Download unsigned ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an untrusted zone.If you enable this policy setting, users can run unsigned controls without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to allow the unsigned control to run.If you disable this policy setting, users cannot run unsigned controls.If you do not configure this policy setting, users cannot run unsigned controls. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1004
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Initialize and script ActiveX controls not marked as safe at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1201
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Run ActiveX controls and plugins at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the Local Machine zone.If you enable this policy setting, controls and plug-ins can run without user intervention.If you selected Prompt in the drop-down box, users are asked to choose whether to allow the controls or plug-in to run.If you disable this policy setting, controls and plug-ins are prevented from running.If you do not configure this policy setting, controls and plug-ins are prevented from running. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1200
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Script ActiveX controls marked safe for scripting at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting, script interaction can occur automatically without user intervention.If you select Prompt in the drop-down box, users are queried to choose whether to allow script interaction.If you disable this policy setting, script interaction is prevented from occurring.If you do not configure this policy setting, script interaction can occur automatically without user intervention. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1405
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Allow file downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether file downloads are permitted from the Local Machine zone. This option is determined by the zone of the page with the link causing the download, not the zone from which the file is delivered.If you enable this policy setting, files can be downloaded from the zone.If you disable this policy setting, files are prevented from being downloaded from the zone.†† If you do not configure this policy setting, files can be downloaded from the zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1803
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Allow font downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.If you disable this policy setting, HTML fonts are prevented from downloading.If you do not configure this policy setting, HTML fonts can be downloaded automatically. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1604
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Java permissions at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage permissions for Java applets.If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually.Low Safety enables applets to perform all operations.Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.†† High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.If you disable this policy setting, Java applets cannot run.If you do not configure this policy setting, the permission is set to High Safety. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1C00
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Access data sources across domains at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.If you do not configure this policy setting, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1406
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Automatic prompting for file downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.If you enable this setting, users will receive a file download dialog for automatic download attempts.If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Information Bar instead of the file download dialog. Users can then click the Information Bar to allow the file download prompt. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2200
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Automatic prompting for ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.If you disable this policy setting, ActiveX control installations will be blocked using the Information Bar. Users can click on the Information Bar to allow the ActiveX control prompt.If you do not configure this policy setting, the userís preference will be used to determine whether to block ActiveX control installations using the Information Bar. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2201
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Allow META REFRESH at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.†† If you enable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting, can be redirected to another Web page.If you disable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting, cannot be redirected to another Web page.If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting, can be redirected to another Web page. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1608
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Allow script-initiated windows without size or position constraints at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting, Windows Restrictions security will not apply in the Local Machine zone. The security zone runs without the added layer of security provided by this feature.If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in the Local Machine zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process.If you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in the Local Machine zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2102
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Allow binary and script behaviors at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting, binary and script behaviors are available. If you select Administrator approved in the drop-down box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available.If you disable this policy setting, binary and script behaviors are not available unless applications have implemented a custom security manager.If you do not configure this policy setting, binary and script behaviors are not available unless applications have implemented a custom security manager. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2000
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Display mixed content at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting, and the drop-down box is set to Enable, the user does not receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure items?) and nonsecure content can be displayed.If the drop-down box is set to Prompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content.If you disable this policy setting, users cannot receive the security information message and nonsecure content cannot be displayed.If you do not configure this policy setting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1609
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Do not prompt for client certificate selection when no certificates or only one certificate exists. at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting, Internet Explorer does not prompt users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate.If you disable this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate.If you do not configure this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1A04
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Allow drag and drop or copy and paste files at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the Local Machine zone.If you enable this policy setting, users can drag files or copy and paste files from the Local Machine zone automatically. If you select Prompt in the drop-down box, users are queried to choose whether to drag or copy files from the Local Machine zone.If you disable this policy setting, users are prevented from dragging files or copying and pasting files from the Local Machine zone.If you do not configure this policy setting, users can drag files or copy and paste files from the Local machine zone automatically. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1802
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Allow installation of desktop items at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users can install Active Desktop items from the Local Machine zone. The settings for this option are: If you enable this policy setting, users can install desktop items from the Local Machine zone automatically.If you select Prompt in the drop-down box, users are queried to choose whether to install desktop items from the Local Machine zone.If you disable this policy setting, users are prevented from installing desktop items from the Local Machine zone.†† If you do not configure this policy setting, users are queried to choose whether to install desktop items from the Local Machine zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1800
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Launching applications and files in an IFRAME at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.†† If you enable this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone.If you disable this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in this zone.If you do not configure this policy setting, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1804
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Navigate sub-frames across different domains at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage the opening of sub-frames and access of applications across different domains.If you enable this policy setting, users can open additional sub-frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow additional sub-frames or access to applications from other domains.If you disable this policy setting, users cannot open other sub-frames or access applications from different domains.If you do not configure this policy setting, users can open additional sub-frames from other domains and access applications from other domains. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1607
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Open files based on content, not file extension at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting, the MIME Sniffing Safety Feature will not apply in the Local Machine zone. The security zone will run without the added layer of security provided by this feature.If you disable this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in the Local Machine zone, as dictated by the feature control setting for the process.If you do not configure this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in the Local Machine zone, as dictated by the feature control setting for the process. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2100
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Software channel permissions at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage software channel permissions.If you enable this policy setting, you can choose the following options from the drop-down box.Low safety to allow users to be notified of software updates by e-mail, software packages to be automatically downloaded to users' computers, and software packages to be automatically installed on users' computers.Medium safety to allow users to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' computers.High safety to prevent users from being notified of software updates by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automatically installed on users' computers.If you disable this policy setting, permissions are set to high safety.If you do not configure this policy setting, permissions are set to Medium safety. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1E05
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Submit non-encrypted form data at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether data on HTML forms on pages in the Local Machine zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting, information using HTML forms on pages in the Local Machine zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow information using HTML forms on pages in the Local Machine zone to be submitted.If you disable this policy setting, information using HTML forms on pages in the Local Machine zone is prevented from being submitted.If you do not configure this policy setting, information using HTML forms on pages in the Local Machine zone can be submitted automatically. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1601
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Use Pop-up Blocker at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting, most unwanted pop-up windows are prevented from appearing.If you disable this policy setting, pop-up windows are not prevented from appearing.If you do not configure this policy setting, most unwanted pop-up windows are prevented from appearing. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1809
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Userdata persistence at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1606
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Web sites in less privileged Web content zones can navigate into this zone at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate to the Local Machine zone.If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, the Local Machine zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in the Local Machine zone as set by Protection from Zone Elevation feature control.If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in the Local Machine zone as set by Protection from Zone Elevation feature control. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2101
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Allow active scripting at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether script code on pages in the Local Machine zone is run.If you enable this policy setting, script code on pages in the Local Machine zone can run automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow script code on pages in the Local Machine zone to run.If you disable this policy setting, script code on pages in the Local Machine zone is prevented from running.If you do not configure this policy setting, script code on pages in the Local Machine zone can run automatically. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1400
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Allow paste operations via script at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste) in a specified region.If you enable this policy setting, a script can perform a clipboard operation.If you disable this policy, a script cannot perform a clipboard operation.If you do not configure this policy setting, a script can perform a clipboard operation. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1407
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Scripting of Java applets at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting, scripts can access applets automatically without user intervention.If you select Prompt in the drop-down box, users are queried to choose whether to allow scripts to access applets.If you disable this policy setting, scripts are prevented from accessing applets.If you do not configure this policy setting, scripts can access applets automatically without user intervention. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1402
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Logon options at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage settings for logon options.If you enable this policy setting, you can choose from the following logon options:Anonymous logon to disable HTTP authentication and use the guest account only for the Common Internet File System (CIFS) protocol.Prompt for user name and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder of the session.Automatic logon only in Intranet zone to query users for user IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session.Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not supported by the server, the user is queried to provide the user name and password.If you disable this policy setting, logon is set to Automatic logon only in Intranet zone.If you do not configure this policy setting, logon is set to Automatic logon only in Intranet zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1A00
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page Site to Zone Assignment List at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage a list of sites that you want to associate with a particular security zone. These zone numbers have associated security settings that apply to all of the sites in the zone.Internet Explorer has 4 security zones, numbered 1-4, and these are used by this policy setting to associate sites to zones. They are: (1) Intranet zone, (2) Trusted Sites zone, (3) Internet zone, and (4) Restricted Sites zone. Security settings can be set for each of these zones through other policy settings, and their default settings are: Trusted Sites zone (Low template), Intranet zone (Medium-Low template), Internet zone (Medium template), and Restricted Sites zone (High template). (The Local Machine zone and its locked down equivalent have special security settings that protect your local computer.)If you enable this policy setting, you can enter a list of sites and their related zone numbers. The association of a site with a zone will ensure that the security settings for the specified zone are applied to the site.  For each entry that you add to the list, enter the following information:Valuename Ė A host for an intranet site, or a fully qualified domain name for other sites. The valuename may also include a specific protocol. For example, if you enter http://www.contoso.com as the valuename, other protocols are not affected. If you enter just www.contoso.com, then all protocols are affected for that site, including http, https, ftp, and so on. The site may also be expressed as an IP address (e.g., 127.0.0.1) or range (e.g., 127.0.0.1-10). To avoid creating conflicting policies, do not include additional characters after the domain such as trailing slashes or URL path. For example, policy settings for www.contoso.com and www.contoso.com/mail would be treated as the same policy setting by Internet Explorer, and would therefore be in conflict.Value - A number indicating the zone with which this site should be associated for security settings. The Internet Explorer zones described above are 1-4.If you disable this policy setting, any such list is deleted and no site-to-zone assignments are permitted.If this policy is not configured, users may choose their own site-to-zone assignments. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!ListBox_Support_ZoneMapKey
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page Intranet Sites: Include all local (intranet) sites not listed in other zones at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting controls whether local sites which are not explicitly mapped into any Security Zone are forced into the local Intranet security zone.If you enable this policy setting, local sites which are not explicitly mapped into a zone are considered to be in the Intranet Zone.If you disable this policy setting, local sites which are not explicitly mapped into a zone will not be considered to be in the Intranet Zone (so would typically be in the Internet Zone).If you do not configure this policy setting, users choose whether to force local sites into the Intranet Zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap!IntranetName
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page Intranet Sites: Include all sites that bypass the proxy server at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting controls whether sites which bypass the proxy server are mapped into the local Intranet security zone.If you enable this policy setting, sites which bypass the proxy server are mapped into the Intranet Zone.If you disable this policy setting, sites which bypass the proxy server aren't necessarily mapped into the Intranet Zone (other rules might map one there).If you do not configure this policy setting, users choose whether sites which bypass the proxy server are mapped into the Intranet Zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap!ProxyByPass
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page Intranet Sites: Include all network paths (UNCs) at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting controls whether URLs representing UNCs are mapped into the local Intranet security zone.If you enable this policy setting, all network paths are mapped into the Intranet Zone.If you disable this policy setting, network paths are not necessarily mapped into the Intranet Zone (other rules might map one there).If you do not configure this policy setting, users choose whether network paths are mapped into the Intranet Zone. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap!UNCAsIntranet
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page Internet Zone Template at least Internet Explorer v6.0 in Windows XP Service Pack 2 This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.†† If you disable this template policy setting, no security level is configured.If you do not configure this template policy setting, no security level is configured.Note. Local Machine Zone Lockdown Security operates by comparing the settings in the Local Machine Zone against those in the Locked-Down Local Machine Zone. If you select a security level for one of these zones (including selecting no security), the same change should be made to the other zone.Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Template Policies!InternetZoneTemplate, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Template Policies!Internet, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2300, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2300, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2300, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2300, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2300
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page Intranet Zone Template at least Internet Explorer v6.0 in Windows XP Service Pack 2 This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.†† If you disable this template policy setting, no security level is configured.If you do not configure this template policy setting, no security level is configured.Note. Local Machine Zone Lockdown Security operates by comparing the settings in the Local Machine Zone against those in the Locked-Down Local Machine Zone. If you select a security level for one of these zones (including selecting no security), the same change should be made to the other zone.Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Intranet Settings\Template Policies!IntranetZoneTemplate, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Intranet Settings\Template Policies!Intranet, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2300, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2300, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2300, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2300, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2300
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page Trusted Sites Zone Template at least Internet Explorer v6.0 in Windows XP Service Pack 2 This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.†† If you disable this template policy setting, no security level is configured.If you do not configure this template policy setting, no security level is configured.Note. Local Machine Zone Lockdown Security operates by comparing the settings in the Local Machine Zone against those in the Locked-Down Local Machine Zone. If you select a security level for one of these zones (including selecting no security), the same change should be made to the other zone.Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Trusted Sites Settings\Template Policies!TrustedSitesZoneTemplate, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Trusted Sites Settings\Template Policies!Trusted Sites, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2300, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2300, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2300, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2300, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2300
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page Restricted Sites Zone Template at least Internet Explorer v6.0 in Windows XP Service Pack 2 This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.†† If you disable this template policy setting, no security level is configured.If you do not configure this template policy setting, no security level is configured.Note. Local Machine Zone Lockdown Security operates by comparing the settings in the Local Machine Zone against those in the Locked-Down Local Machine Zone. If you select a security level for one of these zones (including selecting no security), the same change should be made to the other zone.Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Restricted Sites Settings\Template Policies!RestrictedSitesZoneTemplate, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Restricted Sites Settings\Template Policies!Restricted Sites, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2300, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2300, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2300, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2300, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2300
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page Local Machine Zone Template at least Internet Explorer v6.0 in Windows XP Service Pack 2 This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.†† If you disable this template policy setting, no security level is configured.If you do not configure this template policy setting, no security level is configured.Note. Local Machine Zone Lockdown Security operates by comparing the settings in the Local Machine Zone against those in the Locked-Down Local Machine Zone. If you select a security level for one of these zones (including selecting no security), the same change should be made to the other zone.Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Local Machine Zone Settings\Template Policies!LocalMachineZoneTemplate, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Local Machine Zone Settings\Template Policies!Local Machine Zone, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2300, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2300, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2300, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2300, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2300
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page at least Internet Explorer v6.0 in Windows XP Service Pack 2 This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.†† If you disable this template policy setting, no security level is configured.If you do not configure this template policy setting, no security level is configured.Note. Local Machine Zone Lockdown Security operates by comparing the settings in the Local Machine Zone against those in the Locked-Down Local Machine Zone. If you select a security level for one of these zones (including selecting no security), the same change should be made to the other zone.Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Local Machine Zone Lockdown Settings\Template Policies!LocalMachineZoneLockdownTemplate, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Local Machine Zone Lockdown Settings\Template Policies!Locked-Down Local Machine Zone, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2201
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page Allow software to run or install even if the signature is invalid at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether software, such as ActiveX controls and file downloads, can be installed or run by the user even though the signature is invalid. An invalid signature might indicate that someone has tampered with the file.If you enable this policy setting, users will be prompted to install or run files with an invalid signature.If you disable this policy setting, users cannot run or install files with an invalid signature.If you do not configure this policy, users can choose to run or install files with an invalid signature. HKCU\Software\Policies\Microsoft\Internet Explorer\Download!RunInvalidSignatures
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page Allow active content from CDs to run on user machines at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users receive a dialog requesting permission for active content on a CD to run.If you enable this policy setting, active content on a CD will run without a prompt.If you disable this policy setting, active content on a CD will always prompt before running.If you do not configure this policy, users can choose whether to be prompted before running active content on a CD. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Settings!LOCALMACHINE_CD_UNLOCK
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer Turn off pop-up management at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage pop-up management functionality in Internet Explorer.If you enable this policy setting, the Control Panel information relating to pop-up management will be unavailable (grayed out) and all other pop-up manager controls, notifications, and dialog boxes will not appear. Pop-up windows will continue to function as they did in Windows XP Service Pack 1 or earlier, although windows launched off screen will continue to be re-positioned onscreen.If you disable or do not configure this policy setting, the popup management feature will be functional. HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoPopupManagement
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer Pop-up allow list at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage a list of web sites that will be allowed to open pop-up windows regardless of the Internet Explorer process's Pop-Up Blocker settings.If you enable this policy setting, you can enter a list of sites which will be allowed to open pop-up windows regardless of user settings. Users will not be able to view or edit this list of sites. Only the domain name is allowed, so www.contoso.com is valid, but not http://www.contoso.com. Wildcards are allowed, so *.contoso.com is also valid.If you disable this policy setting, the list is deleted and users may not create their own lists of sites.If this policy is not configured, users will be able to view and edit their own lists of sites. HKCU\Software\Policies\Microsoft\Internet Explorer\New Windows!ListBox_Support_Allow
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer Turn off Crash Detection at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage the crash detection feature of add-on Management.If you enable this policy setting, a crash in Internet Explorer will exhibit behavior found in Windows XP Professional Service Pack 1 and earlier, namely to invoke Windows Error Reporting. All policy settings for Windows Error Reporting continue to apply.If you disable or do not configure this policy setting, the crash detection feature for add-on management will be functional. HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoCrashDetection
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer Do not allow users to enable or disable add-ons at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users have the ability to allow or deny add-ons through Add-On Manager.If you enable this policy setting, users cannot enable or disable add-ons through Add-On Manager. The only exception occurs if an add-on has been specifically entered into the 'Add-On List' policy setting in such a way as to allow users to continue to manage the add-on. In this case, the user can still manage the add-on through the Add-On Manager.If you disable or do not configure this policy setting, the appropriate controls in the Add-On Manager will be available to the user. HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoExtensionManagement
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Binary Behavior Security Restriction Internet Explorer Processes at least Internet Explorer v6.0 in Windows XP Service Pack 2 Internet Explorer contains dynamic binary behaviors: components that encapsulate specific functionality for the HTML elements to which they are attached. This policy setting controls whether the Binary Behavior Security Restriction setting is prevented or allowed.If you enable this policy setting, binary behaviors are prevented for the Windows Explorer and Internet Explorer processes.If you disable this policy setting, binary behaviors are allowed for the Windows Explorer and Internet Explorer processes.If you do not configure this policy setting, binary behaviors are prevented for the Windows Explorer and Internet Explorer processes. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!(Reserved), HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!explorer.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!iexplore.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!(Reserved), HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!explorer.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!iexplore.exe
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Binary Behavior Security Restriction Process List at least Internet Explorer v6.0 in Windows XP Service Pack 2 Internet Explorer contains dynamic binary behaviors: components that encapsulate specific functionality for the HTML elements to which they are attached. This policy setting controls whether the Binary Behavior Security Restriction settingis prevented or allowed.†† This policy setting allows administrators to define applications for which they want this security feature to be prevented or allowed.If you enable this policy setting and enter a Value of 1 binary behaviors are prevented. If you enter a Value of 0 binary behaviors are allowed. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.If you disable or do not configure this policy setting, the security feature is allowed.†† HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_BEHAVIORS
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Binary Behavior Security Restriction All Processes at least Internet Explorer v6.0 in Windows XP Service Pack 2 Internet Explorer contains dynamic binary behaviors: components that encapsulate specific functionality for the HTML elements to which they are attached. This policy setting controls whether the Binary Behavior Security Restriction setting is prevented or allowed.If you enable this policy setting, binary behaviors are prevented for all processes. Any use of binary behaviors for HTML rendering is blocked.If you disable or do not configure this policy setting, binary behaviors are allowed for all processes. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!*
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Binary Behavior Security Restriction Admin-approved behaviors at least Internet Explorer v6.0 in Windows XP Service Pack 2 For each zone, the Binary and Scripted Behavior security restrictions may be configured to allow only a list of admin-approved behaviors. This list may be configured here, and applies to all processes which have opted in to the behavior, and to all zones. (Behaviors are components that encapsulate specific functionality or behavior on a page.)If you enable this policy setting, this sets the list of behaviors permitted in each zone for which Script and Binary Behaviors is set to 'admin-approved'. Behaviors must be entered in #package#behavior notation, e.g., #default#vml.If you disable this policy setting, no behaviors will be allowed in zones set to 'admin-approved', just as if those zones were set to 'disable'.If you do not configure this policy setting, only VML will be allowed in zones set to 'admin-approved'.Note.If this policy is set in both Computer Configuration and User Configuration, both lists of behaviors will be allowed as appropriate. HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!ListBox_Support_AllowedBehaviors
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Security Features\MK Protocol Security Restriction Internet Explorer Processes at least Internet Explorer v6.0 in Windows XP Service Pack 2 The MK Protocol Security Restriction policy setting reduces attack surface area by preventing the MK protocol. Resources hosted on the MK protocol will fail.If you enable this policy setting, the MK Protocol is prevented for Windows Explorer and Internet Explorer, and resources hosted on the MK protocol will fail.If you disable this policy setting, applications can use the MK protocol API. Resources hosted on the MK protocol will work for the Windows Explorer and Internet Explorer processes.If you do not configure this policy setting, the MK Protocol is prevented for Windows Explorer and Internet Explorer, and resources hosted on the MK protocol will fail. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!(Reserved), HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!explorer.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!iexplore.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!(Reserved), HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!explorer.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!iexplore.exe
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Security Features\MK Protocol Security Restriction Process List at least Internet Explorer v6.0 in Windows XP Service Pack 2 The MK Protocol Security Restriction policy setting reduces attack surface area by preventing the MK protocol. Resources hosted on the MK protocol will fail.This policy setting allows administrators to define applications for which they want this security feature to be prevented or allowed.†† If you enable this policy setting and enter a Value of 1, use of the MK protocol is prevented. If you enter a Value of 0, use of the MK protocol is allowed. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.†† If you disable or do not configure this policy setting, the policy setting is ignored.†† HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_DISABLE_MK_PROTOCOL
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Security Features\MK Protocol Security Restriction All Processes at least Internet Explorer v6.0 in Windows XP Service Pack 2 The MK Protocol Security Restriction policy setting reduces attack surface area by preventing the MK protocol. Resources hosted on the MK protocol will fail.If you enable this policy setting, the MK Protocol is disabled for all processes. Any use of the MK Protocol is blocked.If you disable or do not configure this policy setting, the MK Protocol is enabled. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!*
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Local Machine Zone Lockdown Security Internet Explorer Processes at least Internet Explorer v6.0 in Windows XP Service Pack 2 Internet Explorer places zone restrictions on each Web page it opens, which are dependent upon the location of the Web page (Internet, Intranet, Local Machine zone, etc.). Web pages on the local computer have the fewest security restrictions and reside in the Local Machine zone.Local Machine zone security applies to all local files and content processed by Internet Explorer. This feature helps to mitigate attacks where the Local Machine zone is used as an attack vector to load malicious HTML code.If you enable this policy setting, the Local Machine zone security applies to all local files and content processed by Internet Explorer.If you disable this policy setting, Local Machine zone security is not applied to local files or content processed by Internet Explorer.If you do not configure this policy setting, the Local Machine zone security applies to all local files and content processed by Internet Explorer. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!(Reserved), HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!explorer.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!iexplore.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!(Reserved), HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!explorer.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!iexplore.exe
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Local Machine Zone Lockdown Security Process List at least Internet Explorer v6.0 in Windows XP Service Pack 2 Internet Explorer places zone restrictions on each Web page it opens, which are dependent upon the location of the Web page (Internet, Intranet, Local Machine zone, and so on). Web pages on the local computer have the fewest security restrictions and reside in the Local Machine zone.Local Machine zone security applies to all local files and content. This feature helps to mitigate attacks where the Local Machine zone is used as an attack vector to load malicious HTML code.If you enable this policy setting and enter a value of 1, Local Machine Zone security applies. If you enter a value of 0, Local Machine Zone security does not apply. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.If you disable or do not configure this policy setting, the security feature is allowed. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_LOCALMACHINE_LOCKDOWN
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Local Machine Zone Lockdown Security All Processes at least Internet Explorer v6.0 in Windows XP Service Pack 2 Internet Explorer places zone restrictions on each Web page it opens, which are dependent upon the location of the Web page (Internet, Intranet, Local Machine zone, etc.). Web pages on the local computer have the fewest security restrictions and reside in the Local Machine zone.Local Machine zone security applies to all local files and content. This feature helps to mitigate attacks where the Local Machine zone is used as an attack vector to load malicious HTML code.If you enable this policy setting, the Local Machine zone security applies to all local files and content processed by any process other than Internet Explorer or those defined in a process list.If you disable or do not configure this policy setting, Local Machine zone security is not applied to local files or content processed by any process other than Internet Explorer or those defined in a process list. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!*
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Consistent Mime Handling Internet Explorer Processes at least Internet Explorer v6.0 in Windows XP Service Pack 2 Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files received through a Web server.This policy setting determines whether Internet Explorer requires that all file-type information provided by Web servers be consistent. For example, if the MIME type of a file is text/plain but the MIME sniff indicates that the file is really an executable file, Internet Explorer renames the file by saving it in the Internet Explorer cache and changing its extension.If you enable this policy setting, Internet Explorer requires consistent MIME data for all received files.If you disable this policy setting, Internet Explorer will not require consistent MIME data for all received files.If you do not configure this policy setting, Internet Explorer requires consistent MIME data for all received files. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!(Reserved), HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!explorer.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!iexplore.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!(Reserved), HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!explorer.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!iexplore.exe
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Consistent Mime Handling Process List at least Internet Explorer v6.0 in Windows XP Service Pack 2 Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files received through a Web server.This policy setting determines whether Internet Explorer requires that all file-type information provided by Web servers be consistent. For example, if the MIME type of a file is text/plain but the MIME sniff indicates that the file is really an executable file, Internet Explorer renames the file by saving it in the Internet Explorer cache and changing its extension.This policy setting allows administrators to define applications for which they want this security feature to be prevented or allowed.If you enable this policy setting and enter a Value of 1, MIME handling is in effect. If you enter a Value of 0 file-type information is allowed to be inconsistent. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.If you disable or do not configure this policy setting, the security feature is allowed.†† HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_MIME_HANDLING
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Consistent Mime Handling All Processes at least Internet Explorer v6.0 in Windows XP Service Pack 2 Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files received through a Web server.This policy setting determines whether Internet Explorer requires that all file-type information provided by Web servers be consistent. For example, if the MIME type of a file is text/plain but the MIME sniff indicates that the file is really an executable file, Internet Explorer renames the file by saving it in the Internet Explorer cache and changing its extension.If you enable this policy setting, Consistent Mime Handling is enabled for all processes.If you disable or do not configure this policy setting, Consistent Mime Handling is prevented for all processes. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!*
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Mime Sniffing Safety Feature Internet Explorer Processes at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting determines whether Internet Explorer MIME sniffing will prevent promotion of a file of one type to a more dangerous file type.If you enable this policy setting, MIME sniffing will never promote a file of one type to a more dangerous file type.If you disable this policy setting, Internet Explorer processes will allow a MIME sniff promoting a file of one type to a more dangerous file type.If you do not configure this policy setting, MIME sniffing will never promote a file of one type to a more dangerous file type. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!(Reserved), HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!explorer.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!iexplore.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!(Reserved), HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!explorer.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!iexplore.exe
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Mime Sniffing Safety Feature Process List at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting determines whether Internet Explorer MIME sniffing will prevent promotion of a file of one type to a more dangerous file type.This policy setting allows administrators to define applications for which they want this security feature to be prevented or allowed.If you enable this policy setting and enter a Value of 1, this protection will be in effect. If you enter a Value of 0, any file may be promoted to more dangerous file types. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.If you disable or do not configure this policy setting, the security feature is allowed. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_MIME_SNIFFING
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Mime Sniffing Safety Feature All Processes at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting determines whether Internet Explorer MIME sniffing will prevent promotion of a file of one type to a more dangerous file type.If you enable this policy setting, the Mime Sniffing Safety Feature is enabled for all processes.If you disable or do not configure this policy setting, the Mime Sniffing Safety Feature is disabled for all processes. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!*
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Object Caching Protection Internet Explorer Processes at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting defines whether a reference to an object is accessible when the user navigates within the same domain or to a new domain.If you enable this policy setting, an object reference is no longer accessible when navigating within or across domains for Internet Explorer processes.If you disable this policy setting, an object reference is retained when navigating within or across domains for Internet Explorer processes.If you do not configure this policy setting, an object reference is no longer accessible when navigating within or across domains for Internet Explorer processes. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!(Reserved), HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!explorer.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!iexplore.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!(Reserved), HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!explorer.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!iexplore.exe
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Object Caching Protection Process List at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting defines whether a reference to an object is accessible when the user navigates within the same domain or to a new domain.This policy setting allows administrators to define applications for which they want this security feature to be prevented or allowed.If you enable this policy setting and enter a Value of 1, references to objects are inaccessible after navigation. If you enter a Value of 0, references to objects are still accessible after navigation. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.If you disable or do not configure this policy setting, the security feature is allowed. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_OBJECT_CACHING
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Object Caching Protection All Processes at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting defines whether a reference to an object is accessible when the user navigates within the same domain or to a new domain.If you enable this policy setting, object reference is no longer accessible when navigating within or across domains for all processes.If you disable or do not configure this policy setting, object reference is retained when navigating within or across domains in the Restricted Zone sites. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!*
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Scripted Window Security Restrictions Internet Explorer Processes at least Internet Explorer v6.0 in Windows XP Service Pack 2 Internet Explorer allows scripts to programmatically open, resize, and reposition windows of various types. The Window Restrictions security feature restricts popup windows and prohibits scripts from displaying windows in which the title and status bars are not visible to the user or obfuscate other Windowsí title and status bars.If you enable this policy setting, popup windows and other restrictions apply for Windows Explorer and Internet Explorer processes.If you disable this policy setting, scripts can continue to create popup windows and windows that obfuscate other windows.If you do not configure this policy setting, popup windows and other restrictions apply for Windows Explorer and Internet Explorer processes. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!(Reserved), HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!explorer.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!iexplore.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!(Reserved), HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!explorer.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!iexplore.exe
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Scripted Window Security Restrictions Process List at least Internet Explorer v6.0 in Windows XP Service Pack 2 Internet Explorer allows scripts to programmatically open, resize, and reposition windows of various types. The Window Restrictions security feature restricts popup windows and prohibits scripts from displaying windows in which the title and status bars are not visible to the user or obfuscate other Windowsí title and status bars.This policy setting allows administrators to define applications for which they want this security feature to be prevented or allowed.If you enable this policy setting and enter a Value of 1, such windows may not be opened. If you enter a Value of 0, windows have none of these restrictions. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.If you disable or do not configure this policy setting, the security feature is allowed. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_WINDOW_RESTRICTIONS
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Scripted Window Security Restrictions All Processes at least Internet Explorer v6.0 in Windows XP Service Pack 2 Internet Explorer allows scripts to programmatically open, resize, and reposition windows of various types. The Window Restrictions security feature restricts popup windows and prohibits scripts from displaying windows in which the title and status bars are not visible to the user or obfuscate other Windowsí title and status bars.If you enable this policy setting, scripted windows are restricted for all processes.If you disable or do not configure this policy setting, scripted windows are not restricted. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!*
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Protection From Zone Elevation Internet Explorer Processes at least Internet Explorer v6.0 in Windows XP Service Pack 2 Internet Explorer places restrictions on each Web page it opens. The restrictions are dependent upon the location of the Web page (Internet, Intranet, Local Machine zone, etc.). Web pages on the local computer have the fewest security restrictions and reside in the Local Machine zone, making the Local Machine security zone a prime target for malicious users. Zone Elevation also disables JavaScript navigation if there is no security context.If you enable this policy setting, any zone can be protected from zone elevation by Internet Explorer processes.If you disable this policy setting, no zone receives such protection for Internet Explorer processes.If you do not configure this policy setting, any zone can be protected from zone elevation by Internet Explorer processes. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!(Reserved), HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!explorer.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!iexplore.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!(Reserved), HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!explorer.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!iexplore.exe
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Protection From Zone Elevation Process List at least Internet Explorer v6.0 in Windows XP Service Pack 2 Internet Explorer places restrictions on each Web page it opens. The restrictions are dependent upon the location of the Web page (Internet, Intranet, Local Machine zone, and so on). Web pages on the local computer have the fewest security restrictions and reside in the Local Machine zone, making the Local Machine security zone a prime target for malicious users. Zone Elevation also disables JavaScript navigation if there is no security context†† This policy setting allows administrators to define applications for which they want this security feature to be prevented or allowed.If you enable this policy setting and enter a Value of 1, elevation to more privileged zones can be prevented. If you enter a Value of 0, elevation to any zone is allowed. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.If you disable or do not configure this policy setting, the security feature is allowed. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_ZONE_ELEVATION
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Protection From Zone Elevation All Processes at least Internet Explorer v6.0 in Windows XP Service Pack 2 Internet Explorer places restrictions on each Web page it opens. The restrictions are dependent upon the location of the Web page (Internet, Intranet, Local Machine zone, and so on). For example, Web pages on the local computer have the fewest security restrictions and reside in the Local Machine zone, making the Local Machine security zone a prime target for malicious users.If you enable this policy setting, any zone can be protected from zone elevation for all processes.If you disable or do not configure this policy setting, processes other than Internet Explorer or those listed in the Process List receive no such protection. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!*
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Information Bar Internet Explorer Processes at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether the Information Bar is displayed for Internet Explorer processes when file or code installs are restricted. By default, the Information Bar is displayed for Internet Explorer processes.If you enable this policy setting, the Information Bar will be displayed for Internet Explorer Processes.If you disable this policy setting, the Information Bar will not be displayed for Internet Explorer processes.If you do not configure this policy setting, the Information Bar will be displayed for Internet Explorer Processes. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!(Reserved), HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!explorer.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!iexplore.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!(Reserved), HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!explorer.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!iexplore.exe
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Information Bar Process List at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether the Information Bar is displayed for specific processes when file or code installs are restricted. By default, the Information Bar is not displayed for any process when file or code installs are restricted (except for the Internet Explorer Processes, for which the Information Bar is displayed by default).If you enable this policy setting and enter a Value of 1, the Information Bar is displayed. If you enter a Value of 0 the Information Bar is not displayed. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable for IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.†† If you disable or do not configure this policy setting, the Information Bar is not displayed for the specified processes. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_SECURITYBAND
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Information Bar All Processes at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether the Information Bar is displayed for processes other than the Internet Explorer processes when file or code installs are restricted. By default, the Information Bar is not displayed for any process when file or code installs are restricted (except for the Internet Explorer Processes, for which the Information Bar is displayed by default).†† If you enable this policy setting, the Information Bar will be displayed for all processes.If you disable or do not configure this policy setting, the Information Bar will not be displayed for all processes other than Internet Explorer or those listed in the Process List. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!*
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Restrict ActiveX Install Internet Explorer Processes at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting enables blocking of ActiveX control installation prompts for Internet Explorer processes.If you enable this policy setting, prompting for ActiveX control installations will be blocked for Internet Explorer processes.If you disable this policy setting, prompting for ActiveX control installations will not be blocked for Internet Explorer processes.If you do not configure this policy setting, the user's preference will be used to determine whether to block ActiveX control installations for Internet Explorer processes. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!(Reserved), HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!explorer.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!iexplore.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!(Reserved), HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!explorer.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!iexplore.exe
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Restrict ActiveX Install Process List at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting enables applications hosting the Web Browser Control to block automatic prompting of ActiveX control installation.If you enable this policy setting and enter a Value of 1, automatic prompting of ActiveX control installation is blocked. If you enter a Value of 0, automatic prompting of ActiveX control installation is allowed. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.If you disable or do not configure this policy setting, the security feature is allowed. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_RESTRICT_ACTIVEXINSTALL
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Restrict ActiveX Install All Processes at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting enables applications hosting the Web Browser Control to block automatic prompting of ActiveX control installation.If you enable this policy setting, the Web Browser Control will block automatic prompting of ActiveX control installation for all processes.If you disable or do not configure this policy setting, the Web Browser Control will not block automatic prompting of ActiveX control installation for all processes. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!*
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Restrict File Download Internet Explorer Processes at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting enables blocking of file download prompts that are not user initiated.If you enable this policy setting, file download prompts that are not user initiated will be blocked for Internet Explorer processes.If you disable this policy setting, prompting will occur for file downloads that are not user initiated for Internet Explorer processes.If you do not configure this policy setting, the user's preference determines whether to prompt for file downloads that are not user initiated for Internet Explorer processes. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!(Reserved), HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!explorer.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!iexplore.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!(Reserved), HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!explorer.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!iexplore.exe
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Restrict File Download Process List at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting enables applications hosting the Web Browser Control to block automatic prompting of file downloads that are not user initiated.If you enable this policy setting and enter a Value of 1, automatic prompting of non-initiated file downloads is blocked. If you enter a Value of 0, automatic prompting of non-initiated file downloads is allowed. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.If you disable or do not configure this policy setting, the security feature is allowed. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_RESTRICT_FILEDOWNLOAD
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Restrict File Download All Processes at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting enables applications hosting the Web Browser Control to block automatic prompting of file downloads that are not user initiated.If you enable this policy setting, the Web Browser Control will block automatic prompting of file downloads that are not user initiated for all processes.If you disable this policy setting, the Web Browser Control will not block automatic prompting of file downloads that are not user initiated for all processes. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!*
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management Deny all add-ons unless specifically allowed in the Add-on List at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to ensure that any Internet Explorer add-ons not listed in the 'Add-on List' policy setting are denied.By default, the 'Add-on List' policy setting defines a list of add-ons to be allowed or denied through Group Policy. However, users can still use the Add-on Manager within Internet Explorer to manage add-ons not listed within the 'Add-on List' policy setting. This policy setting effectively removes this option from users - all add-ons are assumed to be denied unless they are specifically allowed through the 'Add-on List' policy settingIf you enable this policy setting, Internet Explorer only allows add-ins that are specifically listed (and allowed) through the 'Add-on List' policy setting.If you disable or do not configure this policy setting, users may use Add-on Manager to allow or deny any add-ons that are not included in the 'Add-on List' policy setting.Note: If an add-on is listed in the 'Add-on List' policy setting, the user cannot change its state through Add-on Manager (unless its value has been set to allow user management - see the 'Add-on List' policy for more details). HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!RestrictToList
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management Add-on List at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage a list of add-ons to be allowed or denied by Internet Explorer.This list can be used with the 'Deny all add-ons unless specifically allowed in the Add-on List' policy setting, which defines whether add-ons not listed here are assumed to be denied.If you enable this policy setting, you can enter a list of add-ons to be allowed or denied by Internet Explorer. For each entry that you add to the list, enter the following information:Name of the Value - the CLSID (class identifier) for the add-on you wish to add to the list.The CLSID should be in brackets for example, Ď{000000000-0000-0000-0000-0000000000000}í. The CLSID for an add-on can be obtained by reading the OBJECT tag from a Web page on which the add-on is referenced.Value - A number indicating whether Internet Explorer should deny or allow the add-on to be loaded. To specify that an add-on should be denied enter a 0 (zero) into this field. To specify that an add-on should be allowed, enter a 1 (one) into this field. To specify that an add-on should be allowed and also permit the user to manage the add-on through Add-on Manager, enter a 2 (two) into this field.If you disable this policy setting, the list is deleted. The 'Deny all add-ons unless specifically allowed in the Add-on List' policy setting will still determine whether add-ons not in this list are assumed to be denied. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!ListBox_Support_CLSID
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management Process List at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether the listed processes respect add-on management user preferences (as entered into Add-on Manager) or policy settings. By default, only Internet Explorer processes use the add-on management user preferences and policy settings. This policy setting allows you to extend support for these user preferences and policy settings to specific processes listed in the process list.If you enable this policy setting and enter a Value of 1, the process entered will respect the add-on management user preferences and policy settings. If you enter a Value of 0, the add-on management user preferences and policy settings are ignored by the specified process. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.Do not enter Internet Explorer processes in this list because these processes always respect add-on management user preferences and policy settings. If the All Processes policy setting is enabled, the processes configured in this policy setting take precedence over that setting.If you do not configure this policy, processes other than the Internet Explorer processes will not be affected by add-on management user preferences or policy settings (unless ďAll ProcessesĒ is enabled). HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_ADDON_MANAGEMENT
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management All Processes at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether processes respect add-on management user preferences (as reflected by Add-on Manager) or policy settings.By default, any process other than the Internet Explorer processes or those listed in the 'Process List' policy setting ignore add-on management user preferences and policy settings.If you enable this policy setting, all processes will respect add-on management user preferences and policy settings.If you disable or do not configure this policy setting, all processes will not respect add-on management user preferences or policy settings. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT!*
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown Internet Explorer Processes at least Internet Explorer v6.0 in Windows XP Service Pack 2 Windows Explorer and Internet Explorer may be configured to prevent active content obtained through restricted protocols from running in an unsafe manner. This policy setting controls whether restricting content obtained through restricted protocols is prevented or allowed.If you enable this policy setting, restricting content obtained through restricted protocols is allowed for Windows Explorer and Internet Explorer processes. For example, you can restrict active content from pages served over the http and https protocols by adding the value names http and https.If you disable this policy setting, restricting content obtained through restricted protocols is prevented for Windows Explorer and Internet Explorer processes.If you do not configure this policy setting, the policy setting is ignored. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!(Reserved), HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!explorer.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!iexplore.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!(Reserved), HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!explorer.exe, HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!iexplore.exe
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown Process List at least Internet Explorer v6.0 in Windows XP Service Pack 2 Internet Explorer may be configured to prevent active content obtained through restricted protocols from running in an unsafe manner. This policy setting controls whether restricting content obtained through restricted protocols is prevented or allowed.This policy setting allows administrators to define applications for which they want restricting content obtained through restricted protocols to be prevented or allowed.If you enable this policy setting and enter a Value of 1, restricting content obtained through restricted protocols is allowed. If you enter a Value of 0, restricting content obtained through restricted protocols is blocked. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.Do not enter the Windows Explorer or Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable these processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.If you disable or do not configure this policy setting, the security feature is allowed. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_PROTOCOL_LOCKDOWN
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown All Processes at least Internet Explorer v6.0 in Windows XP Service Pack 2 Internet Explorer may be configured to prevent active content obtained through restricted protocols from running in an unsafe manner. This policy setting controls whether restricting content obtained through restricted protocols is prevented or allowed.If you enable this policy setting, restricting content obtained through restricted protocols is allowed for all processes other than Windows Explorer or Internet Explorer.If you disable this policy setting, restricting content obtained through restricted protocols is prevented for all processes other than Windows Explorer or Internet Explorer.If you do not configure this policy setting, no policy is enforced for processes other than Windows Explorer and Internet Explorer. HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!*
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown\Restricted Protocols Per Security Zone Internet Zone Restricted Protocols at least Internet Explorer v6.0 in Windows XP Service Pack 2 For each zone, the Network Protocol Lockdown security restriction may be configured to prevent active content obtained through restricted protocols from running in an unsafe manner, either by prompting the user, or simply disabling the content. For each zone, this list of protocols may be configured here, and applies to all processes which have opted in to the security restriction.If you enable this policy setting for a zone, this sets the list of protocols to be restricted if that zone is set to Prompt or Disable for Allow active content over restricted protocols to access my computer.If you disable or do not configure this policy setting for a zone, no protocols are restricted for that zone, regardless of the setting for Allow active content over restricted protocols to access my computer.Note.If policy for a zone is set in both Computer Configuration and User Configuration, both lists of protocols will be restricted for that zone. HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols!ListBox_Support_3
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown\Restricted Protocols Per Security Zone Intranet Zone Restricted Protocols at least Internet Explorer v6.0 in Windows XP Service Pack 2 For each zone, the Network Protocol Lockdown security restriction may be configured to prevent active content obtained through restricted protocols from running in an unsafe manner, either by prompting the user, or simply disabling the content. For each zone, this list of protocols may be configured here, and applies to all processes which have opted in to the security restriction.If you enable this policy setting for a zone, this sets the list of protocols to be restricted if that zone is set to Prompt or Disable for Allow active content over restricted protocols to access my computer.If you disable or do not configure this policy setting for a zone, no protocols are restricted for that zone, regardless of the setting for Allow active content over restricted protocols to access my computer.Note.If policy for a zone is set in both Computer Configuration and User Configuration, both lists of protocols will be restricted for that zone. HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols!ListBox_Support_1
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown\Restricted Protocols Per Security Zone Trusted Sites Zone Restricted Protocols at least Internet Explorer v6.0 in Windows XP Service Pack 2 For each zone, the Network Protocol Lockdown security restriction may be configured to prevent active content obtained through restricted protocols from running in an unsafe manner, either by prompting the user, or simply disabling the content. For each zone, this list of protocols may be configured here, and applies to all processes which have opted in to the security restriction.If you enable this policy setting for a zone, this sets the list of protocols to be restricted if that zone is set to Prompt or Disable for Allow active content over restricted protocols to access my computer.If you disable or do not configure this policy setting for a zone, no protocols are restricted for that zone, regardless of the setting for Allow active content over restricted protocols to access my computer.Note.If policy for a zone is set in both Computer Configuration and User Configuration, both lists of protocols will be restricted for that zone. HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols!ListBox_Support_2
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown\Restricted Protocols Per Security Zone Restricted Sites Zone Restricted Protocols at least Internet Explorer v6.0 in Windows XP Service Pack 2 For each zone, the Network Protocol Lockdown security restriction may be configured to prevent active content obtained through restricted protocols from running in an unsafe manner, either by prompting the user, or simply disabling the content. For each zone, this list of protocols may be configured here, and applies to all processes which have opted in to the security restriction.If you enable this policy setting for a zone, this sets the list of protocols to be restricted if that zone is set to Prompt or Disable for Allow active content over restricted protocols to access my computer.If you disable or do not configure this policy setting for a zone, no protocols are restricted for that zone, regardless of the setting for Allow active content over restricted protocols to access my computer.Note.If policy for a zone is set in both Computer Configuration and User Configuration, both lists of protocols will be restricted for that zone. HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols!ListBox_Support_4
Windows XP SP2 Inetres USER Administrative Templates\Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown\Restricted Protocols Per Security Zone Local Machine Zone Restricted Protocols at least Internet Explorer v6.0 in Windows XP Service Pack 2 For each zone, the Network Protocol Lockdown security restriction may be configured to prevent active content obtained through restricted protocols from running in an unsafe manner, either by prompting the user, or simply disabling the content. For each zone, this list of protocols may be configured here, and applies to all processes which have opted in to the security restriction.If you enable this policy setting for a zone, this sets the list of protocols to be restricted if that zone is set to Prompt or Disable for Allow active content over restricted protocols to access my computer.If you disable or do not configure this policy setting for a zone, no protocols are restricted for that zone, regardless of the setting for Allow active content over restricted protocols to access my computer.Note.If policy for a zone is set in both Computer Configuration and User Configuration, both lists of protocols will be restricted for that zone. HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols!ListBox_Support_0
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer Turn off Crash Detection at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage the crash detection feature of add-on Management.If you enable this policy setting, a crash in Internet Explorer will exhibit behavior found in Windows XP Professional Service Pack 1 and earlier, namely to invoke Windows Error Reporting. All policy settings for Windows Error Reporting continue to apply.If you disable or do not configure this policy setting, the crash detection feature for add-on management will be functional. HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoCrashDetection
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer Do not allow users to enable or disable add-ons at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users have the ability to allow or deny add-ons through Add-On Manager.If you enable this policy setting, users cannot enable or disable add-ons through Add-On Manager. The only exception occurs if an add-on has been specifically entered into the 'Add-On List' policy setting in such a way as to allow users to continue to manage the add-on. In this case, the user can still manage the add-on through the Add-On Manager.If you disable or do not configure this policy setting, the appropriate controls in the Add-On Manager will be available to the user. HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoExtensionManagement
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer Turn off pop-up management at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage pop-up management functionality in Internet Explorer.If you enable this policy setting, the Control Panel information relating to pop-up management will be unavailable (grayed out) and all other pop-up manager controls, notifications, and dialog boxes will not appear. Pop-up windows will continue to function as they did in Windows XP Service Pack 1 or earlier, although windows launched off screen will continue to be re-positioned onscreen.If you disable or do not configure this policy setting, the popup management feature will be functional. HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoPopupManagement
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer Pop-up allow list at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage a list of web sites that will be allowed to open pop-up windows regardless of the Internet Explorer process's Pop-Up Blocker settings.If you enable this policy setting, you can enter a list of sites which will be allowed to open pop-up windows regardless of user settings. Users will not be able to view or edit this list of sites. Only the domain name is allowed, so www.contoso.com is valid, but not http://www.contoso.com. Wildcards are allowed, so *.contoso.com is also valid.If you disable this policy setting, the list is deleted and users may not create their own lists of sites.If this policy is not configured, users will be able to view and edit their own lists of sites. HKLM\Software\Policies\Microsoft\Internet Explorer\New Windows!ListBox_Support_Allow
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Run .NET Framework-reliant components signed with Authenticode at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute signed managed components.If you disable this policy setting, Internet Explorer will not execute signed managed components.If you do not configure this policy setting, Internet Explorer will execute signed managed components. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2001
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Run .NET Framework-reliant components not signed with Authenticode at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.If you disable this policy setting, Internet Explorer will not execute unsigned managed components.If you do not configure this policy setting, Internet Explorer will execute unsigned managed components. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2004
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Download signed ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy, users can download signed controls without user intervention. If you select Prompt in the drop-down box, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded.If you disable the policy setting, signed controls cannot be downloaded.If you do not configure this policy setting, users are queried whether to download controls signed by publishers who aren't trusted.Code signed by trusted publishers is silently downloaded. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1001
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Download unsigned ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an untrusted zone.If you enable this policy setting, users can run unsigned controls without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to allow the unsigned control to run.If you disable this policy setting, users cannot run unsigned controls.If you do not configure this policy setting, users cannot run unsigned controls. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1004
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Initialize and script ActiveX controls not marked as safe at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1201
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Run ActiveX controls and plugins at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting, controls and plug-ins can run without user intervention.If you selected Prompt in the drop-down box, users are asked to choose whether to allow the controls or plug-in to run.If you disable this policy setting, controls and plug-ins are prevented from running.If you do not configure this policy setting, controls and plug-ins can run without user intervention. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1200
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Script ActiveX controls marked safe for scripting at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting, script interaction can occur automatically without user intervention.If you select Prompt in the drop-down box, users are queried to choose whether to allow script interaction.If you disable this policy setting, script interaction is prevented from occurring.If you do not configure this policy setting, script interaction can occur automatically without user intervention. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1405
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Allow file downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download, not the zone from which the file is delivered.If you enable this policy setting, files can be downloaded from the zone.If you disable this policy setting, files are prevented from being downloaded from the zone.†† If you do not configure this policy setting, files can be downloaded from the zone. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1803
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Allow font downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.If you disable this policy setting, HTML fonts are prevented from downloading.If you do not configure this policy setting, HTML fonts can be downloaded automatically. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1604
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Java permissions at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage permissions for Java applets.If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually.Low Safety enables applets to perform all operations.Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.If you disable this policy setting, Java applets cannot run.If you do not configure this policy setting, the permission is set to High Safety. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1C00
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Access data sources across domains at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1406
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Allow active content over restricted protocols to access my computer at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Internet zone can run active content such as script, ActiveX, Java and Binary Behaviors. The list of restricted protocols may be set in the Internet Zone Restricted Protocols section under Network Protocol Lockdown policy.If you enable this policy setting, no Internet Zone content accessed is affected, even for protocols on the restricted list. If you select Prompt from the drop-down box, the Information Bar will appear to allow control over questionable content accessed over any restricted protocols; content over other protocols is unaffected.If you disable this policy setting, all attempts to access such content over the restricted protocols is blocked.If you do not configure this policy setting, no content is restricted. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2300
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Automatic prompting for file downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.If you enable this setting, users will receive a file download dialog for automatic download attempts.If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Information Bar instead of the file download dialog. Users can then click the Information Bar to allow the file download prompt. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2200
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Automatic prompting for ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.If you disable this policy setting, ActiveX control installations will be blocked using the Information Bar. Users can click on the Information Bar to allow the ActiveX control prompt.If you do not configure this policy setting, the userís preference will be used to determine whether to block ActiveX control installations using the Information Bar. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2201
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Allow META REFRESH at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.†† If you enable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting, can be redirected to another Web page.If you disable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting, cannot be redirected to another Web page.If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting, can be redirected to another Web page. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1608
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Allow script-initiated windows without size or position constraints at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting, Windows Restrictions security will not apply in this zone. The security zone runs without the added layer of security provided by this feature.If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process.If you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2102
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Allow binary and script behaviors at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting, binary and script behaviors are available. If you select Administrator approved in the drop-down box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available.If you disable this policy setting, binary and script behaviors are not available unless applications have implemented a custom security manager.If you do not configure this policy setting, binary and script behaviors are available. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2000
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Display mixed content at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting, and the drop-down box is set to Enable, the user does not receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure items?) and nonsecure content can be displayed.If the drop-down box is set to Prompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content.If you disable this policy setting, users cannot receive the security information message and nonsecure content cannot be displayed.If you do not configure this policy setting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1609
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Do not prompt for client certificate selection when no certificates or only one certificate exists. at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting, Internet Explorer does not prompt users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate.If you disable this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate.If you do not configure this policy setting, Internet Explorer does not prompt users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1A04
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Allow drag and drop or copy and paste files at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting, users can drag files or copy and paste files from this zone automatically. If you select Prompt in the drop-down box, users are queried to choose whether to drag or copy files from this zone.If you disable this policy setting, users are prevented from dragging files or copying and pasting files from this zone.If you do not configure this policy setting, users can drag files or copy and paste files from this zone automatically. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1802
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Allow installation of desktop items at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting, users can install desktop items from this zone automatically.If you select Prompt in the drop-down box, users are queried to choose whether to install desktop items from this zone.If you disable this policy setting, users are prevented from installing desktop items from this zone.†† If you do not configure this policy setting, users are queried to choose whether to install desktop items from this zone. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1800
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Launching applications and files in an IFRAME at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.†† If you enable this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone.If you disable this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in this zone.If you do not configure this policy setting, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1804
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Navigate sub-frames across different domains at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage the opening of sub-frames and access of applications across different domains.If you enable this policy setting, users can open sub-frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow sub-frames or access to applications from other domains.If you disable this policy setting, users cannot open sub-frames or access applications from different domains.If you do not configure this policy setting, users can open sub-frames from other domains and access applications from other domains. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1607
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Open files based on content, not file extension at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting, the MIME Sniffing Safety Feature will not apply in this zone. The security zone will run without the added layer of security provided by this feature.If you disable this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the feature control setting for the process.If you do not configure this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the MIME Sniffing Safety Feature control for the process. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2100
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Software channel permissions at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage software channel permissions.If you enable this policy setting, you can choose the following options from the drop-down box.Low safety to allow users to be notified of software updates by e-mail, software packages to be automatically downloaded to users' computers, and software packages to be automatically installed on users' computers.Medium safety to allow users to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' computers.High safety to prevent users from being notified of software updates by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automatically installed on users' computers.If you disable this policy setting, permissions are set to high safety.If you do not configure this policy setting, permissions are set to Medium safety. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1E05
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Submit non-encrypted form data at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting, information using HTML forms on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow information using HTML forms on pages in this zone to be submitted.If you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted.If you do not configure this policy setting, users are queried to choose whether to allow information using HTML forms on pages in this zone to be submitted. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1601
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Use Pop-up Blocker at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting, most unwanted pop-up windows are prevented from appearing.If you disable this policy setting, pop-up windows are not prevented from appearing.If you do not configure this policy setting, most unwanted pop-up windows are prevented from appearing. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1809
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Userdata persistence at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1606
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Web sites in less privileged Web content zones can navigate into this zone at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether Web sites from less privileged zones, such as Restricted Sites, can navigate into this zone.If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone.The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.If you do not configure this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2101
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Allow active scripting at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting, script code on pages in the zone can run automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow script code on pages in the zone to run.If you disable this policy setting, script code on pages in the zone is prevented from running.If you do not configure this policy setting, script code on pages in the zone can run automatically. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1400
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Allow paste operations via script at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste) in a specified region.If you enable this policy setting, a script can perform a clipboard operation.If you disable this policy setting, a script cannot perform a clipboard operation.If you do not configure this policy setting, a script can perform a clipboard operation. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1407
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Scripting of Java applets at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting, scripts can access applets automatically without user intervention.If you select Prompt in the drop-down box, users are queried to choose whether to allow scripts to access applets.If you disable this policy setting, scripts are prevented from accessing applets.If you do not configure this policy setting, scripts can access applets automatically without user intervention. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1402
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Logon options at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage settings for logon options.If you enable this policy setting, you can choose from the following logon options.Anonymous logon to disable HTTP authentication and use the guest account only for the Common Internet File System (CIFS) protocol.Prompt for user name and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder of the session.Automatic logon only in Intranet zone to query users for user IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session.Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not supported by the server, the user is queried to provide the user name and password.If you disable this policy setting, logon is set to Automatic logon only in Intranet zone.If you do not configure this policy setting, logon is set to Automatic logon only in Intranet zone. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1A00
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Run .NET Framework-reliant components signed with Authenticode at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute signed managed components.If you disable this policy setting, Internet Explorer will not execute signed managed components.If you do not configure this policy setting, Internet Explorer will execute signed managed components. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2001
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Run .NET Framework-reliant components not signed with Authenticode at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.If you disable this policy setting, Internet Explorer will not execute unsigned managed components.If you do not configure this policy setting, Internet Explorer will execute unsigned managed components. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2004
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Download signed ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy, users can download signed controls without user intervention. If you select Prompt in the drop-down box, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded.If you disable the policy setting, signed controls cannot be downloaded.If you do not configure this policy setting, users are queried whether to download controls signed by publishers who aren't trusted.Code signed by trusted publishers is silently downloaded. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1001
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Download unsigned ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an untrusted zone.If you enable this policy setting, users can run unsigned controls without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to allow the unsigned control to run.If you disable this policy setting, users cannot run unsigned controls.If you do not configure this policy setting, users cannot run unsigned controls. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1004
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Initialize and script ActiveX controls not marked as safe at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1201
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Run ActiveX controls and plugins at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting, controls and plug-ins can run without user intervention.If you selected Prompt in the drop-down box, users are asked to choose whether to allow the controls or plug-in to run.If you disable this policy setting, controls and plug-ins are prevented from running.If you do not configure this policy setting, controls and plug-ins can run without user intervention. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1200
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Script ActiveX controls marked safe for scripting at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting, script interaction can occur automatically without user intervention.If you select Prompt in the drop-down box, users are queried to choose whether to allow script interaction.If you disable this policy setting, script interaction is prevented from occurring.If you do not configure this policy setting, script interaction can occur automatically without user intervention. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1405
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Allow file downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download, not the zone from which the file is delivered.If you enable this policy setting, files can be downloaded from the zone.If you disable this policy setting, files are prevented from being downloaded from the zone.†† If you do not configure this policy setting, files can be downloaded from the zone. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1803
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Allow font downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.If you disable this policy setting, HTML fonts are prevented from downloading.If you do not configure this policy setting, HTML fonts can be downloaded automatically. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1604
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Java permissions at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage permissions for Java applets.If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually.Low Safety enables applets to perform all operations.Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.†† High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.If you disable this policy setting, Java applets cannot run.If you do not configure this policy setting, the permission is set to Medium Safety. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1C00
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Access data sources across domains at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.If you do not configure this policy setting, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1406
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Allow active content over restricted protocols to access my computer at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script, ActiveX, Java and Binary Behaviors. The list of restricted protocols may be set in the Intranet Zone Restricted Protocols section under Network Protocol Lockdown policy.If you enable this policy setting, no Intranet Zone content accessed is affected, even for protocols on the restricted list. If you select Prompt from the drop-down box, the Information Bar will appear to allow control over questionable content accessed over any restricted protocols; content over other protocols is unaffected.If you disable this policy setting, all attempts to access such content over the restricted protocols is blocked.If you do not configure this policy setting, no content is restricted. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2300
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Automatic prompting for file downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.If you enable this setting, users will receive a file download dialog for automatic download attempts.If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Information Bar instead of the file download dialog. Users can then click the Information Bar to allow the file download prompt. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2200
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Automatic prompting for ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.If you disable this policy setting, ActiveX control installations will be blocked using the Information Bar. Users can click on the Information Bar to allow the ActiveX control prompt.If you do not configure this policy setting, the userís preference will be used to determine whether to block ActiveX control installations using the Information Bar. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2201
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Allow META REFRESH at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.†† If you enable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting, can be redirected to another Web page.If you disable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting, cannot be redirected to another Web page.If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting, can be redirected to another Web page. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1608
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Allow script-initiated windows without size or position constraints at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting, Windows Restrictions security will not apply in this zone. The security zone runs without the added layer of security provided by this feature.If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process.If you do not configure this policy setting, Windows Restrictions security will not apply in this zone. The security zone runs without the added layer of security provided by this feature. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2102
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Allow binary and script behaviors at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting, binary and script behaviors are available. If you select Administrator approved in the drop-down box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available.If you disable this policy setting, binary and script behaviors are not available unless applications have implemented a custom security manager.If you do not configure this policy setting, binary and script behaviors are available. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2000
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Display mixed content at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.†† If you enable this policy setting, and the drop-down box is set to Enable, the user does not receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure items?) and nonsecure content can be displayed.If the drop-down box is set to Prompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content.If you disable this policy setting, users cannot receive the security information message and nonsecure content cannot be displayed.If you do not configure this policy setting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1609
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Do not prompt for client certificate selection when no certificates or only one certificate exists. at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting, Internet Explorer does not prompt users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate.If you disable this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate.If you do not configure this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1A04
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Allow drag and drop or copy and paste files at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting, users can drag files or copy and paste files from this zone automatically. If you select Prompt in the drop-down box, users are queried to choose whether to drag or copy files from this zone.If you disable this policy setting, users are prevented from dragging files or copying and pasting files from this zone.If you do not configure this policy setting, users can drag files or copy and paste files from this zone automatically. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1802
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Allow installation of desktop items at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting, users can install desktop items from this zone automatically.If you select Prompt in the drop-down box, users are queried to choose whether to install desktop items from this zone.If you disable this policy setting, users are prevented from installing desktop items from this zone.†† If you do not configure this policy setting, users are queried to choose whether to install desktop items from this zone. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1800
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Launching applications and files in an IFRAME at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.†† If you enable this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone.If you disable this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in this zone.If you do not configure this policy setting, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1804
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Navigate sub-frames across different domains at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage the opening of sub-frames and access of applications across different domains.If you enable this policy setting, users can open additional sub-frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow additional sub-frames or access to applications from other domains.If you disable this policy setting, users cannot open other sub-frames or access applications from different domains.If you do not configure this policy setting, users can open additional sub-frames from other domains and access applications from other domains. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1607
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Open files based on content, not file extension at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting, the MIME Sniffing Safety Feature will not apply in this zone. The security zone will run without the added layer of security provided by this feature.If you disable this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the feature control setting for the process.If you do not configure this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the MIME Sniffing Safety Feature control for the process. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2100
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Software channel permissions at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage software channel permissions.If you enable this policy setting, you can choose the following options from the drop-down box.Low safety to allow users to be notified of software updates by e-mail, software packages to be automatically downloaded to users' computers, and software packages to be automatically installed on users' computers.Medium safety to allow users to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' computers.High safety to prevent users from being notified of software updates by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automatically installed on users' computers.If you disable this policy setting, permissions are set to high safety.If you do not configure this policy setting, permissions are set to Medium safety. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1E05
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Submit non-encrypted form data at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting, information using HTML forms on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow information using HTML forms on pages in this zone to be submitted.If you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted.If you do not configure this policy setting, information using HTML forms on pages in this zone can be submitted automatically. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1601
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Use Pop-up Blocker at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting, most unwanted pop-up windows are prevented from appearing.If you disable this policy setting, pop-up windows are not prevented from appearing.If you do not configure this policy setting, pop-up windows are not prevented from appearing. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1809
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Userdata persistence at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1606
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Web sites in less privileged Web content zones can navigate into this zone at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.If you do not configure this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2101
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Allow active scripting at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting, script code on pages in the zone can run automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow script code on pages in the zone to run.If you disable this policy setting, script code on pages in the zone is prevented from running.If you do not configure this policy setting, script code on pages in the zone can run automatically. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1400
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Allow paste operations via script at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste) in a specified region.If you enable this policy setting, a script can perform a clipboard operation.If you disable this policy setting, a script cannot perform a clipboard operation.If you do not configure this policy setting, a script can perform a clipboard operation. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1407
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Scripting of Java applets at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting, scripts can access applets automatically without user intervention.If you select Prompt in the drop-down box, users are queried to choose whether to allow scripts to access applets.If you disable this policy setting, scripts are prevented from accessing applets.If you do not configure this policy setting, scripts can access applets automatically without user intervention. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1402
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Logon options at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage settings for logon options.If you enable this policy setting, you can choose from the following logon options.Anonymous logon to disable HTTP authentication and use the guest account only for the Common Internet File System (CIFS) protocol.Prompt for user name and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder of the session.Automatic logon only in Intranet zone to query users for user IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session.Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not supported by the server, the user is queried to provide the user name and password.If you disable this policy setting, logon is set to Automatic logon only in Intranet zone.If you do not configure this policy setting, logon is set to Automatic logon only in Intranet zone. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1A00
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Run .NET Framework-reliant components signed with Authenticode at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute signed managed components.If you disable this policy setting, Internet Explorer will not execute signed managed components.If you do not configure this policy setting, Internet Explorer will execute signed managed components. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2001
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Run .NET Framework-reliant components not signed with Authenticode at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.If you disable this policy setting, Internet Explorer will not execute unsigned managed components.If you do not configure this policy setting, Internet Explorer will execute unsigned managed components. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2004
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Download signed ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy, users can download signed controls without user intervention. If you select Prompt in the drop-down box, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded.If you disable the policy setting, signed controls cannot be downloaded.If you do not configure this policy setting, users can download signed controls without user intervention. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1001
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Download unsigned ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an untrusted zone.If you enable this policy setting, users can run unsigned controls without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to allow the unsigned control to run.If you disable this policy setting, users are queried to choose whether to allow the unsigned control to run. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1004
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Initialize and script ActiveX controls not marked as safe at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.If you do not configure this policy setting, users are queried whether to allow the control to be loaded with parameters or scripted.If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1201
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Run ActiveX controls and plugins at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting, controls and plug-ins can run without user intervention.If you selected Prompt in the drop-down box, users are asked to choose whether to allow the controls or plug-in to run.If you disable this policy setting, controls and plug-ins are prevented from running.If you do not configure this policy setting, controls and plug-ins can run without user intervention. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1200
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Script ActiveX controls marked safe for scripting at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting, script interaction can occur automatically without user intervention.If you select Prompt in the drop-down box, users are queried to choose whether to allow script interaction.If you disable this policy setting, script interaction is prevented from occurring.If you do not configure this policy setting, script interaction can occur automatically without user intervention. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1405
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Allow file downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download, not the zone from which the file is delivered.If you enable this policy setting, files can be downloaded from the zone.If you disable this policy setting, files are prevented from being downloaded from the zone.†† If you do not configure this policy setting, files can be downloaded from the zone. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1803
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Allow font downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.If you disable this policy setting, HTML fonts are prevented from downloading.If you do not configure this policy setting, HTML fonts can be downloaded automatically. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1604
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Java permissions at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage permissions for Java applets.If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually.Low Safety enables applets to perform all operations.Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.†† High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.If you disable this policy setting, Java applets cannot run.If you do not configure this policy setting, the permission is set to Low Safety. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1C00
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Access data sources across domains at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1406
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Allow active content over restricted protocols to access my computer at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Trusted Sites Zone can run active content such as script, ActiveX, Java and Binary Behaviors. The list of restricted protocols may be set in the Trusted Sites Zone Restricted Protocols section under Network Protocol Lockdown policy.If you enable this policy setting, no Trusted Sites Zone content accessed is affected, even for protocols on the restricted list. If you select Prompt from the drop-down box, the Information Bar will appear to allow control over questionable content accessed over any restricted protocols; content over other protocols is unaffected.If you disable this policy setting, all attempts to access such content over the restricted protocols is blocked.If you do not configure this policy setting, no content is restricted. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2300
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Automatic prompting for file downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.If you enable this setting, users will receive a file download dialog for automatic download attempts.If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Information Bar instead of the file download dialog. Users can then click the Information Bar to allow the file download prompt. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2200
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Automatic prompting for ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.If you disable this policy setting, ActiveX control installations will be blocked using the Information Bar. Users can click on the Information Bar to allow the ActiveX control prompt.If you do not configure this policy setting, the userís preference will be used to determine whether to block ActiveX control installations using the Information Bar. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2201
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Allow META REFRESH at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.†† If you enable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting, can be redirected to another Web page.If you disable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting, cannot be redirected to another Web page.If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting, can be redirected to another Web page. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1608
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Allow script-initiated windows without size or position constraints at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting, Windows Restrictions security will not apply in this zone. The security zone runs without the added layer of security provided by this feature.If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process.If you do not configure this policy setting, Windows Restrictions security will not apply in this zone. The security zone runs without the added layer of security provided by this feature. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2102
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Allow binary and script behaviors at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting, binary and script behaviors are available. If you select Administrator approved in the drop-down box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available.If you disable this policy setting, binary and script behaviors are not available unless applications have implemented a custom security manager.If you do not configure this policy setting, binary and script behaviors are available. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2000
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Display mixed content at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting, and the drop-down box is set to Enable, the user does not receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure items?) and nonsecure content can be displayed.If the drop-down box is set to Prompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content.If you disable this policy setting, users cannot receive the security information message and nonsecure content cannot be displayed.If you do not configure this policy setting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1609
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Do not prompt for client certificate selection when no certificates or only one certificate exists. at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting, Internet Explorer does not prompt users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate.If you disable this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate.If you do not configure this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1A04
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Allow drag and drop or copy and paste files at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting, users can drag files or copy and paste files from this zone automatically. If you select Prompt in the drop-down box, users are queried to choose whether to drag or copy files from this zone.If you disable this policy setting, users are prevented from dragging files or copying and pasting files from this zone.If you do not configure this policy setting, users can drag files or copy and paste files from this zone automatically. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1802
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Allow installation of desktop items at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting, users can install desktop items from this zone automatically.If you select Prompt in the drop-down box, users are queried to choose whether to install desktop items from this zone.If you disable this policy setting, users are prevented from installing desktop items from this zone.†† If you do not configure this policy setting, users can install desktop items from this zone automatically. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1800
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Launching applications and files in an IFRAME at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.†† If you enable this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone.If you disable this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in this zone.If you do not configure this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user intervention. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1804
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Navigate sub-frames across different domains at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage the opening of sub-frames and access of applications across different domains.If you enable this policy setting, users can open additional sub-frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow additional sub-frames or access to applications from other domains.If you disable this policy setting, users cannot open other sub-frames or access applications from different domains.If you do not configure this policy setting, users can open additional sub-frames from other domains and access applications from other domains. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1607
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Open files based on content, not file extension at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting, the MIME Sniffing Safety Feature will not apply in this zone. The security zone will run without the added layer of security provided by this feature.If you disable this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the feature control setting for the process.If you do not configure this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the MIME Sniffing Safety Feature control for the process. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2100
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Software channel permissions at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage software channel permissions.If you enable this policy setting, you can choose the following options from the drop-down box.Low safety to allow users to be notified of software updates by e-mail, software packages to be automatically downloaded to users' computers, and software packages to be automatically installed on users' computers.Medium safety to allow users to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' computers.High safety to prevent users from being notified of software updates by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automatically installed on users' computers.If you disable this policy setting, permissions are set to high safety.If you do not configure this policy setting, permissions are set to Low safety. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1E05
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Submit non-encrypted form data at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting, information using HTML forms on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow information using HTML forms on pages in this zone to be submitted.If you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted.If you do not configure this policy setting, information using HTML forms on pages in this zone can be submitted automatically. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1601
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Use Pop-up Blocker at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting, most unwanted pop-up windows are prevented from appearing.If you disable this policy setting, pop-up windows are not prevented from appearing.If you do not configure this policy setting, pop-up windows are not prevented from appearing. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1809
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Userdata persistence at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1606
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Web sites in less privileged Web content zones can navigate into this zone at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.If you do not configure this policy setting, a warning is issued to the user that potentially risky behavior is about to occur. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2101
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Allow active scripting at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting, script code on pages in the zone can run automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow script code on pages in the zone to run.If you disable this policy setting, script code on pages in the zone is prevented from running.If you do not configure this policy setting, script code on pages in the zone can run automatically. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1400
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Allow paste operations via script at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste) in a specified region.If you enable this policy setting, a script can perform a clipboard operation.If you disable this policy, a script cannot perform a clipboard operation.If you do not configure this policy setting, a script can perform a clipboard operation. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1407
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Scripting of Java applets at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting, scripts can access applets automatically without user intervention.If you select Prompt in the drop-down box, users are queried to choose whether to allow scripts to access applets.If you disable this policy setting, scripts are prevented from accessing applets.If you do not configure this policy setting, scripts can access applets automatically without user intervention. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1402
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Logon options at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage settings for logon options.If you enable this policy setting, you can choose from the following logon options.Anonymous logon to disable HTTP authentication and use the guest account only for the Common Internet File System (CIFS) protocol.Prompt for user name and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder of the session.Automatic logon only in Intranet zone to query users for user IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session.Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not supported by the server, the user is queried to provide the user name and password.If you disable this policy setting, logon is set to Automatic logon only in Intranet zone.If you do not configure this policy setting, logon is set to Automatic logon with current username and password. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1A00
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Run .NET Framework-reliant components signed with Authenticode at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute signed managed components.If you disable this policy setting, Internet Explorer will not execute signed managed components.If you do not configure this policy setting, Internet Explorer will not execute signed managed components. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2001
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Run .NET Framework-reliant components not signed with Authenticode at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.If you disable this policy setting, Internet Explorer will not execute unsigned managed components.If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2004
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Download signed ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy, users can download signed controls without user intervention. If you select Prompt in the drop-down box, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded.If you disable the policy setting, signed controls cannot be downloaded.If you do not configure this policy setting, signed controls cannot be downloaded. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1001
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Download unsigned ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an untrusted zone.If you enable this policy setting, users can run unsigned controls without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to allow the unsigned control to run.If you disable this policy setting, users cannot run unsigned controls.If you do not configure this policy setting, users cannot run unsigned controls. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1004
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Initialize and script ActiveX controls not marked as safe at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1201
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Run ActiveX controls and plugins at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting, controls and plug-ins can run without user intervention.If you selected Prompt in the drop-down box, users are asked to choose whether to allow the controls or plug-in to run.If you disable this policy setting, controls and plug-ins are prevented from running.If you do not configure this policy setting, controls and plug-ins are prevented from running. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1200
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Script ActiveX controls marked safe for scripting at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting, script interaction can occur automatically without user intervention.If you select Prompt in the drop-down box, users are queried to choose whether to allow script interaction.If you disable this policy setting, script interaction is prevented from occurring.If you do not configure this policy setting, script interaction is prevented from occurring. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1405
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Allow file downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download, not the zone from which the file is delivered.If you enable this policy setting, files can be downloaded from the zone.If you disable this policy setting, files are prevented from being downloaded from the zone.†† If you do not configure this policy setting, files are prevented from being downloaded from the zone. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1803
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Allow font downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.If you disable this policy setting, HTML fonts are prevented from downloading.If you do not configure this policy setting, users are queried whether to allow HTML fonts to download. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1604
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Java permissions at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage permissions for Java applets.If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually.Low Safety enables applets to perform all operations.Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.†† High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.If you disable this policy setting, Java applets cannot run.If you do not configure this policy setting, Java permissions are disabled. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1C00
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Access data sources across domains at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1406
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Allow active content over restricted protocols to access my computer at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Restricted Sites Zone can run active content such as script, ActiveX, Java and Binary Behaviors. The list of restricted protocols may be set in the Restricted Sites Zone Restricted Protocols section under Network Protocol Lockdown policy.If you enable this policy setting, no Restricted Sites Zone content accessed is affected, even for protocols on the restricted list. If you select Prompt from the drop-down box, the Information Bar will appear to allow control over questionable content accessed over any restricted protocols; content over other protocols is unaffected.If you disable this policy setting, all attempts to access such content over the restricted protocols is blocked.If you do not configure this policy setting, no content is restricted. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2300
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Automatic prompting for file downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.If you enable this setting, users will receive a file download dialog for automatic download attempts.If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Information Bar instead of the file download dialog. Users can then click the Information Bar to allow the file download prompt. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2200
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Automatic prompting for ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.If you disable this policy setting, ActiveX control installations will be blocked using the Information Bar. Users can click on the Information Bar to allow the ActiveX control prompt.If you do not configure this policy setting, the userís preference will be used to determine whether to block ActiveX control installations using the Information Bar. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2201
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Allow META REFRESH at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.†† If you enable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting, can be redirected to another Web page.If you disable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting, cannot be redirected to another Web page.If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting, cannot be redirected to another Web page. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1608
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Allow script-initiated windows without size or position constraints at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting, Windows Restrictions security will not apply in this zone. The security zone runs without the added layer of security provided by this feature.If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process.If you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2102
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Allow binary and script behaviors at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting, binary and script behaviors are available. If you select Administrator approved in the drop-down box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available.If you disable this policy setting, binary and script behaviors are not available unless applications have implemented a custom security manager.If you do not configure this policy setting, binary and script behaviors are not available unless applications have implemented a custom security manager. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2000
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Display mixed content at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting, and the drop-down box is set to Enable, the user does not receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure items?) and nonsecure content can be displayed.If the drop-down box is set to Prompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content.If you disable this policy setting, users cannot receive the security information message and nonsecure content cannot be displayed.If you do not configure this policy setting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1609
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Do not prompt for client certificate selection when no certificates or only one certificate exists. at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting, Internet Explorer does not prompt users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate.If you disable this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate.If you do not configure this policy setting, Internet Explorer does not prompt users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1A04
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Allow drag and drop or copy and paste files at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting, users can drag files or copy and paste files from this zone automatically. If you select Prompt in the drop-down box, users are queried to choose whether to drag or copy files from this zone.If you disable this policy setting, users are prevented from dragging files or copying and pasting files from this zone.If you do not configure this policy setting, users are queried to choose whether to drag or copy files from this zone. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1802
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Allow installation of desktop items at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting, users can install desktop items from this zone automatically.If you select Prompt in the drop-down box, users are queried to choose whether to install desktop items from this zone.If you disable this policy setting, users are prevented from installing desktop items from this zone.†† If you do not configure this policy setting, users cannot install desktop items from this zone automatically. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1800
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Launching applications and files in an IFRAME at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.†† If you enable this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone.If you disable this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in this zone.If you do not configure this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in this zone. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1804
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Navigate sub-frames across different domains at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage the opening of sub-frames and access of applications across different domains.If you enable this policy setting, users can open additional sub-frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow additional sub-frames or access to applications from other domains.If you disable this policy setting, users cannot open other sub-frames or access applications from different domains.If you do not configure this policy setting, users cannot open additional sub-frames from other domains and access applications from other domains. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1607
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Open files based on content, not file extension at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting, the MIME Sniffing Safety Feature will not apply in this zone. The security zone will run without the added layer of security provided by this feature.If you disable this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the feature control setting for the process.If you do not configure this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the feature control setting for the process. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2100
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Software channel permissions at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage software channel permissions.If you enable this policy setting, you can choose the following options from the drop-down box.Low safety to allow users to be notified of software updates by e-mail, software packages to be automatically downloaded to users' computers, and software packages to be automatically installed on users' computers.Medium safety to allow users to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' computers.High safety to prevent users from being notified of software updates by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automatically installed on users' computers.If you disable this policy setting, permissions are set to high safety.If you do not configure this policy setting, permissions are set High safety. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1E05
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Submit non-encrypted form data at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting, information using HTML forms on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow information using HTML forms on pages in this zone to be submitted.If you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted.If you do not configure this policy setting, users are queried to choose whether to allow information using HTML forms on pages in this zone to be submitted. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1601
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Use Pop-up Blocker at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting, most unwanted pop-up windows are prevented from appearing.If you disable this policy setting, pop-up windows are not prevented from appearing.If you do not configure this policy setting, most unwanted pop-up windows are prevented from appearing. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1809
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Userdata persistence at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1606
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Web sites in less privileged Web content zones can navigate into this zone at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether Web sites from less privileged zones, which could only be custom zones, can navigate into this zone.If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2101
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Allow active scripting at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting, script code on pages in the zone can run automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow script code on pages in the zone to run.If you disable this policy setting, script code on pages in the zone is prevented from running.If you do not configure this policy setting, script code on pages in the zone is prevented from running. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1400
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Allow paste operations via script at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste) in a specified region.If you enable this policy setting, a script can perform a clipboard operation.If you disable this policy setting, a script cannot perform a clipboard operation.If you do not configure this policy setting, a script cannot perform a clipboard operation. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1407
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Scripting of Java applets at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting, scripts can access applets automatically without user intervention.If you select Prompt in the drop-down box, users are queried to choose whether to allow scripts to access applets.If you disable this policy setting, scripts are prevented from accessing applets.If you do not configure this policy setting, scripts cannot access applets automatically without user intervention. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1402
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Logon options at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage settings for logon options.If you enable this policy setting, you can choose from the following logon options:Anonymous logon to disable HTTP authentication and use the guest account only for the Common Internet File System (CIFS) protocol.Prompt for user name and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder of the session.Automatic logon only in Intranet zone to query users for user IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session.Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not supported by the server, the user is queried to provide the user name and password.If you disable this policy setting, logon is set to Automatic logon only in Intranet zone.If you do not configure this policy setting, logon is set to Prompt for user name and password. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1A00
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Run .NET Framework-reliant components signed with Authenticode at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute signed managed components.If you disable this policy setting, Internet Explorer will not execute signed managed components.If you do not configure this policy setting, Internet Explorer will not execute signed managed components. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2001
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Run .NET Framework-reliant components not signed with Authenticode at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.If you disable this policy setting, Internet Explorer will not execute unsigned managed components.If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2004
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Download signed ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.†† If you enable this policy, users can download signed controls without user intervention. If you select Prompt in the drop-down box, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded.If you disable the policy setting, signed controls cannot be downloaded.If you do not configure this policy setting, users can download signed controls without user intervention. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1001
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Download unsigned ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an untrusted zone.If you enable this policy setting, users can run unsigned controls without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to allow the unsigned control to run.If you disable this policy setting, users cannot run unsigned controls.If you do not configure this policy setting, users can run unsigned controls without user intervention. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1004
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Initialize and script ActiveX controls not marked as safe at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.If you do not configure this policy setting, users are queried whether to allow the control to be loaded with parameters or scripted.If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1201
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Run ActiveX controls and plugins at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting, controls and plug-ins can run without user intervention.If you selected Prompt in the drop-down box, users are asked to choose whether to allow the controls or plug-in to run.If you disable this policy setting, controls and plug-ins are prevented from running.If you do not configure this policy setting, controls and plug-ins can run without user intervention. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1200
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Script ActiveX controls marked safe for scripting at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting, script interaction can occur automatically without user intervention.If you select Prompt in the drop-down box, users are queried to choose whether to allow script interaction.If you disable this policy setting, script interaction is prevented from occurring.If you do not configure this policy setting, script interaction can occur automatically without user intervention. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1405
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Allow file downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download, not the zone from which the file is delivered.If you enable this policy setting, files can be downloaded from the zone.If you disable this policy setting, files are prevented from being downloaded from the zone.†† If you do not configure this policy setting, files can be downloaded from the zone. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1803
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Allow font downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.If you disable this policy setting, HTML fonts are prevented from downloading.If you do not configure this policy setting, HTML fonts can be downloaded automatically. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1604
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Java permissions at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage permissions for Java applets.If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually.Low Safety enables applets to perform all operations.Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.†† High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.If you disable this policy setting, Java applets cannot run.If you do not configure this policy setting, the permission is set to Medium Safety. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1C00
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Access data sources across domains at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1406
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Allow active content over restricted protocols to access my computer at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Local Machine Zone can run active content such as script, ActiveX, Java and Binary Behaviors. The list of restricted protocols may be set in the Local Machine Zone Restricted Protocols section under Network Protocol Lockdown policy.If you enable this policy setting, no Local Machine Zone content accessed is affected, even for protocols on the restricted list. If you select Prompt from the drop-down box, the Information Bar will appear to allow control over questionable content accessed over any restricted protocols; content over other protocols is unaffected.If you disable this policy setting, all attempts to access such content over the restricted protocols is blocked.If you do not configure this policy setting, no content is restricted. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2300
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Automatic prompting for file downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.If you enable this setting, users will receive a file download dialog for automatic download attempts.If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Information Bar instead of the file download dialog. Users can then click the Information Bar to allow the file download prompt. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2200
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Automatic prompting for ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.If you disable this policy setting, ActiveX control installations will be blocked using the Information Bar. Users can click on the Information Bar to allow the ActiveX control prompt.If you do not configure this policy setting, the userís preference will be used to determine whether to block ActiveX control installations using the Information Bar. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2201
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Allow META REFRESH at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.†† If you enable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting, can be redirected to another Web page.If you disable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting, cannot be redirected to another Web page.If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting, can be redirected to another Web page. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1608
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Allow script-initiated windows without size or position constraints at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting, Windows Restrictions security will not apply in this zone. The security zone runs without the added layer of security provided by this feature.If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process.If you do not configure this policy setting, Windows Restrictions security will not apply in this zone. The security zone runs without the added layer of security provided by this feature. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2102
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Allow binary and script behaviors at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting, binary and script behaviors are available. If you select Administrator approved in the drop-down box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available.If you disable this policy setting, binary and script behaviors are not available unless applications have implemented a custom security manager.If you do not configure this policy setting, binary and script behaviors are available. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2000
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Display mixed content at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting, and the drop-down box is set to Enable, the user does not receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure items?) and nonsecure content can be displayed.If the drop-down box is set to Prompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content.If you disable this policy setting, users cannot receive the security information message and nonsecure content cannot be displayed.If you do not configure this policy setting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1609
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Do not prompt for client certificate selection when no certificates or only one certificate exists. at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting, Internet Explorer does not prompt users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate.If you disable this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate.If you do not configure this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1A04
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Allow drag and drop or copy and paste files at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting, users can drag files or copy and paste files from this zone automatically. If you select Prompt in the drop-down box, users are queried to choose whether to drag or copy files from this zone.If you disable this policy setting, users are prevented from dragging files or copying and pasting files from this zone.If you do not configure this policy setting, users can drag files or copy and paste files from this zone automatically. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1802
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Allow installation of desktop items at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting, users can install desktop items from this zone automatically.If you select Prompt in the drop-down box, users are queried to choose whether to install desktop items from this zone.If you disable this policy setting, users are prevented from installing desktop items from this zone.†† If you do not configure this policy setting, users can install desktop items from this zone automatically. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1800
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Launching applications and files in an IFRAME at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.†† If you enable this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone.If you disable this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in this zone.If you do not configure this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user intervention. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1804
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Navigate sub-frames across different domains at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage the opening of sub-frames and access of applications across different domains.If you enable this policy setting, users can open additional sub-frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow additional sub-frames or access to applications from other domains.If you disable this policy setting, users cannot open other sub-frames or access applications from different domains.If you do not configure this policy setting, users can open additional sub-frames from other domains and access applications from other domains. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1607
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Open files based on content, not file extension at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting, the MIME Sniffing Safety Feature will not apply in this zone. The security zone will run without the added layer of security provided by this feature.If you disable this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the feature control setting for the process.If you do not configure this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the feature control setting for the process. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2100
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Software channel permissions at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage software channel permissions.If you enable this policy setting, you can choose the following options from the drop-down box.Low safety to allow users to be notified of software updates by e-mail, software packages to be automatically downloaded to users' computers, and software packages to be automatically installed on users' computers.Medium safety to allow users to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' computers.High safety to prevent users from being notified of software updates by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automatically installed on users' computers.If you disable this policy setting, permissions are set to high safety.If you do not configure this policy setting, permissions are set to Low safety. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1E05
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Submit non-encrypted form data at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting, information using HTML forms on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow information using HTML forms on pages in this zone to be submitted.If you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted.If you do not configure this policy setting, information using HTML forms on pages in this zone can be submitted automatically. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1601
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Use Pop-up Blocker at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting, most unwanted pop-up windows are prevented from appearing.If you disable this policy setting, pop-up windows are not prevented from appearing.If you do not configure this policy setting, pop-up windows are not prevented from appearing. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1809
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Userdata persistence at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1606
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Web sites in less privileged Web content zones can navigate into this zone at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2101
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Allow active scripting at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting, script code on pages in the zone can run automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow script code on pages in the zone to run.If you disable this policy setting, script code on pages in the zone is prevented from running.If you do not configure this policy setting, script code on pages in the zone can run automatically. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1400
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Allow paste operations via script at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste) in a specified region.If you enable this policy setting, a script can perform a clipboard operation.If you disable this policy setting, a script cannot perform a clipboard operation.If you do not configure this policy setting, a script can perform a clipboard operation. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1407
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Scripting of Java applets at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting, scripts can access applets automatically without user intervention.If you select Prompt in the drop-down box, users are queried to choose whether to allow scripts to access applets.If you disable this policy setting, scripts are prevented from accessing applets.If you do not configure this policy setting, scripts can access applets automatically without user intervention. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1402
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Logon options at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage settings for logon options.If you enable this policy setting, you can choose from the following logon options.Anonymous logon to disable HTTP authentication and use the guest account only for the Common Internet File System (CIFS) protocol.Prompt for user name and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder of the session.Automatic logon only in Intranet zone to query users for user IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session.Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not supported by the server, the user is queried to provide the user name and password.If you disable this policy setting, logon is set to Automatic logon only in Intranet zone.If you do not configure this policy setting, logon is set to Automatic logon with current username and password. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1A00
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Run .NET Framework-reliant components signed with Authenticode at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute signed managed components.If you disable this policy setting, Internet Explorer will not execute signed managed components.If you do not configure this policy setting, Internet Explorer will not execute signed managed components. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2001
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Run .NET Framework-reliant components not signed with Authenticode at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.If you disable this policy setting, Internet Explorer will not execute unsigned managed components.If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2004
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Download signed ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy, users can download signed controls without user intervention. If you select Prompt in the drop-down box, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded.If you disable the policy setting, signed controls cannot be downloaded.If you do not configure this policy setting, users are queried whether to download controls signed by publishers who aren't trusted.Code signed by trusted publishers is silently downloaded. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1001
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Download unsigned ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an untrusted zone.If you enable this policy setting, users can run unsigned controls without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to allow the unsigned control to run.If you disable this policy setting, users cannot run unsigned controls.If you do not configure this policy setting, users cannot run unsigned controls. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1004
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Initialize and script ActiveX controls not marked as safe at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1201
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Run ActiveX controls and plugins at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the Local Machine zone.If you enable this policy setting, controls and plug-ins can run without user intervention.If you selected Prompt in the drop-down box, users are asked to choose whether to allow the controls or plug-in to run.If you disable this policy setting, controls and plug-ins are prevented from running.If you do not configure this policy setting, controls and plug-ins are prevented from running. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1200
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Script ActiveX controls marked safe for scripting at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting, script interaction can occur automatically without user intervention.If you select Prompt in the drop-down box, users are queried to choose whether to allow script interaction.If you disable this policy setting, script interaction is prevented from occurring.If you do not configure this policy setting, script interaction can occur automatically without user intervention. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1405
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Allow file downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether file downloads are permitted from the Local Machine zone. This option is determined by the zone of the page with the link causing the download, not the zone from which the file is delivered.If you enable this policy setting, files can be downloaded from the zone.If you disable this policy setting, files are prevented from being downloaded from the zone.†† If you do not configure this policy setting, files can be downloaded from the zone. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1803
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Allow font downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.If you disable this policy setting, HTML fonts are prevented from downloading.If you do not configure this policy setting, HTML fonts can be downloaded automatically. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1604
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Java permissions at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage permissions for Java applets.If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually.Low Safety enables applets to perform all operations.Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.†† High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.If you disable this policy setting, Java applets cannot run.If you do not configure this policy setting, the permission is set to High Safety. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1C00
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Access data sources across domains at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.If you do not configure this policy setting, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1406
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Automatic prompting for file downloads at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.If you enable this setting, users will receive a file download dialog for automatic download attempts.If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Information Bar instead of the file download dialog. Users can then click the Information Bar to allow the file download prompt. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2200
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Automatic prompting for ActiveX controls at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.If you disable this policy setting, ActiveX control installations will be blocked using the Information Bar. Users can click on the Information Bar to allow the ActiveX control prompt.If you do not configure this policy setting, the userís preference will be used to determine whether to block ActiveX control installations using the Information Bar. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2201
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Allow META REFRESH at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.†† If you enable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting, can be redirected to another Web page.If you disable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting, cannot be redirected to another Web page.If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting, can be redirected to another Web page. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1608
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Allow script-initiated windows without size or position constraints at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting, Windows Restrictions security will not apply in the Local Machine zone. The security zone runs without the added layer of security provided by this feature.If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in the Local Machine zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process.If you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in the Local Machine zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2102
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Allow binary and script behaviors at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting, binary and script behaviors are available. If you select Administrator approved in the drop-down box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available.If you disable this policy setting, binary and script behaviors are not available unless applications have implemented a custom security manager.If you do not configure this policy setting, binary and script behaviors are not available unless applications have implemented a custom security manager. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2000
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Display mixed content at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting, and the drop-down box is set to Enable, the user does not receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure items?) and nonsecure content can be displayed.If the drop-down box is set to Prompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content.If you disable this policy setting, users cannot receive the security information message and nonsecure content cannot be displayed.If you do not configure this policy setting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1609
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Do not prompt for client certificate selection when no certificates or only one certificate exists. at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting, Internet Explorer does not prompt users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate.If you disable this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate.If you do not configure this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1A04
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Allow drag and drop or copy and paste files at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the Local Machine zone.If you enable this policy setting, users can drag files or copy and paste files from the Local Machine zone automatically. If you select Prompt in the drop-down box, users are queried to choose whether to drag or copy files from the Local Machine zone.If you disable this policy setting, users are prevented from dragging files or copying and pasting files from the Local Machine zone.If you do not configure this policy setting, users can drag files or copy and paste files from the Local machine zone automatically. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1802
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Allow installation of desktop items at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether users can install Active Desktop items from the Local Machine zone. The settings for this option are: If you enable this policy setting, users can install desktop items from the Local Machine zone automatically.If you select Prompt in the drop-down box, users are queried to choose whether to install desktop items from the Local Machine zone.If you disable this policy setting, users are prevented from installing desktop items from the Local Machine zone.†† If you do not configure this policy setting, users are queried to choose whether to install desktop items from the Local Machine zone. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1800
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Launching applications and files in an IFRAME at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.†† If you enable this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone.If you disable this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in this zone.If you do not configure this policy setting, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1804
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Navigate sub-frames across different domains at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage the opening of sub-frames and access of applications across different domains.If you enable this policy setting, users can open additional sub-frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow additional sub-frames or access to applications from other domains.If you disable this policy setting, users cannot open other sub-frames or access applications from different domains.If you do not configure this policy setting, users can open additional sub-frames from other domains and access applications from other domains. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1607
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Open files based on content, not file extension at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting, the MIME Sniffing Safety Feature will not apply in the Local Machine zone. The security zone will run without the added layer of security provided by this feature.If you disable this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in the Local Machine zone, as dictated by the feature control setting for the process.If you do not configure this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in the Local Machine zone, as dictated by the feature control setting for the process. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2100
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Software channel permissions at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage software channel permissions.If you enable this policy setting, you can choose the following options from the drop-down box.Low safety to allow users to be notified of software updates by e-mail, software packages to be automatically downloaded to users' computers, and software packages to be automatically installed on users' computers.Medium safety to allow users to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' computers.High safety to prevent users from being notified of software updates by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automatically installed on users' computers.If you disable this policy setting, permissions are set to high safety.If you do not configure this policy setting, permissions are set to Medium safety. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1E05
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Submit non-encrypted form data at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether data on HTML forms on pages in the Local Machine zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting, information using HTML forms on pages in the Local Machine zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow information using HTML forms on pages in the Local Machine zone to be submitted.If you disable this policy setting, information using HTML forms on pages in the Local Machine zone is prevented from being submitted.If you do not configure this policy setting, information using HTML forms on pages in the Local Machine zone can be submitted automatically. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1601
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Use Pop-up Blocker at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting, most unwanted pop-up windows are prevented from appearing.If you disable this policy setting, pop-up windows are not prevented from appearing.If you do not configure this policy setting, most unwanted pop-up windows are prevented from appearing. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1809
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Userdata persistence at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1606
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Web sites in less privileged Web content zones can navigate into this zone at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate to the Local Machine zone.If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, the Local Machine zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in the Local Machine zone as set by Protection from Zone Elevation feature control.If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in the Local Machine zone as set by Protection from Zone Elevation feature control. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2101
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Allow active scripting at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether script code on pages in the Local Machine zone is run.If you enable this policy setting, script code on pages in the Local Machine zone can run automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow script code on pages in the Local Machine zone to run.If you disable this policy setting, script code on pages in the Local Machine zone is prevented from running.If you do not configure this policy setting, script code on pages in the Local Machine zone can run automatically. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1400
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Allow paste operations via script at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste) in a specified region.If you enable this policy setting, a script can perform a clipboard operation.If you disable this policy, a script cannot perform a clipboard operation.If you do not configure this policy setting, a script can perform a clipboard operation. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1407
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Scripting of Java applets at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting, scripts can access applets automatically without user intervention.If you select Prompt in the drop-down box, users are queried to choose whether to allow scripts to access applets.If you disable this policy setting, scripts are prevented from accessing applets.If you do not configure this policy setting, scripts can access applets automatically without user intervention. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1402
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Logon options at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage settings for logon options.If you enable this policy setting, you can choose from the following logon options:Anonymous logon to disable HTTP authentication and use the guest account only for the Common Internet File System (CIFS) protocol.Prompt for user name and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder of the session.Automatic logon only in Intranet zone to query users for user IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session.Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not supported by the server, the user is queried to provide the user name and password.If you disable this policy setting, logon is set to Automatic logon only in Intranet zone.If you do not configure this policy setting, logon is set to Automatic logon only in Intranet zone. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1A00
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page Site to Zone Assignment List at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting allows you to manage a list of sites that you want to associate with a particular security zone. These zone numbers have associated security settings that apply to all of the sites in the zone.Internet Explorer has 4 security zones, numbered 1-4, and these are used by this policy setting to associate sites to zones. They are: (1) Intranet zone, (2) Trusted Sites zone, (3) Internet zone, and (4) Restricted Sites zone. Security settings can be set for each of these zones through other policy settings, and their default settings are: Trusted Sites zone (Low template), Intranet zone (Medium-Low template), Internet zone (Medium template), and Restricted Sites zone (High template). (The Local Machine zone and its locked down equivalent have special security settings that protect your local computer.)If you enable this policy setting, you can enter a list of sites and their related zone numbers. The association of a site with a zone will ensure that the security settings for the specified zone are applied to the site.  For each entry that you add to the list, enter the following information:Valuename Ė A host for an intranet site, or a fully qualified domain name for other sites. The valuename may also include a specific protocol. For example, if you enter http://www.contoso.com as the valuename, other protocols are not affected. If you enter just www.contoso.com, then all protocols are affected for that site, including http, https, ftp, and so on. The site may also be expressed as an IP address (e.g., 127.0.0.1) or range (e.g., 127.0.0.1-10). To avoid creating conflicting policies, do not include additional characters after the domain such as trailing slashes or URL path. For example, policy settings for www.contoso.com and www.contoso.com/mail would be treated as the same policy setting by Internet Explorer, and would therefore be in conflict.Value - A number indicating the zone with which this site should be associated for security settings. The Internet Explorer zones described above are 1-4.If you disable this policy setting, any such list is deleted and no site-to-zone assignments are permitted.If this policy is not configured, users may choose their own site-to-zone assignments. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!ListBox_Support_ZoneMapKey
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page Intranet Sites: Include all local (intranet) sites not listed in other zones at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting controls whether local sites which are not explicitly mapped into any Security Zone are forced into the local Intranet security zone.If you enable this policy setting, local sites which are not explicitly mapped into a zone are considered to be in the Intranet Zone.If you disable this policy setting, local sites which are not explicitly mapped into a zone will not be considered to be in the Intranet Zone (so would typically be in the Internet Zone).If you do not configure this policy setting, users choose whether to force local sites into the Intranet Zone. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap!IntranetName
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page Intranet Sites: Include all sites that bypass the proxy server at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting controls whether sites which bypass the proxy server are mapped into the local Intranet security zone.If you enable this policy setting, sites which bypass the proxy server are mapped into the Intranet Zone.If you disable this policy setting, sites which bypass the proxy server aren't necessarily mapped into the Intranet Zone (other rules might map one there).If you do not configure this policy setting, users choose whether sites which bypass the proxy server are mapped into the Intranet Zone. HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap!ProxyByPass
Windows XP SP2 Inetres MACHINE Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page Intranet Sites: Include all network paths (UNCs) at least Internet Explorer v6.0 in Windows XP Service Pack 2 This policy setting controls whether URLs repre