| This worksheet provides a historical list of
policy settings added after
the release of Windows Server 2003. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| Introduced |
.adm File |
Computer/User Node |
Policy Path |
Full Policy Name |
Supported on |
Help/Explain Text |
Registry Settings |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\System\User Profiles |
Leave Windows Installer and Group Policy Software Installation Data |
At least Microsoft Windows XP Professional with SP2 |
Determines whether the system retains
a roaming user’s Windows Installer and Group Policy based software
installation data on their profile deletion.
By default User profile deletes all information related to a roaming
user (which includes the user’s settings, data, Windows Installer related
data etc.) when their profile is deleted. As a result, the next time a
roaming user whose profile was previously deleted on that client logs on,
they will need to reinstall all apps published via policy at logon increasing
logon time. You can use this policy to change this behavior. If you enable this setting, Windows will
not delete Windows Installer or Group Policy software installation data for
roaming users when profiles are deleted from the machine. This will improve
the performance of Group Policy based Software Installation during user logon
when a user profile is deleted and that user subsequently logs on to the
machine. If you disable or do not
configure this policy, Windows will delete the entire profile for roaming
users, including the Windows Installer and Group Policy software installation
data when those profiles are deleted.
Note: If this policy is enabled for a machine, local administrator
action is required to remove the Windows Installer or Group Poliy software
installation data stored in the registry and file system of roaming users’
profiles on the machine. |
HKLM\Software\Policies\Microsoft\Windows\System!LeaveAppMgmtData |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\System\Remote Procedure Call |
Restrictions for Unauthenticated RPC clients |
At least Microsoft Windows XP Professional with SP2 |
If you enable this setting, it directs the RPC Runtime on an RPC server to restrict
unauthenticated RPC clients connecting to RPC servers running on a machine. A
client will be considered an authenticated client if it uses a named pipe to
communicate with the server or if it uses RPC Security. RPC Interfaces that
have specifically asked to be accessible by unauthenticated clients may be
exempt from this restriction, depending on the selected value for this
policy. If you disable this setting or
do not configure it, the value of Authenticated will be used for Windows XP
and the value of None will be used for Server SKUs that support this policy
setting. If you enable it, the following values are available: --
None allows all RPC clients to connect to RPC Servers running on the
machine on which the policy is applied.
-- Authenticated allows only
authenticated RPC Clients (per the definition above) to connect to RPC
Servers running on the machine on which the policy is applied. Interfaces
that have asked to be exempt from this restriction will be granted an
exemption. -- Authenticated without
exceptions allows only authenticated RPC Clients (per the definition above)
to connect to RPC Servers running on the machine on which the policy is
applied. No exceptions are allowed. |
HKLM\Software\Policies\Microsoft\Windows
NT\Rpc\MinimumConnectionTimeout!RestrictRemoteClients |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\System\Remote Procedure Call |
RPC Endpoint Mapper Client Authentication |
At least Microsoft Windows XP Professional with SP2 |
Enabling this setting directs RPC Clients that need to communicate with the Endpoint Mapper Service to
authenticate as long as the RPC call for which the endpoint needs to be
resolved has authentication information.
Disabling this setting will cause RPC Clients that need to communicate
with the Endpoint Mapper Service to not authenticate. The Endpoint Mapper
Service on machines running Windows NT4 (all service packs) cannot process
authentication information supplied in this manner. This means that enabling
this setting on a client machine will prevent that client from communicating
with a Windows NT4 server using RPC if endpoint resolution is needed. By default, RPC Clients will not use
authentication to communicate with the RPC Server Endpoint Mapper Service
when asking for the endpoint of a server. |
HKLM\Software\Policies\Microsoft\Windows
NT\Rpc\MinimumConnectionTimeout!EnableAuthEpResolution |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\System\Internet Communication
Management |
Restrict Internet communication |
At least Microsoft Windows XP Professional with SP2 |
Specifies whether Windows can access
the Internet to accomplish tasks that require Internet resources. If this setting is enabled, all of the the
policy settings listed in the Internet Communication settings section will be
set to enabled. If this setting is
disabled, all of the the policy settings listed in the 'Internet
Communication settings' section will be set to disabled. If this setting is not configured, all of
the the policy settings in the 'Internet Communication settings' section will
be set to not configured. |
HKLM\Software\Policies\Microsoft\InternetManagement!RestrictCommunication,
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoPublishingWizard,
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoWebServices,
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoOnlinePrintsWizard,
HKLM\Software\Policies\Microsoft\Messenger\Client!CEIP,
HKLM\Software\Policies\Microsoft\PCHealth\HelpSvc!Headlines,
HKLM\Software\Policies\Microsoft\PCHealth\HelpSvc!MicrosoftKBSearch,
HKLM\Software\Policies\Microsoft\PCHealth\ErrorReporting!DoReport,
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoInternetOpenWith,
HKLM\Software\Policies\Microsoft\Windows\Internet Connection
Wizard!ExitOnMSICW, HKLM\Software\Policies\Microsoft\EventViewer!MicrosoftEventVwrDisableLinks,
HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\AuthRoot!DisableRootAutoUpdate,
HKLM\Software\Policies\Microsoft\Windows\Registration Wizard
Control!NoRegistration, HKLM\Software\Policies\Microsoft\SearchCompanion!DisableContentFileUpdates,
HKLM\Software\Policies\Microsoft\Windows NT\Printers!DisableHTTPPrinting,
HKLM\Software\Policies\Microsoft\Windows NT\Printers!DisableWebPnPDownload,
HKLM\Software\Policies\Microsoft\Windows\DriverSearching!DontSearchWindowsUpdate,
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate!DisableWindowsUpdateAccess,
HKLM\Software\Policies\Microsoft\WindowsMovieMaker!CodecDownload,
HKLM\Software\Policies\Microsoft\WindowsMovieMaker!WebHelp, HKLM\Software\Policies\Microsoft\WindowsMovieMaker!WebPublish,
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoPublishingWizard,
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoWebServices,
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoOnlinePrintsWizard,
HKLM\Software\Policies\Microsoft\Messenger\Client!CEIP,
HKLM\Software\Policies\Microsoft\PCHealth\HelpSvc!Headlines,
HKLM\Software\Policies\Microsoft\PCHealth\HelpSvc!MicrosoftKBSearch,
HKLM\Software\Policies\Microsoft\PCHealth\ErrorReporting!DoReport,
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoInternetOpenWith,
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!NoAutoUpdate,
HKLM\Software\Policies\Microsoft\Windows\Internet Connection
Wizard!ExitOnMSICW,
HKLM\Software\Policies\Microsoft\EventViewer!MicrosoftEventVwrDisableLinks,
HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\AuthRoot!DisableRootAutoUpdate,
HKLM\Software\Policies\Microsoft\Windows\Registration Wizard Control!NoRegistration,
HKLM\Software\Policies\Microsoft\SearchCompanion!DisableContentFileUpdates,
HKLM\Software\Policies\Microsoft\Windows NT\Printers!DisableHTTPPrinting,
HKLM\Software\Policies\Microsoft\Windows NT\Printers!DisableWebPnPDownload,
HKLM\Software\Policies\Microsoft\Windows\DriverSearching!DontSearchWindowsUpdate,
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate!DisableWindowsUpdateAccess,
HKLM\Software\Policies\Microsoft\WindowsMovieMaker!CodecDownload,
HKLM\Software\Policies\Microsoft\WindowsMovieMaker!WebHelp,
HKLM\Software\Policies\Microsoft\WindowsMovieMaker!WebPublish |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\System\Internet Communication
Management\Internet Communication settings |
Turn off the Publish to Web task for files and folders |
At least Microsoft Windows XP Professional with SP2 |
Specifies whether the tasks Publish this file to the Web, Publish this folder to the Web, and Publish the
selected items to the Web, are available from File and Folder Tasks in
Windows folders. The Web Publishing
Wizard is used to download a list of providers and allow users to publish
content to the Web. If you enable this
setting, these tasks are removed from the File and Folder tasks in Windows
folders. If you disable or do not
configure this setting, the tasks will be shown. |
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoPublishingWizard |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\System\Internet Communication
Management\Internet Communication settings |
Turn off Internet download for Web publishing and online ordering wizards |
At least Microsoft Windows XP Professional with SP2 or Windows Server 2003 family |
Specifies whether Windows should download
a list of providers for the Web publishing and online ordering wizards. These wizards allow users to select from a
list of companies that provide services such as online storage and
photographic printing. By default,
Windows displays providers downloaded from a Windows Web site in addition to
providers specified in the registry.
If you enable this setting, Windows will not download providers and
only the service providers that are cached in the local registry will be
displayed. If you disable or do not
configure this setting, a list of providers will be downloaded when the user
uses the Web publishing or online ordering wizards. See the documentation for the Web
publishing and online ordering wizards for more information, including
details on specifying service providers in the registry. |
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoWebServices |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\System\Internet Communication
Management\Internet Communication settings |
Turn off the Order Prints picture task |
At least Microsoft Windows XP Professional with SP2 or Windows Server 2003 family |
Specifies whether the Order Prints Online
task is available from Picture Tasks in Windows folders. The Order Prints Online Wizard is used to
download a list of providers and allow users to order prints online. If you enable this setting, the task Order
Prints Online is removed from Picture Tasks in Windows Explorer folders. If you disable or do not configure this
setting, the task is displayed. |
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoOnlinePrintsWizard |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\System\Internet Communication
Management\Internet Communication settings |
Turn off the Windows Messenger Customer
Experience Improvement Program |
At least Microsoft Windows XP Professional with SP2 or Windows Server 2003 family |
Specifies whether Windows Messenger
collects anonymous information about how Windows Messenger software and
service is used. With the Customer
Experience Improvement program, users can allow Microsoft to collect
anonymous information about how the product is used. This information is used to improve the
product in future releases. If you
enable this setting, Windows Messenger will not collect usage information and
the user settings to enable the collection of usage information will not be
shown. If you disable this setting,
Windows Messenger will collect anonymous usage information and the setting
will not be shown. If you do not
configure this setting, users will have the choice to opt-in and allow
information to be collected. |
HKLM\Software\Policies\Microsoft\Messenger\Client!CEIP |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\System\Internet Communication
Management\Internet Communication settings |
Turn off Help and Support Center Did you know? content |
At least Microsoft Windows XP Professional with SP2 |
Specifies whether to show the Did you
know? section of Help and Support Center.
This content is dynamically updated when users who are connected to
the Internet open Help and Support Center, and provides up-to-date
information about Windows and the computer.
If you enable this setting, the Help and Support Center will no longer
retrieve nor display Did you know? content.
If you disable or do not configure this setting, the Help and Support
Center will retrieve and display Did you know? content. You might want to enable this setting for
users who do not have Internet access, because the content in the Did you
know? section will remain static indefinitely without an Internet connection. |
HKLM\Software\Policies\Microsoft\PCHealth\HelpSvc!Headlines |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\System\Internet Communication
Management\Internet Communication settings |
Turn off Help and Support Center Microsoft Knowledge Base search |
At least Microsoft Windows XP Professional with SP2 |
Specifies whether users can perform
a Microsoft Knowledge Base search from the Help and Support Center. The Knowledge Base is an online source of
technical support information and self-help tools for Microsoft products and
is searched as part of all Help and Support Center searches with the default
search options. If you enable this
setting, it will remove the Knowledge Base section from the Help and Support
Center Set search options page and only help content on the local computer
will be searched. If you disable this
setting or do not configure it, the Knowledge Base will be searched if the
user has a connection to the Internet and has not disabled the Knowledge Base
search from the Search Options page. |
HKLM\Software\Policies\Microsoft\PCHealth\HelpSvc!MicrosoftKBSearch |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\System\Internet Communication
Management\Internet Communication settings |
Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com |
At least Microsoft Windows XP Professional with SP2 |
Specifies whether the Internet Connection
Wizard can connect to Microsoft to download a list of Internet Service
Providers (ISPs). If you enable this
setting, the Choose a list of Internet Service Providers path in the Internet
Connection Wizard will cause the wizard to exit. This prevents users from retrieving the
list of ISPs, which resides on Microsoft servers. If you disable or do not configure this
setting, users will be able to connect to Microsoft to download a list of
ISPs for their area. |
HKLM\Software\Policies\Microsoft\Windows\Internet
Connection Wizard!ExitOnMSICW |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\System\Internet Communication
Management\Internet Communication settings |
Turn off Event Viewer Events.asp links |
At least Microsoft Windows XP Professional with SP2 |
Specifies whether Events.asp hyperlinks
are available for events within the Event Viewer application. The Event Viewer normally makes all HTTP(S)
URLs into hot links that activate the Internet browser when clicked. In
addition, More Information is placed at the end of the description text if
the event is created by a Microsoft component. This text contains a link
(URL) that, if clicked, sends information about the event to Microsoft, and
allows users to learn more about why that event occurred. If you enable this setting, event
description URL links are not activated and the text More Information is not
displayed at the end of the description.
If you disable or do not configure this setting, the user can click
the hyperlink which prompts the user and then sends information about the
event over the internet to Microsoft.
Also, see Events.asp URL, Events.asp program, and Events.asp Program
Command Line Parameters settings in Administrative Templates/Windows
Components/Event Viewer. |
HKLM\Software\Policies\Microsoft\EventViewer!MicrosoftEventVwrDisableLinks |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\System\Internet Communication
Management\Internet Communication settings |
Turn off Automatic Root Certificates Update |
At least Microsoft Windows XP Professional with SP2 |
Specifies whether to automatically update root certificates using the Windows Update Web site. Typically, a certificate is used when you
use a secure Web site or when you send and receive secure e-mail. Anyone can
issue certificates, but to have transactions that are as secure as possible,
certificates must be issued by a trusted certificate authority (CA).
Microsoft has included a list in Windows XP and other products of companies
and organizations that it considers trusted authorities. If you enable this setting, when you are
presented with a certificate issued by an untrusted root authority your
computer will not contact the Windows Update web site to see if Microsoft has
added the CA to its list of trusted authorities. If you disable or do not configure this
setting, your computer will contact the Windows Update Web site. |
HKLM\Software\Policies\Microsoft\SystemCertificates\AuthRoot!DisableRootAutoUpdate |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\System\Internet Communication
Management\Internet Communication settings |
Turn off Registration if URL connection is referring to Microsoft.com |
At least Microsoft Windows XP Professional with SP2 |
Specifies whether the Windows Registration
Wizard connects to Microsoft.com for online registration. If you enable this setting, it blocks users
from connecting to Microsoft.com for online registration and users cannot
register their copy of Windows online.
If you disable or do not configure this setting, users can connect to
Microsoft.com to complete the online Windows Registration. Note that registration is optional and
involves submitting some personal information to Microsoft. However, Windows
Product Activation is required but does not involve submitting any personal
information (except the country/region you live in). |
HKLM\Software\Policies\Microsoft\Windows\Registration
Wizard Control!NoRegistration |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\System\Internet Communication
Management\Internet Communication settings |
Turn off Search Companion content file updates |
At least Microsoft Windows XP Professional with SP2 |
Specifies whether Search Companion
should automatically download content updates during local and Internet
searches. When the user searches the
local machine or the Internet, Search Companion occasionally connects to
Microsoft to download an updated privacy policy and additional content files
used to format and display results. If
you enable this setting, Search Companion will not download content updates
during searches. If you disable or do
not configure this setting, Search Companion will download content updates
unless the user is using Classic Search.
Note: Internet searches will still send the search text and information
about the search to Microsoft and the chosen search provider. Choosing Classic Search will turn off the
Search Companion feature completely. |
HKLM\Software\Policies\Microsoft\SearchCompanion!DisableContentFileUpdates |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\System\Internet Communication
Management\Internet Communication settings |
Turn off printing over HTTP |
At least Microsoft Windows XP Professional with SP2 |
Specifies whether to allow printing over HTTP from this client.
Printing over HTTP allows a client to print to printers on the
intranet as well as the Internet.
Note: This setting affects the client side of Internet printing only.
It does not prevent this machine from acting as an Internet Printing server
and making its shared printers available via HTTP. If you enable this setting, it prevents
this client from printing to Internet printers over HTTP. If you disable or do not configure this
setting, users will be able to choose to print to Internet printers over
HTTP. Also see the Web-based Printing
setting in Computer Configuration/Administrative Templates/Printers. |
HKLM\Software\Policies\Microsoft\Windows
NT\Printers!DisableHTTPPrinting |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\System\Internet Communication
Management\Internet Communication settings |
Turn off downloading of print drivers over HTTP |
At least Microsoft Windows XP Professional with SP2 |
Specifies whether to allow this client to download print driver packages over HTTP. To set up HTTP printing, non-inbox drivers
need to be downloaded over HTTP. Note:
This setting does not prevent the client from printing to printers on the
Intranet or the Internet over HTTP. It
only prohibits downloading drivers that are not already installed
locally. If you enable this setting,
print drivers will not be downloaded over HTTP. If you disable this setting or do not
configure it, users will be able to download print drivers over HTTP. |
HKLM\Software\Policies\Microsoft\Windows
NT\Printers!DisableWebPnPDownload |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\System\Internet Communication
Management\Internet Communication settings |
Turn off Windows Update device driver searching |
At least Microsoft Windows XP Professional with SP2 |
This policy specifies whether Windows
searches Windows Update for device drivers when no local drivers for a device
are present. If you enable this
setting, Windows Update will not be searched when a new device is installed. If you disable this setting, Windows Update
will always be searched for drivers when no local drivers are present. If you do not configure this setting,
searching Windows Update will be optional when installing a device. Also see Turn off Windows Update device
driver search prompt in Administrative Templates/System which governs whether
an administrator is prompted before searching Windows Update for device
drivers if a driver is not found locally. |
HKLM\Software\Policies\Microsoft\Windows\DriverSearching!DontSearchWindowsUpdate |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\System\Internet Communication
Management\Internet Communication settings |
Turn off Windows Movie Maker automatic
codec downloads |
At least Microsoft Windows XP Professional with SP2 |
Specifies whether Windows Movie Maker
automatically downloads codecs.
Windows Movie Maker can be configured so that codecs are downloaded
automatically if the required codecs are not installed on the computer. If you enable this setting, Windows Movie
Maker will not attempt to download missing codecs for imported audio and
video files. If you disable or do not
configure this setting, Windows Movie Maker might attempt to download missing
codecs for imported audio and video files. |
HKLM\Software\Policies\Microsoft\WindowsMovieMaker!CodecDownload |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\System\Internet Communication
Management\Internet Communication settings |
Turn off Windows Movie Maker online Web
links |
At least Microsoft Windows XP Professional with SP2 |
Specifies whether links to Web sites are available in Windows Movie Maker. These links include the Windows
Movie Maker on the Web and Privacy Statement commands that appear on the Help
menu, as well as the Learn more about video filters hyperlink in the Options
dialog box and the sign up now hyperlink in the The Web saving option in the
Save Movie Wizard. The Windows Movie
Maker on the Web command lets users go directly to the Windows Movie Maker
Web site to get more information, and the Privacy Statement command lets
users view information about privacy issues in respect to Windows Movie
Maker. The Learn more about video filters hyperlink lets users learn more
about video filters and their role in saving movies process in Windows Movie
Maker. The sign up now hyperlink lets
users sign up with a video hosting provider on the Web. If you enable this setting, the previously
mentioned links to Web sites from Windows Movie Maker are disabled and cannot
be selected. If you disable or do not
configure this setting, the previously mentioned links to Web sites from
Windows Movie Maker are enabled and can be selected. |
HKLM\Software\Policies\Microsoft\WindowsMovieMaker!WebHelp |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\System\Internet Communication
Management\Internet Communication settings |
Turn off Windows Movie Maker saving to
online video hosting provider |
At least Microsoft Windows XP Professional with SP2 |
Specifies whether users can send a final
movie to a video hosting provider on the Web by choosing The Web saving
option in the Save Movie Wizard of Windows Movie Maker. When users create a movie in Windows Movie
Maker, they can choose to share it in a variety of ways through the Save
Movie Wizard. The Web saving option lets users send their movies to a video
hosting provider. If you enable this
setting, users cannot choose The Web saving option in the Save Movie Wizard
of Windows Movie Maker and cannot send a movie to a video hosting provider on
the Web. If you disable or do not
configure this setting, users can choose The Web saving option in the Save
Movie Wizard of Windows Movie Maker and can send a movie to a video hosting
provider on the Web. |
HKLM\Software\Policies\Microsoft\WindowsMovieMaker!WebPublish |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\System |
Turn off Windows Update device driver search prompt |
At least Microsoft Windows XP Professional with SP2 |
Specifies whether the administrator will
be prompted about going to Windows Update to search for device drivers using
the Internet. Note: This setting only
has effect if Turn off Windows Update device driver searching in
Administrative Templates/System/Internet Communication Management/Internet
Communication settings is disabled or not configured. If this setting is enabled, administrators
will not be prompted to search Windows Update. If this setting is disabled or not
configured and Turn off Windows Update device driver searching is disabled or
not configured, the administrator will be prompted for consent before going
to Windows Update to search for device drivers. |
HKLM\Software\Policies\Microsoft\Windows\DriverSearching!DontPromptForWindowsUpdate |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\System\Distributed COM\Application
Compatibility Settings |
Allow local activation security check exemptions |
At least Microsoft Windows XP Professional with SP2 |
Allows
you to specify that local computer administrators
can supplement the Define Activation Security Check exemptions list. If you enable this policy setting, and DCOM
does not find an explicit entry for a DCOM server application id (appid) in
the Define Activation Security Check exemptions policy (if enabled), DCOM
will look for an entry in the locally configured list. If you disable this policy setting, DCOM
will not look in the locally configured DCOM activation security check
exemption list. If you do not
configure this policy setting, DCOM will only look in the locally configured
exemption list if the Define Activation Security Check exemptions policy is
not configured. |
HKLM\Software\Policies\Microsoft\Windows
NT\DCOM\AppCompat!AllowLocalActivationSecurityCheckExemptionList |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\System\Distributed COM\Application
Compatibility Settings |
Define Activation Security Check exemptions |
At least Microsoft Windows XP Professional with SP2 |
Allows you to view and change a list of DCOM server application ids (appids) which are exempted from the
DCOM Activation security check. DCOM
uses two such lists, one configured via Group Policy through this policy
setting, and the other via the actions of local computer administrators. DCOM ignores the second list when this
policy setting is configured, unless the Allow local activation security
check exemptions policy is enabled.
DCOM server appids added to this policy must be listed in curly-brace
format. For example:
{b5dcb061-cefb-42e0-a1be-e6a6438133fe}.
If you enter a non-existent or improperly formatted appid DCOM will
add it to the list without checking for errors. If you enable this policy setting, you can
view and change the list of DCOM activation security check exemptions defined
by Group Policy settings. If you add an appid to this list and set its value
to 1, DCOM will not enforce the Activation security check for that DCOM
server. If you add an appid to this
list and set its value to 0 DCOM will always enforce the Activation security
check for that DCOM server regardless of local settings. If you disable this policy setting, the
appid exemption list defined by Group Policy is deleted, and the one defined
by local computer administrators is used.
If you do not configure this policy setting, the appid exemption list
defined by local computer administrators is used. Notes:
The DCOM Activation security check is done after a DCOM server process
is started, but before an object activation request is dispatched to the
server process. This access check is
done against the DCOM server's custom launch permission security descriptor
if it exists, or otherwise against the configured defaults. If the DCOM server's custom launch
permission contains explicit DENY entries this may mean that object
activations that would have previously succeeded for such specified users,
once the DCOM server process was up and running, might now fail instead. The proper action in this situation is to
re-configure the DCOM server's custom launch permission settings for correct
security settings, but this policy setting may be used in the short-term as
an application compatibility deployment aid.
DCOM servers added to this exemption list are only exempted if their
custom launch permissions do not contain specific LocalLaunch, RemoteLaunch,
LocalActivate, or RemoteActivate grant or deny entries for any users or
groups. Also note, exemptions for DCOM
Server Appids added to this list will apply to both 32-bit and 64-bit
versions of the server if present. |
HKLM\Software\Policies\Microsoft\Windows
NT\DCOM\AppCompat!ListBox_Support_ActivationSecurityCheckExemptionList |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\Network\Microsoft Peer-to-Peer
Networking Services |
Turn off Microsoft Peer-to-Peer Networking Services |
At least Microsoft Windows XP Professional with SP2 |
Allows configuration of components of
the operating system used by a client computer to connect to a network. This
includes DNS settings and Offline Files. |
HKLM\Software\policies\Microsoft\Peernet!Disabled |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\Network\Microsoft Peer-to-Peer
Networking Services\Peer Name Resolution
Protocol\Global Clouds |
Set the Seed Server |
At least Microsoft Windows XP Professional with SP2 |
The Peer Name Resolution Protocol (PNRP)
allows for distributed resolution of a name to an IPV6 address and port
number. |
HKLM\Software\policies\Microsoft\Peernet\Pnrp\IPv6-Global!SeedServer,
HKLM\Software\policies\Microsoft\Peernet\Pnrp\IPv6-Global!DontIncludeMicrosoftSeedServer |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\Network\Microsoft Peer-to-Peer
Networking Services\Peer Name Resolution
Protocol\Global Clouds |
Turn off Multicast Bootstrap |
At least Microsoft Windows XP Professional with SP2 |
|
HKLM\Software\policies\Microsoft\Peernet\Pnrp\IPv6-Global!DisableMulticastBootstrap |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\Network\Microsoft Peer-to-Peer
Networking Services\Peer Name Resolution
Protocol\Site-Local Clouds |
Set the Seed Server |
At least Microsoft Windows XP Professional with SP2 |
|
HKLM\Software\policies\Microsoft\Peernet\Pnrp\IPv6-SiteLocal!SeedServer |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\Network\Microsoft Peer-to-Peer
Networking Services\Peer Name Resolution
Protocol\Site-Local Clouds |
Turn off Multicast Bootstrap |
At least Microsoft Windows XP Professional with SP2 |
|
HKLM\Software\policies\Microsoft\Peernet\Pnrp\IPv6-SiteLocal!DisableMulticastBootstrap |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\Network\Microsoft Peer-to-Peer
Networking Services\Peer Name Resolution
Protocol\Link-Local Clouds |
Set the Seed Server |
At least Microsoft Windows XP Professional with SP2 |
|
HKLM\Software\policies\Microsoft\Peernet\Pnrp\IPv6-LinkLocal!SeedServer |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\Network\Microsoft Peer-to-Peer
Networking Services\Peer Name Resolution
Protocol\Link-Local Clouds |
Turn off Multicast Bootstrap |
At least Microsoft Windows XP Professional with SP2 |
|
HKLM\Software\policies\Microsoft\Peernet\Pnrp\IPv6-LinkLocal!DisableMulticastBootstrap |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\Network\Network Connections\Windows
Firewall\Domain Profile |
Windows Firewall: Protect all network connections |
At least Microsoft Windows XP Professional with SP2 |
Turns on Windows Firewall, which replaces
Internet Connection Firewall on all computers that are running Windows XP
Service Pack 2. If you enable this
policy setting, Windows Firewall runs and ignores the Computer
Configuration\Administrative Templates\Network\Network Connections\Prohibit
use of Internet Connection Firewall on your DNS domain network policy
setting. If you disable this policy
setting, Windows Firewall does not run. This is the only way to ensure that
Windows Firewall does not run and administrators who log on locally cannot
start it. If you do not configure this
policy setting, administrators can use the Windows Firewall component in
Control Panel to turn Windows Firewall on or off, unless the Prohibit use of
Internet Connection Firewall on your DNS domain network policy setting
overrides. |
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile!EnableFirewall |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\Network\Network Connections\Windows
Firewall\Domain Profile |
Windows Firewall: Do not allow exceptions |
At least Microsoft Windows XP Professional with SP2 |
Specifies that Windows Firewall blocks
all unsolicited incoming messages. This policy setting overrides all other
Windows Firewall policy settings that allow such messages. If you enable this policy setting, in the
Windows Firewall component of Control Panel, the Don't allow exceptions check
box is selected and administrators cannot clear it. You should also enable
the Windows Firewall: Protect all network connections policy setting;
otherwise, administrators who log on locally can work around the Windows
Firewall: Do not allow exceptions policy setting by turning off the
firewall. If you disable this policy
setting, Windows Firewall applies other policy settings that allow
unsolicited incoming messages. In the Windows Firewall component of Control
Panel, the Don't allow exceptions check box is cleared and administrators
cannot select it. If you do not
configure this policy setting, Windows Firewall applies other policy settings
that allow unsolicited incoming messages. In the Windows Firewall component
of Control Panel, the Don't allow exceptions check box is cleared by default,
but administrators can change it. |
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile!DoNotAllowExceptions |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\Network\Network Connections\Windows
Firewall\Domain Profile |
Windows Firewall: Define program exceptions |
At least Microsoft Windows XP Professional with SP2 |
Allows you to view and change the program
exceptions list defined by Group Policy. Windows Firewall uses two program
exception lists: one is defined by Group Policy settings and the other is
defined by the Windows Firewall component in Control Panel. If you enable this policy setting, you can
view and change the program exceptions list defined by Group Policy. If you
add a program to this list and set its status to Enabled, that program can
receive unsolicited incoming messages on any port that it asks Windows
Firewall to open, even if that port is blocked by another policy setting,
such as the Windows Firewall: Define port exceptions policy setting. To view
the program list, enable the policy setting and then click the Show button.
To add a program, enable the policy setting, note the syntax, click the Show
button, click the Add button, and then type a definition string that uses the
syntax format. To remove a program, click its definition, and then click the
Remove button. To edit a definition, remove the current definition from the
list and add a new one with different parameters. To allow administrators to
add programs to the local program exceptions list that is defined by the
Windows Firewall component in Control Panel, also enable the Windows
Firewall: Allow local program exceptions policy setting. If you disable this policy setting, the
program exceptions list defined by Group Policy is deleted. If a local
program exceptions list exists, it is ignored unless you enable the Windows
Firewall: Allow local program exceptions policy setting. If you do not configure this policy
setting, Windows Firewall uses only the local program exceptions list that
administrators define by using the Windows Firewall component in Control
Panel. Note: If you type an invalid
definition string, Windows Firewall adds it to the list without checking for
errors. This allows you to add programs that you have not installed yet, but
be aware that you can accidentally create multiple entries for the same
program with conflicting Scope or Status values. Scope parameters are
combined for multiple entries. Note:
If you set the Status parameter of a definition string to disabled, Windows
Firewall ignores port requests made by that program and ignores other
definitions that set the Status of that program to enabled. Therefore, if you
set the Status to disabled, you prevent administrators from allowing the
program to ask Windows Firewall to open additional ports. However, even if
the Status is disabled, the program can still receive unsolicited incoming
messages through a port if another policy setting opens that port. Note: Windows Firewall opens ports for the
program only when the program is running and listening for incoming messages.
If the program is not running, or is running but not listening for those
messages, Windows Firewall does not open its ports. |
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications!Enabled |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\Network\Network Connections\Windows
Firewall\Domain Profile |
Windows Firewall: Allow local program exceptions |
At least Microsoft Windows XP Professional with SP2 |
Allows administrators to use the Windows
Firewall component in Control Panel to define a local program exceptions
list. Windows Firewall uses two program exceptions lists; the other is
defined by the Windows Firewall: Define program exceptions policy setting. If you enable this policy setting, the
Windows Firewall component in Control Panel allows administrators to define a
local program exceptions list. If you
disable this policy setting, the Windows Firewall component in Control Panel
does not allow administrators to define a local program exceptions list. If you do not configure this policy
setting, the ability of administrators to define a local program exceptions
list depends on the configuration of the Windows Firewall: Define program
exceptions policy setting. If that setting is not configured, administrators
can define a local program exceptions list. If it is enabled or disabled, administrators
cannot define a local program exceptions list. |
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications!AllowUserPrefMerge |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\Network\Network Connections\Windows
Firewall\Domain Profile |
Windows Firewall: Allow remote administration exception |
At least Microsoft Windows XP Professional with SP2 |
Allows remote administration of this computer using administrative tools such as the Microsoft Management
Console (MMC) and Windows Management Instrumentation (WMI). To do this,
Windows Firewall opens TCP ports 135 and 445. Services typically use these
ports to communicate using remote procedure calls (RPC) and Distributed
Component Object Model (DCOM). This policy setting also allows SVCHOST.EXE
and LSASS.EXE to receive unsolicited incoming messages and allows hosted
services to open additional dynamically-assigned ports, typically in the range
of 1024 to 1034. If you enable this
policy setting, Windows Firewall allows the computer to receive the
unsolicited incoming messages associated with remote administration. You must
specify the IP addresses or subnets from which these incoming messages are
allowed. If you disable or do not
configure this policy setting, Windows Firewall does not open TCP port 135 or
445. Also, Windows Firewall prevents SVCHOST.EXE and LSASS.EXE from receiving
unsolicited incoming messages, and prevents hosted services from opening
additional dynamically-assigned ports. Because disabling this policy setting
does not block TCP port 445, it does not conflict with the Windows Firewall:
Allow file and printer sharing exception policy setting. Note: Malicious users often attempt to
attack networks and computers using RPC and DCOM. We recommend that you
contact the manufacturers of your critical programs to determine if they are
hosted by SVCHOST.exe or LSASS.exe or if they require RPC and DCOM
communication. If they do not, then do not enable this policy setting. Note: If any policy setting opens TCP port
445, Windows Firewall allows inbound ICMP echo request messages (the message
sent by the Ping utility), even if the Windows Firewall: Allow ICMP
exceptions policy setting would block them. Policy settings that can open TCP
port 445 include Windows Firewall: Allow file and printer sharing exception,
Windows Firewall: Allow remote administration exception, and Windows
Firewall: Define port exceptions. |
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings!Enabled,
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings!RemoteAddresses |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\Network\Network Connections\Windows
Firewall\Domain Profile |
Windows Firewall: Allow file and printer sharing exception |
At least Microsoft Windows XP Professional with SP2 |
Allows file and printer sharing. To do this, Windows Firewall opens UDP ports 137 and 138, and TCP ports 139
and 445. If you enable this policy
setting, Windows Firewall opens these ports so that this computer can receive
print jobs and requests for access to shared files. You must specify the IP
addresses or subnets from which these incoming messages are allowed. In the
Windows Firewall component of Control Panel, the File and Printer Sharing
check box is selected and administrators cannot clear it. If you disable this policy setting, Windows
Firewall blocks these ports, which prevents this computer from sharing files
and printers. If an administrator attempts to open any of these ports by
adding them to a local port exceptions list, Windows Firewall does not open
the port. In the Windows Firewall component of Control Panel, the File and
Printer Sharing check box is cleared and administrators cannot select
it. If you do not configure this
policy setting, Windows Firewall does not open these ports. Therefore, the
computer cannot share files or printers unless an administrator uses other
policy settings to open the required ports. In the Windows Firewall component
of Control Panel, the File and Printer Sharing check box is cleared.
Administrators can change this check box.
Note: If any policy setting opens TCP port 445, Windows Firewall
allows inbound ICMP echo requests (the message sent by the Ping utility),
even if the Windows Firewall: Allow ICMP exceptions policy setting would
block them. Policy settings that can open TCP port 445 include Windows
Firewall: Allow file and printer sharing exception, Windows Firewall: Allow
remote administration exception, and Windows Firewall: Define port
exceptions. |
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint!Enabled,
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint!RemoteAddresses |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\Network\Network Connections\Windows
Firewall\Domain Profile |
Windows Firewall: Allow ICMP exceptions |
At least Microsoft Windows XP Professional with SP2 |
Defines the set of Internet Control Message Protocol (ICMP) message types that Windows Firewall allows.
Utilities can use ICMP messages to determine the status of other computers.
For example, Ping uses the echo request message. If you do not enable the
Allow inbound echo request message type, Windows Firewall blocks echo request
messages sent by Ping running on other computers, but it does not block
outbound echo request messages sent by Ping running on this computer. If you enable this policy setting, you must
specify which ICMP message types Windows Firewall allows this computer to
send or receive. If you disable this
policy setting, Windows Firewall blocks all unsolicited incoming ICMP message
types and the listed outgoing ICMP message types. As a result, utilities that
use the blocked ICMP messages will not be able to send those messages to or
from this computer. Administrators cannot use the Windows Firewall component
in Control Panel to enable any message types. If you enable this policy
setting and allow certain message types, then later disable this policy
setting, Windows Firewall deletes the list of message types that you had
enabled. If you do not configure this
policy setting, Windows Firewall behaves as if you had disabled it, except
that administrators can use the Windows Firewall component in Control Panel
to enable or disable message types.
Note: If any policy setting opens TCP port 445, Windows Firewall
allows inbound echo requests, even if the Windows Firewall: Allow ICMP
exceptions policy setting would block them. Policy settings that can open TCP
port 445 include Windows Firewall: Allow file and printer sharing exception,
Windows Firewall: Allow remote administration exception, and Windows
Firewall: Define port exceptions.
Note: Other Windows Firewall policy settings affect only incoming
messages, but several of the options of the Windows Firewall: Allow ICMP
exceptions policy setting affect outgoing communication. |
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings!AllowOutboundDestinationUnreachable,
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings!AllowOutboundSourceQuench,
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings!AllowRedirect,
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings!AllowInboundEchoRequest,
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings!AllowInboundRouterRequest,
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings!AllowOutboundTimeExceeded,
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings!AllowOutboundParameterProblem,
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings!AllowInboundTimestampRequest,
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings!AllowInboundMaskRequest,
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings!AllowOutboundPacketTooBig |
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\Network\Network Connections\Windows
Firewall\Domain Profile |
Windows Firewall: Allow Remote Desktop
exception |
At least Microsoft Windows XP Professional with SP2 |
Allows this computer to receive Remote
Desktop requests. To do this, Windows Firewall opens TCP port 3389. If you enable this policy setting, Windows
Firewall opens this port so that this computer can receive Remote Desktop
requests. You must specify the IP addresses or subnets from which these
incoming messages are allowed. In the Windows Firewall component of Control
Panel, the Remote Desktop check box is selected and administrators cannot
clear it. If you disable this policy
setting, Windows Firewall blocks this port, which prevents this computer from
receiving Remote Desktop requests. If an administrator attempts to open this
port by adding it to a local port exceptions list, Windows Firewall does not
open the port. In the Windows Firewall component of Control Panel, the Remote
Desktop check box is cleared and administrators cannot select it. If you do not configure this policy
setting, Windows Firewall does not open this port. Therefore, the computer
cannot receive Remote Desktop requests unless an administrator uses other
policy settings to open the port. In the Windows Firewall component of
Control Panel, the Remote Desktop check box is cleared. Administrators can
change this check box. |
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop!Enabled,
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop!RemoteAddresses |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\Network\Network Connections\Windows
Firewall\Domain Profile |
Windows Firewall: Allow UPnP framework
exception |
At least Microsoft Windows XP Professional with SP2 |
Allows this computer to receive unsolicited Plug and Play messages sent by network devices, such as routers
with built-in firewalls. To do this, Windows Firewall opens TCP port 2869 and
UDP port 1900. If you enable this
policy setting, Windows Firewall opens these ports so that this computer can
receive Plug and Play messages. You must specify the IP addresses or subnets
from which these incoming messages are allowed. In the Windows Firewall
component of Control Panel, the UPnP framework check box is selected and
administrators cannot clear it. If
you disable this policy setting, Windows Firewall blocks these ports, which
prevents this computer from receiving Plug and Play messages. If an
administrator attempts to open these ports by adding them to a local port
exceptions list, Windows Firewall does not open the ports. In the Windows
Firewall component of Control Panel, the UPnP framework check box is cleared
and administrators cannot select it.
If you do not configure this policy setting, Windows Firewall does not
open these ports. Therefore, the computer cannot receive Plug and Play
messages unless an administrator uses other policy settings to open the required
ports or enable the required programs. In the Windows Firewall component of
Control Panel, the UPnP framework check box is cleared. Administrators can
change this check box. |
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\UPnPFramework!Enabled,
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\UPnPFramework!RemoteAddresses |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\Network\Network Connections\Windows
Firewall\Domain Profile |
Windows Firewall: Prohibit notifications |
At least Microsoft Windows XP Professional with SP2 |
Prevents Windows Firewall from displaying
notifications to the user when a program requests that Windows Firewall add
the program to the program exceptions list.
If you enable this policy setting, Windows Firewall prevents the
display of these notifications. If you
disable this policy setting, Windows Firewall allows the display of these
notifications. In the Windows Firewall component of Control Panel, the
Display a notification when Windows Firewall blocks a program check box is
selected and administrators cannot clear it.
If you do not configure this policy setting, Windows Firewall behaves
as if the policy setting were disabled, except that in the Windows Firewall
component of Control Panel, the Display a notification when Windows Firewall
blocks a program check box is selected by default, and administrators can
change it. |
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\UPnPFramework!DisableNotifications |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\Network\Network Connections\Windows
Firewall\Domain Profile |
Windows Firewall: Allow logging |
At least Microsoft Windows XP Professional with SP2 |
Allows Windows Firewall to record information
about the unsolicited incoming messages that it receives. If you enable this policy setting, Windows
Firewall writes the information to a log file. You must provide the name,
location, and maximum size of the log file. The location can contain
environment variables. You must also specify whether to record information
about incoming messages that the firewall blocks (drops) and information
about successful incoming and outgoing connections. Windows Firewall does not
provide an option to log successful incoming messages. If you disable this policy setting, Windows
Firewall does not record information in the log file. If you enable this
policy setting, and Windows Firewall creates the log file and adds
information, then upon disabling this policy setting, Windows Firewall leaves
the log file intact. In the Windows Firewall component of Control Panel, the
Security Logging settings are cleared and administrators cannot select
them. If you do not configure this
policy setting, Windows Firewall behaves as if the policy setting were
disabled, except that administrators can choose whether to select the
Security Logging settings. |
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging!LogDroppedPackets,
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging!LogSuccessfulConnections,
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging!LogDroppedPackets,
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging!LogSuccessfulConnections,
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging!LogFilePath,
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging!LogFileSize |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\Network\Network Connections\Windows
Firewall\Domain Profile |
Windows Firewall: Prohibit unicast response to multicast or broadcast requests |
At least Microsoft Windows XP Professional with SP2 |
Prevents this computer from receiving
unicast responses to its outgoing multicast or broadcast messages. If you enable this policy setting, and this
computer sends multicast or broadcast messages to other computers, Windows
Firewall blocks the unicast responses sent by those other computers. If you disable or do not configure this
policy setting, and this computer sends a multicast or broadcast message to
other computers, Windows Firewall waits as long as three seconds for unicast
responses from the other computers and then blocks all later responses. Note: This policy setting has no effect if
the unicast message is a response to a Dynamic Host Configuration Protocol
(DHCP) broadcast message sent by this computer. Windows Firewall always
permits those DHCP unicast responses. However, this policy setting can
interfere with the NetBIOS messages that detect name conflicts. |
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging!DisableUnicastResponsesToMulticastBroadcast |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\Network\Network Connections\Windows
Firewall\Domain Profile |
Windows Firewall: Define port exceptions |
At least Microsoft Windows XP Professional with SP2 |
Allows you to view and change the port
exceptions list defined by Group Policy. Windows Firewall uses two port
exception lists: one is defined by Group Policy settings and the other is
defined by the Windows Firewall component in Control Panel. If you enable this policy setting, you can
view and change the port exceptions list defined by Group Policy. To view
this port exceptions list, enable the policy setting and then click the Show
button. To add a port, enable the policy setting, note the syntax, click the
Show button, click the Add button, and then type a definition string that
uses the syntax format. To remove a port, click its definition, and then
click the Remove button. To edit a definition, remove the current definition
from the list and add a new one with different parameters. To allow
administrators to add ports to the local port exceptions list that is defined
by the Windows Firewall component in Control Panel, also enable the Windows
Firewall: Allow local port exceptions policy setting. If you disable this policy setting, the
port exceptions list defined by Group Policy is deleted, but other policy
settings can continue to open or block ports. Also, if a local port
exceptions list exists, it is ignored unless you enable the Windows Firewall:
Allow local port exceptions policy setting.
If you do not configure this policy setting, Windows Firewall uses
only the local port exceptions list that administrators define by using the
Windows Firewall component in Control Panel. Other policy settings can
continue to open or block ports. Note:
If you type an invalid definition string, Windows Firewall adds it to the
list without checking for errors, and therefore you can accidentally create
multiple entries for the same port with conflicting Scope or Status values.
Scope parameters are combined for multiple entries. If entries have different
Status values, any definition with the Status set to disabled overrides all
definitions with the Status set to enabled, and the port does not receive
messages. Therefore, if you set the Status of a port to disabled, you can
prevent administrators from using the Windows Firewall component in Control
Panel to enable the port. Note: The
only effect of setting the Status value to disabled is that Windows Firewall
ignores other definitions for that port that set the Status to enabled. If
another policy setting opens a port, or if a program in the program
exceptions list asks Windows Firewall to open a port, Windows Firewall opens
the port. Note: If any policy setting
opens TCP port 445, Windows Firewall allows inbound ICMP echo request
messages (the message sent by the Ping utility), even if the Windows
Firewall: Allow ICMP exceptions policy setting would block them. Policy
settings that can open TCP port 445 include Windows Firewall: Allow file and
printer sharing exception, Windows Firewall: Allow remote administration
exception, and Windows Firewall: Define port exceptions. |
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts!Enabled |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\Network\Network Connections\Windows
Firewall\Domain Profile |
Windows Firewall: Allow local port exceptions |
At least Microsoft Windows XP Professional with SP2 |
Allows administrators to use the Windows
Firewall component in Control Panel to define a local port exceptions list.
Windows Firewall uses two port exceptions lists; the other is defined by the
Windows Firewall: Define port exceptions policy setting. If you enable this policy setting, the
Windows Firewall component in Control Panel allows administrators to define a
local port exceptions list. If you
disable this policy setting, the Windows Firewall component in Control Panel
does not allow administrators to define a local port exceptions list. If you do not configure this policy
setting, the ability of administrators to define a local port exceptions list
depends on the configuration of the Windows Firewall: Define port exceptions
policy setting. If that setting is not configured, administrators can define
a local port exceptions list. If it is enabled or disabled, administrators
cannot define a local port exceptions list. |
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts!AllowUserPrefMerge |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\Network\Network Connections\Windows
Firewall\Standard Profile |
Windows Firewall: Protect all network connections |
At least Microsoft Windows XP Professional with SP2 |
Turns on Windows Firewall, which replaces
Internet Connection Firewall on all computers that are running Windows XP
Service Pack 2. If you enable this
policy setting, Windows Firewall runs and ignores the Computer
Configuration\Administrative Templates\Network\Network Connections\Prohibit
use of Internet Connection Firewall on your DNS domain network policy
setting. If you disable this policy
setting, Windows Firewall does not run. This is the only way to ensure that
Windows Firewall does not run and administrators who log on locally cannot
start it. If you do not configure this
policy setting, administrators can use the Windows Firewall component in
Control Panel to turn Windows Firewall on or off, unless the Prohibit use of
Internet Connection Firewall on your DNS domain network policy setting
overrides. |
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile!EnableFirewall |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\Network\Network Connections\Windows
Firewall\Standard Profile |
Windows Firewall: Do not allow exceptions |
At least Microsoft Windows XP Professional with SP2 |
Specifies that Windows Firewall blocks
all unsolicited incoming messages. This policy setting overrides all other
Windows Firewall policy settings that allow such messages. If you enable this policy setting, in the
Windows Firewall component of Control Panel, the Don't allow exceptions check
box is selected and administrators cannot clear it. You should also enable
the Windows Firewall: Protect all network connections policy setting;
otherwise, administrators who log on locally can work around the Windows
Firewall: Do not allow exceptions policy setting by turning off the
firewall. If you disable this policy
setting, Windows Firewall applies other policy settings that allow
unsolicited incoming messages. In the Windows Firewall component of Control
Panel, the Don't allow exceptions check box is cleared and administrators
cannot select it. If you do not
configure this policy setting, Windows Firewall applies other policy settings
that allow unsolicited incoming messages. In the Windows Firewall component
of Control Panel, the Don't allow exceptions check box is cleared by default,
but administrators can change it. |
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile!DoNotAllowExceptions |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\Network\Network Connections\Windows
Firewall\Standard Profile |
Windows Firewall: Define program exceptions |
At least Microsoft Windows XP Professional with SP2 |
Allows you to view and change the program
exceptions list defined by Group Policy. Windows Firewall uses two program
exception lists: one is defined by Group Policy settings and the other is
defined by the Windows Firewall component in Control Panel. If you enable this policy setting, you can
view and change the program exceptions list defined by Group Policy. If you
add a program to this list and set its status to Enabled, that program can
receive unsolicited incoming messages on any port that it asks Windows
Firewall to open, even if that port is blocked by another policy setting,
such as the Windows Firewall: Define port exceptions policy setting. To view
the program list, enable the policy setting and then click the Show button.
To add a program, enable the policy setting, note the syntax, click the Show
button, click the Add button, and then type a definition string that uses the
syntax format. To remove a program, click its definition, and then click the
Remove button. To edit a definition, remove the current definition from the
list and add a new one with different parameters. To allow administrators to
add programs to the local program exceptions list that is defined by the
Windows Firewall component in Control Panel, also enable the Windows
Firewall: Allow local program exceptions policy setting. If you disable this policy setting, the
program exceptions list defined by Group Policy is deleted. If a local
program exceptions list exists, it is ignored unless you enable the Windows
Firewall: Allow local program exceptions policy setting. If you do not configure this policy
setting, Windows Firewall uses only the local program exceptions list that
administrators define by using the Windows Firewall component in Control
Panel. Note: If you type an invalid
definition string, Windows Firewall adds it to the list without checking for
errors. This allows you to add programs that you have not installed yet, but
be aware that you can accidentally create multiple entries for the same
program with conflicting Scope or Status values. Scope parameters are
combined for multiple entries. Note:
If you set the Status parameter of a definition string to disabled, Windows
Firewall ignores port requests made by that program and ignores other
definitions that set the Status of that program to enabled. Therefore, if you
set the Status to disabled, you prevent administrators from allowing the
program to ask Windows Firewall to open additional ports. However, even if
the Status is disabled, the program can still receive unsolicited incoming
messages through a port if another policy setting opens that port. Note: Windows Firewall opens ports for the
program only when the program is running and listening for incoming messages.
If the program is not running, or is running but not listening for those
messages, Windows Firewall does not open its ports. |
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications!Enabled |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\Network\Network Connections\Windows
Firewall\Standard Profile |
Windows Firewall: Allow local program exceptions |
At least Microsoft Windows XP Professional with SP2 |
Allows administrators to use the Windows
Firewall component in Control Panel to define a local program exceptions
list. Windows Firewall uses two program exceptions lists; the other is
defined by the Windows Firewall: Define program exceptions policy setting. If you enable this policy setting, the
Windows Firewall component in Control Panel allows administrators to define a
local program exceptions list. If you
disable this policy setting, the Windows Firewall component in Control Panel
does not allow administrators to define a local program exceptions list. If you do not configure this policy
setting, the ability of administrators to define a local program exceptions
list depends on the configuration of the Windows Firewall: Define program
exceptions policy setting. If that setting is not configured, administrators
can define a local program exceptions list. If it is enabled or disabled, administrators
cannot define a local program exceptions list. |
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications!AllowUserPrefMerge |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\Network\Network Connections\Windows
Firewall\Standard Profile |
Windows Firewall: Allow remote administration exception |
At least Microsoft Windows XP Professional with SP2 |
Allows remote administration of this computer using administrative tools such as the Microsoft Management
Console (MMC) and Windows Management Instrumentation (WMI). To do this,
Windows Firewall opens TCP ports 135 and 445. Services typically use these
ports to communicate using remote procedure calls (RPC) and Distributed
Component Object Model (DCOM). This policy setting also allows SVCHOST.EXE
and LSASS.EXE to receive unsolicited incoming messages and allows hosted
services to open additional dynamically-assigned ports, typically in the range
of 1024 to 1034. If you enable this
policy setting, Windows Firewall allows the computer to receive the
unsolicited incoming messages associated with remote administration. You must
specify the IP addresses or subnets from which these incoming messages are
allowed. If you disable or do not
configure this policy setting, Windows Firewall does not open TCP port 135 or
445. Also, Windows Firewall prevents SVCHOST.EXE and LSASS.EXE from receiving
unsolicited incoming messages, and prevents hosted services from opening
additional dynamically-assigned ports. Because disabling this policy setting
does not block TCP port 445, it does not conflict with the Windows Firewall:
Allow file and printer sharing exception policy setting. Note: Malicious users often attempt to
attack networks and computers using RPC and DCOM. We recommend that you
contact the manufacturers of your critical programs to determine if they are
hosted by SVCHOST.exe or LSASS.exe or if they require RPC and DCOM
communication. If they do not, then do not enable this policy setting. Note: If any policy setting opens TCP port
445, Windows Firewall allows inbound ICMP echo request messages (the message
sent by the Ping utility), even if the Windows Firewall: Allow ICMP
exceptions policy setting would block them. Policy settings that can open TCP
port 445 include Windows Firewall: Allow file and printer sharing exception,
Windows Firewall: Allow remote administration exception, and Windows
Firewall: Define port exceptions. |
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\RemoteAdminSettings!Enabled,
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\RemoteAdminSettings!RemoteAddresses |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\Network\Network Connections\Windows
Firewall\Standard Profile |
Windows Firewall: Allow file and printer sharing exception |
At least Microsoft Windows XP Professional with SP2 |
Allows file and printer sharing. To do this, Windows Firewall opens UDP ports 137 and 138, and TCP ports 139
and 445. If you enable this policy
setting, Windows Firewall opens these ports so that this computer can receive
print jobs and requests for access to shared files. You must specify the IP
addresses or subnets from which these incoming messages are allowed. In the
Windows Firewall component of Control Panel, the File and Printer Sharing
check box is selected and administrators cannot clear it. If you disable this policy setting, Windows
Firewall blocks these ports, which prevents this computer from sharing files
and printers. If an administrator attempts to open any of these ports by
adding them to a local port exceptions list, Windows Firewall does not open
the port. In the Windows Firewall component of Control Panel, the File and
Printer Sharing check box is cleared and administrators cannot select
it. If you do not configure this
policy setting, Windows Firewall does not open these ports. Therefore, the
computer cannot share files or printers unless an administrator uses other
policy settings to open the required ports. In the Windows Firewall component
of Control Panel, the File and Printer Sharing check box is cleared.
Administrators can change this check box.
Note: If any policy setting opens TCP port 445, Windows Firewall
allows inbound ICMP echo requests (the message sent by the Ping utility),
even if the Windows Firewall: Allow ICMP exceptions policy setting would
block them. Policy settings that can open TCP port 445 include Windows
Firewall: Allow file and printer sharing exception, Windows Firewall: Allow
remote administration exception, and Windows Firewall: Define port
exceptions. |
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\FileAndPrint!Enabled,
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\FileAndPrint!RemoteAddresses |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\Network\Network Connections\Windows
Firewall\Standard Profile |
Windows Firewall: Allow ICMP exceptions |
At least Microsoft Windows XP Professional with SP2 |
Defines the set of Internet Control Message Protocol (ICMP) message types that Windows Firewall allows.
Utilities can use ICMP messages to determine the status of other computers.
For example, Ping uses the echo request message. If you do not enable the
Allow inbound echo request message type, Windows Firewall blocks echo request
messages sent by Ping running on other computers, but it does not block
outbound echo request messages sent by Ping running on this computer. If you enable this policy setting, you must
specify which ICMP message types Windows Firewall allows this computer to
send or receive. If you disable this
policy setting, Windows Firewall blocks all unsolicited incoming ICMP message
types and the listed outgoing ICMP message types. As a result, utilities that
use the blocked ICMP messages will not be able to send those messages to or
from this computer. Administrators cannot use the Windows Firewall component
in Control Panel to enable any message types. If you enable this policy
setting and allow certain message types, then later disable this policy
setting, Windows Firewall deletes the list of message types that you had
enabled. If you do not configure this
policy setting, Windows Firewall behaves as if you had disabled it, except
that administrators can use the Windows Firewall component in Control Panel
to enable or disable message types.
Note: If any policy setting opens TCP port 445, Windows Firewall
allows inbound echo requests, even if the Windows Firewall: Allow ICMP
exceptions policy setting would block them. Policy settings that can open TCP
port 445 include Windows Firewall: Allow file and printer sharing exception,
Windows Firewall: Allow remote administration exception, and Windows
Firewall: Define port exceptions.
Note: Other Windows Firewall policy settings affect only incoming
messages, but several of the options of the Windows Firewall: Allow ICMP
exceptions policy setting affect outgoing communication. |
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings!AllowOutboundDestinationUnreachable,
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings!AllowOutboundSourceQuench,
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings!AllowRedirect,
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings!AllowInboundEchoRequest,
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings!AllowInboundRouterRequest,
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings!AllowOutboundTimeExceeded,
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings!AllowOutboundParameterProblem,
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings!AllowInboundTimestampRequest,
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings!AllowInboundMaskRequest,
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings!AllowOutboundPacketTooBig |
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\Network\Network Connections\Windows
Firewall\Standard Profile |
Windows Firewall: Allow Remote Desktop
exception |
At least Microsoft Windows XP Professional with SP2 |
Allows this computer to receive Remote
Desktop requests. To do this, Windows Firewall opens TCP port 3389. If you enable this policy setting, Windows
Firewall opens this port so that this computer can receive Remote Desktop
requests. You must specify the IP addresses or subnets from which these
incoming messages are allowed. In the Windows Firewall component of Control
Panel, the Remote Desktop check box is selected and administrators cannot
clear it. If you disable this policy
setting, Windows Firewall blocks this port, which prevents this computer from
receiving Remote Desktop requests. If an administrator attempts to open this
port by adding it to a local port exceptions list, Windows Firewall does not
open the port. In the Windows Firewall component of Control Panel, the Remote
Desktop check box is cleared and administrators cannot select it. If you do not configure this policy
setting, Windows Firewall does not open this port. Therefore, the computer
cannot receive Remote Desktop requests unless an administrator uses other
policy settings to open the port. In the Windows Firewall component of
Control Panel, the Remote Desktop check box is cleared. Administrators can
change this check box. |
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\RemoteDesktop!Enabled,
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\RemoteDesktop!RemoteAddresses |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\Network\Network Connections\Windows
Firewall\Standard Profile |
Windows Firewall: Allow UPnP framework
exception |
At least Microsoft Windows XP Professional with SP2 |
Allows this computer to receive unsolicited Plug and Play messages sent by network devices, such as routers
with built-in firewalls. To do this, Windows Firewall opens TCP port 2869 and
UDP port 1900. If you enable this
policy setting, Windows Firewall opens these ports so that this computer can
receive Plug and Play messages. You must specify the IP addresses or subnets
from which these incoming messages are allowed. In the Windows Firewall
component of Control Panel, the UPnP framework check box is selected and
administrators cannot clear it. If
you disable this policy setting, Windows Firewall blocks these ports, which
prevents this computer from receiving Plug and Play messages. If an
administrator attempts to open these ports by adding them to a local port
exceptions list, Windows Firewall does not open the ports. In the Windows
Firewall component of Control Panel, the UPnP framework check box is cleared
and administrators cannot select it.
If you do not configure this policy setting, Windows Firewall does not
open these ports. Therefore, the computer cannot receive Plug and Play
messages unless an administrator uses other policy settings to open the required
ports or enable the required programs. In the Windows Firewall component of
Control Panel, the UPnP framework check box is cleared. Administrators can
change this check box. |
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\UPnPFramework!Enabled,
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\UPnPFramework!RemoteAddresses |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\Network\Network Connections\Windows
Firewall\Standard Profile |
Windows Firewall: Prohibit notifications |
At least Microsoft Windows XP Professional with SP2 |
Prevents Windows Firewall from displaying
notifications to the user when a program requests that Windows Firewall add
the program to the program exceptions list.
If you enable this policy setting, Windows Firewall prevents the
display of these notifications. If you
disable this policy setting, Windows Firewall allows the display of these
notifications. In the Windows Firewall component of Control Panel, the
Display a notification when Windows Firewall blocks a program check box is
selected and administrators cannot clear it.
If you do not configure this policy setting, Windows Firewall behaves
as if the policy setting were disabled, except that in the Windows Firewall
component of Control Panel, the Display a notification when Windows Firewall
blocks a program check box is selected by default, and administrators can
change it. |
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\UPnPFramework!DisableNotifications |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\Network\Network Connections\Windows
Firewall\Standard Profile |
Windows Firewall: Allow logging |
At least Microsoft Windows XP Professional with SP2 |
Allows Windows Firewall to record information
about the unsolicited incoming messages that it receives. If you enable this policy setting, Windows
Firewall writes the information to a log file. You must provide the name,
location, and maximum size of the log file. The location can contain
environment variables. You must also specify whether to record information
about incoming messages that the firewall blocks (drops) and information
about successful incoming and outgoing connections. Windows Firewall does not
provide an option to log successful incoming messages. If you disable this policy setting, Windows
Firewall does not record information in the log file. If you enable this
policy setting, and Windows Firewall creates the log file and adds
information, then upon disabling this policy setting, Windows Firewall leaves
the log file intact. In the Windows Firewall component of Control Panel, the
Security Logging settings are cleared and administrators cannot select
them. If you do not configure this
policy setting, Windows Firewall behaves as if the policy setting were
disabled, except that administrators can choose whether to select the
Security Logging settings. |
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Logging!LogDroppedPackets,
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Logging!LogSuccessfulConnections,
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Logging!LogDroppedPackets,
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Logging!LogSuccessfulConnections,
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Logging!LogFilePath,
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Logging!LogFileSize |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\Network\Network Connections\Windows
Firewall\Standard Profile |
Windows Firewall: Prohibit unicast response to multicast or broadcast requests |
At least Microsoft Windows XP Professional with SP2 |
Prevents this computer from receiving
unicast responses to its outgoing multicast or broadcast messages. If you enable this policy setting, and this
computer sends multicast or broadcast messages to other computers, Windows
Firewall blocks the unicast responses sent by those other computers. If you disable or do not configure this
policy setting, and this computer sends a multicast or broadcast message to
other computers, Windows Firewall waits as long as three seconds for unicast
responses from the other computers and then blocks all later responses. Note: This policy setting has no effect if
the unicast message is a response to a Dynamic Host Configuration Protocol
(DHCP) broadcast message sent by this computer. Windows Firewall always
permits those DHCP unicast responses. However, this policy setting can
interfere with the NetBIOS messages that detect name conflicts. |
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Logging!DisableUnicastResponsesToMulticastBroadcast |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\Network\Network Connections\Windows
Firewall\Standard Profile |
Windows Firewall: Define port exceptions |
At least Microsoft Windows XP Professional with SP2 |
Allows you to view and change the port
exceptions list defined by Group Policy. Windows Firewall uses two port
exception lists: one is defined by Group Policy settings and the other is
defined by the Windows Firewall component in Control Panel. If you enable this policy setting, you can
view and change the port exceptions list defined by Group Policy. To view
this port exceptions list, enable the policy setting and then click the Show
button. To add a port, enable the policy setting, note the syntax, click the
Show button, click the Add button, and then type a definition string that
uses the syntax format. To remove a port, click its definition, and then
click the Remove button. To edit a definition, remove the current definition
from the list and add a new one with different parameters. To allow
administrators to add ports to the local port exceptions list that is defined
by the Windows Firewall component in Control Panel, also enable the Windows
Firewall: Allow local port exceptions policy setting. If you disable this policy setting, the
port exceptions list defined by Group Policy is deleted, but other policy
settings can continue to open or block ports. Also, if a local port
exceptions list exists, it is ignored unless you enable the Windows Firewall:
Allow local port exceptions policy setting.
If you do not configure this policy setting, Windows Firewall uses
only the local port exceptions list that administrators define by using the
Windows Firewall component in Control Panel. Other policy settings can
continue to open or block ports. Note:
If you type an invalid definition string, Windows Firewall adds it to the
list without checking for errors, and therefore you can accidentally create
multiple entries for the same port with conflicting Scope or Status values.
Scope parameters are combined for multiple entries. If entries have different
Status values, any definition with the Status set to disabled overrides all
definitions with the Status set to enabled, and the port does not receive
messages. Therefore, if you set the Status of a port to disabled, you can
prevent administrators from using the Windows Firewall component in Control
Panel to enable the port. Note: The
only effect of setting the Status value to disabled is that Windows Firewall
ignores other definitions for that port that set the Status to enabled. If
another policy setting opens a port, or if a program in the program
exceptions list asks Windows Firewall to open a port, Windows Firewall opens
the port. Note: If any policy setting
opens TCP port 445, Windows Firewall allows inbound ICMP echo request
messages (the message sent by the Ping utility), even if the Windows
Firewall: Allow ICMP exceptions policy setting would block them. Policy
settings that can open TCP port 445 include Windows Firewall: Allow file and
printer sharing exception, Windows Firewall: Allow remote administration
exception, and Windows Firewall: Define port exceptions. |
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts!Enabled |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\Network\Network Connections\Windows
Firewall\Standard Profile |
Windows Firewall: Allow local port exceptions |
At least Microsoft Windows XP Professional with SP2 |
Allows administrators to use the Windows
Firewall component in Control Panel to define a local port exceptions list.
Windows Firewall uses two port exceptions lists; the other is defined by the
Windows Firewall: Define port exceptions policy setting. If you enable this policy setting, the
Windows Firewall component in Control Panel allows administrators to define a
local port exceptions list. If you
disable this policy setting, the Windows Firewall component in Control Panel
does not allow administrators to define a local port exceptions list. If you do not configure this policy
setting, the ability of administrators to define a local port exceptions list
depends on the configuration of the Windows Firewall: Define port exceptions
policy setting. If that setting is not configured, administrators can define
a local port exceptions list. If it is enabled or disabled, administrators
cannot define a local port exceptions list. |
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts!AllowUserPrefMerge |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\Network\Network Connections\Windows
Firewall |
Windows Firewall: Allow authenticated IPSec bypass |
At least Microsoft Windows XP Professional with SP2 |
Allows unsolicited incoming messages
from specified systems that authenticate using the IPSec transport. If you enable this policy setting, you must
type a security descriptor containing a list of computers or groups of
computers. If a computer on that list authenticates using IPSec, Windows
Firewall does not block its unsolicited messages. This policy setting
overrides other policy settings that would block those messages. If you disable or do not configure this
policy setting, Windows Firewall makes no exception for messages sent by
computers that authenticate using IPSec. If you enable this policy setting
and add systems to the list, upon disabling this policy, Windows Firewall
deletes the list. Note: You define
entries in this list by using Security Descriptor Definition Language (SDDL)
strings. For more information about the SDDL format, see the Windows Firewall
deployment information at the Microsoft Web site
(http://go.microsoft.com/fwlink/?LinkId=25131). |
HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\ICFv4!BypassFirewall |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\Network\Background Intelligent
Transfer Service |
Maximum network bandwith that BITS uses |
Windows Windows XP SP2 or computers with BITS 2.0 installed. |
Limits the network bandwidth that BITS uses for background transfers (this policy does not affect foreground
transfers). Specify a limit to use
during a specific time interval and a limit to use at all other times. For
example, limit the use of network bandwidth to 10 Kbps from 8AM to 5PM, and
use all available unused bandwidth the rest of the time. Specify the limit in kilobits per second
(Kbps). Base the limit on the size of the network link, not the computer’s
network interface card (NIC). BITS uses approximately two kilobits if you
specify a value less than two kilobits.
To prevent BITS transfers from occurring, specify a limit of 0. If you disable or do not configure this
policy, BITS uses all available unused bandwidth. Typically, you use this policy to prevent
BITS transfers from competing for network bandwidth when the client has a fast
network card (10Mbs), but is connected to the network via a slow link
(56Kbs). |
HKLM\Software\Policies\Microsoft\Windows\BITS!EnableBITSMaxBandwidth,
HKLM\Software\Policies\Microsoft\Windows\BITS!MaxTransferRateOnSchedule,
HKLM\Software\Policies\Microsoft\Windows\BITS!MaxBandwidthValidFrom,
HKLM\Software\Policies\Microsoft\Windows\BITS!MaxBandwidthValidTo,
HKLM\Software\Policies\Microsoft\Windows\BITS!UseSystemMaximum,
HKLM\Software\Policies\Microsoft\Windows\BITS!MaxTransferRateOffSchedule |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\Windows Components\Event Viewer |
Events.asp URL |
At least Microsoft Windows XP Professional with SP2 |
This is the URL that will be passed to the Description area in the Event Properties dialog box. Change this
value if you want to use a different Web server to handle event information
requests. |
HKLM\Software\Policies\Microsoft\EventViewer!MicrosoftRedirectionURL |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\Windows Components\Event Viewer |
Events.asp program |
At least Microsoft Windows XP Professional with SP2 |
This is the program that will be invoked when the user clicks the events.asp link. |
HKLM\Software\Policies\Microsoft\EventViewer!MicrosoftRedirectionProgram |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\Windows Components\Event Viewer |
Events.asp program command line parameters |
At least Microsoft Windows XP Professional with SP2 |
This specifies the command line parameters
that will be passed to the events.asp program |
HKLM\Software\Policies\Microsoft\EventViewer!MicrosoftRedirectionProgramCommandLineParameters |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\Windows Components\Terminal
Services\Client |
Do not allow passwords to be saved |
At least Microsoft Windows XP Professional with SP2 |
Controls whether passwords can be saved
on this computer from Terminal Services clients. If you enable this setting the password
saving checkbox in Terminal Services clients will be disabled and users will
no longer be able to save passwords. When a user opens an RDP file using the
Terminal Services client and saves his settings, any password that previously
existed in the RDP file will be deleted.
If you disable this setting or leave it not configured, the user will
be able to save passwords using the Terminal Services client. |
HKLM\Software\Policies\Microsoft\Windows
NT\Terminal Services!DisablePasswordSaving |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\Windows Components\Windows Explorer |
Turn off shell protocol protected mode |
At least Microsoft Windows XP Professional with SP2 |
This policy setting allows you to configure the amount of functionality that the shell protocol can have. When
using the full functionality of this protocol, applications can open folders
and launch files. The protected mode reduces the functionality of this
protocol allowing applications to only open a limited set of folders.
Applications are not able to open files with this protocol when it is in the
protected mode. It is recommended to leave this protocol in the protected
mode to increase the security of Windows.
If you enable this policy setting the protocol is fully enabled,
allowing the opening of folders and files.
If you disable this policy setting the protocol is in the protected
mode, allowing applications to only open a limited set of folders. If you do not configure this policy setting
the protocol is in the protected mode, allowing applications to only open a
limited set of folders. |
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!PreXPSP2ShellProtocolBehavior |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\Windows Components\Windows Movie
Maker |
Do not allow Windows Movie Maker to run |
At least Microsoft Windows XP Professional with SP2 |
Specifies whether Windows Movie Maker
can run. Windows Movie Maker is a
feature of the Windows XP operating system that can be used to capture, edit,
and then save video as a movie to share with others. If you enable this setting, Windows Movie
Maker will not run. If you disable or
do not configure this setting, Windows Movie Maker can be run. |
HKLM\Software\Policies\Microsoft\WindowsMovieMaker!MovieMaker |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\Windows Components\Windows Update |
Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box |
At least Microsoft Windows XP Professional with SP2 |
This policy setting allows you to manage whether the 'Install Updates and Shut Down' option is displayed in
the Shut Down Windows dialog box. If
you enable this policy setting, 'Install Updates and Shut Down' will not
appear as a choice in the Shut Down Windows dialog box, even if updates are
available for installation when the user selects the Shut Down option in the
Start menu. If you disable or do not
configure this policy setting, the 'Install Updates and Shut Down' option
will be available in the Shut Down Windows dialog box if updates are
available when the user selects the Shut Down option in the Start menu. |
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!NoAUShutdownOption |
|
| Windows XP SP2 |
System |
MACHINE |
Administrative Templates\Windows Components\Windows Update |
Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box |
At least Microsoft Windows XP Professional with SP2 |
This policy setting allows you to manage whether the 'Install Updates and Shut Down' option is allowed to be
the default choice in the Shut Down Windows dialog. If you enable this policy setting, the
user's last shut down choice (Hibernate, Restart, etc.) is the default option
in the Shut Down Windows dialog box, regardless of whether the 'Install
Updates and Shut Down' option is available in the 'What do you want the
computer to do?' list. If you disable
or do not configure this policy setting, the 'Install Updates and Shut Down'
option will be the default option in the Shut Down Windows dialog box if
updates are available for installation at the time the user selects the Shut
Down option in the Start menu. Note
that this policy setting has no impact if the Computer
Configuration\Administrative Templates\Windows Components\Windows Update\Do
not display 'Install Updates and Shut Down' option in Shut Down Windows
dialog box policy setting is enabled. |
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!NoAUAsDefaultShutdownOption |
|
| Windows XP SP2 |
System |
USER |
Administrative Templates\Network\Network Connections |
Turn off notifications when a connection has only limited or no connectivity |
At least Microsoft Windows XP Professional with SP2 |
This policy setting allows you to manage whether notifications are shown to the user when a DHCP-configured
connection is unable to retrieve an IP address from a DHCP server. This is
often signified by the assignment of an automatic private IP address”(i.e. an
IP address in the range 169.254.*.*). This indicates that a DHCP server could
not be reached or the DHCP server was reached but unable to respond to the
request with a valid IP address. By default, a notification is displayed
providing the user with information on how the problem can be resolved. If you enable this policy setting, this
condition will not be reported as an error to the user. If you disable or do not configure this
policy setting, a DHCP-configured connection that has not been assigned an IP
address will be reported via a notification, providing the user with
information as to how the problem can be resolved. |
HKCU\Software\Policies\Microsoft\Windows\Network
Connections!NC_IpStateChecking |
|
| Windows XP SP2 |
System |
USER |
Administrative Templates\System\Internet Communication
Management |
Restrict Internet communication |
At least Microsoft Windows XP Professional with SP2 |
Specifies whether Windows can access
the Internet to accomplish tasks that require Internet resources. If this setting is enabled, all of the the
policy settings listed in the Internet Communication settings section will be
set to enabled. If this setting is
disabled, all of the the policy settings listed in the 'Internet
Communication settings' section will be set to disabled. If this setting is not configured, all of
the the policy settings in the 'Internet Communication settings' section will
be set to not configured. |
HKCU\Software\Policies\Microsoft\InternetManagement!RestrictCommunication,
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoPublishingWizard,
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoWebServices,
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoOnlinePrintsWizard,
HKCU\Software\Policies\Microsoft\Messenger\Client!CEIP,
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoInternetOpenWith,
HKCU\Software\Policies\Microsoft\Windows NT\Printers!DisableHTTPPrinting,
HKCU\Software\Policies\Microsoft\Windows NT\Printers!DisableWebPnPDownload,
HKCU\Software\Policies\Microsoft\WindowsMovieMaker!CodecDownload,
HKCU\Software\Policies\Microsoft\WindowsMovieMaker!WebHelp,
HKCU\Software\Policies\Microsoft\WindowsMovieMaker!WebPublish,
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoPublishingWizard,
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoWebServices,
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoOnlinePrintsWizard,
HKCU\Software\Policies\Microsoft\Messenger\Client!CEIP,
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoInternetOpenWith,
HKCU\Software\Policies\Microsoft\Windows NT\Printers!DisableHTTPPrinting,
HKCU\Software\Policies\Microsoft\Windows NT\Printers!DisableWebPnPDownload,
HKCU\Software\Policies\Microsoft\WindowsMovieMaker!CodecDownload,
HKCU\Software\Policies\Microsoft\WindowsMovieMaker!WebHelp,
HKCU\Software\Policies\Microsoft\WindowsMovieMaker!WebPublish |
|
| Windows XP SP2 |
System |
USER |
Administrative Templates\System\Internet Communication
Management\Internet Communication settings |
Turn off the Publish to Web task for files and folders |
At least Microsoft Windows XP Professional with SP2 |
Specifies whether the tasks Publish this file to the Web, Publish this folder to the Web, and Publish the
selected items to the Web, are available from File and Folder Tasks in
Windows folders. The Web Publishing
Wizard is used to download a list of providers and allow users to publish
content to the Web. If you enable this
setting, these tasks are removed from the File and Folder tasks in Windows
folders. If you disable or do not
configure this setting, the tasks will be shown. |
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoPublishingWizard |
|
| Windows XP SP2 |
System |
USER |
Administrative Templates\System\Internet Communication
Management\Internet Communication settings |
Turn off Internet download for Web publishing and online ordering wizards |
At least Microsoft Windows XP Professional with SP2 or Windows Server 2003 family |
Specifies whether Windows should download
a list of providers for the Web publishing and online ordering wizards. These wizards allow users to select from a
list of companies that provide services such as online storage and
photographic printing. By default,
Windows displays providers downloaded from a Windows Web site in addition to
providers specified in the registry.
If you enable this setting, Windows will not download providers and
only the service providers that are cached in the local registry will be
displayed. If you disable or do not
configure this setting, a list of providers will be downloaded when the user
uses the Web publishing or online ordering wizards. See the documentation for the Web
publishing and online ordering wizards for more information, including
details on specifying service providers in the registry. |
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoWebServices |
|
| Windows XP SP2 |
System |
USER |
Administrative Templates\System\Internet Communication
Management\Internet Communication settings |
Turn off the Order Prints picture task |
At least Microsoft Windows XP Professional with SP2 or Windows Server 2003 family |
Specifies whether the Order Prints Online
task is available from Picture Tasks in Windows folders. The Order Prints Online Wizard is used to
download a list of providers and allow users to order prints online. If you enable this setting, the task Order
Prints Online is removed from Picture Tasks in Windows Explorer folders. If you disable or do not configure this
setting, the task is displayed. |
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoOnlinePrintsWizard |
|
| Windows XP SP2 |
System |
USER |
Administrative Templates\System\Internet Communication
Management\Internet Communication settings |
Turn off the Windows Messenger Customer
Experience Improvement Program |
At least Microsoft Windows XP Professional with SP2 or Windows Server 2003 family |
Specifies whether Windows Messenger
collects anonymous information about how Windows Messenger software and
service is used. With the Customer
Experience Improvement program, users can allow Microsoft to collect
anonymous information about how the product is used. This information is used to improve the
product in future releases. If you
enable this setting, Windows Messenger will not collect usage information and
the user settings to enable the collection of usage information will not be
shown. If you disable this setting,
Windows Messenger will collect anonymous usage information and the setting
will not be shown. If you do not
configure this setting, users will have the choice to opt-in and allow
information to be collected. |
HKCU\Software\Policies\Microsoft\Messenger\Client!CEIP |
|
| Windows XP SP2 |
System |
USER |
Administrative Templates\System\Internet Communication
Management\Internet Communication settings |
Turn off printing over HTTP |
At least Microsoft Windows XP Professional with SP2 |
Specifies whether to allow printing over HTTP from this client.
Printing over HTTP allows a client to print to printers on the
intranet as well as the Internet.
Note: This setting affects the client side of Internet printing only.
It does not prevent this machine from acting as an Internet Printing server
and making its shared printers available via HTTP. If you enable this setting, it prevents
this client from printing to Internet printers over HTTP. If you disable or do not configure this
setting, users will be able to choose to print to Internet printers over
HTTP. Also see the Web-based Printing
setting in Computer Configuration/Administrative Templates/Printers. |
HKCU\Software\Policies\Microsoft\Windows
NT\Printers!DisableHTTPPrinting |
|
| Windows XP SP2 |
System |
USER |
Administrative Templates\System\Internet Communication
Management\Internet Communication settings |
Turn off downloading of print drivers over HTTP |
At least Microsoft Windows XP Professional with SP2 |
Specifies whether to allow this client to download print driver packages over HTTP. To set up HTTP printing, non-inbox drivers
need to be downloaded over HTTP. Note:
This setting does not prevent the client from printing to printers on the
Intranet or the Internet over HTTP. It
only prohibits downloading drivers that are not already installed
locally. If you enable this setting,
print drivers will not be downloaded over HTTP. If you disable this setting or do not
configure it, users will be able to download print drivers over HTTP. |
HKCU\Software\Policies\Microsoft\Windows
NT\Printers!DisableWebPnPDownload |
|
| Windows XP SP2 |
System |
USER |
Administrative Templates\System\Internet Communication
Management\Internet Communication settings |
Turn off Windows Movie Maker automatic
codec downloads |
At least Microsoft Windows XP Professional with SP2 |
Specifies whether Windows Movie Maker
automatically downloads codecs.
Windows Movie Maker can be configured so that codecs are downloaded
automatically if the required codecs are not installed on the computer. If you enable this setting, Windows Movie
Maker will not attempt to download missing codecs for imported audio and
video files. If you disable or do not
configure this setting, Windows Movie Maker might attempt to download missing
codecs for imported audio and video files. |
HKCU\Software\Policies\Microsoft\WindowsMovieMaker!CodecDownload |
|
| Windows XP SP2 |
System |
USER |
Administrative Templates\System\Internet Communication
Management\Internet Communication settings |
Turn off Windows Movie Maker online Web
links |
At least Microsoft Windows XP Professional with SP2 |
Specifies whether links to Web sites are available in Windows Movie Maker. These links include the Windows
Movie Maker on the Web and Privacy Statement commands that appear on the Help
menu, as well as the Learn more about video filters hyperlink in the Options
dialog box and the sign up now hyperlink in the The Web saving option in the
Save Movie Wizard. The Windows Movie
Maker on the Web command lets users go directly to the Windows Movie Maker
Web site to get more information, and the Privacy Statement command lets
users view information about privacy issues in respect to Windows Movie
Maker. The Learn more about video filters hyperlink lets users learn more
about video filters and their role in saving movies process in Windows Movie
Maker. The sign up now hyperlink lets
users sign up with a video hosting provider on the Web. If you enable this setting, the previously
mentioned links to Web sites from Windows Movie Maker are disabled and cannot
be selected. If you disable or do not
configure this setting, the previously mentioned links to Web sites from
Windows Movie Maker are enabled and can be selected. |
HKCU\Software\Policies\Microsoft\WindowsMovieMaker!WebHelp |
|
| Windows XP SP2 |
System |
USER |
Administrative Templates\System\Internet Communication
Management\Internet Communication settings |
Turn off Windows Movie Maker saving to
online video hosting provider |
At least Microsoft Windows XP Professional with SP2 |
Specifies whether users can send a final
movie to a video hosting provider on the Web by choosing The Web saving
option in the Save Movie Wizard of Windows Movie Maker. When users create a movie in Windows Movie
Maker, they can choose to share it in a variety of ways through the Save
Movie Wizard. The Web saving option lets users send their movies to a video
hosting provider. If you enable this
setting, users cannot choose The Web saving option in the Save Movie Wizard
of Windows Movie Maker and cannot send a movie to a video hosting provider on
the Web. If you disable or do not
configure this setting, users can choose The Web saving option in the Save
Movie Wizard of Windows Movie Maker and can send a movie to a video hosting
provider on the Web. |
HKCU\Software\Policies\Microsoft\WindowsMovieMaker!WebPublish |
|
| Windows XP SP2 |
System |
USER |
Administrative Templates\System |
Turn off Windows Update device driver search prompt |
At least Microsoft Windows XP Professional with SP2 |
Specifies whether the administrator will
be prompted about going to Windows Update to search for device drivers using
the Internet. Note: This setting only
has effect if Turn off Windows Update device driver searching in
Administrative Templates/System/Internet Communication Management/Internet
Communication settings is disabled or not configured. If this setting is enabled, administrators
will not be prompted to search Windows Update. If this setting is disabled or not
configured and Turn off Windows Update device driver searching is disabled or
not configured, the administrator will be prompted for consent before going
to Windows Update to search for device drivers. |
HKCU\Software\Policies\Microsoft\Windows\DriverSearching!DontPromptForWindowsUpdate |
|
| Windows XP SP2 |
System |
USER |
Administrative Templates\Windows Components\Attachment Manager |
Default risk level for file attachments |
At least Microsoft Windows XP Professional with SP2 |
This policy setting allows you to manage the default risk level for file types. To fully customize the risk
level for file attachments, you may also need to configure the trust logic
for file attachments. High Risk – If
the attachment is in the list of high risk file types and is from the
restricted zone, Windows blocks the user from accessing the file. If the file
is from the Internet zone, Windows prompts the user before accessing the
file. Moderate Risk - If the
attachment is in the list of moderate risk file types and is from the
restricted or Internet zone, Windows prompts the user before accessing the
file. Low Risk - If the attachment is
in the list of low risk file types, Windows will not prompt the user before
accessing the file, regardless of the file’s zone information. If you enable this policy setting you can
specify the default risk level for file types. If you disable this policy setting Windows
sets the default risk level to moderate.
If you do not configure this policy setting Windows sets the default
risk level to moderate. |
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations!DefaultFileTypeRisk |
|
| Windows XP SP2 |
System |
USER |
Administrative Templates\Windows Components\Attachment Manager |
Inclusion list for high risk file types |
At least Microsoft Windows XP Professional with SP2 |
This policy setting allows you to configure the list of high risk file types. If the file attachment is in the
list of high risk file types and is from the restricted zone, Windows blocks
the user from accessing the file. If the file is from the Internet zone,
Windows prompts the user before accessing the file. This inclusion list takes
precedence over the Medium and Low risk inclusion lists (where an extension
is listed in more than one inclusion list.)
If you enable this policy setting you can create a custom list of high
risk file types. If you disable this
policy setting Windows uses its built in list of file types that pose a high
risk. If you do not configure this
policy setting Windows uses its built in list of high risk file types. |
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations!HighRiskFileTypes |
|
| Windows XP SP2 |
System |
USER |
Administrative Templates\Windows Components\Attachment Manager |
Inclusion list for moderate risk file types |
At least Microsoft Windows XP Professional with SP2 |
This policy setting allows you to configure the list of moderate risk file types. If the attachment is in the
list of moderate risk file types and is from the restricted or Internet zone,
Windows prompts the user before accessing the file. This inclusion list
overrides the list of potentially high risk file types built into Windows and
it takes precedence over the Low risk inclusion list but has a lower
precedence than the High risk inclusion list (where an extension is listed in
more than one inclusion list.) If you
enable this policy setting you can specify file types which pose a moderate
risk. If you disable this policy
setting Windows uses its default trust logic.
If you do not configure this policy setting Windows uses its default
trust logic. |
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations!ModRiskFileTypes |
|
| Windows XP SP2 |
System |
USER |
Administrative Templates\Windows Components\Attachment Manager |
Inclusion list for low file types |
At least Microsoft Windows XP Professional with SP2 |
This policy setting allows you to configure the list of low risk file types. If the attachment is in the list
of low risk file types, Windows will not prompt the user before accessing the
file, regardless of the file’s zone information. This inclusion list
overrides the list of high risk file types built into Windows and has a lower
precedence than the High or Medium risk inclusion lists (where an extension
is listed in more than one inclusion list.)
If you enable this policy setting you can specify file types which
pose a low risk. If you disable this
policy setting Windows uses its default trust logic. If you do not configure this policy setting
Windows uses its default trust logic. |
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations!LowRiskFileTypes |
|
| Windows XP SP2 |
System |
USER |
Administrative Templates\Windows Components\Attachment Manager |
Trust logic for file attachments |
At least Microsoft Windows XP Professional with SP2 |
This policy setting allows you to configure the logic that Windows uses to determine the risk for file
attachments. Preferring the file
handler instructs Windows to use the file handler data over the file type
data. For example, trust notepad.exe, but don’t trust .txt files. Preferring the file type instructs Windows
to use the file type data over the file handler data. For example, trust .txt
files, regardless of the file handler.
Using both the file handler and type data is the most restrictive
option. Windows chooses the more restrictive recommendation which will cause
users to see more trust prompts than choosing the other options. If you enable this policy setting you can
choose the order in which Windows processes risk assessment data. If you disable this policy Windows uses its
default trust logic which prefers the file handler over the file type. If you do not configure this policy setting
Windows uses its default trust logic which prefers the file handler over the
file type. |
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments!UseTrustedHandlers |
|
| Windows XP SP2 |
System |
USER |
Administrative Templates\Windows Components\Attachment Manager |
Do not preserve zone information in file attachments |
At least Microsoft Windows XP Professional with SP2 |
This policy setting allows you to manage whether Windows marks file attachments with information about their
zone of origin (i.e. restricted, Internet, intranet, local). This requires
NTFS in order to function correctly, and will fail without notice on FAT32.
By not preserving the zone information Windows cannot make proper risk
assessments. If you enable this policy
setting Windows does not mark file attachments with their zone
information. If you disable this policy
setting Windows marks file attachments with their zone information. If you do not configure this policy setting
Windows marks file attachments with their zone information. |
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments!SaveZoneInformation |
|
| Windows XP SP2 |
System |
USER |
Administrative Templates\Windows Components\Attachment Manager |
Hide mechanisms to remove zone information |
At least Microsoft Windows XP Professional with SP2 |
This policy setting allows you to manage whether users can manually remove the zone information from saved
file attachments by clicking the Unblock button in the file’s property sheet
or by using a check box in the security warning dialog. Removing the zone
information allows users to open potentially dangerous file attachments that
Windows has blocked users from opening.
If you enable this policy setting Windows hides the checkbox and
Unblock button. If you disable this
policy setting Windows shows the checkbox and Unblock button. If you do not configure this policy setting
Windows shows the checkbox and Unblock button. |
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments!HideZoneInfoOnProperties |
|
| Windows XP SP2 |
System |
USER |
Administrative Templates\Windows Components\Attachment Manager |
Notify antivirus programs when opening attachments |
At least Microsoft Windows XP Professional with SP2 |
This policy setting allows you to manage the behavior for notifying registered antivirus programs. If
multiple programs are registered, they will all be notified. If the
registered antivirus program already performs on-access checks or scans files
as they arrive on the computer’s e-mail server because further calls would be
redundant. If you enable this policy
Windows tells the registered antivirus program to scan the file when a user
opens a file attachment. If the antivirus program fails, the attachment is
blocked from being opened. If you
disable this policy Windows does not call the registered antivirus programs
when file attachments are opened. If
you do not configure this policy Windows does not call the registered
antivirus programs when file attachments are opened. |
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments!ScanWithAntiVirus |
|
| Windows XP SP2 |
System |
USER |
Administrative Templates\Windows Components\Windows Explorer |
Turn off shell protocol protected mode |
At least Microsoft Windows XP Professional with SP2 |
This policy setting allows you to configure the amount of functionality that the shell protocol can have. When
using the full functionality of this protocol, applications can open folders
and launch files. The protected mode reduces the functionality of this
protocol allowing applications to only open a limited set of folders.
Applications are not able to open files with this protocol when it is in the
protected mode. It is recommended to leave this protocol in the protected
mode to increase the security of Windows.
If you enable this policy setting the protocol is fully enabled,
allowing the opening of folders and files.
If you disable this policy setting the protocol is in the protected
mode, allowing applications to only open a limited set of folders. If you do not configure this policy setting
the protocol is in the protected mode, allowing applications to only open a
limited set of folders. |
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!PreXPSP2ShellProtocolBehavior |
|
| Windows XP SP2 |
System |
USER |
Administrative Templates\Windows Components\Terminal
Services\Client |
Do not allow passwords to be saved |
At least Microsoft Windows XP Professional with SP2 |
Controls whether a user can save passwords
using a Terminal Services client. If
you enable this setting the password saving checkbox in Terminal Services
clients will be disabled and users will no longer be able to save passwords.
When a user opens an RDP file using the Terminal Services client and saves
his settings, any password that previously existed in the RDP file will be
deleted. If you disable this setting
or leave it not configured, the user will be able to save passwords using the
Terminal Services client. |
HKCU\SOFTWARE\Policies\Microsoft\Windows
NT\Terminal Services!DisablePasswordSaving |
|
| Windows XP SP2 |
System |
USER |
Administrative Templates\Windows Components\Windows Update |
Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box |
At least Microsoft Windows XP Professional with SP2 |
This policy setting allows you to manage whether the 'Install Updates and Shut Down' option is displayed in
the Shut Down Windows dialog box. If
you enable this policy setting, 'Install Updates and Shut Down' will not
appear as a choice in the Shut Down Windows dialog box, even if updates are
available for installation when the user selects the Shut Down option in the
Start menu. If you disable or do not
configure this policy setting, the 'Install Updates and Shut Down' option
will be available in the Shut Down Windows dialog box if updates are
available when the user selects the Shut Down option in the Start menu. |
HKCU\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!NoAUShutdownOption |
|
| Windows XP SP2 |
System |
USER |
Administrative Templates\Windows Components\Windows Update |
Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box |
At least Microsoft Windows XP Professional with SP2 |
This policy setting allows you to manage whether the 'Install Updates and Shut Down' option is allowed to be
the default choice in the Shut Down Windows dialog. If you enable this policy setting, the
user's last shut down choice (Hibernate, Restart, etc.) is the default option
in the Shut Down Windows dialog box, regardless of whether the 'Install
Updates and Shut Down' option is available in the 'What do you want the
computer to do?' list. If you disable
or do not configure this policy setting, the 'Install Updates and Shut Down'
option will be the default option in the Shut Down Windows dialog box if
updates are available for installation at the time the user selects the Shut
Down option in the Start menu. Note
that this policy setting has no impact if the User
Configuration\Administrative Templates\Windows Components\Windows Update\Do
not display 'Install Updates and Shut Down' option in Shut Down Windows
dialog box policy setting is enabled. |
HKCU\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!NoAUAsDefaultShutdownOption |
|
| Windows XP SP2 |
System |
USER |
Administrative Templates\Windows Components\Windows Movie
Maker |
Do not allow Windows Movie Maker to run |
At least Microsoft Windows XP Professional with SP2 |
Specifies whether Windows Movie Maker
can run. Windows Movie Maker is a
feature of the Windows XP operating system that can be used to capture, edit,
and then save video as a movie to share with others. If you enable this setting, Windows Movie
Maker will not run. If you disable or
do not configure this setting, Windows Movie Maker can be run. |
HKCU\Software\Policies\Microsoft\WindowsMovieMaker!MovieMaker |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone |
Run .NET Framework-reliant components
signed with Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode
can be executed from Internet Explorer. These components include managed
controls referenced from an object tag and managed executables referenced
from a link. If you enable this policy
setting, Internet Explorer will execute signed managed components. If you
select Prompt in the drop-down box, Internet Explorer will prompt the user to
determine whether to execute signed managed components. If you disable this policy setting,
Internet Explorer will not execute signed managed components. If you do not configure this policy
setting, Internet Explorer will execute signed managed components. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2001 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone |
Run .NET Framework-reliant components
not signed with Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether .NET Framework components that are not signed with
Authenticode can be executed from Internet Explorer. These components include
managed controls referenced from an object tag and managed executables
referenced from a link. If you enable
this policy setting, Internet Explorer will execute unsigned managed
components. If you select Prompt in the drop-down box, Internet Explorer will
prompt the user to determine whether to execute unsigned managed
components. If you disable this policy
setting, Internet Explorer will not execute unsigned managed components. If you do not configure this policy
setting, Internet Explorer will execute unsigned managed components. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2004 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone |
Download signed ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users may download signed ActiveX controls from a page in
the zone. If you enable this policy,
users can download signed controls without user intervention. If you select
Prompt in the drop-down box, users are queried whether to download controls
signed by publishers who aren't trusted. Code signed by trusted publishers is
silently downloaded. If you disable
the policy setting, signed controls cannot be downloaded. If you do not configure this policy
setting, users are queried whether to download controls signed by publishers
who aren't trusted. Code signed by
trusted publishers is silently downloaded. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1001 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone |
Download unsigned ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone.
Such code is potentially harmful, especially when coming from an untrusted
zone. If you enable this policy
setting, users can run unsigned controls without user intervention. If you
select Prompt in the drop-down box, users are queried to choose whether to
allow the unsigned control to run. If
you disable this policy setting, users cannot run unsigned controls. If you do not configure this policy
setting, users cannot run unsigned controls. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1004 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone |
Initialize and script ActiveX controls not marked as safe |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy
setting, ActiveX controls are run, loaded with parameters, and scripted
without setting object safety for untrusted data or scripts. This setting is
not recommended, except for secure and administered zones. This setting
causes both unsafe and safe controls to be initialized and scripted, ignoring
the Script ActiveX controls marked safe for scripting option. If you enable this policy setting and select
Prompt in the drop-down box, users are queried whether to allow the control
to be loaded with parameters or scripted.
If you disable this policy setting, ActiveX controls that cannot be
made safe are not loaded with parameters or scripted. If you do not configure this policy
setting, ActiveX controls that cannot be made safe are not loaded with
parameters or scripted. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1201 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone |
Run ActiveX controls and plugins |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the
specified zone. If you enable this
policy setting, controls and plug-ins can run without user intervention. If you selected Prompt in the drop-down
box, users are asked to choose whether to allow the controls or plug-in to
run. If you disable this policy
setting, controls and plug-ins are prevented from running. If you do not configure this policy
setting, controls and plug-ins can run without user intervention. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1200 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone |
Script ActiveX controls marked safe for scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact
with a script. If you enable this
policy setting, script interaction can occur automatically without user
intervention. If you select Prompt in
the drop-down box, users are queried to choose whether to allow script
interaction. If you disable this
policy setting, script interaction is prevented from occurring. If you do not configure this policy
setting, script interaction can occur automatically without user
intervention. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1405 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone |
Allow file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether file downloads are permitted from the zone. This option is
determined by the zone of the page with the link causing the download, not
the zone from which the file is delivered.
If you enable this policy setting, files can be downloaded from the
zone. If you disable this policy
setting, files are prevented from being downloaded from the zone. If you do not configure this policy
setting, files can be downloaded from the zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1803 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone |
Allow font downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy setting, HTML
fonts can be downloaded automatically. If you enable this policy setting and
Prompt is selected in the drop-down box, users are queried whether to allow
HTML fonts to download. If you disable
this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting,
HTML fonts can be downloaded automatically. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1604 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone |
Java permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage permissions for Java applets.
If you enable this policy setting, you can choose options from the
drop-down box. Custom, to control permissions settings individually. Low Safety enables applets to perform all
operations. Medium Safety enables
applets to run in their sandbox (an area in memory outside of which the
program cannot make calls), plus capabilities like scratch space (a safe and
secure storage area on the client computer) and user-controlled file
I/O. High Safety enables applets to
run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java
applets cannot run. If you do not
configure this policy setting, the permission is set to High Safety. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1C00 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone |
Access data sources across domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether Internet Explorer can access data from another security
zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects
(ADO). If you enable this policy
setting, users can load a page in the zone that uses MSXML or ADO to access
data from another site in the zone. If you select Prompt in the drop-down
box, users are queried to choose whether to allow a page to be loaded in the
zone that uses MSXML or ADO to access data from another site in the zone. If you disable this policy setting, users
cannot load a page in the zone that uses MSXML or ADO to access data from
another site in the zone. If you do
not configure this policy setting, users cannot load a page in the zone that
uses MSXML or ADO to access data from another site in the zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1406 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone |
Allow active content over restricted protocols to access my computer |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the
Internet zone can run active content such as script, ActiveX, Java and Binary
Behaviors. The list of restricted protocols may be set in the Internet Zone
Restricted Protocols section under Network Protocol Lockdown policy. If you enable this policy setting, no
Internet Zone content accessed is affected, even for protocols on the
restricted list. If you select Prompt from the drop-down box, the Information
Bar will appear to allow control over questionable content accessed over any
restricted protocols; content over other protocols is unaffected. If you disable this policy setting, all
attempts to access such content over the restricted protocols is
blocked. If you do not configure this
policy setting, no content is restricted. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2300 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone |
Automatic prompting for file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting determines whether users will be prompted for non user-initiated file downloads.
Regardless of this setting, users will receive file download dialogs for
user-initiated downloads. If you
enable this setting, users will receive a file download dialog for automatic
download attempts. If you disable or
do not configure this setting, file downloads that are not user-initiated
will be blocked, and users will see the Information Bar instead of the file
download dialog. Users can then click the Information Bar to allow the file
download prompt. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2200 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone |
Automatic prompting for ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting manages whether users
will be automatically prompted for ActiveX control installations. If you enable this policy setting, users
will receive a prompt when a site instantiates an ActiveX control they do not
have installed. If you disable this
policy setting, ActiveX control installations will be blocked using the
Information Bar. Users can click on the Information Bar to allow the ActiveX
control prompt. If you do not
configure this policy setting, the user’s preference will be used to
determine whether to block ActiveX control installations using the
Information Bar. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2201 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone |
Allow META REFRESH |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether a user's browser can be redirected to another Web page if
the author of the Web page uses the Meta Refresh setting (tag) to redirect
browsers to another Web page. If you
enable this policy setting, a user's browser that loads a page containing an
active Meta Refresh setting, can be redirected to another Web page. If you disable this policy setting, a
user's browser that loads a page containing an active Meta Refresh setting,
cannot be redirected to another Web page.
If you do not configure this policy setting, a user's browser that
loads a page containing an active Meta Refresh setting, can be redirected to
another Web page. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1608 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone |
Allow script-initiated windows without size or position constraints |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that
include the title and status bars. If
you enable this policy setting, Windows Restrictions security will not apply
in this zone. The security zone runs without the added layer of security
provided by this feature. If you
disable this policy setting, the possible harmful actions contained in
script-initiated pop-up windows and windows that include the title and status
bars cannot be run. This Internet Explorer security feature will be on in
this zone as dictated by the Scripted Windows Security Restrictions feature
control setting for the process. If
you do not configure this policy setting, the possible harmful actions
contained in script-initiated pop-up windows and windows that include the
title and status bars cannot be run. This Internet Explorer security feature
will be on in this zone as dictated by the Scripted Windows Security
Restrictions feature control setting for the process. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2102 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone |
Allow binary and script behaviors |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate
specific functionality for HTML elements to which they were attached. If you enable this policy setting, binary
and script behaviors are available. If you select Administrator approved in
the drop-down box, only behaviors listed in the Admin-approved Behaviors
under Binary Behaviors Security Restriction policy are available. If you disable this policy setting, binary
and script behaviors are not available unless applications have implemented a
custom security manager. If you do not
configure this policy setting, binary and script behaviors are available. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2000 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone |
Display mixed content |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users can display nonsecure items and manage whether users
receive a security information message to display pages containing both
secure and nonsecure items. If you
enable this policy setting, and the drop-down box is set to Enable, the user
does not receive a security information message (This page contains both
secure and nonsecure items. Do you want to display the nonsecure items?) and
nonsecure content can be displayed. If
the drop-down box is set to Prompt, the user will receive the security
information message on the Web pages that contain both secure (https://) and
nonsecure (http://) content. If you
disable this policy setting, users cannot receive the security information
message and nonsecure content cannot be displayed. If you do not configure this policy
setting, the user will receive the security information message on the Web
pages that contain both secure (https://) and nonsecure (http://) content. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1609 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone |
Do not prompt for client certificate selection when no certificates or only one certificate
exists. |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users are prompted to select a certificate when no
certificate or only one certificate exists.
If you enable this policy setting, Internet Explorer does not prompt
users with a Client Authentication message when they connect to a Web site
that has no certificate or only one certificate. If you disable this policy setting,
Internet Explorer prompts users with a Client Authentication message when
they connect to a Web site that has no certificate or only one
certificate. If you do not configure
this policy setting, Internet Explorer does not prompt users with a Client
Authentication message when they connect to a Web site that has no
certificate or only one certificate. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1A04 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone |
Allow drag and drop or copy and paste files |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users can drag files or copy and paste files from a source
within the zone. If you enable this
policy setting, users can drag files or copy and paste files from this zone
automatically. If you select Prompt in the drop-down box, users are queried
to choose whether to drag or copy files from this zone. If you disable this policy setting, users
are prevented from dragging files or copying and pasting files from this zone. If you do not configure this policy
setting, users can drag files or copy and paste files from this zone
automatically. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1802 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone |
Allow installation of desktop items |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users can install Active Desktop items from this zone. The
settings for this option are: If you enable this policy setting, users can
install desktop items from this zone automatically. If you select Prompt in the drop-down box,
users are queried to choose whether to install desktop items from this
zone. If you disable this policy
setting, users are prevented from installing desktop items from this zone. If you do not configure this policy
setting, users are queried to choose whether to install desktop items from
this zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1800 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone |
Launching applications and files in an IFRAME |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether applications may be run and files may be downloaded from an
IFRAME reference in the HTML of the pages in this zone. If you enable this policy setting, users
can run applications and download files from IFRAMEs on the pages in this
zone without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to run applications and download files
from IFRAMEs on the pages in this zone.
If you disable this policy setting, users are prevented from running
applications and downloading files from IFRAMEs on the pages in this
zone. If you do not configure this
policy setting, users are queried to choose whether to run applications and
download files from IFRAMEs on the pages in this zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1804 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone |
Navigate sub-frames across different domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage the opening of sub-frames and access of applications across
different domains. If you enable this
policy setting, users can open sub-frames from other domains and access
applications from other domains. If you select Prompt in the drop-down box,
users are queried whether to allow sub-frames or access to applications from
other domains. If you disable this
policy setting, users cannot open sub-frames or access applications from
different domains. If you do not
configure this policy setting, users can open sub-frames from other domains
and access applications from other domains. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1607 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone |
Open files based on content, not file extension |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on
a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the
file type based on a bit signature. If
you enable this policy setting, the MIME Sniffing Safety Feature will not
apply in this zone. The security zone will run without the added layer of
security provided by this feature. If
you disable this policy setting, the actions that may be harmful cannot run;
this Internet Explorer security feature will be turned on in this zone, as
dictated by the feature control setting for the process. If you do not configure this policy
setting, the actions that may be harmful cannot run; this Internet Explorer
security feature will be turned on in this zone, as dictated by the MIME
Sniffing Safety Feature control for the process. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2100 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone |
Software channel permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage software channel permissions.
If you enable this policy setting, you can choose the following
options from the drop-down box. Low
safety to allow users to be notified of software updates by e-mail, software
packages to be automatically downloaded to users' computers, and software
packages to be automatically installed on users' computers. Medium safety to allow users to be notified
of software updates by e-mail and software packages to be automatically
downloaded to (but not installed on) users' computers. High safety to prevent users from being
notified of software updates by e-mail, software packages from being
automatically downloaded to users' computers, and software packages from
being automatically installed on users' computers. If you disable this policy setting,
permissions are set to high safety. If
you do not configure this policy setting, permissions are set to Medium
safety. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1E05 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone |
Submit non-encrypted form data |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted.
Forms sent with SSL (Secure Sockets Layer) encryption are always allowed;
this setting only affects non-SSL form data submission. If you enable this policy setting,
information using HTML forms on pages in this zone can be submitted
automatically. If you select Prompt in the drop-down box, users are queried
to choose whether to allow information using HTML forms on pages in this zone
to be submitted. If you disable this
policy setting, information using HTML forms on pages in this zone is
prevented from being submitted. If you
do not configure this policy setting, users are queried to choose whether to
allow information using HTML forms on pages in this zone to be submitted. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1601 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone |
Use Pop-up Blocker |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are
opened when the end user clicks a link are not blocked. If you enable this policy setting, most
unwanted pop-up windows are prevented from appearing. If you disable this policy setting, pop-up
windows are not prevented from appearing.
If you do not configure this policy setting, most unwanted pop-up
windows are prevented from appearing. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1809 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone |
Userdata persistence |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage the preservation of information in the browser's history, in
favorites, in an XML store, or directly within a Web page saved to disk. When
a user returns to a persisted page, the state of the page can be restored if
this policy setting is appropriately configured. If you enable this policy setting, users
can preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you disable this policy setting, users
cannot preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you do not configure this policy
setting, users can preserve information in the browser's history, in
favorites, in an XML store, or directly within a Web page saved to disk. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1606 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone |
Web sites in less privileged Web content zones can navigate into this zone |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether Web sites from less privileged zones, such as Restricted
Sites, can navigate into this zone. If
you enable this policy setting, Web sites from less privileged zones can open
new windows in, or navigate into, this zone.
The security zone will run without the added layer of security that is
provided by the Protection from Zone Elevation security feature. If you
select Prompt in the drop-down box, a warning is issued to the user that
potentially risky navigation is about to occur. If you disable this policy setting, the
possibly harmful navigations are prevented. The Internet Explorer security
feature will be on in this zone as set by Protection from Zone Elevation
feature control. If you do not
configure this policy setting, Web sites from less privileged zones can open
new windows in, or navigate into, this zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2101 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone |
Allow active scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether script code on pages in the zone is run. If you enable this policy setting, script
code on pages in the zone can run automatically. If you select Prompt in the
drop-down box, users are queried to choose whether to allow script code on
pages in the zone to run. If you
disable this policy setting, script code on pages in the zone is prevented
from running. If you do not configure
this policy setting, script code on pages in the zone can run automatically. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1400 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone |
Allow paste operations via script |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether scripts can perform a clipboard operation (for example,
cut, copy, and paste) in a specified region.
If you enable this policy setting, a script can perform a clipboard
operation. If you disable this policy
setting, a script cannot perform a clipboard operation. If you do not configure this policy
setting, a script can perform a clipboard operation. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1407 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone |
Scripting of Java applets |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether applets are exposed to scripts within the zone. If you enable this policy setting, scripts
can access applets automatically without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to allow scripts to access applets. If you disable this policy setting, scripts
are prevented from accessing applets.
If you do not configure this policy setting, scripts can access
applets automatically without user intervention. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1402 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone |
Logon options |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage settings for logon options.
If you enable this policy setting, you can choose from the following
logon options. Anonymous logon to
disable HTTP authentication and use the guest account only for the Common
Internet File System (CIFS) protocol.
Prompt for user name and password to query users for user IDs and
passwords. After a user is queried, these values can be used silently for the
remainder of the session. Automatic
logon only in Intranet zone to query users for user IDs and passwords in
other zones. After a user is queried, these values can be used silently for
the remainder of the session.
Automatic logon with current user name and password to attempt logon
using Windows NT Challenge Response (also known as NTLM authentication). If
Windows NT Challenge Response is supported by the server, the logon uses the
user's network user name and password for logon. If Windows NT Challenge
Response is not supported by the server, the user is queried to provide the
user name and password. If you disable
this policy setting, logon is set to Automatic logon only in Intranet
zone. If you do not configure this
policy setting, logon is set to Automatic logon only in Intranet zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1A00 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone |
Run .NET Framework-reliant components
signed with Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode
can be executed from Internet Explorer. These components include managed
controls referenced from an object tag and managed executables referenced
from a link. If you enable this policy
setting, Internet Explorer will execute signed managed components. If you
select Prompt in the drop-down box, Internet Explorer will prompt the user to
determine whether to execute signed managed components. If you disable this policy setting,
Internet Explorer will not execute signed managed components. If you do not configure this policy
setting, Internet Explorer will execute signed managed components. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2001 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone |
Run .NET Framework-reliant components
not signed with Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether .NET Framework components that are not signed with
Authenticode can be executed from Internet Explorer. These components include
managed controls referenced from an object tag and managed executables
referenced from a link. If you enable
this policy setting, Internet Explorer will execute unsigned managed
components. If you select Prompt in the drop-down box, Internet Explorer will
prompt the user to determine whether to execute unsigned managed
components. If you disable this policy
setting, Internet Explorer will not execute unsigned managed components. If you do not configure this policy
setting, Internet Explorer will execute unsigned managed components. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2004 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone |
Download signed ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users may download signed ActiveX controls from a page in
the zone. If you enable this policy,
users can download signed controls without user intervention. If you select
Prompt in the drop-down box, users are queried whether to download controls
signed by publishers who aren't trusted. Code signed by trusted publishers is
silently downloaded. If you disable
the policy setting, signed controls cannot be downloaded. If you do not configure this policy
setting, users are queried whether to download controls signed by publishers
who aren't trusted. Code signed by
trusted publishers is silently downloaded. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1001 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone |
Download unsigned ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone.
Such code is potentially harmful, especially when coming from an untrusted
zone. If you enable this policy
setting, users can run unsigned controls without user intervention. If you
select Prompt in the drop-down box, users are queried to choose whether to
allow the unsigned control to run. If
you disable this policy setting, users cannot run unsigned controls. If you do not configure this policy
setting, users cannot run unsigned controls. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1004 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone |
Initialize and script ActiveX controls not marked as safe |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy
setting, ActiveX controls are run, loaded with parameters, and scripted
without setting object safety for untrusted data or scripts. This setting is
not recommended, except for secure and administered zones. This setting
causes both unsafe and safe controls to be initialized and scripted, ignoring
the Script ActiveX controls marked safe for scripting option. If you enable this policy setting and select
Prompt in the drop-down box, users are queried whether to allow the control
to be loaded with parameters or scripted.
If you disable this policy setting, ActiveX controls that cannot be
made safe are not loaded with parameters or scripted. If you do not configure this policy
setting, ActiveX controls that cannot be made safe are not loaded with
parameters or scripted. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1201 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone |
Run ActiveX controls and plugins |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the
specified zone. If you enable this
policy setting, controls and plug-ins can run without user intervention. If you selected Prompt in the drop-down
box, users are asked to choose whether to allow the controls or plug-in to
run. If you disable this policy
setting, controls and plug-ins are prevented from running. If you do not configure this policy
setting, controls and plug-ins can run without user intervention. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1200 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone |
Script ActiveX controls marked safe for scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact
with a script. If you enable this
policy setting, script interaction can occur automatically without user
intervention. If you select Prompt in
the drop-down box, users are queried to choose whether to allow script
interaction. If you disable this
policy setting, script interaction is prevented from occurring. If you do not configure this policy
setting, script interaction can occur automatically without user
intervention. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1405 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone |
Allow file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether file downloads are permitted from the zone. This option is
determined by the zone of the page with the link causing the download, not
the zone from which the file is delivered.
If you enable this policy setting, files can be downloaded from the
zone. If you disable this policy
setting, files are prevented from being downloaded from the zone. If you do not configure this policy
setting, files can be downloaded from the zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1803 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone |
Allow font downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy setting, HTML
fonts can be downloaded automatically. If you enable this policy setting and
Prompt is selected in the drop-down box, users are queried whether to allow
HTML fonts to download. If you disable
this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting,
HTML fonts can be downloaded automatically. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1604 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone |
Java permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage permissions for Java applets.
If you enable this policy setting, you can choose options from the
drop-down box. Custom, to control permissions settings individually. Low Safety enables applets to perform all
operations. Medium Safety enables
applets to run in their sandbox (an area in memory outside of which the
program cannot make calls), plus capabilities like scratch space (a safe and
secure storage area on the client computer) and user-controlled file
I/O. High Safety enables applets to
run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java
applets cannot run. If you do not
configure this policy setting, the permission is set to Medium Safety. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1C00 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone |
Access data sources across domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether Internet Explorer can access data from another security
zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects
(ADO). If you enable this policy
setting, users can load a page in the zone that uses MSXML or ADO to access
data from another site in the zone. If you select Prompt in the drop-down
box, users are queried to choose whether to allow a page to be loaded in the
zone that uses MSXML or ADO to access data from another site in the zone. If you disable this policy setting, users
cannot load a page in the zone that uses MSXML or ADO to access data from
another site in the zone. If you do
not configure this policy setting, users are queried to choose whether to
allow a page to be loaded in the zone that uses MSXML or ADO to access data
from another site in the zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1406 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone |
Allow active content over restricted protocols to access my computer |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the
Intranet Zone can run active content such as script, ActiveX, Java and Binary
Behaviors. The list of restricted protocols may be set in the Intranet Zone
Restricted Protocols section under Network Protocol Lockdown policy. If you enable this policy setting, no
Intranet Zone content accessed is affected, even for protocols on the
restricted list. If you select Prompt from the drop-down box, the Information
Bar will appear to allow control over questionable content accessed over any
restricted protocols; content over other protocols is unaffected. If you disable this policy setting, all
attempts to access such content over the restricted protocols is
blocked. If you do not configure this
policy setting, no content is restricted. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2300 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone |
Automatic prompting for file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting determines whether users will be prompted for non user-initiated file downloads.
Regardless of this setting, users will receive file download dialogs for
user-initiated downloads. If you
enable this setting, users will receive a file download dialog for automatic
download attempts. If you disable or
do not configure this setting, file downloads that are not user-initiated
will be blocked, and users will see the Information Bar instead of the file
download dialog. Users can then click the Information Bar to allow the file
download prompt. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2200 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone |
Automatic prompting for ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting manages whether users
will be automatically prompted for ActiveX control installations. If you enable this policy setting, users
will receive a prompt when a site instantiates an ActiveX control they do not
have installed. If you disable this
policy setting, ActiveX control installations will be blocked using the
Information Bar. Users can click on the Information Bar to allow the ActiveX
control prompt. If you do not
configure this policy setting, the user’s preference will be used to
determine whether to block ActiveX control installations using the
Information Bar. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2201 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone |
Allow META REFRESH |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether a user's browser can be redirected to another Web page if
the author of the Web page uses the Meta Refresh setting (tag) to redirect
browsers to another Web page. If you
enable this policy setting, a user's browser that loads a page containing an
active Meta Refresh setting, can be redirected to another Web page. If you disable this policy setting, a
user's browser that loads a page containing an active Meta Refresh setting,
cannot be redirected to another Web page.
If you do not configure this policy setting, a user's browser that
loads a page containing an active Meta Refresh setting, can be redirected to
another Web page. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1608 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone |
Allow script-initiated windows without size or position constraints |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that
include the title and status bars. If
you enable this policy setting, Windows Restrictions security will not apply
in this zone. The security zone runs without the added layer of security
provided by this feature. If you
disable this policy setting, the possible harmful actions contained in
script-initiated pop-up windows and windows that include the title and status
bars cannot be run. This Internet Explorer security feature will be on in
this zone as dictated by the Scripted Windows Security Restrictions feature
control setting for the process. If
you do not configure this policy setting, Windows Restrictions security will
not apply in this zone. The security zone runs without the added layer of
security provided by this feature. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2102 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone |
Allow binary and script behaviors |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate
specific functionality for HTML elements to which they were attached. If you enable this policy setting, binary
and script behaviors are available. If you select Administrator approved in
the drop-down box, only behaviors listed in the Admin-approved Behaviors
under Binary Behaviors Security Restriction policy are available. If you disable this policy setting, binary
and script behaviors are not available unless applications have implemented a
custom security manager. If you do not
configure this policy setting, binary and script behaviors are available. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2000 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone |
Display mixed content |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users can display nonsecure items and manage whether users
receive a security information message to display pages containing both
secure and nonsecure items. If you
enable this policy setting, and the drop-down box is set to Enable, the user
does not receive a security information message (This page contains both
secure and nonsecure items. Do you want to display the nonsecure items?) and
nonsecure content can be displayed. If
the drop-down box is set to Prompt, the user will receive the security
information message on the Web pages that contain both secure (https://) and
nonsecure (http://) content. If you
disable this policy setting, users cannot receive the security information
message and nonsecure content cannot be displayed. If you do not configure this policy
setting, the user will receive the security information message on the Web
pages that contain both secure (https://) and nonsecure (http://) content. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1609 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone |
Do not prompt for client certificate selection when no certificates or only one certificate
exists. |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users are prompted to select a certificate when no
certificate or only one certificate exists.
If you enable this policy setting, Internet Explorer does not prompt
users with a Client Authentication message when they connect to a Web site
that has no certificate or only one certificate. If you disable this policy setting,
Internet Explorer prompts users with a Client Authentication message when
they connect to a Web site that has no certificate or only one
certificate. If you do not configure
this policy setting, Internet Explorer prompts users with a Client
Authentication message when they connect to a Web site that has no certificate
or only one certificate. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1A04 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone |
Allow drag and drop or copy and paste files |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users can drag files or copy and paste files from a source
within the zone. If you enable this
policy setting, users can drag files or copy and paste files from this zone
automatically. If you select Prompt in the drop-down box, users are queried
to choose whether to drag or copy files from this zone. If you disable this policy setting, users
are prevented from dragging files or copying and pasting files from this zone. If you do not configure this policy
setting, users can drag files or copy and paste files from this zone
automatically. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1802 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone |
Allow installation of desktop items |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users can install Active Desktop items from this zone. The
settings for this option are: If you enable this policy setting, users can
install desktop items from this zone automatically. If you select Prompt in the drop-down box,
users are queried to choose whether to install desktop items from this
zone. If you disable this policy
setting, users are prevented from installing desktop items from this zone. If you do not configure this policy
setting, users are queried to choose whether to install desktop items from
this zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1800 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone |
Launching applications and files in an IFRAME |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether applications may be run and files may be downloaded from an
IFRAME reference in the HTML of the pages in this zone. If you enable this policy setting, users
can run applications and download files from IFRAMEs on the pages in this
zone without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to run applications and download files
from IFRAMEs on the pages in this zone.
If you disable this policy setting, users are prevented from running
applications and downloading files from IFRAMEs on the pages in this
zone. If you do not configure this
policy setting, users are queried to choose whether to run applications and
download files from IFRAMEs on the pages in this zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1804 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone |
Navigate sub-frames across different domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage the opening of sub-frames and access of applications across
different domains. If you enable this
policy setting, users can open additional sub-frames from other domains and
access applications from other domains. If you select Prompt in the drop-down
box, users are queried whether to allow additional sub-frames or access to
applications from other domains. If
you disable this policy setting, users cannot open other sub-frames or access
applications from different domains.
If you do not configure this policy setting, users can open additional
sub-frames from other domains and access applications from other domains. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1607 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone |
Open files based on content, not file extension |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on
a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the
file type based on a bit signature. If
you enable this policy setting, the MIME Sniffing Safety Feature will not
apply in this zone. The security zone will run without the added layer of
security provided by this feature. If
you disable this policy setting, the actions that may be harmful cannot run;
this Internet Explorer security feature will be turned on in this zone, as
dictated by the feature control setting for the process. If you do not configure this policy
setting, the actions that may be harmful cannot run; this Internet Explorer
security feature will be turned on in this zone, as dictated by the MIME
Sniffing Safety Feature control for the process. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2100 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone |
Software channel permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage software channel permissions.
If you enable this policy setting, you can choose the following
options from the drop-down box. Low
safety to allow users to be notified of software updates by e-mail, software
packages to be automatically downloaded to users' computers, and software
packages to be automatically installed on users' computers. Medium safety to allow users to be notified
of software updates by e-mail and software packages to be automatically
downloaded to (but not installed on) users' computers. High safety to prevent users from being
notified of software updates by e-mail, software packages from being
automatically downloaded to users' computers, and software packages from
being automatically installed on users' computers. If you disable this policy setting,
permissions are set to high safety. If
you do not configure this policy setting, permissions are set to Medium
safety. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1E05 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone |
Submit non-encrypted form data |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted.
Forms sent with SSL (Secure Sockets Layer) encryption are always allowed;
this setting only affects non-SSL form data submission. If you enable this policy setting,
information using HTML forms on pages in this zone can be submitted
automatically. If you select Prompt in the drop-down box, users are queried
to choose whether to allow information using HTML forms on pages in this zone
to be submitted. If you disable this
policy setting, information using HTML forms on pages in this zone is
prevented from being submitted. If you
do not configure this policy setting, information using HTML forms on pages
in this zone can be submitted automatically. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1601 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone |
Use Pop-up Blocker |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are
opened when the end user clicks a link are not blocked. If you enable this policy setting, most
unwanted pop-up windows are prevented from appearing. If you disable this policy setting, pop-up
windows are not prevented from appearing.
If you do not configure this policy setting, pop-up windows are not
prevented from appearing. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1809 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone |
Userdata persistence |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage the preservation of information in the browser's history, in
favorites, in an XML store, or directly within a Web page saved to disk. When
a user returns to a persisted page, the state of the page can be restored if
this policy setting is appropriately configured. If you enable this policy setting, users
can preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you disable this policy setting, users
cannot preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you do not configure this policy
setting, users can preserve information in the browser's history, in
favorites, in an XML store, or directly within a Web page saved to disk. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1606 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone |
Web sites in less privileged Web content zones can navigate into this zone |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet
sites, can navigate into this zone. If
you enable this policy setting, Web sites from less privileged zones can open
new windows in, or navigate into, this zone. The security zone will run
without the added layer of security that is provided by the Protection from
Zone Elevation security feature. If you select Prompt in the drop-down box, a
warning is issued to the user that potentially risky navigation is about to
occur. If you disable this policy
setting, the possibly harmful navigations are prevented. The Internet
Explorer security feature will be on in this zone as set by Protection from
Zone Elevation feature control. If you
do not configure this policy setting, Web sites from less privileged zones
can open new windows in, or navigate into, this zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2101 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone |
Allow active scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether script code on pages in the zone is run. If you enable this policy setting, script
code on pages in the zone can run automatically. If you select Prompt in the
drop-down box, users are queried to choose whether to allow script code on
pages in the zone to run. If you
disable this policy setting, script code on pages in the zone is prevented
from running. If you do not configure
this policy setting, script code on pages in the zone can run automatically. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1400 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone |
Allow paste operations via script |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether scripts can perform a clipboard operation (for example,
cut, copy, and paste) in a specified region.
If you enable this policy setting, a script can perform a clipboard
operation. If you disable this policy
setting, a script cannot perform a clipboard operation. If you do not configure this policy
setting, a script can perform a clipboard operation. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1407 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone |
Scripting of Java applets |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether applets are exposed to scripts within the zone. If you enable this policy setting, scripts
can access applets automatically without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to allow scripts to access applets. If you disable this policy setting, scripts
are prevented from accessing applets.
If you do not configure this policy setting, scripts can access
applets automatically without user intervention. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1402 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone |
Logon options |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage settings for logon options.
If you enable this policy setting, you can choose from the following
logon options. Anonymous logon to
disable HTTP authentication and use the guest account only for the Common
Internet File System (CIFS) protocol.
Prompt for user name and password to query users for user IDs and
passwords. After a user is queried, these values can be used silently for the
remainder of the session. Automatic
logon only in Intranet zone to query users for user IDs and passwords in
other zones. After a user is queried, these values can be used silently for
the remainder of the session.
Automatic logon with current user name and password to attempt logon
using Windows NT Challenge Response (also known as NTLM authentication). If
Windows NT Challenge Response is supported by the server, the logon uses the
user's network user name and password for logon. If Windows NT Challenge
Response is not supported by the server, the user is queried to provide the
user name and password. If you disable
this policy setting, logon is set to Automatic logon only in Intranet
zone. If you do not configure this
policy setting, logon is set to Automatic logon only in Intranet zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1A00 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone |
Run .NET Framework-reliant components
signed with Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode
can be executed from Internet Explorer. These components include managed
controls referenced from an object tag and managed executables referenced
from a link. If you enable this policy
setting, Internet Explorer will execute signed managed components. If you
select Prompt in the drop-down box, Internet Explorer will prompt the user to
determine whether to execute signed managed components. If you disable this policy setting,
Internet Explorer will not execute signed managed components. If you do not configure this policy
setting, Internet Explorer will execute signed managed components. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2001 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone |
Run .NET Framework-reliant components
not signed with Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether .NET Framework components that are not signed with
Authenticode can be executed from Internet Explorer. These components include
managed controls referenced from an object tag and managed executables
referenced from a link. If you enable
this policy setting, Internet Explorer will execute unsigned managed
components. If you select Prompt in the drop-down box, Internet Explorer will
prompt the user to determine whether to execute unsigned managed
components. If you disable this policy
setting, Internet Explorer will not execute unsigned managed components. If you do not configure this policy
setting, Internet Explorer will execute unsigned managed components. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2004 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone |
Download signed ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users may download signed ActiveX controls from a page in
the zone. If you enable this policy,
users can download signed controls without user intervention. If you select
Prompt in the drop-down box, users are queried whether to download controls
signed by publishers who aren't trusted. Code signed by trusted publishers is
silently downloaded. If you disable
the policy setting, signed controls cannot be downloaded. If you do not configure this policy
setting, users can download signed controls without user intervention. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1001 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone |
Download unsigned ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone.
Such code is potentially harmful, especially when coming from an untrusted
zone. If you enable this policy
setting, users can run unsigned controls without user intervention. If you
select Prompt in the drop-down box, users are queried to choose whether to
allow the unsigned control to run. If
you disable this policy setting, users are queried to choose whether to allow
the unsigned control to run. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1004 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone |
Initialize and script ActiveX controls not marked as safe |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy
setting, ActiveX controls are run, loaded with parameters, and scripted
without setting object safety for untrusted data or scripts. This setting is
not recommended, except for secure and administered zones. This setting
causes both unsafe and safe controls to be initialized and scripted, ignoring
the Script ActiveX controls marked safe for scripting option. If you enable this policy setting and select
Prompt in the drop-down box, users are queried whether to allow the control
to be loaded with parameters or scripted.
If you disable this policy setting, ActiveX controls that cannot be
made safe are not loaded with parameters or scripted. If you do not configure this policy
setting, users are queried whether to allow the control to be loaded with
parameters or scripted. If you disable
this policy setting, ActiveX controls that cannot be made safe are not loaded
with parameters or scripted. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1201 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone |
Run ActiveX controls and plugins |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the
specified zone. If you enable this
policy setting, controls and plug-ins can run without user intervention. If you selected Prompt in the drop-down
box, users are asked to choose whether to allow the controls or plug-in to
run. If you disable this policy
setting, controls and plug-ins are prevented from running. If you do not configure this policy
setting, controls and plug-ins can run without user intervention. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1200 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone |
Script ActiveX controls marked safe for scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact
with a script. If you enable this
policy setting, script interaction can occur automatically without user
intervention. If you select Prompt in
the drop-down box, users are queried to choose whether to allow script
interaction. If you disable this
policy setting, script interaction is prevented from occurring. If you do not configure this policy
setting, script interaction can occur automatically without user
intervention. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1405 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone |
Allow file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether file downloads are permitted from the zone. This option is
determined by the zone of the page with the link causing the download, not
the zone from which the file is delivered.
If you enable this policy setting, files can be downloaded from the
zone. If you disable this policy
setting, files are prevented from being downloaded from the zone. If you do not configure this policy
setting, files can be downloaded from the zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1803 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone |
Allow font downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy setting, HTML
fonts can be downloaded automatically. If you enable this policy setting and
Prompt is selected in the drop-down box, users are queried whether to allow
HTML fonts to download. If you disable
this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting,
HTML fonts can be downloaded automatically. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1604 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone |
Java permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage permissions for Java applets.
If you enable this policy setting, you can choose options from the
drop-down box. Custom, to control permissions settings individually. Low Safety enables applets to perform all
operations. Medium Safety enables
applets to run in their sandbox (an area in memory outside of which the
program cannot make calls), plus capabilities like scratch space (a safe and
secure storage area on the client computer) and user-controlled file
I/O. High Safety enables applets to
run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java
applets cannot run. If you do not
configure this policy setting, the permission is set to Low Safety. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1C00 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone |
Access data sources across domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether Internet Explorer can access data from another security
zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects
(ADO). If you enable this policy
setting, users can load a page in the zone that uses MSXML or ADO to access
data from another site in the zone. If you select Prompt in the drop-down
box, users are queried to choose whether to allow a page to be loaded in the
zone that uses MSXML or ADO to access data from another site in the zone. If you disable this policy setting, users
cannot load a page in the zone that uses MSXML or ADO to access data from
another site in the zone. If you do
not configure this policy setting, users can load a page in the zone that
uses MSXML or ADO to access data from another site in the zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1406 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone |
Allow active content over restricted protocols to access my computer |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the
Trusted Sites Zone can run active content such as script, ActiveX, Java and
Binary Behaviors. The list of restricted protocols may be set in the Trusted
Sites Zone Restricted Protocols section under Network Protocol Lockdown
policy. If you enable this policy
setting, no Trusted Sites Zone content accessed is affected, even for
protocols on the restricted list. If you select Prompt from the drop-down
box, the Information Bar will appear to allow control over questionable
content accessed over any restricted protocols; content over other protocols
is unaffected. If you disable this
policy setting, all attempts to access such content over the restricted
protocols is blocked. If you do not
configure this policy setting, no content is restricted. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2300 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone |
Automatic prompting for file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting determines whether users will be prompted for non user-initiated file downloads.
Regardless of this setting, users will receive file download dialogs for
user-initiated downloads. If you
enable this setting, users will receive a file download dialog for automatic
download attempts. If you disable or
do not configure this setting, file downloads that are not user-initiated
will be blocked, and users will see the Information Bar instead of the file
download dialog. Users can then click the Information Bar to allow the file
download prompt. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2200 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone |
Automatic prompting for ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting manages whether users
will be automatically prompted for ActiveX control installations. If you enable this policy setting, users
will receive a prompt when a site instantiates an ActiveX control they do not
have installed. If you disable this
policy setting, ActiveX control installations will be blocked using the
Information Bar. Users can click on the Information Bar to allow the ActiveX
control prompt. If you do not
configure this policy setting, the user’s preference will be used to
determine whether to block ActiveX control installations using the
Information Bar. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2201 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone |
Allow META REFRESH |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether a user's browser can be redirected to another Web page if
the author of the Web page uses the Meta Refresh setting (tag) to redirect
browsers to another Web page. If you
enable this policy setting, a user's browser that loads a page containing an
active Meta Refresh setting, can be redirected to another Web page. If you disable this policy setting, a
user's browser that loads a page containing an active Meta Refresh setting,
cannot be redirected to another Web page.
If you do not configure this policy setting, a user's browser that
loads a page containing an active Meta Refresh setting, can be redirected to
another Web page. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1608 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone |
Allow script-initiated windows without size or position constraints |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that
include the title and status bars. If
you enable this policy setting, Windows Restrictions security will not apply
in this zone. The security zone runs without the added layer of security
provided by this feature. If you
disable this policy setting, the possible harmful actions contained in
script-initiated pop-up windows and windows that include the title and status
bars cannot be run. This Internet Explorer security feature will be on in
this zone as dictated by the Scripted Windows Security Restrictions feature
control setting for the process. If
you do not configure this policy setting, Windows Restrictions security will
not apply in this zone. The security zone runs without the added layer of
security provided by this feature. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2102 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone |
Allow binary and script behaviors |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate
specific functionality for HTML elements to which they were attached. If you enable this policy setting, binary
and script behaviors are available. If you select Administrator approved in
the drop-down box, only behaviors listed in the Admin-approved Behaviors
under Binary Behaviors Security Restriction policy are available. If you disable this policy setting, binary
and script behaviors are not available unless applications have implemented a
custom security manager. If you do not
configure this policy setting, binary and script behaviors are available. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2000 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone |
Display mixed content |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users can display nonsecure items and manage whether users
receive a security information message to display pages containing both
secure and nonsecure items. If you
enable this policy setting, and the drop-down box is set to Enable, the user
does not receive a security information message (This page contains both
secure and nonsecure items. Do you want to display the nonsecure items?) and
nonsecure content can be displayed. If
the drop-down box is set to Prompt, the user will receive the security
information message on the Web pages that contain both secure (https://) and
nonsecure (http://) content. If you
disable this policy setting, users cannot receive the security information
message and nonsecure content cannot be displayed. If you do not configure this policy
setting, the user will receive the security information message on the Web
pages that contain both secure (https://) and nonsecure (http://) content. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1609 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone |
Do not prompt for client certificate selection when no certificates or only one certificate
exists. |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users are prompted to select a certificate when no
certificate or only one certificate exists.
If you enable this policy setting, Internet Explorer does not prompt
users with a Client Authentication message when they connect to a Web site
that has no certificate or only one certificate. If you disable this policy setting,
Internet Explorer prompts users with a Client Authentication message when
they connect to a Web site that has no certificate or only one
certificate. If you do not configure
this policy setting, Internet Explorer prompts users with a Client
Authentication message when they connect to a Web site that has no certificate
or only one certificate. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1A04 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone |
Allow drag and drop or copy and paste files |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users can drag files or copy and paste files from a source
within the zone. If you enable this
policy setting, users can drag files or copy and paste files from this zone
automatically. If you select Prompt in the drop-down box, users are queried
to choose whether to drag or copy files from this zone. If you disable this policy setting, users
are prevented from dragging files or copying and pasting files from this zone. If you do not configure this policy
setting, users can drag files or copy and paste files from this zone
automatically. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1802 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone |
Allow installation of desktop items |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users can install Active Desktop items from this zone. The
settings for this option are: If you enable this policy setting, users can
install desktop items from this zone automatically. If you select Prompt in the drop-down box,
users are queried to choose whether to install desktop items from this
zone. If you disable this policy
setting, users are prevented from installing desktop items from this zone. If you do not configure this policy
setting, users can install desktop items from this zone automatically. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1800 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone |
Launching applications and files in an IFRAME |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether applications may be run and files may be downloaded from an
IFRAME reference in the HTML of the pages in this zone. If you enable this policy setting, users
can run applications and download files from IFRAMEs on the pages in this
zone without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to run applications and download files
from IFRAMEs on the pages in this zone.
If you disable this policy setting, users are prevented from running
applications and downloading files from IFRAMEs on the pages in this
zone. If you do not configure this
policy setting, users can run applications and download files from IFRAMEs on
the pages in this zone without user intervention. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1804 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone |
Navigate sub-frames across different domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage the opening of sub-frames and access of applications across
different domains. If you enable this
policy setting, users can open additional sub-frames from other domains and
access applications from other domains. If you select Prompt in the drop-down
box, users are queried whether to allow additional sub-frames or access to
applications from other domains. If
you disable this policy setting, users cannot open other sub-frames or access
applications from different domains.
If you do not configure this policy setting, users can open additional
sub-frames from other domains and access applications from other domains. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1607 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone |
Open files based on content, not file extension |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on
a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the
file type based on a bit signature. If
you enable this policy setting, the MIME Sniffing Safety Feature will not
apply in this zone. The security zone will run without the added layer of
security provided by this feature. If
you disable this policy setting, the actions that may be harmful cannot run;
this Internet Explorer security feature will be turned on in this zone, as
dictated by the feature control setting for the process. If you do not configure this policy
setting, the actions that may be harmful cannot run; this Internet Explorer
security feature will be turned on in this zone, as dictated by the MIME
Sniffing Safety Feature control for the process. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2100 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone |
Software channel permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage software channel permissions.
If you enable this policy setting, you can choose the following
options from the drop-down box. Low
safety to allow users to be notified of software updates by e-mail, software
packages to be automatically downloaded to users' computers, and software
packages to be automatically installed on users' computers. Medium safety to allow users to be notified
of software updates by e-mail and software packages to be automatically
downloaded to (but not installed on) users' computers. High safety to prevent users from being
notified of software updates by e-mail, software packages from being
automatically downloaded to users' computers, and software packages from
being automatically installed on users' computers. If you disable this policy setting,
permissions are set to high safety. If
you do not configure this policy setting, permissions are set to Low safety. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1E05 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone |
Submit non-encrypted form data |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted.
Forms sent with SSL (Secure Sockets Layer) encryption are always allowed;
this setting only affects non-SSL form data submission. If you enable this policy setting,
information using HTML forms on pages in this zone can be submitted
automatically. If you select Prompt in the drop-down box, users are queried
to choose whether to allow information using HTML forms on pages in this zone
to be submitted. If you disable this
policy setting, information using HTML forms on pages in this zone is
prevented from being submitted. If you
do not configure this policy setting, information using HTML forms on pages
in this zone can be submitted automatically. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1601 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone |
Use Pop-up Blocker |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are
opened when the end user clicks a link are not blocked. If you enable this policy setting, most
unwanted pop-up windows are prevented from appearing. If you disable this policy setting, pop-up
windows are not prevented from appearing.
If you do not configure this policy setting, pop-up windows are not
prevented from appearing. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1809 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone |
Userdata persistence |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage the preservation of information in the browser's history, in
favorites, in an XML store, or directly within a Web page saved to disk. When
a user returns to a persisted page, the state of the page can be restored if
this policy setting is appropriately configured. If you enable this policy setting, users
can preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you disable this policy setting, users
cannot preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you do not configure this policy
setting, users can preserve information in the browser's history, in
favorites, in an XML store, or directly within a Web page saved to disk. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1606 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone |
Web sites in less privileged Web content zones can navigate into this zone |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet
sites, can navigate into this zone. If
you enable this policy setting, Web sites from less privileged zones can open
new windows in, or navigate into, this zone. The security zone will run
without the added layer of security that is provided by the Protection from
Zone Elevation security feature. If you select Prompt in the drop-down box, a
warning is issued to the user that potentially risky navigation is about to
occur. If you disable this policy
setting, the possibly harmful navigations are prevented. The Internet
Explorer security feature will be on in this zone as set by Protection from
Zone Elevation feature control. If you
do not configure this policy setting, a warning is issued to the user that
potentially risky behavior is about to occur. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2101 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone |
Allow active scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether script code on pages in the zone is run. If you enable this policy setting, script
code on pages in the zone can run automatically. If you select Prompt in the
drop-down box, users are queried to choose whether to allow script code on
pages in the zone to run. If you
disable this policy setting, script code on pages in the zone is prevented
from running. If you do not configure
this policy setting, script code on pages in the zone can run automatically. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1400 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone |
Allow paste operations via script |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether scripts can perform a clipboard operation (for example,
cut, copy, and paste) in a specified region.
If you enable this policy setting, a script can perform a clipboard
operation. If you disable this policy,
a script cannot perform a clipboard operation. If you do not configure this policy
setting, a script can perform a clipboard operation. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1407 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone |
Scripting of Java applets |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether applets are exposed to scripts within the zone. If you enable this policy setting, scripts
can access applets automatically without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to allow scripts to access applets. If you disable this policy setting, scripts
are prevented from accessing applets.
If you do not configure this policy setting, scripts can access
applets automatically without user intervention. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1402 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone |
Logon options |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage settings for logon options.
If you enable this policy setting, you can choose from the following
logon options. Anonymous logon to
disable HTTP authentication and use the guest account only for the Common
Internet File System (CIFS) protocol.
Prompt for user name and password to query users for user IDs and
passwords. After a user is queried, these values can be used silently for the
remainder of the session. Automatic
logon only in Intranet zone to query users for user IDs and passwords in
other zones. After a user is queried, these values can be used silently for
the remainder of the session.
Automatic logon with current user name and password to attempt logon
using Windows NT Challenge Response (also known as NTLM authentication). If
Windows NT Challenge Response is supported by the server, the logon uses the
user's network user name and password for logon. If Windows NT Challenge
Response is not supported by the server, the user is queried to provide the
user name and password. If you disable
this policy setting, logon is set to Automatic logon only in Intranet
zone. If you do not configure this
policy setting, logon is set to Automatic logon with current username and
password. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1A00 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone |
Run .NET Framework-reliant components
signed with Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode
can be executed from Internet Explorer. These components include managed
controls referenced from an object tag and managed executables referenced
from a link. If you enable this policy
setting, Internet Explorer will execute signed managed components. If you
select Prompt in the drop-down box, Internet Explorer will prompt the user to
determine whether to execute signed managed components. If you disable this policy setting,
Internet Explorer will not execute signed managed components. If you do not configure this policy
setting, Internet Explorer will not execute signed managed components. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2001 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone |
Run .NET Framework-reliant components
not signed with Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether .NET Framework components that are not signed with
Authenticode can be executed from Internet Explorer. These components include
managed controls referenced from an object tag and managed executables
referenced from a link. If you enable
this policy setting, Internet Explorer will execute unsigned managed
components. If you select Prompt in the drop-down box, Internet Explorer will
prompt the user to determine whether to execute unsigned managed
components. If you disable this policy
setting, Internet Explorer will not execute unsigned managed components. If you do not configure this policy
setting, Internet Explorer will not execute unsigned managed components. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2004 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone |
Download signed ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users may download signed ActiveX controls from a page in
the zone. If you enable this policy,
users can download signed controls without user intervention. If you select
Prompt in the drop-down box, users are queried whether to download controls
signed by publishers who aren't trusted. Code signed by trusted publishers is
silently downloaded. If you disable
the policy setting, signed controls cannot be downloaded. If you do not configure this policy
setting, signed controls cannot be downloaded. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1001 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone |
Download unsigned ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone.
Such code is potentially harmful, especially when coming from an untrusted
zone. If you enable this policy
setting, users can run unsigned controls without user intervention. If you
select Prompt in the drop-down box, users are queried to choose whether to
allow the unsigned control to run. If
you disable this policy setting, users cannot run unsigned controls. If you do not configure this policy
setting, users cannot run unsigned controls. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1004 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone |
Initialize and script ActiveX controls not marked as safe |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy
setting, ActiveX controls are run, loaded with parameters, and scripted
without setting object safety for untrusted data or scripts. This setting is
not recommended, except for secure and administered zones. This setting
causes both unsafe and safe controls to be initialized and scripted, ignoring
the Script ActiveX controls marked safe for scripting option. If you enable this policy setting and select
Prompt in the drop-down box, users are queried whether to allow the control
to be loaded with parameters or scripted.
If you disable this policy setting, ActiveX controls that cannot be
made safe are not loaded with parameters or scripted. If you do not configure this policy
setting, ActiveX controls that cannot be made safe are not loaded with
parameters or scripted. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1201 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone |
Run ActiveX controls and plugins |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the
specified zone. If you enable this
policy setting, controls and plug-ins can run without user intervention. If you selected Prompt in the drop-down
box, users are asked to choose whether to allow the controls or plug-in to
run. If you disable this policy
setting, controls and plug-ins are prevented from running. If you do not configure this policy
setting, controls and plug-ins are prevented from running. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1200 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone |
Script ActiveX controls marked safe for scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact
with a script. If you enable this
policy setting, script interaction can occur automatically without user
intervention. If you select Prompt in
the drop-down box, users are queried to choose whether to allow script
interaction. If you disable this
policy setting, script interaction is prevented from occurring. If you do not configure this policy
setting, script interaction is prevented from occurring. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1405 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone |
Allow file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether file downloads are permitted from the zone. This option is
determined by the zone of the page with the link causing the download, not
the zone from which the file is delivered.
If you enable this policy setting, files can be downloaded from the
zone. If you disable this policy
setting, files are prevented from being downloaded from the zone. If you do not configure this policy
setting, files are prevented from being downloaded from the zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1803 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone |
Allow font downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy setting, HTML
fonts can be downloaded automatically. If you enable this policy setting and
Prompt is selected in the drop-down box, users are queried whether to allow
HTML fonts to download. If you disable
this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting,
users are queried whether to allow HTML fonts to download. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1604 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone |
Java permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage permissions for Java applets.
If you enable this policy setting, you can choose options from the
drop-down box. Custom, to control permissions settings individually. Low Safety enables applets to perform all
operations. Medium Safety enables
applets to run in their sandbox (an area in memory outside of which the
program cannot make calls), plus capabilities like scratch space (a safe and
secure storage area on the client computer) and user-controlled file
I/O. High Safety enables applets to
run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java
applets cannot run. If you do not
configure this policy setting, Java permissions are disabled. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1C00 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone |
Access data sources across domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether Internet Explorer can access data from another security
zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects
(ADO). If you enable this policy
setting, users can load a page in the zone that uses MSXML or ADO to access
data from another site in the zone. If you select Prompt in the drop-down
box, users are queried to choose whether to allow a page to be loaded in the
zone that uses MSXML or ADO to access data from another site in the zone. If you disable this policy setting, users
cannot load a page in the zone that uses MSXML or ADO to access data from
another site in the zone. If you do
not configure this policy setting, users cannot load a page in the zone that
uses MSXML or ADO to access data from another site in the zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1406 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone |
Allow active content over restricted protocols to access my computer |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the
Restricted Sites Zone can run active content such as script, ActiveX, Java
and Binary Behaviors. The list of restricted protocols may be set in the
Restricted Sites Zone Restricted Protocols section under Network Protocol
Lockdown policy. If you enable this
policy setting, no Restricted Sites Zone content accessed is affected, even
for protocols on the restricted list. If you select Prompt from the drop-down
box, the Information Bar will appear to allow control over questionable
content accessed over any restricted protocols; content over other protocols
is unaffected. If you disable this
policy setting, all attempts to access such content over the restricted
protocols is blocked. If you do not
configure this policy setting, no content is restricted. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2300 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone |
Automatic prompting for file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting determines whether users will be prompted for non user-initiated file downloads.
Regardless of this setting, users will receive file download dialogs for
user-initiated downloads. If you
enable this setting, users will receive a file download dialog for automatic
download attempts. If you disable or
do not configure this setting, file downloads that are not user-initiated
will be blocked, and users will see the Information Bar instead of the file
download dialog. Users can then click the Information Bar to allow the file
download prompt. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2200 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone |
Automatic prompting for ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting manages whether users
will be automatically prompted for ActiveX control installations. If you enable this policy setting, users
will receive a prompt when a site instantiates an ActiveX control they do not
have installed. If you disable this
policy setting, ActiveX control installations will be blocked using the
Information Bar. Users can click on the Information Bar to allow the ActiveX
control prompt. If you do not
configure this policy setting, the user’s preference will be used to
determine whether to block ActiveX control installations using the
Information Bar. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2201 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone |
Allow META REFRESH |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether a user's browser can be redirected to another Web page if
the author of the Web page uses the Meta Refresh setting (tag) to redirect
browsers to another Web page. If you
enable this policy setting, a user's browser that loads a page containing an
active Meta Refresh setting, can be redirected to another Web page. If you disable this policy setting, a
user's browser that loads a page containing an active Meta Refresh setting,
cannot be redirected to another Web page.
If you do not configure this policy setting, a user's browser that
loads a page containing an active Meta Refresh setting, cannot be redirected
to another Web page. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1608 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone |
Allow script-initiated windows without size or position constraints |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that
include the title and status bars. If
you enable this policy setting, Windows Restrictions security will not apply
in this zone. The security zone runs without the added layer of security
provided by this feature. If you
disable this policy setting, the possible harmful actions contained in
script-initiated pop-up windows and windows that include the title and status
bars cannot be run. This Internet Explorer security feature will be on in
this zone as dictated by the Scripted Windows Security Restrictions feature
control setting for the process. If
you do not configure this policy setting, the possible harmful actions
contained in script-initiated pop-up windows and windows that include the
title and status bars cannot be run. This Internet Explorer security feature
will be on in this zone as dictated by the Scripted Windows Security
Restrictions feature control setting for the process. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2102 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone |
Allow binary and script behaviors |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate
specific functionality for HTML elements to which they were attached. If you enable this policy setting, binary
and script behaviors are available. If you select Administrator approved in
the drop-down box, only behaviors listed in the Admin-approved Behaviors
under Binary Behaviors Security Restriction policy are available. If you disable this policy setting, binary
and script behaviors are not available unless applications have implemented a
custom security manager. If you do not
configure this policy setting, binary and script behaviors are not available
unless applications have implemented a custom security manager. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2000 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone |
Display mixed content |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users can display nonsecure items and manage whether users
receive a security information message to display pages containing both
secure and nonsecure items. If you
enable this policy setting, and the drop-down box is set to Enable, the user
does not receive a security information message (This page contains both
secure and nonsecure items. Do you want to display the nonsecure items?) and
nonsecure content can be displayed. If
the drop-down box is set to Prompt, the user will receive the security
information message on the Web pages that contain both secure (https://) and
nonsecure (http://) content. If you
disable this policy setting, users cannot receive the security information
message and nonsecure content cannot be displayed. If you do not configure this policy
setting, the user will receive the security information message on the Web
pages that contain both secure (https://) and nonsecure (http://) content. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1609 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone |
Do not prompt for client certificate selection when no certificates or only one certificate
exists. |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users are prompted to select a certificate when no
certificate or only one certificate exists.
If you enable this policy setting, Internet Explorer does not prompt
users with a Client Authentication message when they connect to a Web site
that has no certificate or only one certificate. If you disable this policy setting,
Internet Explorer prompts users with a Client Authentication message when
they connect to a Web site that has no certificate or only one
certificate. If you do not configure
this policy setting, Internet Explorer does not prompt users with a Client
Authentication message when they connect to a Web site that has no
certificate or only one certificate. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1A04 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone |
Allow drag and drop or copy and paste files |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users can drag files or copy and paste files from a source
within the zone. If you enable this
policy setting, users can drag files or copy and paste files from this zone
automatically. If you select Prompt in the drop-down box, users are queried
to choose whether to drag or copy files from this zone. If you disable this policy setting, users
are prevented from dragging files or copying and pasting files from this zone. If you do not configure this policy
setting, users are queried to choose whether to drag or copy files from this
zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1802 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone |
Allow installation of desktop items |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users can install Active Desktop items from this zone. The
settings for this option are: If you enable this policy setting, users can
install desktop items from this zone automatically. If you select Prompt in the drop-down box,
users are queried to choose whether to install desktop items from this
zone. If you disable this policy
setting, users are prevented from installing desktop items from this zone. If you do not configure this policy
setting, users cannot install desktop items from this zone automatically. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1800 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone |
Launching applications and files in an IFRAME |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether applications may be run and files may be downloaded from an
IFRAME reference in the HTML of the pages in this zone. If you enable this policy setting, users
can run applications and download files from IFRAMEs on the pages in this
zone without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to run applications and download files
from IFRAMEs on the pages in this zone.
If you disable this policy setting, users are prevented from running
applications and downloading files from IFRAMEs on the pages in this
zone. If you do not configure this
policy setting, users are prevented from running applications and downloading
files from IFRAMEs on the pages in this zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1804 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone |
Navigate sub-frames across different domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage the opening of sub-frames and access of applications across
different domains. If you enable this
policy setting, users can open additional sub-frames from other domains and
access applications from other domains. If you select Prompt in the drop-down
box, users are queried whether to allow additional sub-frames or access to
applications from other domains. If
you disable this policy setting, users cannot open other sub-frames or access
applications from different domains.
If you do not configure this policy setting, users cannot open
additional sub-frames from other domains and access applications from other
domains. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1607 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone |
Open files based on content, not file extension |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on
a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the
file type based on a bit signature. If
you enable this policy setting, the MIME Sniffing Safety Feature will not
apply in this zone. The security zone will run without the added layer of
security provided by this feature. If
you disable this policy setting, the actions that may be harmful cannot run;
this Internet Explorer security feature will be turned on in this zone, as
dictated by the feature control setting for the process. If you do not configure this policy
setting, the actions that may be harmful cannot run; this Internet Explorer
security feature will be turned on in this zone, as dictated by the feature
control setting for the process. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2100 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone |
Software channel permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage software channel permissions.
If you enable this policy setting, you can choose the following
options from the drop-down box. Low
safety to allow users to be notified of software updates by e-mail, software
packages to be automatically downloaded to users' computers, and software
packages to be automatically installed on users' computers. Medium safety to allow users to be notified
of software updates by e-mail and software packages to be automatically
downloaded to (but not installed on) users' computers. High safety to prevent users from being
notified of software updates by e-mail, software packages from being
automatically downloaded to users' computers, and software packages from
being automatically installed on users' computers. If you disable this policy setting,
permissions are set to high safety. If
you do not configure this policy setting, permissions are set High safety. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1E05 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone |
Submit non-encrypted form data |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted.
Forms sent with SSL (Secure Sockets Layer) encryption are always allowed;
this setting only affects non-SSL form data submission. If you enable this policy setting,
information using HTML forms on pages in this zone can be submitted
automatically. If you select Prompt in the drop-down box, users are queried
to choose whether to allow information using HTML forms on pages in this zone
to be submitted. If you disable this
policy setting, information using HTML forms on pages in this zone is
prevented from being submitted. If you
do not configure this policy setting, users are queried to choose whether to
allow information using HTML forms on pages in this zone to be submitted. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1601 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone |
Use Pop-up Blocker |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are
opened when the end user clicks a link are not blocked. If you enable this policy setting, most
unwanted pop-up windows are prevented from appearing. If you disable this policy setting, pop-up
windows are not prevented from appearing.
If you do not configure this policy setting, most unwanted pop-up
windows are prevented from appearing. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1809 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone |
Userdata persistence |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage the preservation of information in the browser's history, in
favorites, in an XML store, or directly within a Web page saved to disk. When
a user returns to a persisted page, the state of the page can be restored if
this policy setting is appropriately configured. If you enable this policy setting, users
can preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you disable this policy setting, users
cannot preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you do not configure this policy
setting, users can preserve information in the browser's history, in
favorites, in an XML store, or directly within a Web page saved to disk. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1606 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone |
Web sites in less privileged Web content zones can navigate into this zone |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether Web sites from less privileged zones, which could only be
custom zones, can navigate into this zone.
If you enable this policy setting, Web sites from less privileged
zones can open new windows in, or navigate into, this zone. The security zone
will run without the added layer of security that is provided by the
Protection from Zone Elevation security feature. If you select Prompt in the
drop-down box, a warning is issued to the user that potentially risky
navigation is about to occur. If you
disable this policy setting, the possibly harmful navigations are prevented.
The Internet Explorer security feature will be on in this zone as set by
Protection from Zone Elevation feature control. If you do not configure this policy
setting, the possibly harmful navigations are prevented. The Internet
Explorer security feature will be on in this zone as set by Protection from
Zone Elevation feature control. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2101 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone |
Allow active scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether script code on pages in the zone is run. If you enable this policy setting, script
code on pages in the zone can run automatically. If you select Prompt in the
drop-down box, users are queried to choose whether to allow script code on
pages in the zone to run. If you
disable this policy setting, script code on pages in the zone is prevented
from running. If you do not configure
this policy setting, script code on pages in the zone is prevented from
running. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1400 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone |
Allow paste operations via script |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether scripts can perform a clipboard operation (for example,
cut, copy, and paste) in a specified region.
If you enable this policy setting, a script can perform a clipboard
operation. If you disable this policy
setting, a script cannot perform a clipboard operation. If you do not configure this policy
setting, a script cannot perform a clipboard operation. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1407 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone |
Scripting of Java applets |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether applets are exposed to scripts within the zone. If you enable this policy setting, scripts
can access applets automatically without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to allow scripts to access applets. If you disable this policy setting, scripts
are prevented from accessing applets.
If you do not configure this policy setting, scripts cannot access
applets automatically without user intervention. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1402 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone |
Logon options |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage settings for logon options.
If you enable this policy setting, you can choose from the following
logon options: Anonymous logon to
disable HTTP authentication and use the guest account only for the Common
Internet File System (CIFS) protocol.
Prompt for user name and password to query users for user IDs and
passwords. After a user is queried, these values can be used silently for the
remainder of the session. Automatic
logon only in Intranet zone to query users for user IDs and passwords in
other zones. After a user is queried, these values can be used silently for
the remainder of the session.
Automatic logon with current user name and password to attempt logon
using Windows NT Challenge Response (also known as NTLM authentication). If
Windows NT Challenge Response is supported by the server, the logon uses the
user's network user name and password for logon. If Windows NT Challenge
Response is not supported by the server, the user is queried to provide the
user name and password. If you disable
this policy setting, logon is set to Automatic logon only in Intranet
zone. If you do not configure this
policy setting, logon is set to Prompt for user name and password. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1A00 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone |
Run .NET Framework-reliant components
signed with Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode
can be executed from Internet Explorer. These components include managed
controls referenced from an object tag and managed executables referenced
from a link. If you enable this policy
setting, Internet Explorer will execute signed managed components. If you
select Prompt in the drop-down box, Internet Explorer will prompt the user to
determine whether to execute signed managed components. If you disable this policy setting,
Internet Explorer will not execute signed managed components. If you do not configure this policy
setting, Internet Explorer will not execute signed managed components. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2001 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone |
Run .NET Framework-reliant components
not signed with Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether .NET Framework components that are not signed with
Authenticode can be executed from Internet Explorer. These components include
managed controls referenced from an object tag and managed executables
referenced from a link. If you enable
this policy setting, Internet Explorer will execute unsigned managed
components. If you select Prompt in the drop-down box, Internet Explorer will
prompt the user to determine whether to execute unsigned managed
components. If you disable this policy
setting, Internet Explorer will not execute unsigned managed components. If you do not configure this policy
setting, Internet Explorer will not execute unsigned managed components. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2004 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone |
Download signed ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users may download signed ActiveX controls from a page in
the zone. If you enable this policy,
users can download signed controls without user intervention. If you select
Prompt in the drop-down box, users are queried whether to download controls
signed by publishers who aren't trusted. Code signed by trusted publishers is
silently downloaded. If you disable
the policy setting, signed controls cannot be downloaded. If you do not configure this policy
setting, users can download signed controls without user intervention. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1001 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone |
Download unsigned ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone.
Such code is potentially harmful, especially when coming from an untrusted
zone. If you enable this policy
setting, users can run unsigned controls without user intervention. If you
select Prompt in the drop-down box, users are queried to choose whether to
allow the unsigned control to run. If
you disable this policy setting, users cannot run unsigned controls. If you do not configure this policy
setting, users can run unsigned controls without user intervention. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1004 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone |
Initialize and script ActiveX controls not marked as safe |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy
setting, ActiveX controls are run, loaded with parameters, and scripted
without setting object safety for untrusted data or scripts. This setting is
not recommended, except for secure and administered zones. This setting
causes both unsafe and safe controls to be initialized and scripted, ignoring
the Script ActiveX controls marked safe for scripting option. If you enable this policy setting and select
Prompt in the drop-down box, users are queried whether to allow the control
to be loaded with parameters or scripted.
If you disable this policy setting, ActiveX controls that cannot be
made safe are not loaded with parameters or scripted. If you do not configure this policy
setting, users are queried whether to allow the control to be loaded with
parameters or scripted. If you disable
this policy setting, ActiveX controls that cannot be made safe are not loaded
with parameters or scripted. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1201 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone |
Run ActiveX controls and plugins |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the
specified zone. If you enable this
policy setting, controls and plug-ins can run without user intervention. If you selected Prompt in the drop-down
box, users are asked to choose whether to allow the controls or plug-in to
run. If you disable this policy
setting, controls and plug-ins are prevented from running. If you do not configure this policy
setting, controls and plug-ins can run without user intervention. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1200 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone |
Script ActiveX controls marked safe for scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact
with a script. If you enable this
policy setting, script interaction can occur automatically without user
intervention. If you select Prompt in
the drop-down box, users are queried to choose whether to allow script
interaction. If you disable this
policy setting, script interaction is prevented from occurring. If you do not configure this policy
setting, script interaction can occur automatically without user
intervention. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1405 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone |
Allow file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether file downloads are permitted from the zone. This option is
determined by the zone of the page with the link causing the download, not
the zone from which the file is delivered.
If you enable this policy setting, files can be downloaded from the
zone. If you disable this policy
setting, files are prevented from being downloaded from the zone. If you do not configure this policy
setting, files can be downloaded from the zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1803 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone |
Allow font downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy setting, HTML
fonts can be downloaded automatically. If you enable this policy setting and
Prompt is selected in the drop-down box, users are queried whether to allow
HTML fonts to download. If you disable
this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting,
HTML fonts can be downloaded automatically. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1604 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone |
Java permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage permissions for Java applets.
If you enable this policy setting, you can choose options from the
drop-down box. Custom, to control permissions settings individually. Low Safety enables applets to perform all
operations. Medium Safety enables
applets to run in their sandbox (an area in memory outside of which the
program cannot make calls), plus capabilities like scratch space (a safe and
secure storage area on the client computer) and user-controlled file
I/O. High Safety enables applets to
run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java
applets cannot run. If you do not
configure this policy setting, the permission is set to Medium Safety. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1C00 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone |
Access data sources across domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether Internet Explorer can access data from another security
zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects
(ADO). If you enable this policy
setting, users can load a page in the zone that uses MSXML or ADO to access
data from another site in the zone. If you select Prompt in the drop-down
box, users are queried to choose whether to allow a page to be loaded in the
zone that uses MSXML or ADO to access data from another site in the zone. If you disable this policy setting, users
cannot load a page in the zone that uses MSXML or ADO to access data from
another site in the zone. If you do
not configure this policy setting, users can load a page in the zone that
uses MSXML or ADO to access data from another site in the zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1406 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone |
Allow active content over restricted protocols to access my computer |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the
Local Machine Zone can run active content such as script, ActiveX, Java and
Binary Behaviors. The list of restricted protocols may be set in the Local
Machine Zone Restricted Protocols section under Network Protocol Lockdown
policy. If you enable this policy
setting, no Local Machine Zone content accessed is affected, even for
protocols on the restricted list. If you select Prompt from the drop-down
box, the Information Bar will appear to allow control over questionable
content accessed over any restricted protocols; content over other protocols
is unaffected. If you disable this
policy setting, all attempts to access such content over the restricted
protocols is blocked. If you do not
configure this policy setting, no content is restricted. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2300 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone |
Automatic prompting for file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting determines whether users will be prompted for non user-initiated file downloads.
Regardless of this setting, users will receive file download dialogs for
user-initiated downloads. If you
enable this setting, users will receive a file download dialog for automatic
download attempts. If you disable or
do not configure this setting, file downloads that are not user-initiated
will be blocked, and users will see the Information Bar instead of the file
download dialog. Users can then click the Information Bar to allow the file
download prompt. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2200 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone |
Automatic prompting for ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting manages whether users
will be automatically prompted for ActiveX control installations. If you enable this policy setting, users
will receive a prompt when a site instantiates an ActiveX control they do not
have installed. If you disable this
policy setting, ActiveX control installations will be blocked using the
Information Bar. Users can click on the Information Bar to allow the ActiveX
control prompt. If you do not
configure this policy setting, the user’s preference will be used to
determine whether to block ActiveX control installations using the
Information Bar. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2201 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone |
Allow META REFRESH |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether a user's browser can be redirected to another Web page if
the author of the Web page uses the Meta Refresh setting (tag) to redirect
browsers to another Web page. If you
enable this policy setting, a user's browser that loads a page containing an
active Meta Refresh setting, can be redirected to another Web page. If you disable this policy setting, a
user's browser that loads a page containing an active Meta Refresh setting,
cannot be redirected to another Web page.
If you do not configure this policy setting, a user's browser that
loads a page containing an active Meta Refresh setting, can be redirected to
another Web page. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1608 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone |
Allow script-initiated windows without size or position constraints |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that
include the title and status bars. If
you enable this policy setting, Windows Restrictions security will not apply
in this zone. The security zone runs without the added layer of security
provided by this feature. If you
disable this policy setting, the possible harmful actions contained in
script-initiated pop-up windows and windows that include the title and status
bars cannot be run. This Internet Explorer security feature will be on in
this zone as dictated by the Scripted Windows Security Restrictions feature
control setting for the process. If
you do not configure this policy setting, Windows Restrictions security will
not apply in this zone. The security zone runs without the added layer of
security provided by this feature. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2102 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone |
Allow binary and script behaviors |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate
specific functionality for HTML elements to which they were attached. If you enable this policy setting, binary
and script behaviors are available. If you select Administrator approved in
the drop-down box, only behaviors listed in the Admin-approved Behaviors
under Binary Behaviors Security Restriction policy are available. If you disable this policy setting, binary
and script behaviors are not available unless applications have implemented a
custom security manager. If you do not
configure this policy setting, binary and script behaviors are available. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2000 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone |
Display mixed content |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users can display nonsecure items and manage whether users
receive a security information message to display pages containing both
secure and nonsecure items. If you
enable this policy setting, and the drop-down box is set to Enable, the user
does not receive a security information message (This page contains both
secure and nonsecure items. Do you want to display the nonsecure items?) and
nonsecure content can be displayed. If
the drop-down box is set to Prompt, the user will receive the security
information message on the Web pages that contain both secure (https://) and
nonsecure (http://) content. If you
disable this policy setting, users cannot receive the security information
message and nonsecure content cannot be displayed. If you do not configure this policy
setting, the user will receive the security information message on the Web
pages that contain both secure (https://) and nonsecure (http://) content. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1609 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone |
Do not prompt for client certificate selection when no certificates or only one certificate
exists. |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users are prompted to select a certificate when no
certificate or only one certificate exists.
If you enable this policy setting, Internet Explorer does not prompt
users with a Client Authentication message when they connect to a Web site
that has no certificate or only one certificate. If you disable this policy setting,
Internet Explorer prompts users with a Client Authentication message when
they connect to a Web site that has no certificate or only one
certificate. If you do not configure
this policy setting, Internet Explorer prompts users with a Client
Authentication message when they connect to a Web site that has no certificate
or only one certificate. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1A04 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone |
Allow drag and drop or copy and paste files |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users can drag files or copy and paste files from a source
within the zone. If you enable this
policy setting, users can drag files or copy and paste files from this zone
automatically. If you select Prompt in the drop-down box, users are queried
to choose whether to drag or copy files from this zone. If you disable this policy setting, users
are prevented from dragging files or copying and pasting files from this zone. If you do not configure this policy
setting, users can drag files or copy and paste files from this zone
automatically. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1802 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone |
Allow installation of desktop items |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users can install Active Desktop items from this zone. The
settings for this option are: If you enable this policy setting, users can
install desktop items from this zone automatically. If you select Prompt in the drop-down box,
users are queried to choose whether to install desktop items from this
zone. If you disable this policy
setting, users are prevented from installing desktop items from this zone. If you do not configure this policy
setting, users can install desktop items from this zone automatically. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1800 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone |
Launching applications and files in an IFRAME |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether applications may be run and files may be downloaded from an
IFRAME reference in the HTML of the pages in this zone. If you enable this policy setting, users
can run applications and download files from IFRAMEs on the pages in this
zone without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to run applications and download files
from IFRAMEs on the pages in this zone.
If you disable this policy setting, users are prevented from running
applications and downloading files from IFRAMEs on the pages in this
zone. If you do not configure this
policy setting, users can run applications and download files from IFRAMEs on
the pages in this zone without user intervention. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1804 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone |
Navigate sub-frames across different domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage the opening of sub-frames and access of applications across
different domains. If you enable this
policy setting, users can open additional sub-frames from other domains and
access applications from other domains. If you select Prompt in the drop-down
box, users are queried whether to allow additional sub-frames or access to
applications from other domains. If
you disable this policy setting, users cannot open other sub-frames or access
applications from different domains.
If you do not configure this policy setting, users can open additional
sub-frames from other domains and access applications from other domains. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1607 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone |
Open files based on content, not file extension |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on
a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the
file type based on a bit signature. If
you enable this policy setting, the MIME Sniffing Safety Feature will not
apply in this zone. The security zone will run without the added layer of
security provided by this feature. If
you disable this policy setting, the actions that may be harmful cannot run;
this Internet Explorer security feature will be turned on in this zone, as
dictated by the feature control setting for the process. If you do not configure this policy
setting, the actions that may be harmful cannot run; this Internet Explorer
security feature will be turned on in this zone, as dictated by the feature
control setting for the process. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2100 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone |
Software channel permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage software channel permissions.
If you enable this policy setting, you can choose the following
options from the drop-down box. Low
safety to allow users to be notified of software updates by e-mail, software
packages to be automatically downloaded to users' computers, and software
packages to be automatically installed on users' computers. Medium safety to allow users to be notified
of software updates by e-mail and software packages to be automatically
downloaded to (but not installed on) users' computers. High safety to prevent users from being
notified of software updates by e-mail, software packages from being
automatically downloaded to users' computers, and software packages from
being automatically installed on users' computers. If you disable this policy setting,
permissions are set to high safety. If
you do not configure this policy setting, permissions are set to Low safety. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1E05 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone |
Submit non-encrypted form data |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted.
Forms sent with SSL (Secure Sockets Layer) encryption are always allowed;
this setting only affects non-SSL form data submission. If you enable this policy setting,
information using HTML forms on pages in this zone can be submitted
automatically. If you select Prompt in the drop-down box, users are queried
to choose whether to allow information using HTML forms on pages in this zone
to be submitted. If you disable this
policy setting, information using HTML forms on pages in this zone is
prevented from being submitted. If you
do not configure this policy setting, information using HTML forms on pages
in this zone can be submitted automatically. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1601 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone |
Use Pop-up Blocker |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are
opened when the end user clicks a link are not blocked. If you enable this policy setting, most
unwanted pop-up windows are prevented from appearing. If you disable this policy setting, pop-up
windows are not prevented from appearing.
If you do not configure this policy setting, pop-up windows are not
prevented from appearing. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1809 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone |
Userdata persistence |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage the preservation of information in the browser's history, in
favorites, in an XML store, or directly within a Web page saved to disk. When
a user returns to a persisted page, the state of the page can be restored if
this policy setting is appropriately configured. If you enable this policy setting, users
can preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you disable this policy setting, users
cannot preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you do not configure this policy
setting, users can preserve information in the browser's history, in
favorites, in an XML store, or directly within a Web page saved to disk. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1606 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone |
Web sites in less privileged Web content zones can navigate into this zone |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet
sites, can navigate into this zone. If
you enable this policy setting, Web sites from less privileged zones can open
new windows in, or navigate into, this zone. The security zone will run
without the added layer of security that is provided by the Protection from
Zone Elevation security feature. If you select Prompt in the drop-down box, a
warning is issued to the user that potentially risky navigation is about to
occur. If you disable this policy
setting, the possibly harmful navigations are prevented. The Internet
Explorer security feature will be on in this zone as set by Protection from
Zone Elevation feature control. If you
do not configure this policy setting, the possibly harmful navigations are
prevented. The Internet Explorer security feature will be on in this zone as
set by Protection from Zone Elevation feature control. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2101 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone |
Allow active scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether script code on pages in the zone is run. If you enable this policy setting, script
code on pages in the zone can run automatically. If you select Prompt in the
drop-down box, users are queried to choose whether to allow script code on
pages in the zone to run. If you
disable this policy setting, script code on pages in the zone is prevented
from running. If you do not configure
this policy setting, script code on pages in the zone can run automatically. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1400 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone |
Allow paste operations via script |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether scripts can perform a clipboard operation (for example,
cut, copy, and paste) in a specified region.
If you enable this policy setting, a script can perform a clipboard
operation. If you disable this policy
setting, a script cannot perform a clipboard operation. If you do not configure this policy
setting, a script can perform a clipboard operation. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1407 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone |
Scripting of Java applets |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether applets are exposed to scripts within the zone. If you enable this policy setting, scripts
can access applets automatically without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to allow scripts to access applets. If you disable this policy setting, scripts
are prevented from accessing applets.
If you do not configure this policy setting, scripts can access
applets automatically without user intervention. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1402 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone |
Logon options |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage settings for logon options.
If you enable this policy setting, you can choose from the following
logon options. Anonymous logon to
disable HTTP authentication and use the guest account only for the Common
Internet File System (CIFS) protocol.
Prompt for user name and password to query users for user IDs and
passwords. After a user is queried, these values can be used silently for the
remainder of the session. Automatic
logon only in Intranet zone to query users for user IDs and passwords in
other zones. After a user is queried, these values can be used silently for
the remainder of the session.
Automatic logon with current user name and password to attempt logon
using Windows NT Challenge Response (also known as NTLM authentication). If
Windows NT Challenge Response is supported by the server, the logon uses the
user's network user name and password for logon. If Windows NT Challenge
Response is not supported by the server, the user is queried to provide the
user name and password. If you disable
this policy setting, logon is set to Automatic logon only in Intranet
zone. If you do not configure this
policy setting, logon is set to Automatic logon with current username and
password. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1A00 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Local Machine Zone |
Run .NET Framework-reliant components
signed with Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode
can be executed from Internet Explorer. These components include managed
controls referenced from an object tag and managed executables referenced
from a link. If you enable this policy
setting, Internet Explorer will execute signed managed components. If you
select Prompt in the drop-down box, Internet Explorer will prompt the user to
determine whether to execute signed managed components. If you disable this policy setting,
Internet Explorer will not execute signed managed components. If you do not configure this policy
setting, Internet Explorer will not execute signed managed components. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2001 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Local Machine Zone |
Run .NET Framework-reliant components
not signed with Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether .NET Framework components that are not signed with
Authenticode can be executed from Internet Explorer. These components include
managed controls referenced from an object tag and managed executables
referenced from a link. If you enable
this policy setting, Internet Explorer will execute unsigned managed
components. If you select Prompt in the drop-down box, Internet Explorer will
prompt the user to determine whether to execute unsigned managed
components. If you disable this policy
setting, Internet Explorer will not execute unsigned managed components. If you do not configure this policy
setting, Internet Explorer will not execute unsigned managed components. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2004 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Local Machine Zone |
Download signed ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users may download signed ActiveX controls from a page in
the zone. If you enable this policy,
users can download signed controls without user intervention. If you select
Prompt in the drop-down box, users are queried whether to download controls
signed by publishers who aren't trusted. Code signed by trusted publishers is
silently downloaded. If you disable
the policy setting, signed controls cannot be downloaded. If you do not configure this policy
setting, users are queried whether to download controls signed by publishers
who aren't trusted. Code signed by
trusted publishers is silently downloaded. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1001 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Local Machine Zone |
Download unsigned ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone.
Such code is potentially harmful, especially when coming from an untrusted
zone. If you enable this policy
setting, users can run unsigned controls without user intervention. If you
select Prompt in the drop-down box, users are queried to choose whether to
allow the unsigned control to run. If
you disable this policy setting, users cannot run unsigned controls. If you do not configure this policy
setting, users cannot run unsigned controls. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1004 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Local Machine Zone |
Initialize and script ActiveX controls not marked as safe |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy
setting, ActiveX controls are run, loaded with parameters, and scripted
without setting object safety for untrusted data or scripts. This setting is
not recommended, except for secure and administered zones. This setting
causes both unsafe and safe controls to be initialized and scripted, ignoring
the Script ActiveX controls marked safe for scripting option. If you enable this policy setting and select
Prompt in the drop-down box, users are queried whether to allow the control
to be loaded with parameters or scripted.
If you disable this policy setting, ActiveX controls that cannot be
made safe are not loaded with parameters or scripted. If you do not configure this policy
setting, ActiveX controls that cannot be made safe are not loaded with
parameters or scripted. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1201 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Local Machine Zone |
Run ActiveX controls and plugins |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the
Local Machine zone. If you enable this
policy setting, controls and plug-ins can run without user intervention. If you selected Prompt in the drop-down
box, users are asked to choose whether to allow the controls or plug-in to
run. If you disable this policy
setting, controls and plug-ins are prevented from running. If you do not configure this policy
setting, controls and plug-ins are prevented from running. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1200 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Local Machine Zone |
Script ActiveX controls marked safe for scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact
with a script. If you enable this
policy setting, script interaction can occur automatically without user
intervention. If you select Prompt in
the drop-down box, users are queried to choose whether to allow script
interaction. If you disable this
policy setting, script interaction is prevented from occurring. If you do not configure this policy
setting, script interaction can occur automatically without user
intervention. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1405 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Local Machine Zone |
Allow file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether file downloads are permitted from the Local Machine zone.
This option is determined by the zone of the page with the link causing the
download, not the zone from which the file is delivered. If you enable this policy setting, files
can be downloaded from the zone. If
you disable this policy setting, files are prevented from being downloaded
from the zone. If you do not configure
this policy setting, files can be downloaded from the zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1803 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Local Machine Zone |
Allow font downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy setting, HTML
fonts can be downloaded automatically. If you enable this policy setting and
Prompt is selected in the drop-down box, users are queried whether to allow
HTML fonts to download. If you disable
this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting,
HTML fonts can be downloaded automatically. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1604 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Local Machine Zone |
Java permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage permissions for Java applets.
If you enable this policy setting, you can choose options from the
drop-down box. Custom, to control permissions settings individually. Low Safety enables applets to perform all
operations. Medium Safety enables
applets to run in their sandbox (an area in memory outside of which the
program cannot make calls), plus capabilities like scratch space (a safe and
secure storage area on the client computer) and user-controlled file
I/O. High Safety enables applets to
run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java
applets cannot run. If you do not
configure this policy setting, the permission is set to High Safety. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1C00 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Local Machine Zone |
Access data sources across domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether Internet Explorer can access data from another security
zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects
(ADO). If you enable this policy
setting, users can load a page in the zone that uses MSXML or ADO to access
data from another site in the zone. If you select Prompt in the drop-down
box, users are queried to choose whether to allow a page to be loaded in the
zone that uses MSXML or ADO to access data from another site in the zone. If you disable this policy setting, users
cannot load a page in the zone that uses MSXML or ADO to access data from
another site in the zone. If you do
not configure this policy setting, users are queried to choose whether to
allow a page to be loaded in the zone that uses MSXML or ADO to access data
from another site in the zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1406 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Local Machine Zone |
Automatic prompting for file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting determines whether users will be prompted for non user-initiated file downloads.
Regardless of this setting, users will receive file download dialogs for
user-initiated downloads. If you
enable this setting, users will receive a file download dialog for automatic
download attempts. If you disable or
do not configure this setting, file downloads that are not user-initiated
will be blocked, and users will see the Information Bar instead of the file
download dialog. Users can then click the Information Bar to allow the file
download prompt. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2200 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Local Machine Zone |
Automatic prompting for ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting manages whether users
will be automatically prompted for ActiveX control installations. If you enable this policy setting, users
will receive a prompt when a site instantiates an ActiveX control they do not
have installed. If you disable this
policy setting, ActiveX control installations will be blocked using the
Information Bar. Users can click on the Information Bar to allow the ActiveX
control prompt. If you do not
configure this policy setting, the user’s preference will be used to
determine whether to block ActiveX control installations using the
Information Bar. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2201 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Local Machine Zone |
Allow META REFRESH |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether a user's browser can be redirected to another Web page if
the author of the Web page uses the Meta Refresh setting (tag) to redirect
browsers to another Web page. If you
enable this policy setting, a user's browser that loads a page containing an
active Meta Refresh setting, can be redirected to another Web page. If you disable this policy setting, a
user's browser that loads a page containing an active Meta Refresh setting,
cannot be redirected to another Web page.
If you do not configure this policy setting, a user's browser that
loads a page containing an active Meta Refresh setting, can be redirected to
another Web page. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1608 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Local Machine Zone |
Allow script-initiated windows without size or position constraints |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that
include the title and status bars. If
you enable this policy setting, Windows Restrictions security will not apply
in the Local Machine zone. The security zone runs without the added layer of
security provided by this feature. If
you disable this policy setting, the possible harmful actions contained in
script-initiated pop-up windows and windows that include the title and status
bars cannot be run. This Internet Explorer security feature will be on in the
Local Machine zone as dictated by the Scripted Windows Security Restrictions
feature control setting for the process.
If you do not configure this policy setting, the possible harmful
actions contained in script-initiated pop-up windows and windows that include
the title and status bars cannot be run. This Internet Explorer security
feature will be on in the Local Machine zone as dictated by the Scripted
Windows Security Restrictions feature control setting for the process. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2102 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Local Machine Zone |
Allow binary and script behaviors |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate
specific functionality for HTML elements to which they were attached. If you enable this policy setting, binary
and script behaviors are available. If you select Administrator approved in
the drop-down box, only behaviors listed in the Admin-approved Behaviors
under Binary Behaviors Security Restriction policy are available. If you disable this policy setting, binary
and script behaviors are not available unless applications have implemented a
custom security manager. If you do not
configure this policy setting, binary and script behaviors are not available
unless applications have implemented a custom security manager. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2000 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Local Machine Zone |
Display mixed content |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users can display nonsecure items and manage whether users
receive a security information message to display pages containing both
secure and nonsecure items. If you
enable this policy setting, and the drop-down box is set to Enable, the user
does not receive a security information message (This page contains both
secure and nonsecure items. Do you want to display the nonsecure items?) and
nonsecure content can be displayed. If
the drop-down box is set to Prompt, the user will receive the security
information message on the Web pages that contain both secure (https://) and
nonsecure (http://) content. If you
disable this policy setting, users cannot receive the security information
message and nonsecure content cannot be displayed. If you do not configure this policy
setting, the user will receive the security information message on the Web
pages that contain both secure (https://) and nonsecure (http://) content. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1609 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Local Machine Zone |
Do not prompt for client certificate selection when no certificates or only one certificate
exists. |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users are prompted to select a certificate when no
certificate or only one certificate exists.
If you enable this policy setting, Internet Explorer does not prompt
users with a Client Authentication message when they connect to a Web site
that has no certificate or only one certificate. If you disable this policy setting,
Internet Explorer prompts users with a Client Authentication message when
they connect to a Web site that has no certificate or only one
certificate. If you do not configure
this policy setting, Internet Explorer prompts users with a Client
Authentication message when they connect to a Web site that has no certificate
or only one certificate. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1A04 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Local Machine Zone |
Allow drag and drop or copy and paste files |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users can drag files or copy and paste files from a source
within the Local Machine zone. If you
enable this policy setting, users can drag files or copy and paste files from
the Local Machine zone automatically. If you select Prompt in the drop-down
box, users are queried to choose whether to drag or copy files from the Local
Machine zone. If you disable this
policy setting, users are prevented from dragging files or copying and
pasting files from the Local Machine zone.
If you do not configure this policy setting, users can drag files or
copy and paste files from the Local machine zone automatically. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1802 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Local Machine Zone |
Allow installation of desktop items |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users can install Active Desktop items from the Local
Machine zone. The settings for this option are: If you enable this policy
setting, users can install desktop items from the Local Machine zone
automatically. If you select Prompt in
the drop-down box, users are queried to choose whether to install desktop
items from the Local Machine zone. If
you disable this policy setting, users are prevented from installing desktop
items from the Local Machine zone. If
you do not configure this policy setting, users are queried to choose whether
to install desktop items from the Local Machine zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1800 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Local Machine Zone |
Launching applications and files in an IFRAME |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether applications may be run and files may be downloaded from an
IFRAME reference in the HTML of the pages in this zone. If you enable this policy setting, users
can run applications and download files from IFRAMEs on the pages in this
zone without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to run applications and download files
from IFRAMEs on the pages in this zone.
If you disable this policy setting, users are prevented from running
applications and downloading files from IFRAMEs on the pages in this
zone. If you do not configure this
policy setting, users are queried to choose whether to run applications and
download files from IFRAMEs on the pages in this zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1804 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Local Machine Zone |
Navigate sub-frames across different domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage the opening of sub-frames and access of applications across
different domains. If you enable this
policy setting, users can open additional sub-frames from other domains and
access applications from other domains. If you select Prompt in the drop-down
box, users are queried whether to allow additional sub-frames or access to
applications from other domains. If
you disable this policy setting, users cannot open other sub-frames or access
applications from different domains.
If you do not configure this policy setting, users can open additional
sub-frames from other domains and access applications from other domains. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1607 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Local Machine Zone |
Open files based on content, not file extension |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on
a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the
file type based on a bit signature. If
you enable this policy setting, the MIME Sniffing Safety Feature will not
apply in the Local Machine zone. The security zone will run without the added
layer of security provided by this feature.
If you disable this policy setting, the actions that may be harmful
cannot run; this Internet Explorer security feature will be turned on in the
Local Machine zone, as dictated by the feature control setting for the
process. If you do not configure this
policy setting, the actions that may be harmful cannot run; this Internet
Explorer security feature will be turned on in the Local Machine zone, as
dictated by the feature control setting for the process. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2100 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Local Machine Zone |
Software channel permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage software channel permissions.
If you enable this policy setting, you can choose the following
options from the drop-down box. Low
safety to allow users to be notified of software updates by e-mail, software
packages to be automatically downloaded to users' computers, and software
packages to be automatically installed on users' computers. Medium safety to allow users to be notified
of software updates by e-mail and software packages to be automatically
downloaded to (but not installed on) users' computers. High safety to prevent users from being
notified of software updates by e-mail, software packages from being
automatically downloaded to users' computers, and software packages from
being automatically installed on users' computers. If you disable this policy setting,
permissions are set to high safety. If
you do not configure this policy setting, permissions are set to Medium
safety. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1E05 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Local Machine Zone |
Submit non-encrypted form data |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether data on HTML forms on pages in the Local Machine zone may
be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are
always allowed; this setting only affects non-SSL form data submission. If you enable this policy setting,
information using HTML forms on pages in the Local Machine zone can be
submitted automatically. If you select Prompt in the drop-down box, users are
queried to choose whether to allow information using HTML forms on pages in
the Local Machine zone to be submitted.
If you disable this policy setting, information using HTML forms on
pages in the Local Machine zone is prevented from being submitted. If you do not configure this policy
setting, information using HTML forms on pages in the Local Machine zone can
be submitted automatically. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1601 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Local Machine Zone |
Use Pop-up Blocker |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are
opened when the end user clicks a link are not blocked. If you enable this policy setting, most
unwanted pop-up windows are prevented from appearing. If you disable this policy setting, pop-up
windows are not prevented from appearing.
If you do not configure this policy setting, most unwanted pop-up
windows are prevented from appearing. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1809 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Local Machine Zone |
Userdata persistence |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage the preservation of information in the browser's history, in
favorites, in an XML store, or directly within a Web page saved to disk. When
a user returns to a persisted page, the state of the page can be restored if
this policy setting is appropriately configured. If you enable this policy setting, users
can preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you disable this policy setting, users
cannot preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you do not configure this policy
setting, users can preserve information in the browser's history, in
favorites, in an XML store, or directly within a Web page saved to disk. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1606 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Local Machine Zone |
Web sites in less privileged Web content zones can navigate into this zone |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet
sites, can navigate to the Local Machine zone. If you enable this policy setting, Web
sites from less privileged zones can open new windows in, or navigate into,
the Local Machine zone. The security zone will run without the added layer of
security that is provided by the Protection from Zone Elevation security
feature. If you select Prompt in the drop-down box, a warning is issued to
the user that potentially risky navigation is about to occur. If you disable this policy setting, the
possibly harmful navigations are prevented. The Internet Explorer security
feature will be on in the Local Machine zone as set by Protection from Zone
Elevation feature control. If you do
not configure this policy setting, the possibly harmful navigations are
prevented. The Internet Explorer security feature will be on in the Local
Machine zone as set by Protection from Zone Elevation feature control. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2101 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Local Machine Zone |
Allow active scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether script code on pages in the Local Machine zone is run. If you enable this policy setting, script
code on pages in the Local Machine zone can run automatically. If you select
Prompt in the drop-down box, users are queried to choose whether to allow
script code on pages in the Local Machine zone to run. If you disable this policy setting, script
code on pages in the Local Machine zone is prevented from running. If you do not configure this policy
setting, script code on pages in the Local Machine zone can run
automatically. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1400 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Local Machine Zone |
Allow paste operations via script |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether scripts can perform a clipboard operation (for example,
cut, copy, and paste) in a specified region.
If you enable this policy setting, a script can perform a clipboard
operation. If you disable this policy,
a script cannot perform a clipboard operation. If you do not configure this policy
setting, a script can perform a clipboard operation. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1407 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Local Machine Zone |
Scripting of Java applets |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether applets are exposed to scripts within the zone. If you enable this policy setting, scripts
can access applets automatically without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to allow scripts to access applets. If you disable this policy setting, scripts
are prevented from accessing applets.
If you do not configure this policy setting, scripts can access
applets automatically without user intervention. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1402 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Local Machine Zone |
Logon options |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage settings for logon options.
If you enable this policy setting, you can choose from the following
logon options: Anonymous logon to
disable HTTP authentication and use the guest account only for the Common
Internet File System (CIFS) protocol.
Prompt for user name and password to query users for user IDs and
passwords. After a user is queried, these values can be used silently for the
remainder of the session. Automatic
logon only in Intranet zone to query users for user IDs and passwords in
other zones. After a user is queried, these values can be used silently for
the remainder of the session.
Automatic logon with current user name and password to attempt logon
using Windows NT Challenge Response (also known as NTLM authentication). If
Windows NT Challenge Response is supported by the server, the logon uses the
user's network user name and password for logon. If Windows NT Challenge
Response is not supported by the server, the user is queried to provide the
user name and password. If you disable
this policy setting, logon is set to Automatic logon only in Intranet
zone. If you do not configure this
policy setting, logon is set to Automatic logon only in Intranet zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1A00 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page |
Site to Zone Assignment List |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage a list of sites that you want to associate with a particular
security zone. These zone numbers have associated security settings that
apply to all of the sites in the zone.
Internet Explorer has 4 security zones, numbered 1-4, and these are
used by this policy setting to associate sites to zones. They are: (1)
Intranet zone, (2) Trusted Sites zone, (3) Internet zone, and (4) Restricted
Sites zone. Security settings can be set for each of these zones through other
policy settings, and their default settings are: Trusted Sites zone (Low
template), Intranet zone (Medium-Low template), Internet zone (Medium
template), and Restricted Sites zone (High template). (The Local Machine zone
and its locked down equivalent have special security settings that protect
your local computer.) If you enable
this policy setting, you can enter a list of sites and their related zone
numbers. The association of a site with a zone will ensure that the security
settings for the specified zone are applied to the site. For each entry
that you add to the list, enter the following information: Valuename – A host for an intranet site, or
a fully qualified domain name for other sites. The valuename may also
include a specific protocol. For example, if you enter
http://www.contoso.com as the valuename, other protocols are not
affected. If you enter just www.contoso.com, then all protocols are
affected for that site, including http, https, ftp, and so on. The site may
also be expressed as an IP address (e.g., 127.0.0.1) or range (e.g.,
127.0.0.1-10). To avoid creating conflicting policies, do not include
additional characters after the domain such as trailing slashes or URL path.
For example, policy settings for www.contoso.com and www.contoso.com/mail
would be treated as the same policy setting by Internet Explorer, and would
therefore be in conflict. Value - A
number indicating the zone with which this site should be associated for
security settings. The Internet Explorer zones described above are 1-4. If you disable this policy setting, any
such list is deleted and no site-to-zone assignments are permitted. If this policy is not configured, users may
choose their own site-to-zone assignments. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings!ListBox_Support_ZoneMapKey |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page |
Intranet Sites: Include all local (intranet) sites not listed in other zones |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting controls whether local sites which are not explicitly mapped into any Security Zone are
forced into the local Intranet security zone.
If you enable this policy setting, local sites which are not
explicitly mapped into a zone are considered to be in the Intranet Zone. If you disable this policy setting, local
sites which are not explicitly mapped into a zone will not be considered to
be in the Intranet Zone (so would typically be in the Internet Zone). If you do not configure this policy
setting, users choose whether to force local sites into the Intranet Zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap!IntranetName |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page |
Intranet Sites: Include all sites that bypass the proxy server |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting controls whether sites which bypass the proxy server are mapped into the local Intranet
security zone. If you enable this
policy setting, sites which bypass the proxy server are mapped into the
Intranet Zone. If you disable this
policy setting, sites which bypass the proxy server aren't necessarily mapped
into the Intranet Zone (other rules might map one there). If you do not configure this policy
setting, users choose whether sites which bypass the proxy server are mapped
into the Intranet Zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap!ProxyByPass |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page |
Intranet Sites: Include all network paths (UNCs) |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting controls whether URLs representing UNCs are mapped into the local Intranet security
zone. If you enable this policy
setting, all network paths are mapped into the Intranet Zone. If you disable this policy setting, network
paths are not necessarily mapped into the Intranet Zone (other rules might
map one there). If you do not
configure this policy setting, users choose whether network paths are mapped
into the Intranet Zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap!UNCAsIntranet |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page |
Internet Zone Template |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This template policy setting allows you to configure policy settings in this zone consistent with a selected
security level, for example, Low, Medium Low, Medium, or High. If you enable this template policy setting
and select a security level, all values for individual settings in the zone
will be overwritten by the standard template defaults. If you disable this template policy
setting, no security level is configured.
If you do not configure this template policy setting, no security
level is configured. Note. Local
Machine Zone Lockdown Security operates by comparing the settings in the
Local Machine Zone against those in the Locked-Down Local Machine Zone. If
you select a security level for one of these zones (including selecting no
security), the same change should be made to the other zone. Note. It is recommended to configure
template policy settings in one Group Policy object (GPO) and configure any
related individual policy settings in a separate GPO. You can then use Group
Policy management features (for example, precedence, inheritance, or enforce)
to apply individual settings to specific targets. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Template Policies!InternetZoneTemplate,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Template Policies!Internet, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2300,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2300,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2300,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2300,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2300 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page |
Intranet Zone Template |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This template policy setting allows you to configure policy settings in this zone consistent with a selected
security level, for example, Low, Medium Low, Medium, or High. If you enable this template policy setting
and select a security level, all values for individual settings in the zone
will be overwritten by the standard template defaults. If you disable this template policy
setting, no security level is configured.
If you do not configure this template policy setting, no security
level is configured. Note. Local
Machine Zone Lockdown Security operates by comparing the settings in the
Local Machine Zone against those in the Locked-Down Local Machine Zone. If
you select a security level for one of these zones (including selecting no
security), the same change should be made to the other zone. Note. It is recommended to configure
template policy settings in one Group Policy object (GPO) and configure any
related individual policy settings in a separate GPO. You can then use Group
Policy management features (for example, precedence, inheritance, or enforce)
to apply individual settings to specific targets. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Intranet
Settings\Template Policies!IntranetZoneTemplate,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Intranet
Settings\Template Policies!Intranet, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2300,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2300,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2300,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2300,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2300 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page |
Trusted Sites Zone Template |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This template policy setting allows you to configure policy settings in this zone consistent with a selected
security level, for example, Low, Medium Low, Medium, or High. If you enable this template policy setting
and select a security level, all values for individual settings in the zone
will be overwritten by the standard template defaults. If you disable this template policy
setting, no security level is configured.
If you do not configure this template policy setting, no security
level is configured. Note. Local
Machine Zone Lockdown Security operates by comparing the settings in the
Local Machine Zone against those in the Locked-Down Local Machine Zone. If
you select a security level for one of these zones (including selecting no
security), the same change should be made to the other zone. Note. It is recommended to configure
template policy settings in one Group Policy object (GPO) and configure any
related individual policy settings in a separate GPO. You can then use Group
Policy management features (for example, precedence, inheritance, or enforce)
to apply individual settings to specific targets. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Trusted
Sites Settings\Template Policies!TrustedSitesZoneTemplate,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Trusted Sites
Settings\Template Policies!Trusted Sites, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2300,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2300, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2300,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2300,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2300 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page |
Restricted Sites Zone Template |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This template policy setting allows you to configure policy settings in this zone consistent with a selected
security level, for example, Low, Medium Low, Medium, or High. If you enable this template policy setting
and select a security level, all values for individual settings in the zone
will be overwritten by the standard template defaults. If you disable this template policy
setting, no security level is configured.
If you do not configure this template policy setting, no security
level is configured. Note. Local
Machine Zone Lockdown Security operates by comparing the settings in the
Local Machine Zone against those in the Locked-Down Local Machine Zone. If
you select a security level for one of these zones (including selecting no
security), the same change should be made to the other zone. Note. It is recommended to configure
template policy settings in one Group Policy object (GPO) and configure any
related individual policy settings in a separate GPO. You can then use Group
Policy management features (for example, precedence, inheritance, or enforce)
to apply individual settings to specific targets. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Restricted
Sites Settings\Template Policies!RestrictedSitesZoneTemplate,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Restricted Sites
Settings\Template Policies!Restricted Sites, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2300,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2300, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2300,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2300,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2300 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page |
Local Machine Zone Template |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This template policy setting allows you to configure policy settings in this zone consistent with a selected
security level, for example, Low, Medium Low, Medium, or High. If you enable this template policy setting
and select a security level, all values for individual settings in the zone
will be overwritten by the standard template defaults. If you disable this template policy
setting, no security level is configured.
If you do not configure this template policy setting, no security
level is configured. Note. Local
Machine Zone Lockdown Security operates by comparing the settings in the
Local Machine Zone against those in the Locked-Down Local Machine Zone. If
you select a security level for one of these zones (including selecting no
security), the same change should be made to the other zone. Note. It is recommended to configure
template policy settings in one Group Policy object (GPO) and configure any
related individual policy settings in a separate GPO. You can then use Group
Policy management features (for example, precedence, inheritance, or enforce)
to apply individual settings to specific targets. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Local
Machine Zone Settings\Template Policies!LocalMachineZoneTemplate,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Local Machine Zone
Settings\Template Policies!Local Machine Zone, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2300,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2300, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2300,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2300,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2300 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative
Templates\Windows Components\Internet Explorer\Internet Control
Panel\Security Page |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This template policy setting allows you to configure policy settings in this zone consistent with a selected
security level, for example, Low, Medium Low, Medium, or High. If you enable this template policy setting
and select a security level, all values for individual settings in the zone
will be overwritten by the standard template defaults. If you disable this template policy
setting, no security level is configured.
If you do not configure this template policy setting, no security
level is configured. Note. Local
Machine Zone Lockdown Security operates by comparing the settings in the
Local Machine Zone against those in the Locked-Down Local Machine Zone. If
you select a security level for one of these zones (including selecting no
security), the same change should be made to the other zone. Note. It is recommended to configure
template policy settings in one Group Policy object (GPO) and configure any
related individual policy settings in a separate GPO. You can then use Group
Policy management features (for example, precedence, inheritance, or enforce)
to apply individual settings to specific targets. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Local
Machine Zone Lockdown Settings\Template
Policies!LocalMachineZoneLockdownTemplate,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Local Machine Zone
Lockdown Settings\Template Policies!Locked-Down Local Machine Zone,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2201 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Advanced Page |
Allow software to run or install even if the signature is invalid |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether software, such as ActiveX controls and file downloads, can
be installed or run by the user even though the signature is invalid. An
invalid signature might indicate that someone has tampered with the
file. If you enable this policy
setting, users will be prompted to install or run files with an invalid
signature. If you disable this policy
setting, users cannot run or install files with an invalid signature. If you do not configure this policy, users
can choose to run or install files with an invalid signature. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Download!RunInvalidSignatures |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Advanced Page |
Allow active content from CDs to run on user machines |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users receive a dialog requesting permission for active
content on a CD to run. If you enable
this policy setting, active content on a CD will run without a prompt. If you disable this policy setting, active
content on a CD will always prompt before running. If you do not configure this policy, users
can choose whether to be prompted before running active content on a CD. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Settings!LOCALMACHINE_CD_UNLOCK |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet Explorer |
Turn off pop-up management |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage pop-up management functionality in Internet Explorer. If you enable this policy setting, the
Control Panel information relating to pop-up management will be unavailable
(grayed out) and all other pop-up manager controls, notifications, and dialog
boxes will not appear. Pop-up windows will continue to function as they did
in Windows XP Service Pack 1 or earlier, although windows launched off screen
will continue to be re-positioned onscreen.
If you disable or do not configure this policy setting, the popup
management feature will be functional. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Restrictions!NoPopupManagement |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet Explorer |
Pop-up allow list |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage a list of web sites that will be allowed to open pop-up windows
regardless of the Internet Explorer process's Pop-Up Blocker settings. If you enable this policy setting, you can
enter a list of sites which will be allowed to open pop-up windows regardless
of user settings. Users will not be able to view or edit this list of sites.
Only the domain name is allowed, so www.contoso.com is valid, but not
http://www.contoso.com. Wildcards are allowed, so *.contoso.com is also
valid. If you disable this policy
setting, the list is deleted and users may not create their own lists of
sites. If this policy is not
configured, users will be able to view and edit their own lists of sites. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\New Windows!ListBox_Support_Allow |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet Explorer |
Turn off Crash Detection |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage the crash detection feature of add-on Management. If you enable this policy setting, a crash
in Internet Explorer will exhibit behavior found in Windows XP Professional
Service Pack 1 and earlier, namely to invoke Windows Error Reporting. All
policy settings for Windows Error Reporting continue to apply. If you disable or do not configure this
policy setting, the crash detection feature for add-on management will be
functional. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Restrictions!NoCrashDetection |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet Explorer |
Do not allow users to enable or disable add-ons |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users have the ability to allow or deny add-ons through
Add-On Manager. If you enable this
policy setting, users cannot enable or disable add-ons through Add-On
Manager. The only exception occurs if an add-on has been specifically entered
into the 'Add-On List' policy setting in such a way as to allow users to
continue to manage the add-on. In this case, the user can still manage the
add-on through the Add-On Manager. If
you disable or do not configure this policy setting, the appropriate controls
in the Add-On Manager will be available to the user. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Restrictions!NoExtensionManagement |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Binary Behavior
Security Restriction |
Internet Explorer Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
Internet Explorer contains dynamic binary behaviors: components that encapsulate specific functionality for
the HTML elements to which they are attached. This policy setting controls
whether the Binary Behavior Security Restriction setting is prevented or
allowed. If you enable this policy
setting, binary behaviors are prevented for the Windows Explorer and Internet
Explorer processes. If you disable
this policy setting, binary behaviors are allowed for the Windows Explorer
and Internet Explorer processes. If
you do not configure this policy setting, binary behaviors are prevented for
the Windows Explorer and Internet Explorer processes. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!(Reserved),
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!explorer.exe,
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!iexplore.exe,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!(Reserved),
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!explorer.exe,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!iexplore.exe |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Binary Behavior
Security Restriction |
Process List |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
Internet Explorer contains dynamic binary behaviors: components that encapsulate specific functionality for
the HTML elements to which they are attached. This policy setting controls
whether the Binary Behavior Security Restriction setting is prevented or allowed. This policy setting allows administrators
to define applications for which they want this security feature to be
prevented or allowed. If you enable
this policy setting and enter a Value of 1 binary behaviors are prevented. If
you enter a Value of 0 binary behaviors are allowed. The Value Name is the
name of the executable. If a Value Name is empty or the Value is not 0 or 1,
the policy setting is ignored. Do not
enter the Internet Explorer processes in this list: use the related Internet
Explorer Processes policy to enable or disable IE processes. If the All
Processes policy setting is enabled, the processes configured in this box
take precedence over that setting. If
you disable or do not configure this policy setting, the security feature is
allowed. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl!ListBox_Support_FEATURE_BEHAVIORS |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Binary Behavior
Security Restriction |
All Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
Internet Explorer contains dynamic binary behaviors: components that encapsulate specific functionality for
the HTML elements to which they are attached. This policy setting controls
whether the Binary Behavior Security Restriction setting is prevented or
allowed. If you enable this policy
setting, binary behaviors are prevented for all processes. Any use of binary
behaviors for HTML rendering is blocked.
If you disable or do not configure this policy setting, binary
behaviors are allowed for all processes. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!* |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Binary Behavior
Security Restriction |
Admin-approved behaviors |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
For each zone, the Binary and Scripted
Behavior security restrictions may be configured to allow only a list of
admin-approved behaviors. This list may be configured here, and applies to
all processes which have opted in to the behavior, and to all zones.
(Behaviors are components that encapsulate specific functionality or behavior
on a page.) If you enable this policy
setting, this sets the list of behaviors permitted in each zone for which
Script and Binary Behaviors is set to 'admin-approved'. Behaviors must be
entered in #package#behavior notation, e.g., #default#vml. If you disable this policy setting, no
behaviors will be allowed in zones set to 'admin-approved', just as if those
zones were set to 'disable'. If you do
not configure this policy setting, only VML will be allowed in zones set to
'admin-approved'. Note. If this policy is set in both Computer
Configuration and User Configuration, both lists of behaviors will be allowed
as appropriate. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings!ListBox_Support_AllowedBehaviors |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\MK Protocol Security
Restriction |
Internet Explorer Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
The MK Protocol Security Restriction policy setting reduces attack surface area by preventing the MK
protocol. Resources hosted on the MK protocol will fail. If you enable this policy setting, the MK
Protocol is prevented for Windows Explorer and Internet Explorer, and
resources hosted on the MK protocol will fail. If you disable this policy setting,
applications can use the MK protocol API. Resources hosted on the MK protocol
will work for the Windows Explorer and Internet Explorer processes. If you do not configure this policy
setting, the MK Protocol is prevented for Windows Explorer and Internet
Explorer, and resources hosted on the MK protocol will fail. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!(Reserved),
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!explorer.exe,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!iexplore.exe,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!(Reserved),
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!explorer.exe,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!iexplore.exe |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\MK Protocol Security
Restriction |
Process List |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
The
MK Protocol Security Restriction policy setting
reduces attack surface area by preventing the MK protocol. Resources hosted
on the MK protocol will fail. This
policy setting allows administrators to define applications for which they
want this security feature to be prevented or allowed. If you enable this policy setting and
enter a Value of 1, use of the MK protocol is prevented. If you enter a Value
of 0, use of the MK protocol is allowed. If a Value Name is empty or the
Value is not 0 or 1, the policy setting is ignored. Do not enter the Internet Explorer
processes in this list: use the related Internet Explorer Processes policy to
enable or disable IE processes. If the All Processes policy setting is
enabled, the processes configured in this box take precedence over that
setting. If you disable or do not
configure this policy setting, the policy setting is ignored. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl!ListBox_Support_FEATURE_DISABLE_MK_PROTOCOL |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\MK Protocol Security
Restriction |
All Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
The MK Protocol Security Restriction policy setting reduces attack surface area by preventing the MK
protocol. Resources hosted on the MK protocol will fail. If you enable this policy setting, the MK
Protocol is disabled for all processes. Any use of the MK Protocol is
blocked. If you disable or do not
configure this policy setting, the MK Protocol is enabled. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!* |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Local Machine Zone
Lockdown Security |
Internet Explorer Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
Internet Explorer places zone restrictions on each Web page it opens, which are dependent upon the location of
the Web page (Internet, Intranet, Local Machine zone, etc.). Web pages on the
local computer have the fewest security restrictions and reside in the Local
Machine zone. Local Machine zone
security applies to all local files and content processed by Internet
Explorer. This feature helps to mitigate attacks where the Local Machine zone
is used as an attack vector to load malicious HTML code. If you enable this policy setting, the
Local Machine zone security applies to all local files and content processed
by Internet Explorer. If you disable
this policy setting, Local Machine zone security is not applied to local
files or content processed by Internet Explorer. If you do not configure this policy
setting, the Local Machine zone security applies to all local files and
content processed by Internet Explorer. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!(Reserved),
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!explorer.exe,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!iexplore.exe,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!(Reserved),
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!explorer.exe,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!iexplore.exe |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Local Machine Zone
Lockdown Security |
Process List |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
Internet Explorer places zone restrictions on each Web page it opens, which are dependent upon the location of
the Web page (Internet, Intranet, Local Machine zone, and so on). Web pages
on the local computer have the fewest security restrictions and reside in the
Local Machine zone. Local Machine zone
security applies to all local files and content. This feature helps to
mitigate attacks where the Local Machine zone is used as an attack vector to
load malicious HTML code. If you
enable this policy setting and enter a value of 1, Local Machine Zone
security applies. If you enter a value of 0, Local Machine Zone security does
not apply. If a Value Name is empty or the Value is not 0 or 1, the policy
setting is ignored. Do not enter the
Internet Explorer processes in this list: use the related Internet Explorer
Processes policy to enable or disable IE processes. If the All Processes
policy setting is enabled, the processes configured in this box take
precedence over that setting. If you
disable or do not configure this policy setting, the security feature is
allowed. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl!ListBox_Support_FEATURE_LOCALMACHINE_LOCKDOWN |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Local Machine Zone
Lockdown Security |
All Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
Internet Explorer places zone restrictions on each Web page it opens, which are dependent upon the location of
the Web page (Internet, Intranet, Local Machine zone, etc.). Web pages on the
local computer have the fewest security restrictions and reside in the Local
Machine zone. Local Machine zone
security applies to all local files and content. This feature helps to
mitigate attacks where the Local Machine zone is used as an attack vector to
load malicious HTML code. If you
enable this policy setting, the Local Machine zone security applies to all
local files and content processed by any process other than Internet Explorer
or those defined in a process list. If
you disable or do not configure this policy setting, Local Machine zone
security is not applied to local files or content processed by any process
other than Internet Explorer or those defined in a process list. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!* |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Consistent Mime
Handling |
Internet Explorer Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling
procedures for files received through a Web server. This policy setting determines whether
Internet Explorer requires that all file-type information provided by Web
servers be consistent. For example, if the MIME type of a file is text/plain
but the MIME sniff indicates that the file is really an executable file,
Internet Explorer renames the file by saving it in the Internet Explorer
cache and changing its extension. If
you enable this policy setting, Internet Explorer requires consistent MIME
data for all received files. If you
disable this policy setting, Internet Explorer will not require consistent
MIME data for all received files. If
you do not configure this policy setting, Internet Explorer requires
consistent MIME data for all received files. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!(Reserved),
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!explorer.exe,
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!iexplore.exe,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!(Reserved),
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!explorer.exe,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!iexplore.exe |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Consistent Mime
Handling |
Process List |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling
procedures for files received through a Web server. This policy setting determines whether
Internet Explorer requires that all file-type information provided by Web
servers be consistent. For example, if the MIME type of a file is text/plain
but the MIME sniff indicates that the file is really an executable file,
Internet Explorer renames the file by saving it in the Internet Explorer
cache and changing its extension. This
policy setting allows administrators to define applications for which they
want this security feature to be prevented or allowed. If you enable this policy setting and enter
a Value of 1, MIME handling is in effect. If you enter a Value of 0 file-type
information is allowed to be inconsistent. The Value Name is the name of the
executable. If a Value Name is empty or the Value is not 0 or 1, the policy
setting is ignored. Do not enter the
Internet Explorer processes in this list: use the related Internet Explorer
Processes policy to enable or disable IE processes. If the All Processes
policy setting is enabled, the processes configured in this box take
precedence over that setting. If you
disable or do not configure this policy setting, the security feature is
allowed. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl!ListBox_Support_FEATURE_MIME_HANDLING |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Consistent Mime
Handling |
All Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling
procedures for files received through a Web server. This policy setting determines whether
Internet Explorer requires that all file-type information provided by Web
servers be consistent. For example, if the MIME type of a file is text/plain
but the MIME sniff indicates that the file is really an executable file,
Internet Explorer renames the file by saving it in the Internet Explorer
cache and changing its extension. If
you enable this policy setting, Consistent Mime Handling is enabled for all
processes. If you disable or do not
configure this policy setting, Consistent Mime Handling is prevented for all
processes. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!* |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Mime Sniffing Safety
Feature |
Internet Explorer Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting determines whether Internet Explorer MIME sniffing will prevent promotion of a file of
one type to a more dangerous file type.
If you enable this policy setting, MIME sniffing will never promote a
file of one type to a more dangerous file type. If you disable this policy setting,
Internet Explorer processes will allow a MIME sniff promoting a file of one
type to a more dangerous file type. If
you do not configure this policy setting, MIME sniffing will never promote a
file of one type to a more dangerous file type. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!(Reserved),
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!explorer.exe,
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!iexplore.exe,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!(Reserved),
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!explorer.exe,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!iexplore.exe |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Mime Sniffing Safety
Feature |
Process List |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting determines whether Internet Explorer MIME sniffing will prevent promotion of a file of
one type to a more dangerous file type.
This policy setting allows administrators to define applications for
which they want this security feature to be prevented or allowed. If you enable this policy setting and enter
a Value of 1, this protection will be in effect. If you enter a Value of 0,
any file may be promoted to more dangerous file types. The Value Name is the
name of the executable. If a Value Name is empty or the Value is not 0 or 1,
the policy setting is ignored. Do not
enter the Internet Explorer processes in this list: use the related Internet
Explorer Processes policy to enable or disable IE processes. If the All
Processes policy setting is enabled, the processes configured in this box
take precedence over that setting. If
you disable or do not configure this policy setting, the security feature is
allowed. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl!ListBox_Support_FEATURE_MIME_SNIFFING |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Mime Sniffing Safety
Feature |
All Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting determines whether Internet Explorer MIME sniffing will prevent promotion of a file of
one type to a more dangerous file type.
If you enable this policy setting, the Mime Sniffing Safety Feature is
enabled for all processes. If you
disable or do not configure this policy setting, the Mime Sniffing Safety
Feature is disabled for all processes. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!* |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Object Caching
Protection |
Internet Explorer Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting defines whether a reference to an object is accessible when the user navigates within the
same domain or to a new domain. If you
enable this policy setting, an object reference is no longer accessible when
navigating within or across domains for Internet Explorer processes. If you disable this policy setting, an
object reference is retained when navigating within or across domains for
Internet Explorer processes. If you do
not configure this policy setting, an object reference is no longer
accessible when navigating within or across domains for Internet Explorer
processes. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!(Reserved),
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!explorer.exe,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!iexplore.exe,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!(Reserved),
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!explorer.exe,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!iexplore.exe |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Object Caching
Protection |
Process List |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting defines whether a reference to an object is accessible when the user navigates within the
same domain or to a new domain. This
policy setting allows administrators to define applications for which they
want this security feature to be prevented or allowed. If you enable this policy setting and enter
a Value of 1, references to objects are inaccessible after navigation. If you
enter a Value of 0, references to objects are still accessible after navigation.
The Value Name is the name of the executable. If a Value Name is empty or the
Value is not 0 or 1, the policy setting is ignored. Do not enter the Internet Explorer
processes in this list: use the related Internet Explorer Processes policy to
enable or disable IE processes. If the All Processes policy setting is
enabled, the processes configured in this box take precedence over that
setting. If you disable or do not
configure this policy setting, the security feature is allowed. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl!ListBox_Support_FEATURE_OBJECT_CACHING |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Object Caching
Protection |
All Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting defines whether a reference to an object is accessible when the user navigates within the
same domain or to a new domain. If you
enable this policy setting, object reference is no longer accessible when
navigating within or across domains for all processes. If you disable or do not configure this
policy setting, object reference is retained when navigating within or across
domains in the Restricted Zone sites. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!* |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Scripted Window
Security Restrictions |
Internet Explorer Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
Internet Explorer allows scripts to programmatically open, resize, and reposition windows of various types.
The Window Restrictions security feature restricts popup windows and
prohibits scripts from displaying windows in which the title and status bars
are not visible to the user or obfuscate other Windows’ title and status
bars. If you enable this policy
setting, popup windows and other restrictions apply for Windows Explorer and
Internet Explorer processes. If you
disable this policy setting, scripts can continue to create popup windows and
windows that obfuscate other windows.
If you do not configure this policy setting, popup windows and other
restrictions apply for Windows Explorer and Internet Explorer processes. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!(Reserved),
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!explorer.exe,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!iexplore.exe,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!(Reserved),
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!explorer.exe,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!iexplore.exe |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Scripted Window
Security Restrictions |
Process List |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
Internet Explorer allows scripts to programmatically open, resize, and reposition windows of various types.
The Window Restrictions security feature restricts popup windows and
prohibits scripts from displaying windows in which the title and status bars
are not visible to the user or obfuscate other Windows’ title and status
bars. This policy setting allows
administrators to define applications for which they want this security
feature to be prevented or allowed. If
you enable this policy setting and enter a Value of 1, such windows may not
be opened. If you enter a Value of 0, windows have none of these
restrictions. The Value Name is the name of the executable. If a Value Name
is empty or the Value is not 0 or 1, the policy setting is ignored. Do not enter the Internet Explorer
processes in this list: use the related Internet Explorer Processes policy to
enable or disable IE processes. If the All Processes policy setting is
enabled, the processes configured in this box take precedence over that
setting. If you disable or do not
configure this policy setting, the security feature is allowed. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl!ListBox_Support_FEATURE_WINDOW_RESTRICTIONS |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Scripted Window
Security Restrictions |
All Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
Internet Explorer allows scripts to programmatically open, resize, and reposition windows of various types.
The Window Restrictions security feature restricts popup windows and
prohibits scripts from displaying windows in which the title and status bars
are not visible to the user or obfuscate other Windows’ title and status
bars. If you enable this policy
setting, scripted windows are restricted for all processes. If you disable or do not configure this
policy setting, scripted windows are not restricted. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!* |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Protection From Zone
Elevation |
Internet Explorer Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
Internet Explorer places restrictions on each Web page it opens. The restrictions are dependent upon the
location of the Web page (Internet, Intranet, Local Machine zone, etc.). Web
pages on the local computer have the fewest security restrictions and reside
in the Local Machine zone, making the Local Machine security zone a prime
target for malicious users. Zone Elevation also disables JavaScript
navigation if there is no security context.
If you enable this policy setting, any zone can be protected from zone
elevation by Internet Explorer processes.
If you disable this policy setting, no zone receives such protection
for Internet Explorer processes. If
you do not configure this policy setting, any zone can be protected from zone
elevation by Internet Explorer processes. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!(Reserved),
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!explorer.exe,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!iexplore.exe,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!(Reserved),
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!explorer.exe,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!iexplore.exe |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Protection From Zone
Elevation |
Process List |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
Internet Explorer places restrictions on each Web page it opens. The restrictions are dependent upon the
location of the Web page (Internet, Intranet, Local Machine zone, and so on).
Web pages on the local computer have the fewest security restrictions and
reside in the Local Machine zone, making the Local Machine security zone a
prime target for malicious users. Zone Elevation also disables JavaScript
navigation if there is no security context
This policy setting allows administrators to define applications for
which they want this security feature to be prevented or allowed. If you enable this policy setting and enter
a Value of 1, elevation to more privileged zones can be prevented. If you
enter a Value of 0, elevation to any zone is allowed. The Value Name is the
name of the executable. If a Value Name is empty or the Value is not 0 or 1,
the policy setting is ignored. Do not
enter the Internet Explorer processes in this list: use the related Internet
Explorer Processes policy to enable or disable IE processes. If the All
Processes policy setting is enabled, the processes configured in this box
take precedence over that setting. If
you disable or do not configure this policy setting, the security feature is
allowed. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl!ListBox_Support_FEATURE_ZONE_ELEVATION |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Protection From Zone
Elevation |
All Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
Internet Explorer places restrictions on each Web page it opens. The restrictions are dependent upon the
location of the Web page (Internet, Intranet, Local Machine zone, and so on).
For example, Web pages on the local computer have the fewest security
restrictions and reside in the Local Machine zone, making the Local Machine
security zone a prime target for malicious users. If you enable this policy setting, any zone
can be protected from zone elevation for all processes. If you disable or do not configure this
policy setting, processes other than Internet Explorer or those listed in the
Process List receive no such protection. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!* |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Information Bar |
Internet Explorer Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether the Information Bar is displayed for Internet Explorer
processes when file or code installs are restricted. By default, the
Information Bar is displayed for Internet Explorer processes. If you enable this policy setting, the
Information Bar will be displayed for Internet Explorer Processes. If you disable this policy setting, the
Information Bar will not be displayed for Internet Explorer processes. If you do not configure this policy
setting, the Information Bar will be displayed for Internet Explorer
Processes. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!(Reserved),
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!explorer.exe,
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!iexplore.exe,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!(Reserved),
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!explorer.exe,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!iexplore.exe |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Information Bar |
Process List |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether the Information Bar is displayed for specific processes
when file or code installs are restricted. By default, the Information Bar is
not displayed for any process when file or code installs are restricted
(except for the Internet Explorer Processes, for which the Information Bar is
displayed by default). If you enable
this policy setting and enter a Value of 1, the Information Bar is displayed.
If you enter a Value of 0 the Information Bar is not displayed. The Value
Name is the name of the executable. If a Value Name is empty or the Value is
not 0 or 1, the policy setting is ignored.
Do not enter the Internet Explorer processes in this list: use the
related Internet Explorer Processes policy to enable or disable for IE
processes. If the All Processes policy setting is enabled, the processes
configured in this box take precedence over that setting. If you disable or do not configure this
policy setting, the Information Bar is not displayed for the specified
processes. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl!ListBox_Support_FEATURE_SECURITYBAND |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Information Bar |
All Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether the Information Bar is displayed for processes other than
the Internet Explorer processes when file or code installs are restricted. By
default, the Information Bar is not displayed for any process when file or
code installs are restricted (except for the Internet Explorer Processes, for
which the Information Bar is displayed by default). If you enable this policy setting, the
Information Bar will be displayed for all processes. If you disable or do not configure this
policy setting, the Information Bar will not be displayed for all processes
other than Internet Explorer or those listed in the Process List. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!* |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Restrict ActiveX
Install |
Internet Explorer Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting enables blocking of ActiveX control installation prompts for Internet Explorer
processes. If you enable this policy
setting, prompting for ActiveX control installations will be blocked for
Internet Explorer processes. If you
disable this policy setting, prompting for ActiveX control installations will
not be blocked for Internet Explorer processes. If you do not configure this policy setting,
the user's preference will be used to determine whether to block ActiveX
control installations for Internet Explorer processes. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!(Reserved),
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!explorer.exe,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!iexplore.exe,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!(Reserved),
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!explorer.exe,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!iexplore.exe |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Restrict ActiveX
Install |
Process List |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting enables applications hosting the Web Browser Control to block automatic prompting of
ActiveX control installation. If you
enable this policy setting and enter a Value of 1, automatic prompting of
ActiveX control installation is blocked. If you enter a Value of 0, automatic
prompting of ActiveX control installation is allowed. The Value Name is the
name of the executable. If a Value Name is empty or the Value is not 0 or 1,
the policy setting is ignored. Do not
enter the Internet Explorer processes in this list: use the related Internet
Explorer Processes policy to enable or disable IE processes. If the All
Processes policy setting is enabled, the processes configured in this box
take precedence over that setting. If
you disable or do not configure this policy setting, the security feature is
allowed. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl!ListBox_Support_FEATURE_RESTRICT_ACTIVEXINSTALL |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Restrict ActiveX
Install |
All Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting enables applications hosting the Web Browser Control to block automatic prompting of
ActiveX control installation. If you
enable this policy setting, the Web Browser Control will block automatic
prompting of ActiveX control installation for all processes. If you disable or do not configure this
policy setting, the Web Browser Control will not block automatic prompting of
ActiveX control installation for all processes. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!* |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Restrict File Download |
Internet Explorer Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting enables blocking of file download prompts that are not user initiated. If you enable this policy setting, file
download prompts that are not user initiated will be blocked for Internet
Explorer processes. If you disable
this policy setting, prompting will occur for file downloads that are not
user initiated for Internet Explorer processes. If you do not configure this policy setting,
the user's preference determines whether to prompt for file downloads that
are not user initiated for Internet Explorer processes. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!(Reserved),
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!explorer.exe,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!iexplore.exe,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!(Reserved),
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!explorer.exe,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!iexplore.exe |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Restrict File Download |
Process List |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting enables applications hosting the Web Browser Control to block automatic prompting of file
downloads that are not user initiated.
If you enable this policy setting and enter a Value of 1, automatic
prompting of non-initiated file downloads is blocked. If you enter a Value of
0, automatic prompting of non-initiated file downloads is allowed. The Value
Name is the name of the executable. If a Value Name is empty or the Value is
not 0 or 1, the policy setting is ignored.
Do not enter the Internet Explorer processes in this list: use the
related Internet Explorer Processes policy to enable or disable IE processes.
If the All Processes policy setting is enabled, the processes configured in
this box take precedence over that setting.
If you disable or do not configure this policy setting, the security
feature is allowed. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl!ListBox_Support_FEATURE_RESTRICT_FILEDOWNLOAD |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Restrict File Download |
All Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting enables applications hosting the Web Browser Control to block automatic prompting of file
downloads that are not user initiated.
If you enable this policy setting, the Web Browser Control will block
automatic prompting of file downloads that are not user initiated for all
processes. If you disable this policy
setting, the Web Browser Control will not block automatic prompting of file
downloads that are not user initiated for all processes. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!* |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Add-on Management |
Deny all add-ons unless specifically allowed in the Add-on List |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to ensure that any Internet Explorer add-ons not listed in the 'Add-on List'
policy setting are denied. By default,
the 'Add-on List' policy setting defines a list of add-ons to be allowed or
denied through Group Policy. However, users can still use the Add-on Manager
within Internet Explorer to manage add-ons not listed within the 'Add-on
List' policy setting. This policy setting effectively removes this option
from users - all add-ons are assumed to be denied unless they are
specifically allowed through the 'Add-on List' policy setting If you enable this policy setting, Internet
Explorer only allows add-ins that are specifically listed (and allowed)
through the 'Add-on List' policy setting.
If you disable or do not configure this policy setting, users may use
Add-on Manager to allow or deny any add-ons that are not included in the
'Add-on List' policy setting. Note: If
an add-on is listed in the 'Add-on List' policy setting, the user cannot
change its state through Add-on Manager (unless its value has been set to
allow user management - see the 'Add-on List' policy for more details). |
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!RestrictToList |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Add-on Management |
Add-on List |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage a list of add-ons to be allowed or denied by Internet
Explorer. This list can be used with
the 'Deny all add-ons unless specifically allowed in the Add-on List' policy
setting, which defines whether add-ons not listed here are assumed to be
denied. If you enable this policy
setting, you can enter a list of add-ons to be allowed or denied by Internet
Explorer. For each entry that you add to the list, enter the following information: Name of the Value - the CLSID (class
identifier) for the add-on you wish to add to the list. The CLSID should be in brackets for
example, ‘{000000000-0000-0000-0000-0000000000000}’. The CLSID for an add-on
can be obtained by reading the OBJECT tag from a Web page on which the add-on
is referenced. Value - A number
indicating whether Internet Explorer should deny or allow the add-on to be
loaded. To specify that an add-on should be denied enter a 0 (zero) into this
field. To specify that an add-on should be allowed, enter a 1 (one) into this
field. To specify that an add-on should be allowed and also permit the user
to manage the add-on through Add-on Manager, enter a 2 (two) into this
field. If you disable this policy
setting, the list is deleted. The 'Deny all add-ons unless specifically
allowed in the Add-on List' policy setting will still determine whether
add-ons not in this list are assumed to be denied. |
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!ListBox_Support_CLSID |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Add-on Management |
Process List |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether the listed processes respect add-on management user
preferences (as entered into Add-on Manager) or policy settings. By default,
only Internet Explorer processes use the add-on management user preferences
and policy settings. This policy setting allows you to extend support for
these user preferences and policy settings to specific processes listed in
the process list. If you enable this
policy setting and enter a Value of 1, the process entered will respect the
add-on management user preferences and policy settings. If you enter a Value
of 0, the add-on management user preferences and policy settings are ignored
by the specified process. The Value Name is the name of the executable. If a
Value Name is empty or the Value is not 0 or 1, the policy setting is
ignored. Do not enter Internet
Explorer processes in this list because these processes always respect add-on
management user preferences and policy settings. If the All Processes policy
setting is enabled, the processes configured in this policy setting take
precedence over that setting. If you
do not configure this policy, processes other than the Internet Explorer processes
will not be affected by add-on management user preferences or policy settings
(unless “All Processes” is enabled). |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl!ListBox_Support_FEATURE_ADDON_MANAGEMENT |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Add-on Management |
All Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether processes respect add-on management user preferences (as
reflected by Add-on Manager) or policy settings. By default, any process other than the
Internet Explorer processes or those listed in the 'Process List' policy
setting ignore add-on management user preferences and policy settings. If you enable this policy setting, all
processes will respect add-on management user preferences and policy
settings. If you disable or do not
configure this policy setting, all processes will not respect add-on
management user preferences or policy settings. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT!* |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Network Protocol
Lockdown |
Internet Explorer Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
Windows Explorer and Internet Explorer
may be configured to prevent active content obtained through restricted
protocols from running in an unsafe manner. This policy setting controls
whether restricting content obtained through restricted protocols is
prevented or allowed. If you enable
this policy setting, restricting content obtained through restricted
protocols is allowed for Windows Explorer and Internet Explorer processes.
For example, you can restrict active content from pages served over the http
and https protocols by adding the value names http and https. If you disable this policy setting,
restricting content obtained through restricted protocols is prevented for
Windows Explorer and Internet Explorer processes. If you do not configure this policy
setting, the policy setting is ignored. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!(Reserved),
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!explorer.exe,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!iexplore.exe,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!(Reserved),
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!explorer.exe,
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!iexplore.exe |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Network Protocol
Lockdown |
Process List |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
Internet Explorer may be configured to prevent active content obtained through restricted protocols from
running in an unsafe manner. This policy setting controls whether restricting
content obtained through restricted protocols is prevented or allowed. This policy setting allows administrators
to define applications for which they want restricting content obtained
through restricted protocols to be prevented or allowed. If you enable this policy setting and enter
a Value of 1, restricting content obtained through restricted protocols is
allowed. If you enter a Value of 0, restricting content obtained through
restricted protocols is blocked. The Value Name is the name of the
executable. If a Value Name is empty or the Value is not 0 or 1, the policy
setting is ignored. Do not enter the
Windows Explorer or Internet Explorer processes in this list: use the related
Internet Explorer Processes policy to enable or disable these processes. If
the All Processes policy setting is enabled, the processes configured in this
box take precedence over that setting.
If you disable or do not configure this policy setting, the security
feature is allowed. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl!ListBox_Support_FEATURE_PROTOCOL_LOCKDOWN |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Network Protocol
Lockdown |
All Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
Internet Explorer may be configured to prevent active content obtained through restricted protocols from
running in an unsafe manner. This policy setting controls whether restricting
content obtained through restricted protocols is prevented or allowed. If you enable this policy setting,
restricting content obtained through restricted protocols is allowed for all
processes other than Windows Explorer or Internet Explorer. If you disable this policy setting,
restricting content obtained through restricted protocols is prevented for
all processes other than Windows Explorer or Internet Explorer. If you do not configure this policy
setting, no policy is enforced for processes other than Windows Explorer and
Internet Explorer. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!* |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Network Protocol
Lockdown\Restricted Protocols Per Security Zone |
Internet Zone Restricted Protocols |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
For each zone, the Network Protocol Lockdown
security restriction may be configured to prevent active content obtained
through restricted protocols from running in an unsafe manner, either by
prompting the user, or simply disabling the content. For each zone, this list
of protocols may be configured here, and applies to all processes which have
opted in to the security restriction.
If you enable this policy setting for a zone, this sets the list of
protocols to be restricted if that zone is set to Prompt or Disable for Allow
active content over restricted protocols to access my computer. If you disable or do not configure this
policy setting for a zone, no protocols are restricted for that zone,
regardless of the setting for Allow active content over restricted protocols
to access my computer. Note. If policy for a zone is set in both
Computer Configuration and User Configuration, both lists of protocols will
be restricted for that zone. |
HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\RestrictedProtocols!ListBox_Support_3 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Network Protocol
Lockdown\Restricted Protocols Per Security Zone |
Intranet Zone Restricted Protocols |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
For each zone, the Network Protocol Lockdown
security restriction may be configured to prevent active content obtained
through restricted protocols from running in an unsafe manner, either by
prompting the user, or simply disabling the content. For each zone, this list
of protocols may be configured here, and applies to all processes which have
opted in to the security restriction.
If you enable this policy setting for a zone, this sets the list of
protocols to be restricted if that zone is set to Prompt or Disable for Allow
active content over restricted protocols to access my computer. If you disable or do not configure this
policy setting for a zone, no protocols are restricted for that zone,
regardless of the setting for Allow active content over restricted protocols
to access my computer. Note. If policy for a zone is set in both
Computer Configuration and User Configuration, both lists of protocols will
be restricted for that zone. |
HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\RestrictedProtocols!ListBox_Support_1 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Network Protocol
Lockdown\Restricted Protocols Per Security Zone |
Trusted Sites Zone Restricted Protocols |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
For each zone, the Network Protocol Lockdown
security restriction may be configured to prevent active content obtained
through restricted protocols from running in an unsafe manner, either by
prompting the user, or simply disabling the content. For each zone, this list
of protocols may be configured here, and applies to all processes which have
opted in to the security restriction.
If you enable this policy setting for a zone, this sets the list of
protocols to be restricted if that zone is set to Prompt or Disable for Allow
active content over restricted protocols to access my computer. If you disable or do not configure this
policy setting for a zone, no protocols are restricted for that zone,
regardless of the setting for Allow active content over restricted protocols
to access my computer. Note. If policy for a zone is set in both
Computer Configuration and User Configuration, both lists of protocols will
be restricted for that zone. |
HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\RestrictedProtocols!ListBox_Support_2 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Network Protocol
Lockdown\Restricted Protocols Per Security Zone |
Restricted Sites Zone Restricted Protocols |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
For each zone, the Network Protocol Lockdown
security restriction may be configured to prevent active content obtained
through restricted protocols from running in an unsafe manner, either by
prompting the user, or simply disabling the content. For each zone, this list
of protocols may be configured here, and applies to all processes which have
opted in to the security restriction.
If you enable this policy setting for a zone, this sets the list of
protocols to be restricted if that zone is set to Prompt or Disable for Allow
active content over restricted protocols to access my computer. If you disable or do not configure this
policy setting for a zone, no protocols are restricted for that zone,
regardless of the setting for Allow active content over restricted protocols
to access my computer. Note. If policy for a zone is set in both
Computer Configuration and User Configuration, both lists of protocols will
be restricted for that zone. |
HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\RestrictedProtocols!ListBox_Support_4 |
|
| Windows XP SP2 |
Inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Network Protocol
Lockdown\Restricted Protocols Per Security Zone |
Local Machine Zone Restricted Protocols |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
For each zone, the Network Protocol Lockdown
security restriction may be configured to prevent active content obtained
through restricted protocols from running in an unsafe manner, either by
prompting the user, or simply disabling the content. For each zone, this list
of protocols may be configured here, and applies to all processes which have
opted in to the security restriction.
If you enable this policy setting for a zone, this sets the list of
protocols to be restricted if that zone is set to Prompt or Disable for Allow
active content over restricted protocols to access my computer. If you disable or do not configure this
policy setting for a zone, no protocols are restricted for that zone,
regardless of the setting for Allow active content over restricted protocols
to access my computer. Note. If policy for a zone is set in both
Computer Configuration and User Configuration, both lists of protocols will
be restricted for that zone. |
HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\RestrictedProtocols!ListBox_Support_0 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet Explorer |
Turn off Crash Detection |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage the crash detection feature of add-on Management. If you enable this policy setting, a crash
in Internet Explorer will exhibit behavior found in Windows XP Professional
Service Pack 1 and earlier, namely to invoke Windows Error Reporting. All
policy settings for Windows Error Reporting continue to apply. If you disable or do not configure this
policy setting, the crash detection feature for add-on management will be
functional. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Restrictions!NoCrashDetection |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet Explorer |
Do not allow users to enable or disable add-ons |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users have the ability to allow or deny add-ons through
Add-On Manager. If you enable this
policy setting, users cannot enable or disable add-ons through Add-On
Manager. The only exception occurs if an add-on has been specifically entered
into the 'Add-On List' policy setting in such a way as to allow users to
continue to manage the add-on. In this case, the user can still manage the
add-on through the Add-On Manager. If
you disable or do not configure this policy setting, the appropriate controls
in the Add-On Manager will be available to the user. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Restrictions!NoExtensionManagement |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet Explorer |
Turn off pop-up management |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage pop-up management functionality in Internet Explorer. If you enable this policy setting, the
Control Panel information relating to pop-up management will be unavailable
(grayed out) and all other pop-up manager controls, notifications, and dialog
boxes will not appear. Pop-up windows will continue to function as they did
in Windows XP Service Pack 1 or earlier, although windows launched off screen
will continue to be re-positioned onscreen.
If you disable or do not configure this policy setting, the popup
management feature will be functional. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Restrictions!NoPopupManagement |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet Explorer |
Pop-up allow list |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage a list of web sites that will be allowed to open pop-up windows
regardless of the Internet Explorer process's Pop-Up Blocker settings. If you enable this policy setting, you can
enter a list of sites which will be allowed to open pop-up windows regardless
of user settings. Users will not be able to view or edit this list of sites.
Only the domain name is allowed, so www.contoso.com is valid, but not
http://www.contoso.com. Wildcards are allowed, so *.contoso.com is also
valid. If you disable this policy
setting, the list is deleted and users may not create their own lists of
sites. If this policy is not
configured, users will be able to view and edit their own lists of sites. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\New Windows!ListBox_Support_Allow |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone |
Run .NET Framework-reliant components
signed with Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode
can be executed from Internet Explorer. These components include managed
controls referenced from an object tag and managed executables referenced
from a link. If you enable this policy
setting, Internet Explorer will execute signed managed components. If you
select Prompt in the drop-down box, Internet Explorer will prompt the user to
determine whether to execute signed managed components. If you disable this policy setting,
Internet Explorer will not execute signed managed components. If you do not configure this policy
setting, Internet Explorer will execute signed managed components. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2001 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone |
Run .NET Framework-reliant components
not signed with Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether .NET Framework components that are not signed with
Authenticode can be executed from Internet Explorer. These components include
managed controls referenced from an object tag and managed executables
referenced from a link. If you enable
this policy setting, Internet Explorer will execute unsigned managed
components. If you select Prompt in the drop-down box, Internet Explorer will
prompt the user to determine whether to execute unsigned managed
components. If you disable this policy
setting, Internet Explorer will not execute unsigned managed components. If you do not configure this policy
setting, Internet Explorer will execute unsigned managed components. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2004 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone |
Download signed ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users may download signed ActiveX controls from a page in
the zone. If you enable this policy,
users can download signed controls without user intervention. If you select
Prompt in the drop-down box, users are queried whether to download controls
signed by publishers who aren't trusted. Code signed by trusted publishers is
silently downloaded. If you disable
the policy setting, signed controls cannot be downloaded. If you do not configure this policy
setting, users are queried whether to download controls signed by publishers
who aren't trusted. Code signed by
trusted publishers is silently downloaded. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1001 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone |
Download unsigned ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone.
Such code is potentially harmful, especially when coming from an untrusted
zone. If you enable this policy
setting, users can run unsigned controls without user intervention. If you
select Prompt in the drop-down box, users are queried to choose whether to
allow the unsigned control to run. If
you disable this policy setting, users cannot run unsigned controls. If you do not configure this policy
setting, users cannot run unsigned controls. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1004 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone |
Initialize and script ActiveX controls not marked as safe |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy
setting, ActiveX controls are run, loaded with parameters, and scripted
without setting object safety for untrusted data or scripts. This setting is
not recommended, except for secure and administered zones. This setting
causes both unsafe and safe controls to be initialized and scripted, ignoring
the Script ActiveX controls marked safe for scripting option. If you enable this policy setting and select
Prompt in the drop-down box, users are queried whether to allow the control
to be loaded with parameters or scripted.
If you disable this policy setting, ActiveX controls that cannot be
made safe are not loaded with parameters or scripted. If you do not configure this policy
setting, ActiveX controls that cannot be made safe are not loaded with
parameters or scripted. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1201 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone |
Run ActiveX controls and plugins |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the
specified zone. If you enable this
policy setting, controls and plug-ins can run without user intervention. If you selected Prompt in the drop-down
box, users are asked to choose whether to allow the controls or plug-in to
run. If you disable this policy
setting, controls and plug-ins are prevented from running. If you do not configure this policy
setting, controls and plug-ins can run without user intervention. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1200 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone |
Script ActiveX controls marked safe for scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact
with a script. If you enable this
policy setting, script interaction can occur automatically without user
intervention. If you select Prompt in
the drop-down box, users are queried to choose whether to allow script
interaction. If you disable this
policy setting, script interaction is prevented from occurring. If you do not configure this policy
setting, script interaction can occur automatically without user
intervention. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1405 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone |
Allow file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether file downloads are permitted from the zone. This option is
determined by the zone of the page with the link causing the download, not
the zone from which the file is delivered.
If you enable this policy setting, files can be downloaded from the
zone. If you disable this policy
setting, files are prevented from being downloaded from the zone. If you do not configure this policy
setting, files can be downloaded from the zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1803 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone |
Allow font downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy setting, HTML
fonts can be downloaded automatically. If you enable this policy setting and
Prompt is selected in the drop-down box, users are queried whether to allow
HTML fonts to download. If you disable
this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting,
HTML fonts can be downloaded automatically. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1604 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone |
Java permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage permissions for Java applets.
If you enable this policy setting, you can choose options from the
drop-down box. Custom, to control permissions settings individually. Low Safety enables applets to perform all
operations. Medium Safety enables
applets to run in their sandbox (an area in memory outside of which the
program cannot make calls), plus capabilities like scratch space (a safe and
secure storage area on the client computer) and user-controlled file
I/O. High Safety enables applets to
run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java
applets cannot run. If you do not
configure this policy setting, the permission is set to High Safety. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1C00 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone |
Access data sources across domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether Internet Explorer can access data from another security
zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects
(ADO). If you enable this policy
setting, users can load a page in the zone that uses MSXML or ADO to access
data from another site in the zone. If you select Prompt in the drop-down
box, users are queried to choose whether to allow a page to be loaded in the
zone that uses MSXML or ADO to access data from another site in the zone. If you disable this policy setting, users
cannot load a page in the zone that uses MSXML or ADO to access data from
another site in the zone. If you do
not configure this policy setting, users cannot load a page in the zone that
uses MSXML or ADO to access data from another site in the zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1406 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone |
Allow active content over restricted protocols to access my computer |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the
Internet zone can run active content such as script, ActiveX, Java and Binary
Behaviors. The list of restricted protocols may be set in the Internet Zone
Restricted Protocols section under Network Protocol Lockdown policy. If you enable this policy setting, no
Internet Zone content accessed is affected, even for protocols on the
restricted list. If you select Prompt from the drop-down box, the Information
Bar will appear to allow control over questionable content accessed over any
restricted protocols; content over other protocols is unaffected. If you disable this policy setting, all
attempts to access such content over the restricted protocols is
blocked. If you do not configure this
policy setting, no content is restricted. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2300 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone |
Automatic prompting for file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting determines whether users will be prompted for non user-initiated file downloads.
Regardless of this setting, users will receive file download dialogs for
user-initiated downloads. If you
enable this setting, users will receive a file download dialog for automatic
download attempts. If you disable or
do not configure this setting, file downloads that are not user-initiated
will be blocked, and users will see the Information Bar instead of the file
download dialog. Users can then click the Information Bar to allow the file
download prompt. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2200 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone |
Automatic prompting for ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting manages whether users
will be automatically prompted for ActiveX control installations. If you enable this policy setting, users
will receive a prompt when a site instantiates an ActiveX control they do not
have installed. If you disable this
policy setting, ActiveX control installations will be blocked using the
Information Bar. Users can click on the Information Bar to allow the ActiveX
control prompt. If you do not
configure this policy setting, the user’s preference will be used to
determine whether to block ActiveX control installations using the
Information Bar. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2201 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone |
Allow META REFRESH |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether a user's browser can be redirected to another Web page if
the author of the Web page uses the Meta Refresh setting (tag) to redirect
browsers to another Web page. If you
enable this policy setting, a user's browser that loads a page containing an
active Meta Refresh setting, can be redirected to another Web page. If you disable this policy setting, a
user's browser that loads a page containing an active Meta Refresh setting,
cannot be redirected to another Web page.
If you do not configure this policy setting, a user's browser that
loads a page containing an active Meta Refresh setting, can be redirected to
another Web page. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1608 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone |
Allow script-initiated windows without size or position constraints |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that
include the title and status bars. If
you enable this policy setting, Windows Restrictions security will not apply
in this zone. The security zone runs without the added layer of security
provided by this feature. If you
disable this policy setting, the possible harmful actions contained in
script-initiated pop-up windows and windows that include the title and status
bars cannot be run. This Internet Explorer security feature will be on in
this zone as dictated by the Scripted Windows Security Restrictions feature
control setting for the process. If
you do not configure this policy setting, the possible harmful actions
contained in script-initiated pop-up windows and windows that include the
title and status bars cannot be run. This Internet Explorer security feature
will be on in this zone as dictated by the Scripted Windows Security
Restrictions feature control setting for the process. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2102 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone |
Allow binary and script behaviors |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate
specific functionality for HTML elements to which they were attached. If you enable this policy setting, binary
and script behaviors are available. If you select Administrator approved in
the drop-down box, only behaviors listed in the Admin-approved Behaviors
under Binary Behaviors Security Restriction policy are available. If you disable this policy setting, binary
and script behaviors are not available unless applications have implemented a
custom security manager. If you do not
configure this policy setting, binary and script behaviors are available. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2000 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone |
Display mixed content |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users can display nonsecure items and manage whether users
receive a security information message to display pages containing both
secure and nonsecure items. If you
enable this policy setting, and the drop-down box is set to Enable, the user
does not receive a security information message (This page contains both
secure and nonsecure items. Do you want to display the nonsecure items?) and
nonsecure content can be displayed. If
the drop-down box is set to Prompt, the user will receive the security
information message on the Web pages that contain both secure (https://) and
nonsecure (http://) content. If you
disable this policy setting, users cannot receive the security information
message and nonsecure content cannot be displayed. If you do not configure this policy
setting, the user will receive the security information message on the Web
pages that contain both secure (https://) and nonsecure (http://) content. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1609 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone |
Do not prompt for client certificate selection when no certificates or only one certificate
exists. |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users are prompted to select a certificate when no
certificate or only one certificate exists.
If you enable this policy setting, Internet Explorer does not prompt
users with a Client Authentication message when they connect to a Web site
that has no certificate or only one certificate. If you disable this policy setting,
Internet Explorer prompts users with a Client Authentication message when
they connect to a Web site that has no certificate or only one
certificate. If you do not configure
this policy setting, Internet Explorer does not prompt users with a Client
Authentication message when they connect to a Web site that has no
certificate or only one certificate. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1A04 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone |
Allow drag and drop or copy and paste files |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users can drag files or copy and paste files from a source
within the zone. If you enable this
policy setting, users can drag files or copy and paste files from this zone
automatically. If you select Prompt in the drop-down box, users are queried
to choose whether to drag or copy files from this zone. If you disable this policy setting, users
are prevented from dragging files or copying and pasting files from this zone. If you do not configure this policy
setting, users can drag files or copy and paste files from this zone
automatically. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1802 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone |
Allow installation of desktop items |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users can install Active Desktop items from this zone. The
settings for this option are: If you enable this policy setting, users can
install desktop items from this zone automatically. If you select Prompt in the drop-down box,
users are queried to choose whether to install desktop items from this
zone. If you disable this policy
setting, users are prevented from installing desktop items from this zone. If you do not configure this policy
setting, users are queried to choose whether to install desktop items from
this zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1800 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone |
Launching applications and files in an IFRAME |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether applications may be run and files may be downloaded from an
IFRAME reference in the HTML of the pages in this zone. If you enable this policy setting, users
can run applications and download files from IFRAMEs on the pages in this
zone without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to run applications and download files
from IFRAMEs on the pages in this zone.
If you disable this policy setting, users are prevented from running
applications and downloading files from IFRAMEs on the pages in this
zone. If you do not configure this
policy setting, users are queried to choose whether to run applications and
download files from IFRAMEs on the pages in this zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1804 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone |
Navigate sub-frames across different domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage the opening of sub-frames and access of applications across
different domains. If you enable this
policy setting, users can open sub-frames from other domains and access
applications from other domains. If you select Prompt in the drop-down box,
users are queried whether to allow sub-frames or access to applications from
other domains. If you disable this
policy setting, users cannot open sub-frames or access applications from
different domains. If you do not
configure this policy setting, users can open sub-frames from other domains
and access applications from other domains. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1607 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone |
Open files based on content, not file extension |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on
a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the
file type based on a bit signature. If
you enable this policy setting, the MIME Sniffing Safety Feature will not
apply in this zone. The security zone will run without the added layer of
security provided by this feature. If
you disable this policy setting, the actions that may be harmful cannot run;
this Internet Explorer security feature will be turned on in this zone, as
dictated by the feature control setting for the process. If you do not configure this policy
setting, the actions that may be harmful cannot run; this Internet Explorer
security feature will be turned on in this zone, as dictated by the MIME
Sniffing Safety Feature control for the process. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2100 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone |
Software channel permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage software channel permissions.
If you enable this policy setting, you can choose the following
options from the drop-down box. Low
safety to allow users to be notified of software updates by e-mail, software
packages to be automatically downloaded to users' computers, and software
packages to be automatically installed on users' computers. Medium safety to allow users to be notified
of software updates by e-mail and software packages to be automatically
downloaded to (but not installed on) users' computers. High safety to prevent users from being
notified of software updates by e-mail, software packages from being
automatically downloaded to users' computers, and software packages from
being automatically installed on users' computers. If you disable this policy setting,
permissions are set to high safety. If
you do not configure this policy setting, permissions are set to Medium
safety. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1E05 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone |
Submit non-encrypted form data |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted.
Forms sent with SSL (Secure Sockets Layer) encryption are always allowed;
this setting only affects non-SSL form data submission. If you enable this policy setting,
information using HTML forms on pages in this zone can be submitted
automatically. If you select Prompt in the drop-down box, users are queried
to choose whether to allow information using HTML forms on pages in this zone
to be submitted. If you disable this
policy setting, information using HTML forms on pages in this zone is
prevented from being submitted. If you
do not configure this policy setting, users are queried to choose whether to
allow information using HTML forms on pages in this zone to be submitted. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1601 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone |
Use Pop-up Blocker |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are
opened when the end user clicks a link are not blocked. If you enable this policy setting, most
unwanted pop-up windows are prevented from appearing. If you disable this policy setting, pop-up
windows are not prevented from appearing.
If you do not configure this policy setting, most unwanted pop-up
windows are prevented from appearing. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1809 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone |
Userdata persistence |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage the preservation of information in the browser's history, in
favorites, in an XML store, or directly within a Web page saved to disk. When
a user returns to a persisted page, the state of the page can be restored if
this policy setting is appropriately configured. If you enable this policy setting, users
can preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you disable this policy setting, users
cannot preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you do not configure this policy
setting, users can preserve information in the browser's history, in
favorites, in an XML store, or directly within a Web page saved to disk. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1606 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone |
Web sites in less privileged Web content zones can navigate into this zone |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether Web sites from less privileged zones, such as Restricted
Sites, can navigate into this zone. If
you enable this policy setting, Web sites from less privileged zones can open
new windows in, or navigate into, this zone.
The security zone will run without the added layer of security that is
provided by the Protection from Zone Elevation security feature. If you
select Prompt in the drop-down box, a warning is issued to the user that
potentially risky navigation is about to occur. If you disable this policy setting, the
possibly harmful navigations are prevented. The Internet Explorer security
feature will be on in this zone as set by Protection from Zone Elevation
feature control. If you do not
configure this policy setting, Web sites from less privileged zones can open
new windows in, or navigate into, this zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2101 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone |
Allow active scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether script code on pages in the zone is run. If you enable this policy setting, script
code on pages in the zone can run automatically. If you select Prompt in the
drop-down box, users are queried to choose whether to allow script code on
pages in the zone to run. If you
disable this policy setting, script code on pages in the zone is prevented
from running. If you do not configure
this policy setting, script code on pages in the zone can run automatically. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1400 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone |
Allow paste operations via script |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether scripts can perform a clipboard operation (for example,
cut, copy, and paste) in a specified region.
If you enable this policy setting, a script can perform a clipboard
operation. If you disable this policy
setting, a script cannot perform a clipboard operation. If you do not configure this policy
setting, a script can perform a clipboard operation. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1407 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone |
Scripting of Java applets |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether applets are exposed to scripts within the zone. If you enable this policy setting, scripts
can access applets automatically without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to allow scripts to access applets. If you disable this policy setting, scripts
are prevented from accessing applets.
If you do not configure this policy setting, scripts can access
applets automatically without user intervention. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1402 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Internet
Zone |
Logon options |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage settings for logon options.
If you enable this policy setting, you can choose from the following
logon options. Anonymous logon to
disable HTTP authentication and use the guest account only for the Common
Internet File System (CIFS) protocol.
Prompt for user name and password to query users for user IDs and
passwords. After a user is queried, these values can be used silently for the
remainder of the session. Automatic
logon only in Intranet zone to query users for user IDs and passwords in
other zones. After a user is queried, these values can be used silently for
the remainder of the session.
Automatic logon with current user name and password to attempt logon
using Windows NT Challenge Response (also known as NTLM authentication). If
Windows NT Challenge Response is supported by the server, the logon uses the
user's network user name and password for logon. If Windows NT Challenge
Response is not supported by the server, the user is queried to provide the
user name and password. If you disable
this policy setting, logon is set to Automatic logon only in Intranet
zone. If you do not configure this
policy setting, logon is set to Automatic logon only in Intranet zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1A00 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone |
Run .NET Framework-reliant components
signed with Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode
can be executed from Internet Explorer. These components include managed
controls referenced from an object tag and managed executables referenced
from a link. If you enable this policy
setting, Internet Explorer will execute signed managed components. If you
select Prompt in the drop-down box, Internet Explorer will prompt the user to
determine whether to execute signed managed components. If you disable this policy setting,
Internet Explorer will not execute signed managed components. If you do not configure this policy
setting, Internet Explorer will execute signed managed components. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2001 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone |
Run .NET Framework-reliant components
not signed with Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether .NET Framework components that are not signed with
Authenticode can be executed from Internet Explorer. These components include
managed controls referenced from an object tag and managed executables
referenced from a link. If you enable
this policy setting, Internet Explorer will execute unsigned managed
components. If you select Prompt in the drop-down box, Internet Explorer will
prompt the user to determine whether to execute unsigned managed
components. If you disable this policy
setting, Internet Explorer will not execute unsigned managed components. If you do not configure this policy
setting, Internet Explorer will execute unsigned managed components. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2004 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone |
Download signed ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users may download signed ActiveX controls from a page in
the zone. If you enable this policy,
users can download signed controls without user intervention. If you select
Prompt in the drop-down box, users are queried whether to download controls
signed by publishers who aren't trusted. Code signed by trusted publishers is
silently downloaded. If you disable
the policy setting, signed controls cannot be downloaded. If you do not configure this policy
setting, users are queried whether to download controls signed by publishers
who aren't trusted. Code signed by
trusted publishers is silently downloaded. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1001 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone |
Download unsigned ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone.
Such code is potentially harmful, especially when coming from an untrusted
zone. If you enable this policy
setting, users can run unsigned controls without user intervention. If you
select Prompt in the drop-down box, users are queried to choose whether to
allow the unsigned control to run. If
you disable this policy setting, users cannot run unsigned controls. If you do not configure this policy
setting, users cannot run unsigned controls. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1004 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone |
Initialize and script ActiveX controls not marked as safe |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy
setting, ActiveX controls are run, loaded with parameters, and scripted
without setting object safety for untrusted data or scripts. This setting is
not recommended, except for secure and administered zones. This setting
causes both unsafe and safe controls to be initialized and scripted, ignoring
the Script ActiveX controls marked safe for scripting option. If you enable this policy setting and select
Prompt in the drop-down box, users are queried whether to allow the control
to be loaded with parameters or scripted.
If you disable this policy setting, ActiveX controls that cannot be
made safe are not loaded with parameters or scripted. If you do not configure this policy
setting, ActiveX controls that cannot be made safe are not loaded with
parameters or scripted. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1201 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone |
Run ActiveX controls and plugins |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the
specified zone. If you enable this
policy setting, controls and plug-ins can run without user intervention. If you selected Prompt in the drop-down
box, users are asked to choose whether to allow the controls or plug-in to
run. If you disable this policy
setting, controls and plug-ins are prevented from running. If you do not configure this policy
setting, controls and plug-ins can run without user intervention. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1200 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone |
Script ActiveX controls marked safe for scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact
with a script. If you enable this
policy setting, script interaction can occur automatically without user
intervention. If you select Prompt in
the drop-down box, users are queried to choose whether to allow script
interaction. If you disable this
policy setting, script interaction is prevented from occurring. If you do not configure this policy
setting, script interaction can occur automatically without user
intervention. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1405 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone |
Allow file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether file downloads are permitted from the zone. This option is
determined by the zone of the page with the link causing the download, not
the zone from which the file is delivered.
If you enable this policy setting, files can be downloaded from the
zone. If you disable this policy
setting, files are prevented from being downloaded from the zone. If you do not configure this policy
setting, files can be downloaded from the zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1803 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone |
Allow font downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy setting, HTML
fonts can be downloaded automatically. If you enable this policy setting and
Prompt is selected in the drop-down box, users are queried whether to allow
HTML fonts to download. If you disable
this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting,
HTML fonts can be downloaded automatically. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1604 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone |
Java permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage permissions for Java applets.
If you enable this policy setting, you can choose options from the
drop-down box. Custom, to control permissions settings individually. Low Safety enables applets to perform all
operations. Medium Safety enables
applets to run in their sandbox (an area in memory outside of which the
program cannot make calls), plus capabilities like scratch space (a safe and
secure storage area on the client computer) and user-controlled file
I/O. High Safety enables applets to
run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java
applets cannot run. If you do not
configure this policy setting, the permission is set to Medium Safety. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1C00 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone |
Access data sources across domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether Internet Explorer can access data from another security
zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects
(ADO). If you enable this policy
setting, users can load a page in the zone that uses MSXML or ADO to access
data from another site in the zone. If you select Prompt in the drop-down
box, users are queried to choose whether to allow a page to be loaded in the
zone that uses MSXML or ADO to access data from another site in the zone. If you disable this policy setting, users
cannot load a page in the zone that uses MSXML or ADO to access data from
another site in the zone. If you do
not configure this policy setting, users are queried to choose whether to
allow a page to be loaded in the zone that uses MSXML or ADO to access data
from another site in the zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1406 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone |
Allow active content over restricted protocols to access my computer |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the
Intranet Zone can run active content such as script, ActiveX, Java and Binary
Behaviors. The list of restricted protocols may be set in the Intranet Zone
Restricted Protocols section under Network Protocol Lockdown policy. If you enable this policy setting, no
Intranet Zone content accessed is affected, even for protocols on the
restricted list. If you select Prompt from the drop-down box, the Information
Bar will appear to allow control over questionable content accessed over any
restricted protocols; content over other protocols is unaffected. If you disable this policy setting, all
attempts to access such content over the restricted protocols is
blocked. If you do not configure this
policy setting, no content is restricted. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2300 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone |
Automatic prompting for file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting determines whether users will be prompted for non user-initiated file downloads.
Regardless of this setting, users will receive file download dialogs for
user-initiated downloads. If you
enable this setting, users will receive a file download dialog for automatic
download attempts. If you disable or
do not configure this setting, file downloads that are not user-initiated
will be blocked, and users will see the Information Bar instead of the file
download dialog. Users can then click the Information Bar to allow the file
download prompt. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2200 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone |
Automatic prompting for ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting manages whether users
will be automatically prompted for ActiveX control installations. If you enable this policy setting, users
will receive a prompt when a site instantiates an ActiveX control they do not
have installed. If you disable this
policy setting, ActiveX control installations will be blocked using the
Information Bar. Users can click on the Information Bar to allow the ActiveX
control prompt. If you do not
configure this policy setting, the user’s preference will be used to
determine whether to block ActiveX control installations using the
Information Bar. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2201 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone |
Allow META REFRESH |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether a user's browser can be redirected to another Web page if
the author of the Web page uses the Meta Refresh setting (tag) to redirect
browsers to another Web page. If you
enable this policy setting, a user's browser that loads a page containing an
active Meta Refresh setting, can be redirected to another Web page. If you disable this policy setting, a
user's browser that loads a page containing an active Meta Refresh setting,
cannot be redirected to another Web page.
If you do not configure this policy setting, a user's browser that
loads a page containing an active Meta Refresh setting, can be redirected to
another Web page. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1608 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone |
Allow script-initiated windows without size or position constraints |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that
include the title and status bars. If
you enable this policy setting, Windows Restrictions security will not apply
in this zone. The security zone runs without the added layer of security
provided by this feature. If you
disable this policy setting, the possible harmful actions contained in
script-initiated pop-up windows and windows that include the title and status
bars cannot be run. This Internet Explorer security feature will be on in
this zone as dictated by the Scripted Windows Security Restrictions feature
control setting for the process. If
you do not configure this policy setting, Windows Restrictions security will
not apply in this zone. The security zone runs without the added layer of
security provided by this feature. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2102 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone |
Allow binary and script behaviors |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate
specific functionality for HTML elements to which they were attached. If you enable this policy setting, binary
and script behaviors are available. If you select Administrator approved in
the drop-down box, only behaviors listed in the Admin-approved Behaviors
under Binary Behaviors Security Restriction policy are available. If you disable this policy setting, binary
and script behaviors are not available unless applications have implemented a
custom security manager. If you do not
configure this policy setting, binary and script behaviors are available. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2000 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone |
Display mixed content |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users can display nonsecure items and manage whether users
receive a security information message to display pages containing both
secure and nonsecure items. If you
enable this policy setting, and the drop-down box is set to Enable, the user
does not receive a security information message (This page contains both
secure and nonsecure items. Do you want to display the nonsecure items?) and
nonsecure content can be displayed. If
the drop-down box is set to Prompt, the user will receive the security
information message on the Web pages that contain both secure (https://) and
nonsecure (http://) content. If you
disable this policy setting, users cannot receive the security information
message and nonsecure content cannot be displayed. If you do not configure this policy
setting, the user will receive the security information message on the Web
pages that contain both secure (https://) and nonsecure (http://) content. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1609 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone |
Do not prompt for client certificate selection when no certificates or only one certificate
exists. |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users are prompted to select a certificate when no
certificate or only one certificate exists.
If you enable this policy setting, Internet Explorer does not prompt
users with a Client Authentication message when they connect to a Web site
that has no certificate or only one certificate. If you disable this policy setting,
Internet Explorer prompts users with a Client Authentication message when
they connect to a Web site that has no certificate or only one
certificate. If you do not configure
this policy setting, Internet Explorer prompts users with a Client
Authentication message when they connect to a Web site that has no certificate
or only one certificate. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1A04 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone |
Allow drag and drop or copy and paste files |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users can drag files or copy and paste files from a source
within the zone. If you enable this
policy setting, users can drag files or copy and paste files from this zone
automatically. If you select Prompt in the drop-down box, users are queried
to choose whether to drag or copy files from this zone. If you disable this policy setting, users
are prevented from dragging files or copying and pasting files from this zone. If you do not configure this policy
setting, users can drag files or copy and paste files from this zone
automatically. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1802 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone |
Allow installation of desktop items |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users can install Active Desktop items from this zone. The
settings for this option are: If you enable this policy setting, users can
install desktop items from this zone automatically. If you select Prompt in the drop-down box,
users are queried to choose whether to install desktop items from this
zone. If you disable this policy
setting, users are prevented from installing desktop items from this zone. If you do not configure this policy
setting, users are queried to choose whether to install desktop items from
this zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1800 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone |
Launching applications and files in an IFRAME |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether applications may be run and files may be downloaded from an
IFRAME reference in the HTML of the pages in this zone. If you enable this policy setting, users
can run applications and download files from IFRAMEs on the pages in this
zone without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to run applications and download files
from IFRAMEs on the pages in this zone.
If you disable this policy setting, users are prevented from running
applications and downloading files from IFRAMEs on the pages in this
zone. If you do not configure this
policy setting, users are queried to choose whether to run applications and
download files from IFRAMEs on the pages in this zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1804 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone |
Navigate sub-frames across different domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage the opening of sub-frames and access of applications across
different domains. If you enable this
policy setting, users can open additional sub-frames from other domains and
access applications from other domains. If you select Prompt in the drop-down
box, users are queried whether to allow additional sub-frames or access to
applications from other domains. If
you disable this policy setting, users cannot open other sub-frames or access
applications from different domains.
If you do not configure this policy setting, users can open additional
sub-frames from other domains and access applications from other domains. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1607 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone |
Open files based on content, not file extension |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on
a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the
file type based on a bit signature. If
you enable this policy setting, the MIME Sniffing Safety Feature will not
apply in this zone. The security zone will run without the added layer of
security provided by this feature. If
you disable this policy setting, the actions that may be harmful cannot run;
this Internet Explorer security feature will be turned on in this zone, as
dictated by the feature control setting for the process. If you do not configure this policy
setting, the actions that may be harmful cannot run; this Internet Explorer
security feature will be turned on in this zone, as dictated by the MIME
Sniffing Safety Feature control for the process. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2100 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone |
Software channel permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage software channel permissions.
If you enable this policy setting, you can choose the following
options from the drop-down box. Low
safety to allow users to be notified of software updates by e-mail, software
packages to be automatically downloaded to users' computers, and software
packages to be automatically installed on users' computers. Medium safety to allow users to be notified
of software updates by e-mail and software packages to be automatically
downloaded to (but not installed on) users' computers. High safety to prevent users from being
notified of software updates by e-mail, software packages from being
automatically downloaded to users' computers, and software packages from
being automatically installed on users' computers. If you disable this policy setting,
permissions are set to high safety. If
you do not configure this policy setting, permissions are set to Medium
safety. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1E05 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone |
Submit non-encrypted form data |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted.
Forms sent with SSL (Secure Sockets Layer) encryption are always allowed;
this setting only affects non-SSL form data submission. If you enable this policy setting,
information using HTML forms on pages in this zone can be submitted
automatically. If you select Prompt in the drop-down box, users are queried
to choose whether to allow information using HTML forms on pages in this zone
to be submitted. If you disable this
policy setting, information using HTML forms on pages in this zone is
prevented from being submitted. If you
do not configure this policy setting, information using HTML forms on pages
in this zone can be submitted automatically. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1601 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone |
Use Pop-up Blocker |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are
opened when the end user clicks a link are not blocked. If you enable this policy setting, most
unwanted pop-up windows are prevented from appearing. If you disable this policy setting, pop-up
windows are not prevented from appearing.
If you do not configure this policy setting, pop-up windows are not
prevented from appearing. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1809 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone |
Userdata persistence |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage the preservation of information in the browser's history, in
favorites, in an XML store, or directly within a Web page saved to disk. When
a user returns to a persisted page, the state of the page can be restored if
this policy setting is appropriately configured. If you enable this policy setting, users
can preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you disable this policy setting, users
cannot preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you do not configure this policy
setting, users can preserve information in the browser's history, in
favorites, in an XML store, or directly within a Web page saved to disk. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1606 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone |
Web sites in less privileged Web content zones can navigate into this zone |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet
sites, can navigate into this zone. If
you enable this policy setting, Web sites from less privileged zones can open
new windows in, or navigate into, this zone. The security zone will run
without the added layer of security that is provided by the Protection from
Zone Elevation security feature. If you select Prompt in the drop-down box, a
warning is issued to the user that potentially risky navigation is about to
occur. If you disable this policy
setting, the possibly harmful navigations are prevented. The Internet
Explorer security feature will be on in this zone as set by Protection from
Zone Elevation feature control. If you
do not configure this policy setting, Web sites from less privileged zones
can open new windows in, or navigate into, this zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2101 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone |
Allow active scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether script code on pages in the zone is run. If you enable this policy setting, script
code on pages in the zone can run automatically. If you select Prompt in the
drop-down box, users are queried to choose whether to allow script code on
pages in the zone to run. If you
disable this policy setting, script code on pages in the zone is prevented
from running. If you do not configure
this policy setting, script code on pages in the zone can run automatically. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1400 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone |
Allow paste operations via script |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether scripts can perform a clipboard operation (for example,
cut, copy, and paste) in a specified region.
If you enable this policy setting, a script can perform a clipboard
operation. If you disable this policy
setting, a script cannot perform a clipboard operation. If you do not configure this policy
setting, a script can perform a clipboard operation. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1407 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone |
Scripting of Java applets |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether applets are exposed to scripts within the zone. If you enable this policy setting, scripts
can access applets automatically without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to allow scripts to access applets. If you disable this policy setting, scripts
are prevented from accessing applets.
If you do not configure this policy setting, scripts can access
applets automatically without user intervention. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1402 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Intranet
Zone |
Logon options |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage settings for logon options.
If you enable this policy setting, you can choose from the following
logon options. Anonymous logon to
disable HTTP authentication and use the guest account only for the Common
Internet File System (CIFS) protocol.
Prompt for user name and password to query users for user IDs and
passwords. After a user is queried, these values can be used silently for the
remainder of the session. Automatic
logon only in Intranet zone to query users for user IDs and passwords in
other zones. After a user is queried, these values can be used silently for
the remainder of the session.
Automatic logon with current user name and password to attempt logon
using Windows NT Challenge Response (also known as NTLM authentication). If
Windows NT Challenge Response is supported by the server, the logon uses the
user's network user name and password for logon. If Windows NT Challenge
Response is not supported by the server, the user is queried to provide the
user name and password. If you disable
this policy setting, logon is set to Automatic logon only in Intranet
zone. If you do not configure this
policy setting, logon is set to Automatic logon only in Intranet zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1A00 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone |
Run .NET Framework-reliant components
signed with Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode
can be executed from Internet Explorer. These components include managed
controls referenced from an object tag and managed executables referenced
from a link. If you enable this policy
setting, Internet Explorer will execute signed managed components. If you
select Prompt in the drop-down box, Internet Explorer will prompt the user to
determine whether to execute signed managed components. If you disable this policy setting,
Internet Explorer will not execute signed managed components. If you do not configure this policy
setting, Internet Explorer will execute signed managed components. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2001 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone |
Run .NET Framework-reliant components
not signed with Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether .NET Framework components that are not signed with
Authenticode can be executed from Internet Explorer. These components include
managed controls referenced from an object tag and managed executables
referenced from a link. If you enable
this policy setting, Internet Explorer will execute unsigned managed
components. If you select Prompt in the drop-down box, Internet Explorer will
prompt the user to determine whether to execute unsigned managed
components. If you disable this policy
setting, Internet Explorer will not execute unsigned managed components. If you do not configure this policy
setting, Internet Explorer will execute unsigned managed components. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2004 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone |
Download signed ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users may download signed ActiveX controls from a page in
the zone. If you enable this policy,
users can download signed controls without user intervention. If you select
Prompt in the drop-down box, users are queried whether to download controls
signed by publishers who aren't trusted. Code signed by trusted publishers is
silently downloaded. If you disable
the policy setting, signed controls cannot be downloaded. If you do not configure this policy
setting, users can download signed controls without user intervention. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1001 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone |
Download unsigned ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone.
Such code is potentially harmful, especially when coming from an untrusted
zone. If you enable this policy
setting, users can run unsigned controls without user intervention. If you
select Prompt in the drop-down box, users are queried to choose whether to
allow the unsigned control to run. If
you disable this policy setting, users are queried to choose whether to allow
the unsigned control to run. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1004 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone |
Initialize and script ActiveX controls not marked as safe |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy
setting, ActiveX controls are run, loaded with parameters, and scripted
without setting object safety for untrusted data or scripts. This setting is
not recommended, except for secure and administered zones. This setting
causes both unsafe and safe controls to be initialized and scripted, ignoring
the Script ActiveX controls marked safe for scripting option. If you enable this policy setting and select
Prompt in the drop-down box, users are queried whether to allow the control
to be loaded with parameters or scripted.
If you disable this policy setting, ActiveX controls that cannot be
made safe are not loaded with parameters or scripted. If you do not configure this policy
setting, users are queried whether to allow the control to be loaded with
parameters or scripted. If you disable
this policy setting, ActiveX controls that cannot be made safe are not loaded
with parameters or scripted. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1201 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone |
Run ActiveX controls and plugins |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the
specified zone. If you enable this
policy setting, controls and plug-ins can run without user intervention. If you selected Prompt in the drop-down
box, users are asked to choose whether to allow the controls or plug-in to
run. If you disable this policy
setting, controls and plug-ins are prevented from running. If you do not configure this policy
setting, controls and plug-ins can run without user intervention. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1200 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone |
Script ActiveX controls marked safe for scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact
with a script. If you enable this
policy setting, script interaction can occur automatically without user
intervention. If you select Prompt in
the drop-down box, users are queried to choose whether to allow script
interaction. If you disable this
policy setting, script interaction is prevented from occurring. If you do not configure this policy
setting, script interaction can occur automatically without user
intervention. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1405 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone |
Allow file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether file downloads are permitted from the zone. This option is
determined by the zone of the page with the link causing the download, not
the zone from which the file is delivered.
If you enable this policy setting, files can be downloaded from the
zone. If you disable this policy
setting, files are prevented from being downloaded from the zone. If you do not configure this policy
setting, files can be downloaded from the zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1803 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone |
Allow font downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy setting, HTML
fonts can be downloaded automatically. If you enable this policy setting and
Prompt is selected in the drop-down box, users are queried whether to allow
HTML fonts to download. If you disable
this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting,
HTML fonts can be downloaded automatically. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1604 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone |
Java permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage permissions for Java applets.
If you enable this policy setting, you can choose options from the
drop-down box. Custom, to control permissions settings individually. Low Safety enables applets to perform all
operations. Medium Safety enables
applets to run in their sandbox (an area in memory outside of which the
program cannot make calls), plus capabilities like scratch space (a safe and
secure storage area on the client computer) and user-controlled file
I/O. High Safety enables applets to
run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java
applets cannot run. If you do not
configure this policy setting, the permission is set to Low Safety. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1C00 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone |
Access data sources across domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether Internet Explorer can access data from another security
zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects
(ADO). If you enable this policy
setting, users can load a page in the zone that uses MSXML or ADO to access
data from another site in the zone. If you select Prompt in the drop-down
box, users are queried to choose whether to allow a page to be loaded in the
zone that uses MSXML or ADO to access data from another site in the zone. If you disable this policy setting, users
cannot load a page in the zone that uses MSXML or ADO to access data from
another site in the zone. If you do
not configure this policy setting, users can load a page in the zone that
uses MSXML or ADO to access data from another site in the zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1406 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone |
Allow active content over restricted protocols to access my computer |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the
Trusted Sites Zone can run active content such as script, ActiveX, Java and
Binary Behaviors. The list of restricted protocols may be set in the Trusted
Sites Zone Restricted Protocols section under Network Protocol Lockdown
policy. If you enable this policy
setting, no Trusted Sites Zone content accessed is affected, even for
protocols on the restricted list. If you select Prompt from the drop-down
box, the Information Bar will appear to allow control over questionable
content accessed over any restricted protocols; content over other protocols
is unaffected. If you disable this
policy setting, all attempts to access such content over the restricted
protocols is blocked. If you do not
configure this policy setting, no content is restricted. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2300 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone |
Automatic prompting for file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting determines whether users will be prompted for non user-initiated file downloads.
Regardless of this setting, users will receive file download dialogs for
user-initiated downloads. If you
enable this setting, users will receive a file download dialog for automatic
download attempts. If you disable or
do not configure this setting, file downloads that are not user-initiated
will be blocked, and users will see the Information Bar instead of the file
download dialog. Users can then click the Information Bar to allow the file
download prompt. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2200 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone |
Automatic prompting for ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting manages whether users
will be automatically prompted for ActiveX control installations. If you enable this policy setting, users
will receive a prompt when a site instantiates an ActiveX control they do not
have installed. If you disable this
policy setting, ActiveX control installations will be blocked using the
Information Bar. Users can click on the Information Bar to allow the ActiveX
control prompt. If you do not
configure this policy setting, the user’s preference will be used to
determine whether to block ActiveX control installations using the
Information Bar. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2201 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone |
Allow META REFRESH |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether a user's browser can be redirected to another Web page if
the author of the Web page uses the Meta Refresh setting (tag) to redirect
browsers to another Web page. If you
enable this policy setting, a user's browser that loads a page containing an
active Meta Refresh setting, can be redirected to another Web page. If you disable this policy setting, a
user's browser that loads a page containing an active Meta Refresh setting,
cannot be redirected to another Web page.
If you do not configure this policy setting, a user's browser that
loads a page containing an active Meta Refresh setting, can be redirected to
another Web page. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1608 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone |
Allow script-initiated windows without size or position constraints |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that
include the title and status bars. If
you enable this policy setting, Windows Restrictions security will not apply
in this zone. The security zone runs without the added layer of security
provided by this feature. If you
disable this policy setting, the possible harmful actions contained in
script-initiated pop-up windows and windows that include the title and status
bars cannot be run. This Internet Explorer security feature will be on in
this zone as dictated by the Scripted Windows Security Restrictions feature
control setting for the process. If
you do not configure this policy setting, Windows Restrictions security will
not apply in this zone. The security zone runs without the added layer of
security provided by this feature. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2102 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone |
Allow binary and script behaviors |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate
specific functionality for HTML elements to which they were attached. If you enable this policy setting, binary
and script behaviors are available. If you select Administrator approved in
the drop-down box, only behaviors listed in the Admin-approved Behaviors
under Binary Behaviors Security Restriction policy are available. If you disable this policy setting, binary
and script behaviors are not available unless applications have implemented a
custom security manager. If you do not
configure this policy setting, binary and script behaviors are available. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2000 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone |
Display mixed content |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users can display nonsecure items and manage whether users
receive a security information message to display pages containing both
secure and nonsecure items. If you
enable this policy setting, and the drop-down box is set to Enable, the user
does not receive a security information message (This page contains both
secure and nonsecure items. Do you want to display the nonsecure items?) and
nonsecure content can be displayed. If
the drop-down box is set to Prompt, the user will receive the security
information message on the Web pages that contain both secure (https://) and
nonsecure (http://) content. If you
disable this policy setting, users cannot receive the security information
message and nonsecure content cannot be displayed. If you do not configure this policy
setting, the user will receive the security information message on the Web
pages that contain both secure (https://) and nonsecure (http://) content. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1609 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone |
Do not prompt for client certificate selection when no certificates or only one certificate
exists. |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users are prompted to select a certificate when no
certificate or only one certificate exists.
If you enable this policy setting, Internet Explorer does not prompt
users with a Client Authentication message when they connect to a Web site
that has no certificate or only one certificate. If you disable this policy setting,
Internet Explorer prompts users with a Client Authentication message when
they connect to a Web site that has no certificate or only one
certificate. If you do not configure
this policy setting, Internet Explorer prompts users with a Client
Authentication message when they connect to a Web site that has no certificate
or only one certificate. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1A04 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone |
Allow drag and drop or copy and paste files |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users can drag files or copy and paste files from a source
within the zone. If you enable this
policy setting, users can drag files or copy and paste files from this zone
automatically. If you select Prompt in the drop-down box, users are queried
to choose whether to drag or copy files from this zone. If you disable this policy setting, users
are prevented from dragging files or copying and pasting files from this zone. If you do not configure this policy
setting, users can drag files or copy and paste files from this zone
automatically. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1802 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone |
Allow installation of desktop items |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users can install Active Desktop items from this zone. The
settings for this option are: If you enable this policy setting, users can
install desktop items from this zone automatically. If you select Prompt in the drop-down box,
users are queried to choose whether to install desktop items from this
zone. If you disable this policy
setting, users are prevented from installing desktop items from this zone. If you do not configure this policy
setting, users can install desktop items from this zone automatically. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1800 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone |
Launching applications and files in an IFRAME |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether applications may be run and files may be downloaded from an
IFRAME reference in the HTML of the pages in this zone. If you enable this policy setting, users
can run applications and download files from IFRAMEs on the pages in this
zone without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to run applications and download files
from IFRAMEs on the pages in this zone.
If you disable this policy setting, users are prevented from running
applications and downloading files from IFRAMEs on the pages in this
zone. If you do not configure this
policy setting, users can run applications and download files from IFRAMEs on
the pages in this zone without user intervention. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1804 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone |
Navigate sub-frames across different domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage the opening of sub-frames and access of applications across
different domains. If you enable this
policy setting, users can open additional sub-frames from other domains and
access applications from other domains. If you select Prompt in the drop-down
box, users are queried whether to allow additional sub-frames or access to
applications from other domains. If
you disable this policy setting, users cannot open other sub-frames or access
applications from different domains.
If you do not configure this policy setting, users can open additional
sub-frames from other domains and access applications from other domains. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1607 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone |
Open files based on content, not file extension |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on
a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the
file type based on a bit signature. If
you enable this policy setting, the MIME Sniffing Safety Feature will not
apply in this zone. The security zone will run without the added layer of
security provided by this feature. If
you disable this policy setting, the actions that may be harmful cannot run;
this Internet Explorer security feature will be turned on in this zone, as
dictated by the feature control setting for the process. If you do not configure this policy
setting, the actions that may be harmful cannot run; this Internet Explorer
security feature will be turned on in this zone, as dictated by the MIME
Sniffing Safety Feature control for the process. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2100 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone |
Software channel permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage software channel permissions.
If you enable this policy setting, you can choose the following
options from the drop-down box. Low
safety to allow users to be notified of software updates by e-mail, software
packages to be automatically downloaded to users' computers, and software
packages to be automatically installed on users' computers. Medium safety to allow users to be notified
of software updates by e-mail and software packages to be automatically
downloaded to (but not installed on) users' computers. High safety to prevent users from being
notified of software updates by e-mail, software packages from being
automatically downloaded to users' computers, and software packages from
being automatically installed on users' computers. If you disable this policy setting,
permissions are set to high safety. If
you do not configure this policy setting, permissions are set to Low safety. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1E05 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone |
Submit non-encrypted form data |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted.
Forms sent with SSL (Secure Sockets Layer) encryption are always allowed;
this setting only affects non-SSL form data submission. If you enable this policy setting,
information using HTML forms on pages in this zone can be submitted
automatically. If you select Prompt in the drop-down box, users are queried
to choose whether to allow information using HTML forms on pages in this zone
to be submitted. If you disable this
policy setting, information using HTML forms on pages in this zone is
prevented from being submitted. If you
do not configure this policy setting, information using HTML forms on pages
in this zone can be submitted automatically. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1601 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone |
Use Pop-up Blocker |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are
opened when the end user clicks a link are not blocked. If you enable this policy setting, most
unwanted pop-up windows are prevented from appearing. If you disable this policy setting, pop-up
windows are not prevented from appearing.
If you do not configure this policy setting, pop-up windows are not
prevented from appearing. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1809 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone |
Userdata persistence |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage the preservation of information in the browser's history, in
favorites, in an XML store, or directly within a Web page saved to disk. When
a user returns to a persisted page, the state of the page can be restored if
this policy setting is appropriately configured. If you enable this policy setting, users
can preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you disable this policy setting, users
cannot preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you do not configure this policy
setting, users can preserve information in the browser's history, in
favorites, in an XML store, or directly within a Web page saved to disk. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1606 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone |
Web sites in less privileged Web content zones can navigate into this zone |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet
sites, can navigate into this zone. If
you enable this policy setting, Web sites from less privileged zones can open
new windows in, or navigate into, this zone. The security zone will run
without the added layer of security that is provided by the Protection from
Zone Elevation security feature. If you select Prompt in the drop-down box, a
warning is issued to the user that potentially risky navigation is about to
occur. If you disable this policy
setting, the possibly harmful navigations are prevented. The Internet
Explorer security feature will be on in this zone as set by Protection from
Zone Elevation feature control. If you
do not configure this policy setting, a warning is issued to the user that
potentially risky behavior is about to occur. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2101 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone |
Allow active scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether script code on pages in the zone is run. If you enable this policy setting, script
code on pages in the zone can run automatically. If you select Prompt in the
drop-down box, users are queried to choose whether to allow script code on
pages in the zone to run. If you
disable this policy setting, script code on pages in the zone is prevented
from running. If you do not configure
this policy setting, script code on pages in the zone can run automatically. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1400 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone |
Allow paste operations via script |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether scripts can perform a clipboard operation (for example,
cut, copy, and paste) in a specified region.
If you enable this policy setting, a script can perform a clipboard
operation. If you disable this policy,
a script cannot perform a clipboard operation. If you do not configure this policy
setting, a script can perform a clipboard operation. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1407 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone |
Scripting of Java applets |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether applets are exposed to scripts within the zone. If you enable this policy setting, scripts
can access applets automatically without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to allow scripts to access applets. If you disable this policy setting, scripts
are prevented from accessing applets.
If you do not configure this policy setting, scripts can access
applets automatically without user intervention. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1402 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Trusted
Sites Zone |
Logon options |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage settings for logon options.
If you enable this policy setting, you can choose from the following
logon options. Anonymous logon to
disable HTTP authentication and use the guest account only for the Common
Internet File System (CIFS) protocol.
Prompt for user name and password to query users for user IDs and
passwords. After a user is queried, these values can be used silently for the
remainder of the session. Automatic
logon only in Intranet zone to query users for user IDs and passwords in
other zones. After a user is queried, these values can be used silently for
the remainder of the session.
Automatic logon with current user name and password to attempt logon
using Windows NT Challenge Response (also known as NTLM authentication). If
Windows NT Challenge Response is supported by the server, the logon uses the
user's network user name and password for logon. If Windows NT Challenge
Response is not supported by the server, the user is queried to provide the
user name and password. If you disable
this policy setting, logon is set to Automatic logon only in Intranet
zone. If you do not configure this
policy setting, logon is set to Automatic logon with current username and
password. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1A00 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone |
Run .NET Framework-reliant components
signed with Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode
can be executed from Internet Explorer. These components include managed
controls referenced from an object tag and managed executables referenced
from a link. If you enable this policy
setting, Internet Explorer will execute signed managed components. If you
select Prompt in the drop-down box, Internet Explorer will prompt the user to
determine whether to execute signed managed components. If you disable this policy setting,
Internet Explorer will not execute signed managed components. If you do not configure this policy
setting, Internet Explorer will not execute signed managed components. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2001 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone |
Run .NET Framework-reliant components
not signed with Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether .NET Framework components that are not signed with
Authenticode can be executed from Internet Explorer. These components include
managed controls referenced from an object tag and managed executables
referenced from a link. If you enable
this policy setting, Internet Explorer will execute unsigned managed
components. If you select Prompt in the drop-down box, Internet Explorer will
prompt the user to determine whether to execute unsigned managed
components. If you disable this policy
setting, Internet Explorer will not execute unsigned managed components. If you do not configure this policy
setting, Internet Explorer will not execute unsigned managed components. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2004 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone |
Download signed ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users may download signed ActiveX controls from a page in
the zone. If you enable this policy,
users can download signed controls without user intervention. If you select
Prompt in the drop-down box, users are queried whether to download controls
signed by publishers who aren't trusted. Code signed by trusted publishers is
silently downloaded. If you disable
the policy setting, signed controls cannot be downloaded. If you do not configure this policy
setting, signed controls cannot be downloaded. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1001 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone |
Download unsigned ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone.
Such code is potentially harmful, especially when coming from an untrusted
zone. If you enable this policy
setting, users can run unsigned controls without user intervention. If you
select Prompt in the drop-down box, users are queried to choose whether to
allow the unsigned control to run. If
you disable this policy setting, users cannot run unsigned controls. If you do not configure this policy
setting, users cannot run unsigned controls. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1004 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone |
Initialize and script ActiveX controls not marked as safe |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy
setting, ActiveX controls are run, loaded with parameters, and scripted
without setting object safety for untrusted data or scripts. This setting is
not recommended, except for secure and administered zones. This setting
causes both unsafe and safe controls to be initialized and scripted, ignoring
the Script ActiveX controls marked safe for scripting option. If you enable this policy setting and select
Prompt in the drop-down box, users are queried whether to allow the control
to be loaded with parameters or scripted.
If you disable this policy setting, ActiveX controls that cannot be
made safe are not loaded with parameters or scripted. If you do not configure this policy
setting, ActiveX controls that cannot be made safe are not loaded with
parameters or scripted. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1201 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone |
Run ActiveX controls and plugins |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the
specified zone. If you enable this
policy setting, controls and plug-ins can run without user intervention. If you selected Prompt in the drop-down
box, users are asked to choose whether to allow the controls or plug-in to
run. If you disable this policy
setting, controls and plug-ins are prevented from running. If you do not configure this policy
setting, controls and plug-ins are prevented from running. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1200 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone |
Script ActiveX controls marked safe for scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact
with a script. If you enable this
policy setting, script interaction can occur automatically without user
intervention. If you select Prompt in
the drop-down box, users are queried to choose whether to allow script
interaction. If you disable this
policy setting, script interaction is prevented from occurring. If you do not configure this policy
setting, script interaction is prevented from occurring. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1405 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone |
Allow file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether file downloads are permitted from the zone. This option is
determined by the zone of the page with the link causing the download, not
the zone from which the file is delivered.
If you enable this policy setting, files can be downloaded from the
zone. If you disable this policy
setting, files are prevented from being downloaded from the zone. If you do not configure this policy
setting, files are prevented from being downloaded from the zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1803 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone |
Allow font downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy setting, HTML
fonts can be downloaded automatically. If you enable this policy setting and
Prompt is selected in the drop-down box, users are queried whether to allow
HTML fonts to download. If you disable
this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting,
users are queried whether to allow HTML fonts to download. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1604 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone |
Java permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage permissions for Java applets.
If you enable this policy setting, you can choose options from the
drop-down box. Custom, to control permissions settings individually. Low Safety enables applets to perform all
operations. Medium Safety enables
applets to run in their sandbox (an area in memory outside of which the
program cannot make calls), plus capabilities like scratch space (a safe and
secure storage area on the client computer) and user-controlled file
I/O. High Safety enables applets to
run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java
applets cannot run. If you do not
configure this policy setting, Java permissions are disabled. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1C00 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone |
Access data sources across domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether Internet Explorer can access data from another security
zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects
(ADO). If you enable this policy
setting, users can load a page in the zone that uses MSXML or ADO to access
data from another site in the zone. If you select Prompt in the drop-down
box, users are queried to choose whether to allow a page to be loaded in the
zone that uses MSXML or ADO to access data from another site in the zone. If you disable this policy setting, users
cannot load a page in the zone that uses MSXML or ADO to access data from
another site in the zone. If you do
not configure this policy setting, users cannot load a page in the zone that
uses MSXML or ADO to access data from another site in the zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1406 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone |
Allow active content over restricted protocols to access my computer |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the
Restricted Sites Zone can run active content such as script, ActiveX, Java
and Binary Behaviors. The list of restricted protocols may be set in the
Restricted Sites Zone Restricted Protocols section under Network Protocol
Lockdown policy. If you enable this
policy setting, no Restricted Sites Zone content accessed is affected, even
for protocols on the restricted list. If you select Prompt from the drop-down
box, the Information Bar will appear to allow control over questionable
content accessed over any restricted protocols; content over other protocols
is unaffected. If you disable this
policy setting, all attempts to access such content over the restricted
protocols is blocked. If you do not
configure this policy setting, no content is restricted. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2300 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone |
Automatic prompting for file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting determines whether users will be prompted for non user-initiated file downloads.
Regardless of this setting, users will receive file download dialogs for
user-initiated downloads. If you
enable this setting, users will receive a file download dialog for automatic
download attempts. If you disable or
do not configure this setting, file downloads that are not user-initiated
will be blocked, and users will see the Information Bar instead of the file
download dialog. Users can then click the Information Bar to allow the file
download prompt. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2200 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone |
Automatic prompting for ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting manages whether users
will be automatically prompted for ActiveX control installations. If you enable this policy setting, users
will receive a prompt when a site instantiates an ActiveX control they do not
have installed. If you disable this
policy setting, ActiveX control installations will be blocked using the
Information Bar. Users can click on the Information Bar to allow the ActiveX
control prompt. If you do not
configure this policy setting, the user’s preference will be used to
determine whether to block ActiveX control installations using the
Information Bar. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2201 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone |
Allow META REFRESH |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether a user's browser can be redirected to another Web page if
the author of the Web page uses the Meta Refresh setting (tag) to redirect
browsers to another Web page. If you
enable this policy setting, a user's browser that loads a page containing an
active Meta Refresh setting, can be redirected to another Web page. If you disable this policy setting, a
user's browser that loads a page containing an active Meta Refresh setting,
cannot be redirected to another Web page.
If you do not configure this policy setting, a user's browser that
loads a page containing an active Meta Refresh setting, cannot be redirected
to another Web page. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1608 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone |
Allow script-initiated windows without size or position constraints |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that
include the title and status bars. If
you enable this policy setting, Windows Restrictions security will not apply
in this zone. The security zone runs without the added layer of security
provided by this feature. If you
disable this policy setting, the possible harmful actions contained in
script-initiated pop-up windows and windows that include the title and status
bars cannot be run. This Internet Explorer security feature will be on in
this zone as dictated by the Scripted Windows Security Restrictions feature
control setting for the process. If
you do not configure this policy setting, the possible harmful actions
contained in script-initiated pop-up windows and windows that include the
title and status bars cannot be run. This Internet Explorer security feature
will be on in this zone as dictated by the Scripted Windows Security
Restrictions feature control setting for the process. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2102 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone |
Allow binary and script behaviors |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate
specific functionality for HTML elements to which they were attached. If you enable this policy setting, binary
and script behaviors are available. If you select Administrator approved in
the drop-down box, only behaviors listed in the Admin-approved Behaviors
under Binary Behaviors Security Restriction policy are available. If you disable this policy setting, binary
and script behaviors are not available unless applications have implemented a
custom security manager. If you do not
configure this policy setting, binary and script behaviors are not available
unless applications have implemented a custom security manager. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2000 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone |
Display mixed content |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users can display nonsecure items and manage whether users
receive a security information message to display pages containing both
secure and nonsecure items. If you
enable this policy setting, and the drop-down box is set to Enable, the user
does not receive a security information message (This page contains both
secure and nonsecure items. Do you want to display the nonsecure items?) and
nonsecure content can be displayed. If
the drop-down box is set to Prompt, the user will receive the security
information message on the Web pages that contain both secure (https://) and
nonsecure (http://) content. If you
disable this policy setting, users cannot receive the security information
message and nonsecure content cannot be displayed. If you do not configure this policy
setting, the user will receive the security information message on the Web
pages that contain both secure (https://) and nonsecure (http://) content. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1609 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone |
Do not prompt for client certificate selection when no certificates or only one certificate
exists. |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users are prompted to select a certificate when no
certificate or only one certificate exists.
If you enable this policy setting, Internet Explorer does not prompt
users with a Client Authentication message when they connect to a Web site
that has no certificate or only one certificate. If you disable this policy setting,
Internet Explorer prompts users with a Client Authentication message when
they connect to a Web site that has no certificate or only one
certificate. If you do not configure
this policy setting, Internet Explorer does not prompt users with a Client
Authentication message when they connect to a Web site that has no
certificate or only one certificate. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1A04 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone |
Allow drag and drop or copy and paste files |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users can drag files or copy and paste files from a source
within the zone. If you enable this
policy setting, users can drag files or copy and paste files from this zone
automatically. If you select Prompt in the drop-down box, users are queried
to choose whether to drag or copy files from this zone. If you disable this policy setting, users
are prevented from dragging files or copying and pasting files from this zone. If you do not configure this policy
setting, users are queried to choose whether to drag or copy files from this
zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1802 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone |
Allow installation of desktop items |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users can install Active Desktop items from this zone. The
settings for this option are: If you enable this policy setting, users can
install desktop items from this zone automatically. If you select Prompt in the drop-down box,
users are queried to choose whether to install desktop items from this
zone. If you disable this policy
setting, users are prevented from installing desktop items from this zone. If you do not configure this policy
setting, users cannot install desktop items from this zone automatically. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1800 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone |
Launching applications and files in an IFRAME |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether applications may be run and files may be downloaded from an
IFRAME reference in the HTML of the pages in this zone. If you enable this policy setting, users
can run applications and download files from IFRAMEs on the pages in this
zone without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to run applications and download files
from IFRAMEs on the pages in this zone.
If you disable this policy setting, users are prevented from running
applications and downloading files from IFRAMEs on the pages in this
zone. If you do not configure this
policy setting, users are prevented from running applications and downloading
files from IFRAMEs on the pages in this zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1804 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone |
Navigate sub-frames across different domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage the opening of sub-frames and access of applications across
different domains. If you enable this
policy setting, users can open additional sub-frames from other domains and
access applications from other domains. If you select Prompt in the drop-down
box, users are queried whether to allow additional sub-frames or access to
applications from other domains. If
you disable this policy setting, users cannot open other sub-frames or access
applications from different domains.
If you do not configure this policy setting, users cannot open
additional sub-frames from other domains and access applications from other
domains. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1607 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone |
Open files based on content, not file extension |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on
a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the
file type based on a bit signature. If
you enable this policy setting, the MIME Sniffing Safety Feature will not
apply in this zone. The security zone will run without the added layer of
security provided by this feature. If
you disable this policy setting, the actions that may be harmful cannot run;
this Internet Explorer security feature will be turned on in this zone, as
dictated by the feature control setting for the process. If you do not configure this policy
setting, the actions that may be harmful cannot run; this Internet Explorer
security feature will be turned on in this zone, as dictated by the feature
control setting for the process. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2100 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone |
Software channel permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage software channel permissions.
If you enable this policy setting, you can choose the following
options from the drop-down box. Low
safety to allow users to be notified of software updates by e-mail, software
packages to be automatically downloaded to users' computers, and software
packages to be automatically installed on users' computers. Medium safety to allow users to be notified
of software updates by e-mail and software packages to be automatically
downloaded to (but not installed on) users' computers. High safety to prevent users from being
notified of software updates by e-mail, software packages from being
automatically downloaded to users' computers, and software packages from
being automatically installed on users' computers. If you disable this policy setting,
permissions are set to high safety. If
you do not configure this policy setting, permissions are set High safety. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1E05 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone |
Submit non-encrypted form data |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted.
Forms sent with SSL (Secure Sockets Layer) encryption are always allowed;
this setting only affects non-SSL form data submission. If you enable this policy setting,
information using HTML forms on pages in this zone can be submitted
automatically. If you select Prompt in the drop-down box, users are queried
to choose whether to allow information using HTML forms on pages in this zone
to be submitted. If you disable this
policy setting, information using HTML forms on pages in this zone is
prevented from being submitted. If you
do not configure this policy setting, users are queried to choose whether to
allow information using HTML forms on pages in this zone to be submitted. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1601 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone |
Use Pop-up Blocker |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are
opened when the end user clicks a link are not blocked. If you enable this policy setting, most
unwanted pop-up windows are prevented from appearing. If you disable this policy setting, pop-up
windows are not prevented from appearing.
If you do not configure this policy setting, most unwanted pop-up
windows are prevented from appearing. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1809 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone |
Userdata persistence |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage the preservation of information in the browser's history, in
favorites, in an XML store, or directly within a Web page saved to disk. When
a user returns to a persisted page, the state of the page can be restored if
this policy setting is appropriately configured. If you enable this policy setting, users
can preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you disable this policy setting, users
cannot preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you do not configure this policy
setting, users can preserve information in the browser's history, in
favorites, in an XML store, or directly within a Web page saved to disk. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1606 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone |
Web sites in less privileged Web content zones can navigate into this zone |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether Web sites from less privileged zones, which could only be
custom zones, can navigate into this zone.
If you enable this policy setting, Web sites from less privileged
zones can open new windows in, or navigate into, this zone. The security zone
will run without the added layer of security that is provided by the
Protection from Zone Elevation security feature. If you select Prompt in the
drop-down box, a warning is issued to the user that potentially risky
navigation is about to occur. If you
disable this policy setting, the possibly harmful navigations are prevented.
The Internet Explorer security feature will be on in this zone as set by
Protection from Zone Elevation feature control. If you do not configure this policy
setting, the possibly harmful navigations are prevented. The Internet
Explorer security feature will be on in this zone as set by Protection from
Zone Elevation feature control. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2101 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone |
Allow active scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether script code on pages in the zone is run. If you enable this policy setting, script
code on pages in the zone can run automatically. If you select Prompt in the
drop-down box, users are queried to choose whether to allow script code on
pages in the zone to run. If you
disable this policy setting, script code on pages in the zone is prevented
from running. If you do not configure
this policy setting, script code on pages in the zone is prevented from
running. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1400 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone |
Allow paste operations via script |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether scripts can perform a clipboard operation (for example,
cut, copy, and paste) in a specified region.
If you enable this policy setting, a script can perform a clipboard
operation. If you disable this policy
setting, a script cannot perform a clipboard operation. If you do not configure this policy
setting, a script cannot perform a clipboard operation. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1407 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone |
Scripting of Java applets |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether applets are exposed to scripts within the zone. If you enable this policy setting, scripts
can access applets automatically without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to allow scripts to access applets. If you disable this policy setting, scripts
are prevented from accessing applets.
If you do not configure this policy setting, scripts cannot access
applets automatically without user intervention. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1402 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted
Sites Zone |
Logon options |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage settings for logon options.
If you enable this policy setting, you can choose from the following
logon options: Anonymous logon to
disable HTTP authentication and use the guest account only for the Common
Internet File System (CIFS) protocol.
Prompt for user name and password to query users for user IDs and
passwords. After a user is queried, these values can be used silently for the
remainder of the session. Automatic
logon only in Intranet zone to query users for user IDs and passwords in
other zones. After a user is queried, these values can be used silently for
the remainder of the session.
Automatic logon with current user name and password to attempt logon
using Windows NT Challenge Response (also known as NTLM authentication). If
Windows NT Challenge Response is supported by the server, the logon uses the
user's network user name and password for logon. If Windows NT Challenge
Response is not supported by the server, the user is queried to provide the
user name and password. If you disable
this policy setting, logon is set to Automatic logon only in Intranet
zone. If you do not configure this
policy setting, logon is set to Prompt for user name and password. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1A00 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone |
Run .NET Framework-reliant components
signed with Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode
can be executed from Internet Explorer. These components include managed
controls referenced from an object tag and managed executables referenced
from a link. If you enable this policy
setting, Internet Explorer will execute signed managed components. If you
select Prompt in the drop-down box, Internet Explorer will prompt the user to
determine whether to execute signed managed components. If you disable this policy setting,
Internet Explorer will not execute signed managed components. If you do not configure this policy
setting, Internet Explorer will not execute signed managed components. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2001 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone |
Run .NET Framework-reliant components
not signed with Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether .NET Framework components that are not signed with
Authenticode can be executed from Internet Explorer. These components include
managed controls referenced from an object tag and managed executables
referenced from a link. If you enable
this policy setting, Internet Explorer will execute unsigned managed
components. If you select Prompt in the drop-down box, Internet Explorer will
prompt the user to determine whether to execute unsigned managed
components. If you disable this policy
setting, Internet Explorer will not execute unsigned managed components. If you do not configure this policy
setting, Internet Explorer will not execute unsigned managed components. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2004 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone |
Download signed ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users may download signed ActiveX controls from a page in
the zone. If you enable this policy,
users can download signed controls without user intervention. If you select
Prompt in the drop-down box, users are queried whether to download controls
signed by publishers who aren't trusted. Code signed by trusted publishers is
silently downloaded. If you disable
the policy setting, signed controls cannot be downloaded. If you do not configure this policy
setting, users can download signed controls without user intervention. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1001 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone |
Download unsigned ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone.
Such code is potentially harmful, especially when coming from an untrusted
zone. If you enable this policy
setting, users can run unsigned controls without user intervention. If you
select Prompt in the drop-down box, users are queried to choose whether to
allow the unsigned control to run. If
you disable this policy setting, users cannot run unsigned controls. If you do not configure this policy
setting, users can run unsigned controls without user intervention. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1004 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone |
Initialize and script ActiveX controls not marked as safe |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy
setting, ActiveX controls are run, loaded with parameters, and scripted
without setting object safety for untrusted data or scripts. This setting is
not recommended, except for secure and administered zones. This setting
causes both unsafe and safe controls to be initialized and scripted, ignoring
the Script ActiveX controls marked safe for scripting option. If you enable this policy setting and select
Prompt in the drop-down box, users are queried whether to allow the control
to be loaded with parameters or scripted.
If you disable this policy setting, ActiveX controls that cannot be
made safe are not loaded with parameters or scripted. If you do not configure this policy
setting, users are queried whether to allow the control to be loaded with
parameters or scripted. If you disable
this policy setting, ActiveX controls that cannot be made safe are not loaded
with parameters or scripted. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1201 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone |
Run ActiveX controls and plugins |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the
specified zone. If you enable this
policy setting, controls and plug-ins can run without user intervention. If you selected Prompt in the drop-down
box, users are asked to choose whether to allow the controls or plug-in to
run. If you disable this policy
setting, controls and plug-ins are prevented from running. If you do not configure this policy
setting, controls and plug-ins can run without user intervention. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1200 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone |
Script ActiveX controls marked safe for scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact
with a script. If you enable this
policy setting, script interaction can occur automatically without user
intervention. If you select Prompt in
the drop-down box, users are queried to choose whether to allow script
interaction. If you disable this
policy setting, script interaction is prevented from occurring. If you do not configure this policy
setting, script interaction can occur automatically without user
intervention. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1405 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone |
Allow file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether file downloads are permitted from the zone. This option is
determined by the zone of the page with the link causing the download, not
the zone from which the file is delivered.
If you enable this policy setting, files can be downloaded from the
zone. If you disable this policy
setting, files are prevented from being downloaded from the zone. If you do not configure this policy
setting, files can be downloaded from the zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1803 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone |
Allow font downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy setting, HTML
fonts can be downloaded automatically. If you enable this policy setting and
Prompt is selected in the drop-down box, users are queried whether to allow
HTML fonts to download. If you disable
this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting,
HTML fonts can be downloaded automatically. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1604 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone |
Java permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage permissions for Java applets.
If you enable this policy setting, you can choose options from the
drop-down box. Custom, to control permissions settings individually. Low Safety enables applets to perform all
operations. Medium Safety enables
applets to run in their sandbox (an area in memory outside of which the
program cannot make calls), plus capabilities like scratch space (a safe and
secure storage area on the client computer) and user-controlled file
I/O. High Safety enables applets to
run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java
applets cannot run. If you do not
configure this policy setting, the permission is set to Medium Safety. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1C00 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone |
Access data sources across domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether Internet Explorer can access data from another security
zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects
(ADO). If you enable this policy
setting, users can load a page in the zone that uses MSXML or ADO to access
data from another site in the zone. If you select Prompt in the drop-down
box, users are queried to choose whether to allow a page to be loaded in the
zone that uses MSXML or ADO to access data from another site in the zone. If you disable this policy setting, users
cannot load a page in the zone that uses MSXML or ADO to access data from
another site in the zone. If you do
not configure this policy setting, users can load a page in the zone that
uses MSXML or ADO to access data from another site in the zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1406 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone |
Allow active content over restricted protocols to access my computer |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the
Local Machine Zone can run active content such as script, ActiveX, Java and
Binary Behaviors. The list of restricted protocols may be set in the Local
Machine Zone Restricted Protocols section under Network Protocol Lockdown
policy. If you enable this policy
setting, no Local Machine Zone content accessed is affected, even for
protocols on the restricted list. If you select Prompt from the drop-down
box, the Information Bar will appear to allow control over questionable
content accessed over any restricted protocols; content over other protocols
is unaffected. If you disable this
policy setting, all attempts to access such content over the restricted
protocols is blocked. If you do not
configure this policy setting, no content is restricted. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2300 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone |
Automatic prompting for file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting determines whether users will be prompted for non user-initiated file downloads.
Regardless of this setting, users will receive file download dialogs for
user-initiated downloads. If you
enable this setting, users will receive a file download dialog for automatic
download attempts. If you disable or
do not configure this setting, file downloads that are not user-initiated
will be blocked, and users will see the Information Bar instead of the file
download dialog. Users can then click the Information Bar to allow the file
download prompt. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2200 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone |
Automatic prompting for ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting manages whether users
will be automatically prompted for ActiveX control installations. If you enable this policy setting, users
will receive a prompt when a site instantiates an ActiveX control they do not
have installed. If you disable this
policy setting, ActiveX control installations will be blocked using the
Information Bar. Users can click on the Information Bar to allow the ActiveX
control prompt. If you do not
configure this policy setting, the user’s preference will be used to
determine whether to block ActiveX control installations using the
Information Bar. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2201 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone |
Allow META REFRESH |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether a user's browser can be redirected to another Web page if
the author of the Web page uses the Meta Refresh setting (tag) to redirect
browsers to another Web page. If you
enable this policy setting, a user's browser that loads a page containing an
active Meta Refresh setting, can be redirected to another Web page. If you disable this policy setting, a
user's browser that loads a page containing an active Meta Refresh setting,
cannot be redirected to another Web page.
If you do not configure this policy setting, a user's browser that
loads a page containing an active Meta Refresh setting, can be redirected to
another Web page. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1608 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone |
Allow script-initiated windows without size or position constraints |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that
include the title and status bars. If
you enable this policy setting, Windows Restrictions security will not apply
in this zone. The security zone runs without the added layer of security
provided by this feature. If you
disable this policy setting, the possible harmful actions contained in
script-initiated pop-up windows and windows that include the title and status
bars cannot be run. This Internet Explorer security feature will be on in
this zone as dictated by the Scripted Windows Security Restrictions feature
control setting for the process. If
you do not configure this policy setting, Windows Restrictions security will
not apply in this zone. The security zone runs without the added layer of
security provided by this feature. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2102 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone |
Allow binary and script behaviors |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate
specific functionality for HTML elements to which they were attached. If you enable this policy setting, binary
and script behaviors are available. If you select Administrator approved in
the drop-down box, only behaviors listed in the Admin-approved Behaviors
under Binary Behaviors Security Restriction policy are available. If you disable this policy setting, binary
and script behaviors are not available unless applications have implemented a
custom security manager. If you do not
configure this policy setting, binary and script behaviors are available. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2000 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone |
Display mixed content |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users can display nonsecure items and manage whether users
receive a security information message to display pages containing both
secure and nonsecure items. If you
enable this policy setting, and the drop-down box is set to Enable, the user
does not receive a security information message (This page contains both
secure and nonsecure items. Do you want to display the nonsecure items?) and
nonsecure content can be displayed. If
the drop-down box is set to Prompt, the user will receive the security
information message on the Web pages that contain both secure (https://) and
nonsecure (http://) content. If you
disable this policy setting, users cannot receive the security information
message and nonsecure content cannot be displayed. If you do not configure this policy
setting, the user will receive the security information message on the Web
pages that contain both secure (https://) and nonsecure (http://) content. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1609 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone |
Do not prompt for client certificate selection when no certificates or only one certificate
exists. |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users are prompted to select a certificate when no
certificate or only one certificate exists.
If you enable this policy setting, Internet Explorer does not prompt
users with a Client Authentication message when they connect to a Web site
that has no certificate or only one certificate. If you disable this policy setting,
Internet Explorer prompts users with a Client Authentication message when
they connect to a Web site that has no certificate or only one
certificate. If you do not configure
this policy setting, Internet Explorer prompts users with a Client
Authentication message when they connect to a Web site that has no certificate
or only one certificate. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1A04 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone |
Allow drag and drop or copy and paste files |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users can drag files or copy and paste files from a source
within the zone. If you enable this
policy setting, users can drag files or copy and paste files from this zone
automatically. If you select Prompt in the drop-down box, users are queried
to choose whether to drag or copy files from this zone. If you disable this policy setting, users
are prevented from dragging files or copying and pasting files from this zone. If you do not configure this policy
setting, users can drag files or copy and paste files from this zone
automatically. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1802 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone |
Allow installation of desktop items |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users can install Active Desktop items from this zone. The
settings for this option are: If you enable this policy setting, users can
install desktop items from this zone automatically. If you select Prompt in the drop-down box,
users are queried to choose whether to install desktop items from this
zone. If you disable this policy
setting, users are prevented from installing desktop items from this zone. If you do not configure this policy
setting, users can install desktop items from this zone automatically. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1800 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone |
Launching applications and files in an IFRAME |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether applications may be run and files may be downloaded from an
IFRAME reference in the HTML of the pages in this zone. If you enable this policy setting, users
can run applications and download files from IFRAMEs on the pages in this
zone without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to run applications and download files
from IFRAMEs on the pages in this zone.
If you disable this policy setting, users are prevented from running
applications and downloading files from IFRAMEs on the pages in this
zone. If you do not configure this
policy setting, users can run applications and download files from IFRAMEs on
the pages in this zone without user intervention. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1804 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone |
Navigate sub-frames across different domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage the opening of sub-frames and access of applications across
different domains. If you enable this
policy setting, users can open additional sub-frames from other domains and
access applications from other domains. If you select Prompt in the drop-down
box, users are queried whether to allow additional sub-frames or access to
applications from other domains. If
you disable this policy setting, users cannot open other sub-frames or access
applications from different domains.
If you do not configure this policy setting, users can open additional
sub-frames from other domains and access applications from other domains. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1607 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone |
Open files based on content, not file extension |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on
a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the
file type based on a bit signature. If
you enable this policy setting, the MIME Sniffing Safety Feature will not
apply in this zone. The security zone will run without the added layer of
security provided by this feature. If
you disable this policy setting, the actions that may be harmful cannot run;
this Internet Explorer security feature will be turned on in this zone, as
dictated by the feature control setting for the process. If you do not configure this policy
setting, the actions that may be harmful cannot run; this Internet Explorer
security feature will be turned on in this zone, as dictated by the feature
control setting for the process. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2100 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone |
Software channel permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage software channel permissions.
If you enable this policy setting, you can choose the following
options from the drop-down box. Low
safety to allow users to be notified of software updates by e-mail, software
packages to be automatically downloaded to users' computers, and software
packages to be automatically installed on users' computers. Medium safety to allow users to be notified
of software updates by e-mail and software packages to be automatically
downloaded to (but not installed on) users' computers. High safety to prevent users from being
notified of software updates by e-mail, software packages from being
automatically downloaded to users' computers, and software packages from
being automatically installed on users' computers. If you disable this policy setting,
permissions are set to high safety. If
you do not configure this policy setting, permissions are set to Low safety. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1E05 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone |
Submit non-encrypted form data |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted.
Forms sent with SSL (Secure Sockets Layer) encryption are always allowed;
this setting only affects non-SSL form data submission. If you enable this policy setting,
information using HTML forms on pages in this zone can be submitted
automatically. If you select Prompt in the drop-down box, users are queried
to choose whether to allow information using HTML forms on pages in this zone
to be submitted. If you disable this
policy setting, information using HTML forms on pages in this zone is
prevented from being submitted. If you
do not configure this policy setting, information using HTML forms on pages
in this zone can be submitted automatically. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1601 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone |
Use Pop-up Blocker |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are
opened when the end user clicks a link are not blocked. If you enable this policy setting, most
unwanted pop-up windows are prevented from appearing. If you disable this policy setting, pop-up
windows are not prevented from appearing.
If you do not configure this policy setting, pop-up windows are not
prevented from appearing. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1809 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone |
Userdata persistence |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage the preservation of information in the browser's history, in
favorites, in an XML store, or directly within a Web page saved to disk. When
a user returns to a persisted page, the state of the page can be restored if
this policy setting is appropriately configured. If you enable this policy setting, users
can preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you disable this policy setting, users
cannot preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you do not configure this policy
setting, users can preserve information in the browser's history, in
favorites, in an XML store, or directly within a Web page saved to disk. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1606 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone |
Web sites in less privileged Web content zones can navigate into this zone |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet
sites, can navigate into this zone. If
you enable this policy setting, Web sites from less privileged zones can open
new windows in, or navigate into, this zone. The security zone will run
without the added layer of security that is provided by the Protection from
Zone Elevation security feature. If you select Prompt in the drop-down box, a
warning is issued to the user that potentially risky navigation is about to
occur. If you disable this policy
setting, the possibly harmful navigations are prevented. The Internet
Explorer security feature will be on in this zone as set by Protection from
Zone Elevation feature control. If you
do not configure this policy setting, the possibly harmful navigations are
prevented. The Internet Explorer security feature will be on in this zone as
set by Protection from Zone Elevation feature control. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2101 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone |
Allow active scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether script code on pages in the zone is run. If you enable this policy setting, script
code on pages in the zone can run automatically. If you select Prompt in the
drop-down box, users are queried to choose whether to allow script code on
pages in the zone to run. If you
disable this policy setting, script code on pages in the zone is prevented
from running. If you do not configure
this policy setting, script code on pages in the zone can run automatically. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1400 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone |
Allow paste operations via script |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether scripts can perform a clipboard operation (for example,
cut, copy, and paste) in a specified region.
If you enable this policy setting, a script can perform a clipboard
operation. If you disable this policy
setting, a script cannot perform a clipboard operation. If you do not configure this policy
setting, a script can perform a clipboard operation. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1407 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone |
Scripting of Java applets |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether applets are exposed to scripts within the zone. If you enable this policy setting, scripts
can access applets automatically without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to allow scripts to access applets. If you disable this policy setting, scripts
are prevented from accessing applets.
If you do not configure this policy setting, scripts can access
applets automatically without user intervention. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1402 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Local
Machine Zone |
Logon options |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage settings for logon options.
If you enable this policy setting, you can choose from the following
logon options. Anonymous logon to
disable HTTP authentication and use the guest account only for the Common
Internet File System (CIFS) protocol.
Prompt for user name and password to query users for user IDs and
passwords. After a user is queried, these values can be used silently for the
remainder of the session. Automatic
logon only in Intranet zone to query users for user IDs and passwords in
other zones. After a user is queried, these values can be used silently for
the remainder of the session.
Automatic logon with current user name and password to attempt logon
using Windows NT Challenge Response (also known as NTLM authentication). If
Windows NT Challenge Response is supported by the server, the logon uses the
user's network user name and password for logon. If Windows NT Challenge
Response is not supported by the server, the user is queried to provide the
user name and password. If you disable
this policy setting, logon is set to Automatic logon only in Intranet
zone. If you do not configure this
policy setting, logon is set to Automatic logon with current username and
password. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1A00 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Local Machine Zone |
Run .NET Framework-reliant components
signed with Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode
can be executed from Internet Explorer. These components include managed
controls referenced from an object tag and managed executables referenced
from a link. If you enable this policy
setting, Internet Explorer will execute signed managed components. If you
select Prompt in the drop-down box, Internet Explorer will prompt the user to
determine whether to execute signed managed components. If you disable this policy setting,
Internet Explorer will not execute signed managed components. If you do not configure this policy
setting, Internet Explorer will not execute signed managed components. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2001 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Local Machine Zone |
Run .NET Framework-reliant components
not signed with Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether .NET Framework components that are not signed with
Authenticode can be executed from Internet Explorer. These components include
managed controls referenced from an object tag and managed executables
referenced from a link. If you enable
this policy setting, Internet Explorer will execute unsigned managed
components. If you select Prompt in the drop-down box, Internet Explorer will
prompt the user to determine whether to execute unsigned managed
components. If you disable this policy
setting, Internet Explorer will not execute unsigned managed components. If you do not configure this policy
setting, Internet Explorer will not execute unsigned managed components. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2004 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Local Machine Zone |
Download signed ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users may download signed ActiveX controls from a page in
the zone. If you enable this policy,
users can download signed controls without user intervention. If you select
Prompt in the drop-down box, users are queried whether to download controls
signed by publishers who aren't trusted. Code signed by trusted publishers is
silently downloaded. If you disable
the policy setting, signed controls cannot be downloaded. If you do not configure this policy
setting, users are queried whether to download controls signed by publishers
who aren't trusted. Code signed by
trusted publishers is silently downloaded. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1001 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Local Machine Zone |
Download unsigned ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone.
Such code is potentially harmful, especially when coming from an untrusted
zone. If you enable this policy
setting, users can run unsigned controls without user intervention. If you
select Prompt in the drop-down box, users are queried to choose whether to
allow the unsigned control to run. If
you disable this policy setting, users cannot run unsigned controls. If you do not configure this policy
setting, users cannot run unsigned controls. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1004 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Local Machine Zone |
Initialize and script ActiveX controls not marked as safe |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy
setting, ActiveX controls are run, loaded with parameters, and scripted
without setting object safety for untrusted data or scripts. This setting is
not recommended, except for secure and administered zones. This setting
causes both unsafe and safe controls to be initialized and scripted, ignoring
the Script ActiveX controls marked safe for scripting option. If you enable this policy setting and select
Prompt in the drop-down box, users are queried whether to allow the control
to be loaded with parameters or scripted.
If you disable this policy setting, ActiveX controls that cannot be
made safe are not loaded with parameters or scripted. If you do not configure this policy
setting, ActiveX controls that cannot be made safe are not loaded with
parameters or scripted. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1201 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Local Machine Zone |
Run ActiveX controls and plugins |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the
Local Machine zone. If you enable this
policy setting, controls and plug-ins can run without user intervention. If you selected Prompt in the drop-down
box, users are asked to choose whether to allow the controls or plug-in to
run. If you disable this policy
setting, controls and plug-ins are prevented from running. If you do not configure this policy
setting, controls and plug-ins are prevented from running. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1200 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Local Machine Zone |
Script ActiveX controls marked safe for scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact
with a script. If you enable this
policy setting, script interaction can occur automatically without user
intervention. If you select Prompt in
the drop-down box, users are queried to choose whether to allow script
interaction. If you disable this
policy setting, script interaction is prevented from occurring. If you do not configure this policy
setting, script interaction can occur automatically without user
intervention. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1405 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Local Machine Zone |
Allow file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether file downloads are permitted from the Local Machine zone.
This option is determined by the zone of the page with the link causing the
download, not the zone from which the file is delivered. If you enable this policy setting, files
can be downloaded from the zone. If
you disable this policy setting, files are prevented from being downloaded
from the zone. If you do not configure
this policy setting, files can be downloaded from the zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1803 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Local Machine Zone |
Allow font downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy setting, HTML
fonts can be downloaded automatically. If you enable this policy setting and
Prompt is selected in the drop-down box, users are queried whether to allow
HTML fonts to download. If you disable
this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting,
HTML fonts can be downloaded automatically. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1604 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Local Machine Zone |
Java permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage permissions for Java applets.
If you enable this policy setting, you can choose options from the
drop-down box. Custom, to control permissions settings individually. Low Safety enables applets to perform all
operations. Medium Safety enables
applets to run in their sandbox (an area in memory outside of which the
program cannot make calls), plus capabilities like scratch space (a safe and
secure storage area on the client computer) and user-controlled file
I/O. High Safety enables applets to
run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java
applets cannot run. If you do not
configure this policy setting, the permission is set to High Safety. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1C00 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Local Machine Zone |
Access data sources across domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether Internet Explorer can access data from another security
zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects
(ADO). If you enable this policy
setting, users can load a page in the zone that uses MSXML or ADO to access
data from another site in the zone. If you select Prompt in the drop-down
box, users are queried to choose whether to allow a page to be loaded in the
zone that uses MSXML or ADO to access data from another site in the zone. If you disable this policy setting, users
cannot load a page in the zone that uses MSXML or ADO to access data from
another site in the zone. If you do
not configure this policy setting, users are queried to choose whether to
allow a page to be loaded in the zone that uses MSXML or ADO to access data
from another site in the zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1406 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Local Machine Zone |
Automatic prompting for file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting determines whether users will be prompted for non user-initiated file downloads.
Regardless of this setting, users will receive file download dialogs for
user-initiated downloads. If you
enable this setting, users will receive a file download dialog for automatic
download attempts. If you disable or
do not configure this setting, file downloads that are not user-initiated
will be blocked, and users will see the Information Bar instead of the file
download dialog. Users can then click the Information Bar to allow the file
download prompt. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2200 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Local Machine Zone |
Automatic prompting for ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting manages whether users
will be automatically prompted for ActiveX control installations. If you enable this policy setting, users
will receive a prompt when a site instantiates an ActiveX control they do not
have installed. If you disable this
policy setting, ActiveX control installations will be blocked using the
Information Bar. Users can click on the Information Bar to allow the ActiveX
control prompt. If you do not
configure this policy setting, the user’s preference will be used to
determine whether to block ActiveX control installations using the
Information Bar. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2201 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Local Machine Zone |
Allow META REFRESH |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether a user's browser can be redirected to another Web page if
the author of the Web page uses the Meta Refresh setting (tag) to redirect
browsers to another Web page. If you
enable this policy setting, a user's browser that loads a page containing an
active Meta Refresh setting, can be redirected to another Web page. If you disable this policy setting, a
user's browser that loads a page containing an active Meta Refresh setting,
cannot be redirected to another Web page.
If you do not configure this policy setting, a user's browser that
loads a page containing an active Meta Refresh setting, can be redirected to
another Web page. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1608 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Local Machine Zone |
Allow script-initiated windows without size or position constraints |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that
include the title and status bars. If
you enable this policy setting, Windows Restrictions security will not apply
in the Local Machine zone. The security zone runs without the added layer of
security provided by this feature. If
you disable this policy setting, the possible harmful actions contained in
script-initiated pop-up windows and windows that include the title and status
bars cannot be run. This Internet Explorer security feature will be on in the
Local Machine zone as dictated by the Scripted Windows Security Restrictions
feature control setting for the process.
If you do not configure this policy setting, the possible harmful
actions contained in script-initiated pop-up windows and windows that include
the title and status bars cannot be run. This Internet Explorer security
feature will be on in the Local Machine zone as dictated by the Scripted
Windows Security Restrictions feature control setting for the process. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2102 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Local Machine Zone |
Allow binary and script behaviors |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate
specific functionality for HTML elements to which they were attached. If you enable this policy setting, binary
and script behaviors are available. If you select Administrator approved in
the drop-down box, only behaviors listed in the Admin-approved Behaviors
under Binary Behaviors Security Restriction policy are available. If you disable this policy setting, binary
and script behaviors are not available unless applications have implemented a
custom security manager. If you do not
configure this policy setting, binary and script behaviors are not available
unless applications have implemented a custom security manager. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2000 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Local Machine Zone |
Display mixed content |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users can display nonsecure items and manage whether users
receive a security information message to display pages containing both
secure and nonsecure items. If you
enable this policy setting, and the drop-down box is set to Enable, the user
does not receive a security information message (This page contains both
secure and nonsecure items. Do you want to display the nonsecure items?) and
nonsecure content can be displayed. If
the drop-down box is set to Prompt, the user will receive the security
information message on the Web pages that contain both secure (https://) and
nonsecure (http://) content. If you
disable this policy setting, users cannot receive the security information
message and nonsecure content cannot be displayed. If you do not configure this policy
setting, the user will receive the security information message on the Web
pages that contain both secure (https://) and nonsecure (http://) content. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1609 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Local Machine Zone |
Do not prompt for client certificate selection when no certificates or only one certificate
exists. |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users are prompted to select a certificate when no
certificate or only one certificate exists.
If you enable this policy setting, Internet Explorer does not prompt
users with a Client Authentication message when they connect to a Web site
that has no certificate or only one certificate. If you disable this policy setting,
Internet Explorer prompts users with a Client Authentication message when
they connect to a Web site that has no certificate or only one
certificate. If you do not configure
this policy setting, Internet Explorer prompts users with a Client
Authentication message when they connect to a Web site that has no certificate
or only one certificate. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1A04 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Local Machine Zone |
Allow drag and drop or copy and paste files |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users can drag files or copy and paste files from a source
within the Local Machine zone. If you
enable this policy setting, users can drag files or copy and paste files from
the Local Machine zone automatically. If you select Prompt in the drop-down
box, users are queried to choose whether to drag or copy files from the Local
Machine zone. If you disable this
policy setting, users are prevented from dragging files or copying and
pasting files from the Local Machine zone.
If you do not configure this policy setting, users can drag files or
copy and paste files from the Local machine zone automatically. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1802 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Local Machine Zone |
Allow installation of desktop items |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users can install Active Desktop items from the Local
Machine zone. The settings for this option are: If you enable this policy
setting, users can install desktop items from the Local Machine zone
automatically. If you select Prompt in
the drop-down box, users are queried to choose whether to install desktop
items from the Local Machine zone. If
you disable this policy setting, users are prevented from installing desktop
items from the Local Machine zone. If
you do not configure this policy setting, users are queried to choose whether
to install desktop items from the Local Machine zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1800 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Local Machine Zone |
Launching applications and files in an IFRAME |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether applications may be run and files may be downloaded from an
IFRAME reference in the HTML of the pages in this zone. If you enable this policy setting, users
can run applications and download files from IFRAMEs on the pages in this
zone without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to run applications and download files
from IFRAMEs on the pages in this zone.
If you disable this policy setting, users are prevented from running
applications and downloading files from IFRAMEs on the pages in this
zone. If you do not configure this
policy setting, users are queried to choose whether to run applications and
download files from IFRAMEs on the pages in this zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1804 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Local Machine Zone |
Navigate sub-frames across different domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage the opening of sub-frames and access of applications across
different domains. If you enable this
policy setting, users can open additional sub-frames from other domains and
access applications from other domains. If you select Prompt in the drop-down
box, users are queried whether to allow additional sub-frames or access to
applications from other domains. If
you disable this policy setting, users cannot open other sub-frames or access
applications from different domains.
If you do not configure this policy setting, users can open additional
sub-frames from other domains and access applications from other domains. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1607 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Local Machine Zone |
Open files based on content, not file extension |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on
a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the
file type based on a bit signature. If
you enable this policy setting, the MIME Sniffing Safety Feature will not
apply in the Local Machine zone. The security zone will run without the added
layer of security provided by this feature.
If you disable this policy setting, the actions that may be harmful
cannot run; this Internet Explorer security feature will be turned on in the
Local Machine zone, as dictated by the feature control setting for the
process. If you do not configure this
policy setting, the actions that may be harmful cannot run; this Internet
Explorer security feature will be turned on in the Local Machine zone, as
dictated by the feature control setting for the process. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2100 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Local Machine Zone |
Software channel permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage software channel permissions.
If you enable this policy setting, you can choose the following
options from the drop-down box. Low
safety to allow users to be notified of software updates by e-mail, software
packages to be automatically downloaded to users' computers, and software
packages to be automatically installed on users' computers. Medium safety to allow users to be notified
of software updates by e-mail and software packages to be automatically
downloaded to (but not installed on) users' computers. High safety to prevent users from being
notified of software updates by e-mail, software packages from being
automatically downloaded to users' computers, and software packages from
being automatically installed on users' computers. If you disable this policy setting,
permissions are set to high safety. If
you do not configure this policy setting, permissions are set to Medium
safety. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1E05 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Local Machine Zone |
Submit non-encrypted form data |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether data on HTML forms on pages in the Local Machine zone may
be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are
always allowed; this setting only affects non-SSL form data submission. If you enable this policy setting,
information using HTML forms on pages in the Local Machine zone can be
submitted automatically. If you select Prompt in the drop-down box, users are
queried to choose whether to allow information using HTML forms on pages in
the Local Machine zone to be submitted.
If you disable this policy setting, information using HTML forms on
pages in the Local Machine zone is prevented from being submitted. If you do not configure this policy
setting, information using HTML forms on pages in the Local Machine zone can
be submitted automatically. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1601 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Local Machine Zone |
Use Pop-up Blocker |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are
opened when the end user clicks a link are not blocked. If you enable this policy setting, most
unwanted pop-up windows are prevented from appearing. If you disable this policy setting, pop-up
windows are not prevented from appearing.
If you do not configure this policy setting, most unwanted pop-up
windows are prevented from appearing. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1809 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Local Machine Zone |
Userdata persistence |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage the preservation of information in the browser's history, in
favorites, in an XML store, or directly within a Web page saved to disk. When
a user returns to a persisted page, the state of the page can be restored if
this policy setting is appropriately configured. If you enable this policy setting, users
can preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you disable this policy setting, users
cannot preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you do not configure this policy
setting, users can preserve information in the browser's history, in
favorites, in an XML store, or directly within a Web page saved to disk. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1606 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Local Machine Zone |
Web sites in less privileged Web content zones can navigate into this zone |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet
sites, can navigate to the Local Machine zone. If you enable this policy setting, Web
sites from less privileged zones can open new windows in, or navigate into,
the Local Machine zone. The security zone will run without the added layer of
security that is provided by the Protection from Zone Elevation security
feature. If you select Prompt in the drop-down box, a warning is issued to
the user that potentially risky navigation is about to occur. If you disable this policy setting, the
possibly harmful navigations are prevented. The Internet Explorer security
feature will be on in the Local Machine zone as set by Protection from Zone
Elevation feature control. If you do
not configure this policy setting, the possibly harmful navigations are
prevented. The Internet Explorer security feature will be on in the Local
Machine zone as set by Protection from Zone Elevation feature control. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2101 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Local Machine Zone |
Allow active scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether script code on pages in the Local Machine zone is run. If you enable this policy setting, script
code on pages in the Local Machine zone can run automatically. If you select
Prompt in the drop-down box, users are queried to choose whether to allow
script code on pages in the Local Machine zone to run. If you disable this policy setting, script
code on pages in the Local Machine zone is prevented from running. If you do not configure this policy
setting, script code on pages in the Local Machine zone can run
automatically. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1400 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Local Machine Zone |
Allow paste operations via script |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether scripts can perform a clipboard operation (for example,
cut, copy, and paste) in a specified region.
If you enable this policy setting, a script can perform a clipboard
operation. If you disable this policy,
a script cannot perform a clipboard operation. If you do not configure this policy
setting, a script can perform a clipboard operation. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1407 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Local Machine Zone |
Scripting of Java applets |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether applets are exposed to scripts within the zone. If you enable this policy setting, scripts
can access applets automatically without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to allow scripts to access applets. If you disable this policy setting, scripts
are prevented from accessing applets.
If you do not configure this policy setting, scripts can access
applets automatically without user intervention. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1402 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Local Machine Zone |
Logon options |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage settings for logon options.
If you enable this policy setting, you can choose from the following
logon options: Anonymous logon to
disable HTTP authentication and use the guest account only for the Common
Internet File System (CIFS) protocol.
Prompt for user name and password to query users for user IDs and
passwords. After a user is queried, these values can be used silently for the
remainder of the session. Automatic
logon only in Intranet zone to query users for user IDs and passwords in
other zones. After a user is queried, these values can be used silently for
the remainder of the session.
Automatic logon with current user name and password to attempt logon
using Windows NT Challenge Response (also known as NTLM authentication). If
Windows NT Challenge Response is supported by the server, the logon uses the
user's network user name and password for logon. If Windows NT Challenge
Response is not supported by the server, the user is queried to provide the
user name and password. If you disable
this policy setting, logon is set to Automatic logon only in Intranet
zone. If you do not configure this
policy setting, logon is set to Automatic logon only in Intranet zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1A00 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page |
Site to Zone Assignment List |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage a list of sites that you want to associate with a particular
security zone. These zone numbers have associated security settings that
apply to all of the sites in the zone.
Internet Explorer has 4 security zones, numbered 1-4, and these are
used by this policy setting to associate sites to zones. They are: (1)
Intranet zone, (2) Trusted Sites zone, (3) Internet zone, and (4) Restricted
Sites zone. Security settings can be set for each of these zones through other
policy settings, and their default settings are: Trusted Sites zone (Low
template), Intranet zone (Medium-Low template), Internet zone (Medium
template), and Restricted Sites zone (High template). (The Local Machine zone
and its locked down equivalent have special security settings that protect
your local computer.) If you enable
this policy setting, you can enter a list of sites and their related zone
numbers. The association of a site with a zone will ensure that the security
settings for the specified zone are applied to the site. For each entry
that you add to the list, enter the following information: Valuename – A host for an intranet site, or
a fully qualified domain name for other sites. The valuename may also
include a specific protocol. For example, if you enter
http://www.contoso.com as the valuename, other protocols are not
affected. If you enter just www.contoso.com, then all protocols are
affected for that site, including http, https, ftp, and so on. The site may
also be expressed as an IP address (e.g., 127.0.0.1) or range (e.g.,
127.0.0.1-10). To avoid creating conflicting policies, do not include
additional characters after the domain such as trailing slashes or URL path.
For example, policy settings for www.contoso.com and www.contoso.com/mail
would be treated as the same policy setting by Internet Explorer, and would
therefore be in conflict. Value - A
number indicating the zone with which this site should be associated for
security settings. The Internet Explorer zones described above are 1-4. If you disable this policy setting, any
such list is deleted and no site-to-zone assignments are permitted. If this policy is not configured, users may
choose their own site-to-zone assignments. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings!ListBox_Support_ZoneMapKey |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page |
Intranet Sites: Include all local (intranet) sites not listed in other zones |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting controls whether local sites which are not explicitly mapped into any Security Zone are
forced into the local Intranet security zone.
If you enable this policy setting, local sites which are not
explicitly mapped into a zone are considered to be in the Intranet Zone. If you disable this policy setting, local
sites which are not explicitly mapped into a zone will not be considered to
be in the Intranet Zone (so would typically be in the Internet Zone). If you do not configure this policy
setting, users choose whether to force local sites into the Intranet Zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap!IntranetName |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page |
Intranet Sites: Include all sites that bypass the proxy server |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting controls whether sites which bypass the proxy server are mapped into the local Intranet
security zone. If you enable this
policy setting, sites which bypass the proxy server are mapped into the
Intranet Zone. If you disable this
policy setting, sites which bypass the proxy server aren't necessarily mapped
into the Intranet Zone (other rules might map one there). If you do not configure this policy
setting, users choose whether sites which bypass the proxy server are mapped
into the Intranet Zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap!ProxyByPass |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page |
Intranet Sites: Include all network paths (UNCs) |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting controls whether URLs representing UNCs are mapped into the local Intranet security
zone. If you enable this policy
setting, all network paths are mapped into the Intranet Zone. If you disable this policy setting, network
paths are not necessarily mapped into the Intranet Zone (other rules might
map one there). If you do not
configure this policy setting, users choose whether network paths are mapped
into the Intranet Zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap!UNCAsIntranet |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page |
Internet Zone Template |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This template policy setting allows you to configure policy settings in this zone consistent with a selected
security level, for example, Low, Medium Low, Medium, or High. If you enable this template policy setting
and select a security level, all values for individual settings in the zone
will be overwritten by the standard template defaults. If you disable this template policy
setting, no security level is configured.
If you do not configure this template policy setting, no security
level is configured. Note. Local
Machine Zone Lockdown Security operates by comparing the settings in the
Local Machine Zone against those in the Locked-Down Local Machine Zone. If
you select a security level for one of these zones (including selecting no
security), the same change should be made to the other zone. Note. It is recommended to configure
template policy settings in one Group Policy object (GPO) and configure any
related individual policy settings in a separate GPO. You can then use Group
Policy management features (for example, precedence, inheritance, or enforce)
to apply individual settings to specific targets. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Template Policies!InternetZoneTemplate,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Template Policies!Internet, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1200, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1402, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1407, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1C00, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2001, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2101, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2201, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2300,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1004, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1607, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1800, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1804, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1A04, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2000, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2100, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2300,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1402, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1407, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1606, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1609, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1803, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1A00, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2201, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2300,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1004, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1400, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1406, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1604, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1608, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2000, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2100, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2200, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2300,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1001, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1201, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1803, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1A00, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!1E05, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2004, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2102, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\3!2300 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page |
Intranet Zone Template |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This template policy setting allows you to configure policy settings in this zone consistent with a selected
security level, for example, Low, Medium Low, Medium, or High. If you enable this template policy setting
and select a security level, all values for individual settings in the zone
will be overwritten by the standard template defaults. If you disable this template policy
setting, no security level is configured.
If you do not configure this template policy setting, no security
level is configured. Note. Local
Machine Zone Lockdown Security operates by comparing the settings in the
Local Machine Zone against those in the Locked-Down Local Machine Zone. If
you select a security level for one of these zones (including selecting no
security), the same change should be made to the other zone. Note. It is recommended to configure
template policy settings in one Group Policy object (GPO) and configure any
related individual policy settings in a separate GPO. You can then use Group
Policy management features (for example, precedence, inheritance, or enforce)
to apply individual settings to specific targets. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Intranet
Settings\Template Policies!IntranetZoneTemplate,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Intranet
Settings\Template Policies!Intranet, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1200, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1402, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1407, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1C00, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2001, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2101, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2201, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2300,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1004, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1607, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1800, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1804, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1A04, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2000, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2100, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2300,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1402, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1407, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1606, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1609, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1803, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1A00, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2201, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2300,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1004, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1400, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1406, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1604, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1608, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2000, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2100, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2200, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2300,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1001, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1201, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1803, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1A00, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1E05, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2004, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2102, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2300 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page |
Trusted Sites Zone Template |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This template policy setting allows you to configure policy settings in this zone consistent with a selected
security level, for example, Low, Medium Low, Medium, or High. If you enable this template policy setting
and select a security level, all values for individual settings in the zone
will be overwritten by the standard template defaults. If you disable this template policy
setting, no security level is configured.
If you do not configure this template policy setting, no security
level is configured. Note. Local
Machine Zone Lockdown Security operates by comparing the settings in the
Local Machine Zone against those in the Locked-Down Local Machine Zone. If
you select a security level for one of these zones (including selecting no
security), the same change should be made to the other zone. Note. It is recommended to configure
template policy settings in one Group Policy object (GPO) and configure any
related individual policy settings in a separate GPO. You can then use Group
Policy management features (for example, precedence, inheritance, or enforce)
to apply individual settings to specific targets. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Trusted
Sites Settings\Template Policies!TrustedSitesZoneTemplate,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Trusted Sites
Settings\Template Policies!Trusted Sites, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1200, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1802, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1809, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1C00, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2001, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2101, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2300,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1601, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1607, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1800, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1804, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1A04, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2300, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1200, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1402, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1407, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1606, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1609, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2001, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2101, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2201, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2300,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1004, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1400, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1406, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1804, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1A04, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2000, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2100, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2200, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2300,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1606, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1609, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1803, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1A00, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!1E05, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2300 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page |
Restricted Sites Zone Template |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This template policy setting allows you to configure policy settings in this zone consistent with a selected
security level, for example, Low, Medium Low, Medium, or High. If you enable this template policy setting
and select a security level, all values for individual settings in the zone
will be overwritten by the standard template defaults. If you disable this template policy
setting, no security level is configured.
If you do not configure this template policy setting, no security
level is configured. Note. Local
Machine Zone Lockdown Security operates by comparing the settings in the
Local Machine Zone against those in the Locked-Down Local Machine Zone. If
you select a security level for one of these zones (including selecting no
security), the same change should be made to the other zone. Note. It is recommended to configure
template policy settings in one Group Policy object (GPO) and configure any
related individual policy settings in a separate GPO. You can then use Group
Policy management features (for example, precedence, inheritance, or enforce)
to apply individual settings to specific targets. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Restricted
Sites Settings\Template Policies!RestrictedSitesZoneTemplate,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Restricted Sites
Settings\Template Policies!Restricted Sites, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1608, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1802, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1809, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1C00, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2001, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2300,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1201, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1405, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1601, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1607, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1800, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1804, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2102, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2300, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1200, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1402, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1407, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1606, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1C00, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2001, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2101, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2201, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2300,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1004, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1800, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1804, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1A04, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2000, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2100, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2300,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1407, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1606, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1609, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1803, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1A00, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2201, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\4!2300 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page |
Local Machine Zone Template |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This template policy setting allows you to configure policy settings in this zone consistent with a selected
security level, for example, Low, Medium Low, Medium, or High. If you enable this template policy setting
and select a security level, all values for individual settings in the zone
will be overwritten by the standard template defaults. If you disable this template policy
setting, no security level is configured.
If you do not configure this template policy setting, no security
level is configured. Note. Local
Machine Zone Lockdown Security operates by comparing the settings in the
Local Machine Zone against those in the Locked-Down Local Machine Zone. If
you select a security level for one of these zones (including selecting no
security), the same change should be made to the other zone. Note. It is recommended to configure
template policy settings in one Group Policy object (GPO) and configure any
related individual policy settings in a separate GPO. You can then use Group
Policy management features (for example, precedence, inheritance, or enforce)
to apply individual settings to specific targets. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Local
Machine Zone Settings\Template Policies!LocalMachineZoneTemplate,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Local Machine Zone
Settings\Template Policies!Local Machine Zone, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1604, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1608, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1802, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1809, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1C00, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2001, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2300,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1201, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1405, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1601, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1607, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1800, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1804, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2102, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2300, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1200, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1402, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1407, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1C00, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2001, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2101, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2201, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2300,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1004, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1607, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1800, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1804, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1A04, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2000, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2100, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2300,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1402, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1407, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1606, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1609, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1803, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1A00, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2201, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0!2300 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative
Templates\Windows Components\Internet Explorer\Internet Control
Panel\Security Page |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This template policy setting allows you to configure policy settings in this zone consistent with a selected
security level, for example, Low, Medium Low, Medium, or High. If you enable this template policy setting
and select a security level, all values for individual settings in the zone
will be overwritten by the standard template defaults. If you disable this template policy
setting, no security level is configured.
If you do not configure this template policy setting, no security
level is configured. Note. Local
Machine Zone Lockdown Security operates by comparing the settings in the
Local Machine Zone against those in the Locked-Down Local Machine Zone. If
you select a security level for one of these zones (including selecting no
security), the same change should be made to the other zone. Note. It is recommended to configure
template policy settings in one Group Policy object (GPO) and configure any
related individual policy settings in a separate GPO. You can then use Group
Policy management features (for example, precedence, inheritance, or enforce)
to apply individual settings to specific targets. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Local
Machine Zone Lockdown Settings\Template
Policies!LocalMachineZoneLockdownTemplate,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Local Machine Zone
Lockdown Settings\Template Policies!Locked-Down Local Machine Zone,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1004, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1601, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1609, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1C00, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2100, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2200, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1201, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1606, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1802, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1809, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2000, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1001, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1402, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1608, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1804, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1A04, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2004, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1200, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1406, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1604, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1800, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1E05, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2101, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1400, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1601, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1607, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1803, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2001, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2200, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\0!2201 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Advanced Page |
Allow software to run or install even if the signature is invalid |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether software, such as ActiveX controls and file downloads, can
be installed or run by the user even though the signature is invalid. An
invalid signature might indicate that someone has tampered with the
file. If you enable this policy
setting, users will be prompted to install or run files with an invalid
signature. If you disable this policy
setting, users cannot run or install files with an invalid signature. If you do not configure this policy, users
can choose to run or install files with an invalid signature. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Download!RunInvalidSignatures |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Advanced Page |
Allow active content from CDs to run on user machines |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether users receive a dialog requesting permission for active
content on a CD to run. If you enable
this policy setting, active content on a CD will run without a prompt. If you disable this policy setting, active
content on a CD will always prompt before running. If you do not configure this policy, users
can choose whether to be prompted before running active content on a CD. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Settings!LOCALMACHINE_CD_UNLOCK |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Binary Behavior
Security Restriction |
Internet Explorer Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
Internet Explorer contains dynamic binary behaviors: components that encapsulate specific functionality for
the HTML elements to which they are attached. This policy setting controls
whether the Binary Behavior Security Restriction setting is prevented or
allowed. If you enable this policy
setting, binary behaviors are prevented for the Windows Explorer and Internet
Explorer processes. If you disable
this policy setting, binary behaviors are allowed for the Windows Explorer
and Internet Explorer processes. If
you do not configure this policy setting, binary behaviors are prevented for
the Windows Explorer and Internet Explorer processes. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!(Reserved),
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!explorer.exe,
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!iexplore.exe,
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!(Reserved),
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!explorer.exe,
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!iexplore.exe |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Binary Behavior
Security Restriction |
Process List |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
Internet Explorer contains dynamic binary behaviors: components that encapsulate specific functionality for
the HTML elements to which they are attached. This policy setting controls
whether the Binary Behavior Security Restriction setting is prevented or allowed. This policy setting allows administrators
to define applications for which they want this security feature to be
prevented or allowed. If you enable
this policy setting and enter a Value of 1 binary behaviors are prevented. If
you enter a Value of 0 binary behaviors are allowed. The Value Name is the
name of the executable. If a Value Name is empty or the Value is not 0 or 1,
the policy setting is ignored. Do not
enter the Internet Explorer processes in this list: use the related Internet
Explorer Processes policy to enable or disable IE processes. If the All
Processes policy setting is enabled, the processes configured in this box
take precedence over that setting. If
you disable or do not configure this policy setting, the security feature is
allowed. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl!ListBox_Support_FEATURE_BEHAVIORS |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Binary Behavior
Security Restriction |
All Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
Internet Explorer contains dynamic binary behaviors: components that encapsulate specific functionality for
the HTML elements to which they are attached. This policy setting controls
whether the Binary Behavior Security Restriction setting is prevented or
allowed. If you enable this policy
setting, binary behaviors are prevented for all processes. Any use of binary
behaviors for HTML rendering is blocked.
If you disable or do not configure this policy setting, binary
behaviors are allowed for all processes. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!* |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Binary Behavior
Security Restriction |
Admin-approved behaviors |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
For each zone, the Binary and Scripted
Behavior security restrictions may be configured to allow only a list of
admin-approved behaviors. This list may be configured here, and applies to
all processes which have opted in to the behavior, and to all zones.
(Behaviors are components that encapsulate specific functionality or behavior
on a page.) If you enable this policy
setting, this sets the list of behaviors permitted in each zone for which
Script and Binary Behaviors is set to 'admin-approved'. Behaviors must be
entered in #package#behavior notation, e.g., #default#vml. If you disable this policy setting, no
behaviors will be allowed in zones set to 'admin-approved', just as if those
zones were set to 'disable'. If you do
not configure this policy setting, only VML will be allowed in zones set to
'admin-approved'. Note. If this policy is set in both Computer
Configuration and User Configuration, both lists of behaviors will be allowed
as appropriate. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings!ListBox_Support_AllowedBehaviors |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\MK Protocol Security
Restriction |
Internet Explorer Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
The MK Protocol Security Restriction policy setting reduces attack surface area by preventing the MK
protocol. Resources hosted on the MK protocol will fail. If you enable this policy setting, the MK
Protocol is prevented for Windows Explorer and Internet Explorer, and
resources hosted on the MK protocol will fail. If you disable this policy setting,
applications can use the MK protocol API. Resources hosted on the MK protocol
will work for the Windows Explorer and Internet Explorer processes. If you do not configure this policy
setting, the MK Protocol is prevented for Windows Explorer and Internet
Explorer, and resources hosted on the MK protocol will fail. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!(Reserved),
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!explorer.exe,
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!iexplore.exe,
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!(Reserved),
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!explorer.exe,
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!iexplore.exe |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\MK Protocol Security
Restriction |
Process List |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
The
MK Protocol Security Restriction policy setting
reduces attack surface area by preventing the MK protocol. Resources hosted
on the MK protocol will fail. This
policy setting allows administrators to define applications for which they
want this security feature to be prevented or allowed. If you enable this policy setting and
enter a Value of 1, use of the MK protocol is prevented. If you enter a Value
of 0, use of the MK protocol is allowed. If a Value Name is empty or the
Value is not 0 or 1, the policy setting is ignored. Do not enter the Internet Explorer
processes in this list: use the related Internet Explorer Processes policy to
enable or disable IE processes. If the All Processes policy setting is
enabled, the processes configured in this box take precedence over that
setting. If you disable or do not
configure this policy setting, the policy setting is ignored. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl!ListBox_Support_FEATURE_DISABLE_MK_PROTOCOL |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\MK Protocol Security
Restriction |
All Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
The MK Protocol Security Restriction policy setting reduces attack surface area by preventing the MK
protocol. Resources hosted on the MK protocol will fail. If you enable this policy setting, the MK
Protocol is disabled for all processes. Any use of the MK Protocol is
blocked. If you disable or do not
configure this policy setting, the MK Protocol is enabled. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!* |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Local Machine Zone
Lockdown Security |
Internet Explorer Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
Internet Explorer places zone restrictions on each Web page it opens, which are dependent upon the location of
the Web page (Internet, Intranet, Local Machine zone, etc.). Web pages on the
local computer have the fewest security restrictions and reside in the Local
Machine zone. Local Machine zone
security applies to all local files and content processed by Internet
Explorer. This feature helps to mitigate attacks where the Local Machine zone
is used as an attack vector to load malicious HTML code. If you enable this policy setting, the
Local Machine zone security applies to all local files and content processed
by Internet Explorer. If you disable
this policy setting, Local Machine zone security is not applied to local
files or content processed by Internet Explorer. If you do not configure this policy
setting, the Local Machine zone security applies to all local files and
content processed by Internet Explorer. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!(Reserved),
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!explorer.exe,
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!iexplore.exe,
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!(Reserved),
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!explorer.exe,
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!iexplore.exe |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Local Machine Zone
Lockdown Security |
Process List |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
Internet Explorer places zone restrictions on each Web page it opens, which are dependent upon the location of
the Web page (Internet, Intranet, Local Machine zone, and so on). Web pages
on the local computer have the fewest security restrictions and reside in the
Local Machine zone. Local Machine zone
security applies to all local files and content. This feature helps to
mitigate attacks where the Local Machine zone is used as an attack vector to
load malicious HTML code. If you
enable this policy setting and enter a value of 1, Local Machine Zone
security applies. If you enter a value of 0, Local Machine Zone security does
not apply. If a Value Name is empty or the Value is not 0 or 1, the policy
setting is ignored. Do not enter the
Internet Explorer processes in this list: use the related Internet Explorer
Processes policy to enable or disable IE processes. If the All Processes
policy setting is enabled, the processes configured in this box take
precedence over that setting. If you
disable or do not configure this policy setting, the security feature is
allowed. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl!ListBox_Support_FEATURE_LOCALMACHINE_LOCKDOWN |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Local Machine Zone
Lockdown Security |
All Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
Internet Explorer places zone restrictions on each Web page it opens, which are dependent upon the location of
the Web page (Internet, Intranet, Local Machine zone, etc.). Web pages on the
local computer have the fewest security restrictions and reside in the Local
Machine zone. Local Machine zone
security applies to all local files and content. This feature helps to
mitigate attacks where the Local Machine zone is used as an attack vector to
load malicious HTML code. If you
enable this policy setting, the Local Machine zone security applies to all
local files and content processed by any process other than Internet Explorer
or those defined in a process list. If
you disable or do not configure this policy setting, Local Machine zone
security is not applied to local files or content processed by any process
other than Internet Explorer or those defined in a process list. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!* |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Consistent Mime
Handling |
Internet Explorer Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling
procedures for files received through a Web server. This policy setting determines whether
Internet Explorer requires that all file-type information provided by Web
servers be consistent. For example, if the MIME type of a file is text/plain
but the MIME sniff indicates that the file is really an executable file,
Internet Explorer renames the file by saving it in the Internet Explorer
cache and changing its extension. If
you enable this policy setting, Internet Explorer requires consistent MIME
data for all received files. If you
disable this policy setting, Internet Explorer will not require consistent
MIME data for all received files. If
you do not configure this policy setting, Internet Explorer requires
consistent MIME data for all received files. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!(Reserved),
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!explorer.exe,
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!iexplore.exe,
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!(Reserved),
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!explorer.exe,
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!iexplore.exe |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Consistent Mime
Handling |
Process List |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling
procedures for files received through a Web server. This policy setting determines whether
Internet Explorer requires that all file-type information provided by Web
servers be consistent. For example, if the MIME type of a file is text/plain
but the MIME sniff indicates that the file is really an executable file,
Internet Explorer renames the file by saving it in the Internet Explorer
cache and changing its extension. This
policy setting allows administrators to define applications for which they
want this security feature to be prevented or allowed. If you enable this policy setting and enter
a Value of 1, MIME handling is in effect. If you enter a Value of 0 file-type
information is allowed to be inconsistent. The Value Name is the name of the
executable. If a Value Name is empty or the Value is not 0 or 1, the policy
setting is ignored. Do not enter the
Internet Explorer processes in this list: use the related Internet Explorer
Processes policy to enable or disable IE processes. If the All Processes
policy setting is enabled, the processes configured in this box take
precedence over that setting. If you
disable or do not configure this policy setting, the security feature is
allowed. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl!ListBox_Support_FEATURE_MIME_HANDLING |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Consistent Mime
Handling |
All Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling
procedures for files received through a Web server. This policy setting determines whether
Internet Explorer requires that all file-type information provided by Web
servers be consistent. For example, if the MIME type of a file is text/plain
but the MIME sniff indicates that the file is really an executable file,
Internet Explorer renames the file by saving it in the Internet Explorer
cache and changing its extension. If
you enable this policy setting, Consistent Mime Handling is enabled for all
processes. If you disable or do not
configure this policy setting, Consistent Mime Handling is prevented for all
processes. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!* |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Mime Sniffing Safety
Feature |
Internet Explorer Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting determines whether Internet Explorer MIME sniffing will prevent promotion of a file of
one type to a more dangerous file type.
If you enable this policy setting, MIME sniffing will never promote a
file of one type to a more dangerous file type. If you disable this policy setting,
Internet Explorer processes will allow a MIME sniff promoting a file of one
type to a more dangerous file type. If
you do not configure this policy setting, MIME sniffing will never promote a
file of one type to a more dangerous file type. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!(Reserved),
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!explorer.exe,
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!iexplore.exe,
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!(Reserved),
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!explorer.exe,
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!iexplore.exe |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Mime Sniffing Safety
Feature |
Process List |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting determines whether Internet Explorer MIME sniffing will prevent promotion of a file of
one type to a more dangerous file type.
This policy setting allows administrators to define applications for
which they want this security feature to be prevented or allowed. If you enable this policy setting and enter
a Value of 1, this protection will be in effect. If you enter a Value of 0,
any file may be promoted to more dangerous file types. The Value Name is the
name of the executable. If a Value Name is empty or the Value is not 0 or 1,
the policy setting is ignored. Do not
enter the Internet Explorer processes in this list: use the related Internet
Explorer Processes policy to enable or disable IE processes. If the All
Processes policy setting is enabled, the processes configured in this box
take precedence over that setting. If
you disable or do not configure this policy setting, the security feature is
allowed. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl!ListBox_Support_FEATURE_MIME_SNIFFING |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Mime Sniffing Safety
Feature |
All Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting determines whether Internet Explorer MIME sniffing will prevent promotion of a file of
one type to a more dangerous file type.
If you enable this policy setting, the Mime Sniffing Safety Feature is
enabled for all processes. If you
disable or do not configure this policy setting, the Mime Sniffing Safety
Feature is disabled for all processes. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!* |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Object Caching
Protection |
Internet Explorer Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting defines whether a reference to an object is accessible when the user navigates within the
same domain or to a new domain. If you
enable this policy setting, an object reference is no longer accessible when
navigating within or across domains for Internet Explorer processes. If you disable this policy setting, an
object reference is retained when navigating within or across domains for
Internet Explorer processes. If you do
not configure this policy setting, an object reference is no longer
accessible when navigating within or across domains for Internet Explorer
processes. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!(Reserved),
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!explorer.exe,
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!iexplore.exe,
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!(Reserved),
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!explorer.exe,
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!iexplore.exe |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Object Caching
Protection |
Process List |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting defines whether a reference to an object is accessible when the user navigates within the
same domain or to a new domain. This
policy setting allows administrators to define applications for which they
want this security feature to be prevented or allowed. If you enable this policy setting and enter
a Value of 1, references to objects are inaccessible after navigation. If you
enter a Value of 0, references to objects are still accessible after navigation.
The Value Name is the name of the executable. If a Value Name is empty or the
Value is not 0 or 1, the policy setting is ignored. Do not enter the Internet Explorer
processes in this list: use the related Internet Explorer Processes policy to
enable or disable IE processes. If the All Processes policy setting is
enabled, the processes configured in this box take precedence over that
setting. If you disable or do not
configure this policy setting, the security feature is allowed. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl!ListBox_Support_FEATURE_OBJECT_CACHING |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Object Caching
Protection |
All Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting defines whether a reference to an object is accessible when the user navigates within the
same domain or to a new domain. If you
enable this policy setting, object reference is no longer accessible when
navigating within or across domains for all processes. If you disable or do not configure this
policy setting, object reference is retained when navigating within or across
domains in the Restricted Zone sites. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!* |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Scripted Window
Security Restrictions |
Internet Explorer Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
Internet Explorer allows scripts to programmatically open, resize, and reposition windows of various types.
The Window Restrictions security feature restricts popup windows and
prohibits scripts from displaying windows in which the title and status bars
are not visible to the user or obfuscate other Windows’ title and status
bars. If you enable this policy
setting, popup windows and other restrictions apply for Windows Explorer and
Internet Explorer processes. If you
disable this policy setting, scripts can continue to create popup windows and
windows that obfuscate other windows.
If you do not configure this policy setting, popup windows and other
restrictions apply for Windows Explorer and Internet Explorer processes. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!(Reserved),
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!explorer.exe,
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!iexplore.exe,
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!(Reserved),
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!explorer.exe,
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!iexplore.exe |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Scripted Window
Security Restrictions |
Process List |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
Internet Explorer allows scripts to programmatically open, resize, and reposition windows of various types.
The Window Restrictions security feature restricts popup windows and
prohibits scripts from displaying windows in which the title and status bars
are not visible to the user or obfuscate other Windows’ title and status
bars. This policy setting allows
administrators to define applications for which they want this security
feature to be prevented or allowed. If
you enable this policy setting and enter a Value of 1, such windows may not
be opened. If you enter a Value of 0, windows have none of these
restrictions. The Value Name is the name of the executable. If a Value Name
is empty or the Value is not 0 or 1, the policy setting is ignored. Do not enter the Internet Explorer
processes in this list: use the related Internet Explorer Processes policy to
enable or disable IE processes. If the All Processes policy setting is
enabled, the processes configured in this box take precedence over that
setting. If you disable or do not
configure this policy setting, the security feature is allowed. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl!ListBox_Support_FEATURE_WINDOW_RESTRICTIONS |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Scripted Window
Security Restrictions |
All Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
Internet Explorer allows scripts to programmatically open, resize, and reposition windows of various types.
The Window Restrictions security feature restricts popup windows and
prohibits scripts from displaying windows in which the title and status bars
are not visible to the user or obfuscate other Windows’ title and status
bars. If you enable this policy
setting, scripted windows are restricted for all processes. If you disable or do not configure this
policy setting, scripted windows are not restricted. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!* |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Protection From Zone
Elevation |
Internet Explorer Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
Internet Explorer places restrictions on each Web page it opens. The restrictions are dependent upon the
location of the Web page (Internet, Intranet, Local Machine zone, etc.). Web
pages on the local computer have the fewest security restrictions and reside
in the Local Machine zone, making the Local Machine security zone a prime
target for malicious users. Zone Elevation also disables JavaScript
navigation if there is no security context.
If you enable this policy setting, any zone can be protected from zone
elevation by Internet Explorer processes.
If you disable this policy setting, no zone receives such protection
for Internet Explorer processes. If
you do not configure this policy setting, any zone can be protected from zone
elevation by Internet Explorer processes. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!(Reserved),
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!explorer.exe,
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!iexplore.exe,
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!(Reserved),
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!explorer.exe,
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!iexplore.exe |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Protection From Zone
Elevation |
Process List |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
Internet Explorer places restrictions on each Web page it opens. The restrictions are dependent upon the
location of the Web page (Internet, Intranet, Local Machine zone, and so on).
Web pages on the local computer have the fewest security restrictions and
reside in the Local Machine zone, making the Local Machine security zone a
prime target for malicious users. Zone Elevation also disables JavaScript
navigation if there is no security context
This policy setting allows administrators to define applications for
which they want this security feature to be prevented or allowed. If you enable this policy setting and enter
a Value of 1, elevation to more privileged zones can be prevented. If you
enter a Value of 0, elevation to any zone is allowed. The Value Name is the
name of the executable. If a Value Name is empty or the Value is not 0 or 1,
the policy setting is ignored. Do not
enter the Internet Explorer processes in this list: use the related Internet
Explorer Processes policy to enable or disable IE processes. If the All
Processes policy setting is enabled, the processes configured in this box
take precedence over that setting. If
you disable or do not configure this policy setting, the security feature is
allowed. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl!ListBox_Support_FEATURE_ZONE_ELEVATION |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Protection From Zone
Elevation |
All Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
Internet Explorer places restrictions on each Web page it opens. The restrictions are dependent upon the
location of the Web page (Internet, Intranet, Local Machine zone, and so on).
For example, Web pages on the local computer have the fewest security
restrictions and reside in the Local Machine zone, making the Local Machine
security zone a prime target for malicious users. If you enable this policy setting, any zone
can be protected from zone elevation for all processes. If you disable or do not configure this
policy setting, processes other than Internet Explorer or those listed in the
Process List receive no such protection. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!* |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Information Bar |
Internet Explorer Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether the Information Bar is displayed for Internet Explorer
processes when file or code installs are restricted. By default, the
Information Bar is displayed for Internet Explorer processes. If you enable this policy setting, the
Information Bar will be displayed for Internet Explorer Processes. If you disable this policy setting, the
Information Bar will not be displayed for Internet Explorer processes. If you do not configure this policy
setting, the Information Bar will be displayed for Internet Explorer
Processes. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!(Reserved),
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!explorer.exe,
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!iexplore.exe,
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!(Reserved),
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!explorer.exe,
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!iexplore.exe |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Information Bar |
Process List |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether the Information Bar is displayed for specific processes
when file or code installs are restricted. By default, the Information Bar is
not displayed for any process when file or code installs are restricted
(except for the Internet Explorer Processes, for which the Information Bar is
displayed by default). If you enable
this policy setting and enter a Value of 1, the Information Bar is displayed.
If you enter a Value of 0 the Information Bar is not displayed. The Value
Name is the name of the executable. If a Value Name is empty or the Value is
not 0 or 1, the policy setting is ignored.
Do not enter the Internet Explorer processes in this list: use the
related Internet Explorer Processes policy to enable or disable for IE
processes. If the All Processes policy setting is enabled, the processes
configured in this box take precedence over that setting. If you disable or do not configure this
policy setting, the Information Bar is not displayed for the specified
processes. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl!ListBox_Support_FEATURE_SECURITYBAND |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Information Bar |
All Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether the Information Bar is displayed for processes other than
the Internet Explorer processes when file or code installs are restricted. By
default, the Information Bar is not displayed for any process when file or
code installs are restricted (except for the Internet Explorer Processes, for
which the Information Bar is displayed by default). If you enable this policy setting, the
Information Bar will be displayed for all processes. If you disable or do not configure this
policy setting, the Information Bar will not be displayed for all processes
other than Internet Explorer or those listed in the Process List. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!* |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Restrict ActiveX
Install |
Internet Explorer Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting enables blocking of ActiveX control installation prompts for Internet Explorer
processes. If you enable this policy
setting, prompting for ActiveX control installations will be blocked for
Internet Explorer processes. If you
disable this policy setting, prompting for ActiveX control installations will
not be blocked for Internet Explorer processes. If you do not configure this policy setting,
the user's preference will be used to determine whether to block ActiveX
control installations for Internet Explorer processes. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!(Reserved),
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!explorer.exe,
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!iexplore.exe,
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!(Reserved),
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!explorer.exe,
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!iexplore.exe |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Restrict ActiveX
Install |
Process List |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting enables applications hosting the Web Browser Control to block automatic prompting of
ActiveX control installation. If you
enable this policy setting and enter a Value of 1, automatic prompting of
ActiveX control installation is blocked. If you enter a Value of 0, automatic
prompting of ActiveX control installation is allowed. The Value Name is the
name of the executable. If a Value Name is empty or the Value is not 0 or 1,
the policy setting is ignored. Do not
enter the Internet Explorer processes in this list: use the related Internet
Explorer Processes policy to enable or disable IE processes. If the All
Processes policy setting is enabled, the processes configured in this box
take precedence over that setting. If
you disable or do not configure this policy setting, the security feature is
allowed. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl!ListBox_Support_FEATURE_RESTRICT_ACTIVEXINSTALL |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Restrict ActiveX
Install |
All Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting enables applications hosting the Web Browser Control to block automatic prompting of
ActiveX control installation. If you
enable this policy setting, the Web Browser Control will block automatic
prompting of ActiveX control installation for all processes. If you disable or do not configure this
policy setting, the Web Browser Control will not block automatic prompting of
ActiveX control installation for all processes. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!* |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Restrict File Download |
Internet Explorer Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting enables blocking of file download prompts that are not user initiated. If you enable this policy setting, file
download prompts that are not user initiated will be blocked for Internet
Explorer processes. If you disable
this policy setting, prompting will occur for file downloads that are not
user initiated for Internet Explorer processes. If you do not configure this policy setting,
the user's preference determines whether to prompt for file downloads that
are not user initiated for Internet Explorer processes. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!(Reserved),
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!explorer.exe,
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!iexplore.exe,
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!(Reserved),
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!explorer.exe,
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!iexplore.exe |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Restrict File Download |
Process List |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting enables applications hosting the Web Browser Control to block automatic prompting of file
downloads that are not user initiated.
If you enable this policy setting and enter a Value of 1, automatic
prompting of non-initiated file downloads is blocked. If you enter a Value of
0, automatic prompting of non-initiated file downloads is allowed. The Value
Name is the name of the executable. If a Value Name is empty or the Value is
not 0 or 1, the policy setting is ignored.
Do not enter the Internet Explorer processes in this list: use the
related Internet Explorer Processes policy to enable or disable IE processes.
If the All Processes policy setting is enabled, the processes configured in
this box take precedence over that setting.
If you disable or do not configure this policy setting, the security
feature is allowed. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl!ListBox_Support_FEATURE_RESTRICT_FILEDOWNLOAD |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Restrict File Download |
All Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting enables applications hosting the Web Browser Control to block automatic prompting of file
downloads that are not user initiated.
If you enable this policy setting, the Web Browser Control will block
automatic prompting of file downloads that are not user initiated for all
processes. If you disable this policy
setting, the Web Browser Control will not block automatic prompting of file
downloads that are not user initiated for all processes. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!* |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Add-on Management |
Deny all add-ons unless specifically allowed in the Add-on List |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to ensure that any Internet Explorer add-ons not listed in the 'Add-on List'
policy setting are denied. By default,
the 'Add-on List' policy setting defines a list of add-ons to be allowed or
denied through Group Policy. However, users can still use the Add-on Manager
within Internet Explorer to manage add-ons not listed within the 'Add-on
List' policy setting. This policy setting effectively removes this option
from users - all add-ons are assumed to be denied unless they are
specifically allowed through the 'Add-on List' policy setting If you enable this policy setting, Internet
Explorer only allows add-ins that are specifically listed (and allowed)
through the 'Add-on List' policy setting.
If you disable or do not configure this policy setting, users may use
Add-on Manager to allow or deny any add-ons that are not included in the
'Add-on List' policy setting. Note: If
an add-on is listed in the 'Add-on List' policy setting, the user cannot
change its state through Add-on Manager (unless its value has been set to
allow user management - see the 'Add-on List' policy for more details). |
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!RestrictToList |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Add-on Management |
Add-on List |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage a list of add-ons to be allowed or denied by Internet
Explorer. This list can be used with
the 'Deny all add-ons unless specifically allowed in the Add-on List' policy
setting, which defines whether add-ons not listed here are assumed to be
denied. If you enable this policy
setting, you can enter a list of add-ons to be allowed or denied by Internet
Explorer. For each entry that you add to the list, enter the following information: Name of the Value - the CLSID (class
identifier) for the add-on you wish to add to the list. The CLSID should be in brackets for
example, ‘{000000000-0000-0000-0000-0000000000000}’. The CLSID for an add-on
can be obtained by reading the OBJECT tag from a Web page on which the add-on
is referenced. Value - A number
indicating whether Internet Explorer should deny or allow the add-on to be
loaded. To specify that an add-on should be denied enter a 0 (zero) into this
field. To specify that an add-on should be allowed, enter a 1 (one) into this
field. To specify that an add-on should be allowed and also permit the user
to manage the add-on through Add-on Manager, enter a 2 (two) into this
field. If you disable this policy
setting, the list is deleted. The 'Deny all add-ons unless specifically
allowed in the Add-on List' policy setting will still determine whether
add-ons not in this list are assumed to be denied. |
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!ListBox_Support_CLSID |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Add-on Management |
Process List |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether the listed processes respect add-on management user
preferences (as entered into Add-on Manager) or policy settings. By default,
only Internet Explorer processes use the add-on management user preferences
and policy settings. This policy setting allows you to extend support for
these user preferences and policy settings to specific processes listed in
the process list. If you enable this
policy setting and enter a Value of 1, the process entered will respect the
add-on management user preferences and policy settings. If you enter a Value
of 0, the add-on management user preferences and policy settings are ignored
by the specified process. The Value Name is the name of the executable. If a
Value Name is empty or the Value is not 0 or 1, the policy setting is
ignored. Do not enter Internet
Explorer processes in this list because these processes always respect add-on
management user preferences and policy settings. If the All Processes policy
setting is enabled, the processes configured in this policy setting take
precedence over that setting. If you
do not configure this policy, processes other than the Internet Explorer processes
will not be affected by add-on management user preferences or policy settings
(unless “All Processes” is enabled). |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl!ListBox_Support_FEATURE_ADDON_MANAGEMENT |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Add-on Management |
All Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
This policy setting allows you to manage whether processes respect add-on management user preferences (as
reflected by Add-on Manager) or policy settings. By default, any process other than the
Internet Explorer processes or those listed in the 'Process List' policy
setting ignore add-on management user preferences and policy settings. If you enable this policy setting, all
processes will respect add-on management user preferences and policy
settings. If you disable or do not
configure this policy setting, all processes will not respect add-on
management user preferences or policy settings. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT!* |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Network Protocol
Lockdown |
Internet Explorer Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
Windows Explorer and Internet Explorer
may be configured to prevent active content obtained through restricted
protocols from running in an unsafe manner. This policy setting controls
whether restricting content obtained through restricted protocols is
prevented or allowed. If you enable
this policy setting, restricting content obtained through restricted
protocols is allowed for Windows Explorer and Internet Explorer processes.
For example, you can restrict active content from pages served over the http
and https protocols by adding the value names http and https. If you disable this policy setting,
restricting content obtained through restricted protocols is prevented for
Windows Explorer and Internet Explorer processes. If you do not configure this policy
setting, the policy setting is ignored. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!(Reserved),
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!explorer.exe,
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!iexplore.exe,
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!(Reserved),
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!explorer.exe,
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!iexplore.exe |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Network Protocol
Lockdown |
Process List |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
Internet Explorer may be configured to prevent active content obtained through restricted protocols from
running in an unsafe manner. This policy setting controls whether restricting
content obtained through restricted protocols is prevented or allowed. This policy setting allows administrators
to define applications for which they want restricting content obtained
through restricted protocols to be prevented or allowed. If you enable this policy setting and enter
a Value of 1, restricting content obtained through restricted protocols is
allowed. If you enter a Value of 0, restricting content obtained through
restricted protocols is blocked. The Value Name is the name of the
executable. If a Value Name is empty or the Value is not 0 or 1, the policy
setting is ignored. Do not enter the
Windows Explorer or Internet Explorer processes in this list: use the related
Internet Explorer Processes policy to enable or disable these processes. If
the All Processes policy setting is enabled, the processes configured in this
box take precedence over that setting.
If you disable or do not configure this policy setting, the security
feature is allowed. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl!ListBox_Support_FEATURE_PROTOCOL_LOCKDOWN |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Network Protocol
Lockdown |
All Processes |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
Internet Explorer may be configured to prevent active content obtained through restricted protocols from
running in an unsafe manner. This policy setting controls whether restricting
content obtained through restricted protocols is prevented or allowed. If you enable this policy setting,
restricting content obtained through restricted protocols is allowed for all
processes other than Windows Explorer or Internet Explorer. If you disable this policy setting,
restricting content obtained through restricted protocols is prevented for
all processes other than Windows Explorer or Internet Explorer. If you do not configure this policy
setting, no policy is enforced for processes other than Windows Explorer and
Internet Explorer. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!* |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Network Protocol
Lockdown\Restricted Protocols Per Security Zone |
Internet Zone Restricted Protocols |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
For each zone, the Network Protocol Lockdown
security restriction may be configured to prevent active content obtained
through restricted protocols from running in an unsafe manner, either by
prompting the user, or simply disabling the content. For each zone, this list
of protocols may be configured here, and applies to all processes which have
opted in to the security restriction.
If you enable this policy setting for a zone, this sets the list of
protocols to be restricted if that zone is set to Prompt or Disable for Allow
active content over restricted protocols to access my computer. If you disable or do not configure this
policy setting for a zone, no protocols are restricted for that zone,
regardless of the setting for Allow active content over restricted protocols
to access my computer. Note. If policy for a zone is set in both
Computer Configuration and User Configuration, both lists of protocols will
be restricted for that zone. |
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\RestrictedProtocols!ListBox_Support_3 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Network Protocol
Lockdown\Restricted Protocols Per Security Zone |
Intranet Zone Restricted Protocols |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
For each zone, the Network Protocol Lockdown
security restriction may be configured to prevent active content obtained
through restricted protocols from running in an unsafe manner, either by
prompting the user, or simply disabling the content. For each zone, this list
of protocols may be configured here, and applies to all processes which have
opted in to the security restriction.
If you enable this policy setting for a zone, this sets the list of
protocols to be restricted if that zone is set to Prompt or Disable for Allow
active content over restricted protocols to access my computer. If you disable or do not configure this
policy setting for a zone, no protocols are restricted for that zone,
regardless of the setting for Allow active content over restricted protocols
to access my computer. Note. If policy for a zone is set in both
Computer Configuration and User Configuration, both lists of protocols will
be restricted for that zone. |
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\RestrictedProtocols!ListBox_Support_1 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Network Protocol
Lockdown\Restricted Protocols Per Security Zone |
Trusted Sites Zone Restricted Protocols |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
For each zone, the Network Protocol Lockdown
security restriction may be configured to prevent active content obtained
through restricted protocols from running in an unsafe manner, either by
prompting the user, or simply disabling the content. For each zone, this list
of protocols may be configured here, and applies to all processes which have
opted in to the security restriction.
If you enable this policy setting for a zone, this sets the list of
protocols to be restricted if that zone is set to Prompt or Disable for Allow
active content over restricted protocols to access my computer. If you disable or do not configure this
policy setting for a zone, no protocols are restricted for that zone,
regardless of the setting for Allow active content over restricted protocols
to access my computer. Note. If policy for a zone is set in both
Computer Configuration and User Configuration, both lists of protocols will
be restricted for that zone. |
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\RestrictedProtocols!ListBox_Support_2 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Network Protocol
Lockdown\Restricted Protocols Per Security Zone |
Restricted Sites Zone Restricted Protocols |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
For each zone, the Network Protocol Lockdown
security restriction may be configured to prevent active content obtained
through restricted protocols from running in an unsafe manner, either by
prompting the user, or simply disabling the content. For each zone, this list
of protocols may be configured here, and applies to all processes which have
opted in to the security restriction.
If you enable this policy setting for a zone, this sets the list of
protocols to be restricted if that zone is set to Prompt or Disable for Allow
active content over restricted protocols to access my computer. If you disable or do not configure this
policy setting for a zone, no protocols are restricted for that zone,
regardless of the setting for Allow active content over restricted protocols
to access my computer. Note. If policy for a zone is set in both
Computer Configuration and User Configuration, both lists of protocols will
be restricted for that zone. |
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\RestrictedProtocols!ListBox_Support_4 |
|
| Windows XP SP2 |
Inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Security Features\Network Protocol
Lockdown\Restricted Protocols Per Security Zone |
Local Machine Zone Restricted Protocols |
at least Internet Explorer v6.0 in Windows XP Service Pack 2 |
For each zone, the Network Protocol Lockdown
security restriction may be configured to prevent active content obtained
through restricted protocols from running in an unsafe manner, either by
prompting the user, or simply disabling the content. For each zone, this list
of protocols may be configured here, and applies to all processes which have
opted in to the security restriction.
If you enable this policy setting for a zone, this sets the list of
protocols to be restricted if that zone is set to Prompt or Disable for Allow
active content over restricted protocols to access my computer. If you disable or do not configure this
policy setting for a zone, no protocols are restricted for that zone,
regardless of the setting for Allow active content over restricted protocols
to access my computer. Note. If policy for a zone is set in both
Computer Configuration and User Configuration, both lists of protocols will
be restricted for that zone. |
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\RestrictedProtocols!ListBox_Support_0 |
|
| Windows Server 2003 SP1 |
system |
MACHINE |
Administrative Templates\Windows Components\Terminal
Services\Client/Server data redirection |
Terminal Server Fallback Printer Driver Behavior |
At least Microsoft Windows Server 2003 with SP1 |
Specifies the Terminal Server fallback printer driver behavior. By
default, Terminal Server fallback printer driver is disabled. If the Terminal
Server does not have a printer driver that matches the client's printer, no
printer will be available for the terminal server session. If this setting is set to enabled, the
Fallback Printer Driver is enabled and the default behavior is for the
Terminal Server to find a suitable printer driver. If one is not found, the
client's printer is not available. You can choose to change this default
behavior. The available options are:
Do nothing if one is not found - In the event of a printer driver
mismatch, the server will attempt to find a suitable driver, If one is not
found, the client's printer is not available. This is the default
behavior. Default to PCL if one is not
found - If no suitable printer driver can be found, default to the PCL fallback
printer driver. Default to PS if one
is not found - If no suitable printer driver can be found, default to the PS
fallback printer driver. Show both PCL
and PS if one is not found - In the event that no suitable driver can be
found, show both PS and PCL based fallback printer drivers. If this setting is set to disabled, the
Terminal Server fallback driver is disabled and the Terminal Server will not
attempt to use the Fallback driver.
If this setting is Not configured, the fallback printer driver
behavior is off by default. Note: If
the Do not allow client printer redirection setting is enabled, this setting
is ignored and the fallback driver is disabled. |
HKLM\SOFTWARE\Policies\Microsoft\Windows
NT\Terminal Services!fPolicyFallbackPrintDriver,
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal
Services!FallbackPrintDriverType |
|
| Windows Server 2003 SP1 |
system |
MACHINE |
Administrative Templates\Windows Components\Terminal Services |
Always show desktop on connection |
At least Microsoft Windows Server 2003 with SP1 |
This policy setting determines whether the desktop is always displayed after a client connects to a remote
computer or an initial program can run. It can be used to require that the
desktop be displayed after a client connects to a remote computer, even if an
initial program is already specified in the default user profile, Remote
Desktop Connection, Terminal Services Client, or through Group Policy. If you enable this policy setting, the
desktop is always displayed when a client connects to a remote computer. This
policy setting overrides any initial program policy settings. If you disable or do not configure this
policy setting, an initial program can be specified that runs on the remote
computer after the client connects to the remote computer. If an initial
program is not specified, the desktop is always displayed on the remote
computer after the client connects to the remote computer. Note: If this policy setting is enabled,
then the Start a program on connection policy setting is ignored. |
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!fTurnOffSingleAppMode |
|
| Windows Server 2003 SP1 |
system |
MACHINE |
Administrative Templates\Windows Components\Terminal Services |
Use the specified Terminal Server license servers |
At least Microsoft Windows Server 2003 with SP1 |
Determines
whether terminal servers must first attempt to
locate Terminal Server license servers that are specified in this setting
before attempting to locate other license servers. During the automatic discovery process,
terminal servers attempt to contact license servers in the following
order: 1. Enterprise license servers
or domain license servers that are specified in the LicenseServers registry
key. 2. Enterprise license servers that are specified in Active Directory. 3.
Domain license servers. If you enable
this setting, terminal servers attempt to locate license servers that are
specified in this setting, before following the automatic license server
discovery process. If you disable or
do not configure this setting, terminal servers follow the automatic license
server discovery process. |
HKLM\SOFTWARE\Policies\Microsoft\Windows
NT\Terminal Services!LicenseServers |
|
| Windows Server 2003 SP1 |
system |
MACHINE |
Administrative Templates\Windows Components\Terminal Services |
Set the Terminal Server licensing mode |
At least Microsoft Windows Server 2003 with SP1 |
Determines the type of Terminal Server
client access license (CAL) a device or user requires to connect to this
Terminal Server. Per User licensing
mode: Each user connecting to this terminal server requires a Per User
Terminal Server CAL. Per Device
licensing mode: Each device connecting to this terminal server requires a Per
Device Terminal Server CAL. If you
enable this setting, the licensing mode that you specify in this setting
overrides the licensing mode that is specified during Setup or in Terminal
Services Configuration (TSCC.msc). If
you disable or do not configure this setting, the licensing mode that is
specified during Setup or in Terminal Services Configuration is used. |
HKLM\SOFTWARE\Policies\Microsoft\Windows
NT\Terminal Services!LicensingMode |
|
| Windows Server 2003 SP1 |
system |
MACHINE |
Administrative Templates\Windows Components\Terminal Services |
Show Tooltips for Licensing problems on Terminal Server |
At least Microsoft Windows Server 2003 with SP1 |
Displays tooltips to the Administrator upon login if there are any licensing issues with the Terminal
Server. Not configured: If this
setting is not configured, the display of these tooltips will be governed by
registry settings defined for this purpose.
Enabled: If you enable this setting, tooltips will be shown to the
administrator upon login if any Licensing related problems persist with this
computer. Disabled: If you disable
this policy for any computer that this policy is applied to, then tooltips
will not be shown if any Licensing related problems persist with this
computer. |
HKLM\SOFTWARE\Policies\Microsoft\Windows
NT\Terminal Services!fDisableTerminalServerTooltip,
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal
Services!fDisableTerminalServerTooltip |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Advanced Page |
Automatically check for Internet Explorer updates |
at least Internet Explorer v6.0 in Windows 2003 Service Pack 1 |
This policy setting allows you to manage whether Internet Explorer checks the Internet for newer versions.
When Internet Explorer is set to do this, the checks occur approximately
every 30 days, and users are prompted to install new versions as they become
available. If you enable this policy
setting, Internet Explorer checks the Internet for a new version
approximately every 30 days and prompts the user to download new versions
when they are available. If you
disable this policy setting, Internet Explorer does not check the Internet
for new versions of the browser, so does not prompt users to install
them. If you do not configure this
policy setting, Internet Explorer does not check the Internet for new
versions of the browser, so does not prompt users to install them. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main!NoUpdateCheck |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Advanced Page |
Allow Install On Demand (Internet Explorer) |
at least Internet Explorer v6.0 in Windows 2003 Service Pack 1 |
This policy setting allows you to manage whether users can automatically download and install Web components
(such as fonts) that can installed by Internet Explorer Active Setup. For example, if you open a Web page that
requires Japanese-text display support, Internet Explorer could prompt the
user to download the Japanese Language Pack component if it is not already
installed. If you enable this policy
setting, Web components such as fonts will be automatically installed as
necessary. If you disable this policy
setting, users will be prompted when Web Components such as fonts would be
downloaded. If you do not configure
this policy, users will be prompted when Web Components such as fonts would
be downloaded. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main!NoJITSetup |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Advanced Page |
Allow Install On Demand (except Internet Explorer) |
at least Internet Explorer v6.0 in Windows 2003 Service Pack 1 |
This policy setting allows you to manage whether users can download and install self-installing program
files (non-Internet Explorer components) that are registered with Internet
Explorer (such as Windows Media Player, Macromedia, and Java) that are
required in order to view web pages as intended. If you enable this policy setting,
non-Internet Explorer components will be automatically installed as
necessary. If you disable this policy
setting, users will be prompted when non-Internet Explorer components would
be installed. If you do not configure
this policy setting, non-Internet Explorer components will be automatically
installed as necessary. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main!NoWebJITSetup |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Advanced Page |
Allow third-party browser extensions |
at least Internet Explorer v6.0 in Windows 2003 Service Pack 1 |
This policy setting allows you to manage whether Internet Explorer will launch COM add-ons known as browser
helper objects, such as toolbars. Browser helper objects may contain flaws
such as buffer overruns which impact Internet Explorer’s performance or
stability. If you enable this policy
setting, Internet Explorer automatically launches any browser helper objects
that are installed on the user's computer.
If you disable this policy setting, browser helper objects do not
launch. If you do not configure this
policy, Internet Explorer automatically launches any browser helper objects
that are installed on the user's computer. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main!Enable Browser Extensions |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Advanced Page |
Play animations in web pages |
at least Internet Explorer v6.0 in Windows 2003 Service Pack 1 |
This policy setting allows you to manage whether Internet Explorer will display animated pictures found in
Web content. Generally only animated GIF files are affected by this setting;
active Web content such as java applets are not. If you enable this policy setting, Internet
Explorer will play animated pictures found in Web content. If you disable this policy setting,
Internet Explorer will not play or download animated pictures, helping pages
display more quickly. If you do not
configure this policy setting, Internet Explorer will play animated pictures
found in Web content. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main!Play_Animations |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Advanced Page |
Play sounds in web pages |
at least Internet Explorer v6.0 in Windows 2003 Service Pack 1 |
This policy setting allows you to manage whether Internet Explorer will play sounds found in web content.
Generally only sound files such as MIDI files are affected by this setting;
active Web content such as java applets are not. If you enable this policy setting, Internet
Explorer will play sounds found in Web content. If you disable this policy setting,
Internet Explorer will not play or download sounds in Web content, helping
pages display more quickly. If you
enable this policy setting, Internet Explorer will play sounds found in Web
content. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main!Play_Background_Sounds |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Advanced Page |
Play videos in web pages |
at least Internet Explorer v6.0 in Windows 2003 Service Pack 1 |
This policy setting allows you to manage whether Internet Explorer will display videos found in Web content.
Generally only embedded video files are affected by this setting; active Web
content such as java applets are not.
If you enable this policy setting, Internet Explorer will play videos
found in Web content. If you disable
this policy setting, Internet Explorer will not play or download videos,
helping pages display more quickly. If
you do not configure this policy setting, Internet Explorer will play videos
found in Web content. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main!Display Inline Videos |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Advanced Page |
Check for server certificate revocation |
at least Internet Explorer v6.0 in Windows 2003 Service Pack 1 |
This policy setting allows you to manage whether Internet Explorer will check revocation status of servers'
certificates. Certificates are revoked when they have been compromised or are
no longer valid, and this option protects users from submitting confidential
data to a site that may be fraudulent or not secure. If you enable this policy setting, Internet
Explorer will check to see if server certificates have been revoked. If you disable this policy setting, Internet
Explorer will not check server certificates to see if they have been
revoked. If you do not configure this
policy setting, Internet Explorer will not check server certificates to see
if they have been revoked. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings!CertificateRevocation |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Advanced Page |
Check for signatures on downloaded programs |
at least Internet Explorer v6.0 in Windows 2003 Service Pack 1 |
This policy setting allows you to manage whether Internet Explorer checks for digital signatures (which
identifies the publisher of signed software and verifies it hasn't been
modified or tampered with) on user computers before downloading executable
programs. If you enable this policy
setting, Internet Explorer will check the digital signatures of executable
programs and display their identities before downloading them to user
computers. If you disable this policy
setting, Internet Explorer will not check the digital signatures of
executable programs or display their identities before downloading them to
user computers. If you do not configure
this policy, Internet Explorer will not check the digital signatures of
executable programs or display their identities before downloading them to
user computers. |
HKCU\Software\Policies\Microsoft\Internet
Explorer\Main!CheckExeSignatures |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Advanced Page |
Do not save encrypted pages to disk |
at least Internet Explorer v6.0 in Windows 2003 Service Pack 1 |
This policy setting allows you to manage whether Internet Explorer will save encrypted pages that contain
secure (HTTPS) information such as passwords and credit card numbers to the
Internet Explorer cache, which may be insecure. If you enable this policy setting, Internet
Explorer will not save encrypted pages containing secure (HTTPS) information
to the cache. If you disable this
policy setting, Internet Explorer will save encrypted pages containing secure
(HTTPS) information to the cache. If
you do not configure this policy, Internet Explorer will save encrypted pages
containing secure (HTTPS) information to the cache. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings!DisableCachingOfSSLPages |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Advanced Page |
Empty Temporary Internet Files folder when browser is closed |
at least Internet Explorer v6.0 in Windows 2003 Service Pack 1 |
This policy setting allows you to manage whether Internet Explorer deletes the contents of the Temporary
Internet Files folder after all browser windows are closed. This protects
against storing dangerous files on the computer, or storing sensitive files
that other users could see, in addition to managing total disk space
usage. If you enable this policy
setting, Internet Explorer will delete the contents of the user's Temporary
Internet Files folder when all browser windows are closed. If you disable this policy setting,
Internet Explorer will not delete the contents of the user's Temporary
Internet Files folder when browser windows are closed. If you do not configure this policy,
Internet Explorer will not delete the contents of the Temporary Internet
Files folder when browser windows are closed. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Cache!Persistent |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Advanced Page |
Automatically check for Internet Explorer updates |
at least Internet Explorer v6.0 in Windows 2003 Service Pack 1 |
This policy setting allows you to manage whether Internet Explorer checks the Internet for newer versions.
When Internet Explorer is set to do this, the checks occur approximately
every 30 days, and users are prompted to install new versions as they become
available. If you enable this policy
setting, Internet Explorer checks the Internet for a new version
approximately every 30 days and prompts the user to download new versions
when they are available. If you
disable this policy setting, Internet Explorer does not check the Internet
for new versions of the browser, so does not prompt users to install
them. If you do not configure this
policy setting, Internet Explorer does not check the Internet for new
versions of the browser, so does not prompt users to install them. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main!NoUpdateCheck |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Advanced Page |
Allow Install On Demand (Internet Explorer) |
at least Internet Explorer v6.0 in Windows 2003 Service Pack 1 |
This policy setting allows you to manage whether users can automatically download and install Web components
(such as fonts) that can installed by Internet Explorer Active Setup. For example, if you open a Web page that
requires Japanese-text display support, Internet Explorer could prompt the
user to download the Japanese Language Pack component if it is not already
installed. If you enable this policy
setting, Web components such as fonts will be automatically installed as
necessary. If you disable this policy
setting, users will be prompted when Web Components such as fonts would be
downloaded. If you do not configure
this policy, users will be prompted when Web Components such as fonts would
be downloaded. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main!NoJITSetup |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Advanced Page |
Allow Install On Demand (except Internet Explorer) |
at least Internet Explorer v6.0 in Windows 2003 Service Pack 1 |
This policy setting allows you to manage whether users can download and install self-installing program
files (non-Internet Explorer components) that are registered with Internet
Explorer (such as Windows Media Player, Macromedia, and Java) that are
required in order to view web pages as intended. If you enable this policy setting,
non-Internet Explorer components will be automatically installed as
necessary. If you disable this policy
setting, users will be prompted when non-Internet Explorer components would
be installed. If you do not configure
this policy setting, non-Internet Explorer components will be automatically
installed as necessary. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main!NoWebJITSetup |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Advanced Page |
Allow third-party browser extensions |
at least Internet Explorer v6.0 in Windows 2003 Service Pack 1 |
This policy setting allows you to manage whether Internet Explorer will launch COM add-ons known as browser
helper objects, such as toolbars. Browser helper objects may contain flaws
such as buffer overruns which impact Internet Explorer’s performance or
stability. If you enable this policy
setting, Internet Explorer automatically launches any browser helper objects
that are installed on the user's computer.
If you disable this policy setting, browser helper objects do not
launch. If you do not configure this
policy, Internet Explorer automatically launches any browser helper objects
that are installed on the user's computer. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main!Enable Browser Extensions |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Advanced Page |
Play animations in web pages |
at least Internet Explorer v6.0 in Windows 2003 Service Pack 1 |
This policy setting allows you to manage whether Internet Explorer will display animated pictures found in
Web content. Generally only animated GIF files are affected by this setting;
active Web content such as java applets are not. If you enable this policy setting, Internet
Explorer will play animated pictures found in Web content. If you disable this policy setting,
Internet Explorer will not play or download animated pictures, helping pages
display more quickly. If you do not
configure this policy setting, Internet Explorer will play animated pictures
found in Web content. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main!Play_Animations |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Advanced Page |
Play sounds in web pages |
at least Internet Explorer v6.0 in Windows 2003 Service Pack 1 |
This policy setting allows you to manage whether Internet Explorer will play sounds found in web content.
Generally only sound files such as MIDI files are affected by this setting;
active Web content such as java applets are not. If you enable this policy setting, Internet
Explorer will play sounds found in Web content. If you disable this policy setting,
Internet Explorer will not play or download sounds in Web content, helping
pages display more quickly. If you
enable this policy setting, Internet Explorer will play sounds found in Web
content. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main!Play_Background_Sounds |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Advanced Page |
Play videos in web pages |
at least Internet Explorer v6.0 in Windows 2003 Service Pack 1 |
This policy setting allows you to manage whether Internet Explorer will display videos found in Web content.
Generally only embedded video files are affected by this setting; active Web
content such as java applets are not.
If you enable this policy setting, Internet Explorer will play videos
found in Web content. If you disable
this policy setting, Internet Explorer will not play or download videos,
helping pages display more quickly. If
you do not configure this policy setting, Internet Explorer will play videos
found in Web content. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main!Display Inline Videos |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Advanced Page |
Check for server certificate revocation |
at least Internet Explorer v6.0 in Windows 2003 Service Pack 1 |
This policy setting allows you to manage whether Internet Explorer will check revocation status of servers'
certificates. Certificates are revoked when they have been compromised or are
no longer valid, and this option protects users from submitting confidential
data to a site that may be fraudulent or not secure. If you enable this policy setting, Internet
Explorer will check to see if server certificates have been revoked. If you disable this policy setting, Internet
Explorer will not check server certificates to see if they have been
revoked. If you do not configure this
policy setting, Internet Explorer will not check server certificates to see
if they have been revoked. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings!CertificateRevocation |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Advanced Page |
Check for signatures on downloaded programs |
at least Internet Explorer v6.0 in Windows 2003 Service Pack 1 |
This policy setting allows you to manage whether Internet Explorer checks for digital signatures (which
identifies the publisher of signed software and verifies it hasn't been
modified or tampered with) on user computers before downloading executable
programs. If you enable this policy
setting, Internet Explorer will check the digital signatures of executable
programs and display their identities before downloading them to user
computers. If you disable this policy
setting, Internet Explorer will not check the digital signatures of
executable programs or display their identities before downloading them to
user computers. If you do not configure
this policy, Internet Explorer will not check the digital signatures of
executable programs or display their identities before downloading them to
user computers. |
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main!CheckExeSignatures |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Advanced Page |
Do not save encrypted pages to disk |
at least Internet Explorer v6.0 in Windows 2003 Service Pack 1 |
This policy setting allows you to manage whether Internet Explorer will save encrypted pages that contain
secure (HTTPS) information such as passwords and credit card numbers to the
Internet Explorer cache, which may be insecure. If you enable this policy setting, Internet
Explorer will not save encrypted pages containing secure (HTTPS) information
to the cache. If you disable this
policy setting, Internet Explorer will save encrypted pages containing secure
(HTTPS) information to the cache. If
you do not configure this policy, Internet Explorer will save encrypted pages
containing secure (HTTPS) information to the cache. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings!DisableCachingOfSSLPages |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Advanced Page |
Empty Temporary Internet Files folder when browser is closed |
at least Internet Explorer v6.0 in Windows 2003 Service Pack 1 |
This policy setting allows you to manage whether Internet Explorer deletes the contents of the Temporary
Internet Files folder after all browser windows are closed. This protects
against storing dangerous files on the computer, or storing sensitive files
that other users could see, in addition to managing total disk space
usage. If you enable this policy
setting, Internet Explorer will delete the contents of the user's Temporary
Internet Files folder when all browser windows are closed. If you disable this policy setting,
Internet Explorer will not delete the contents of the user's Temporary
Internet Files folder when browser windows are closed. If you do not configure this policy,
Internet Explorer will not delete the contents of the Temporary Internet
Files folder when browser windows are closed. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Cache!Persistent |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Internet Zone |
Run .NET Framework-reliant components
signed with Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode
can be executed from Internet Explorer. These components include managed
controls referenced from an object tag and managed executables referenced
from a link. If you enable this policy
setting, Internet Explorer will execute signed managed components. If you
select Prompt in the drop-down box, Internet Explorer will prompt the user to
determine whether to execute signed managed components. If you disable this policy setting,
Internet Explorer will not execute signed managed components. If you do not configure this policy
setting, Internet Explorer will not execute signed managed components. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2001 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Internet Zone |
Run .NET Framework-reliant components
not signed with Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether .NET Framework components that are not signed with
Authenticode can be executed from Internet Explorer. These components include
managed controls referenced from an object tag and managed executables
referenced from a link. If you enable
this policy setting, Internet Explorer will execute unsigned managed
components. If you select Prompt in the drop-down box, Internet Explorer will
prompt the user to determine whether to execute unsigned managed
components. If you disable this policy
setting, Internet Explorer will not execute unsigned managed components. If you do not configure this policy
setting, Internet Explorer will not execute unsigned managed components. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2004 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Internet Zone |
Download signed ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users may download signed ActiveX controls from a page in
the zone. If you enable this policy,
users can download signed controls without user intervention. If you select
Prompt in the drop-down box, users are queried whether to download controls
signed by publishers who aren't trusted. Code signed by trusted publishers is
silently downloaded. If you disable
the policy setting, signed controls cannot be downloaded. If you do not configure this policy
setting, users are queried whether to download controls signed by publishers
who aren't trusted. Code signed by
trusted publishers is silently downloaded. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1001 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Internet Zone |
Download unsigned ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone.
Such code is potentially harmful, especially when coming from an untrusted
zone. If you enable this policy
setting, users can run unsigned controls without user intervention. If you
select Prompt in the drop-down box, users are queried to choose whether to
allow the unsigned control to run. If
you disable this policy setting, users cannot run unsigned controls. If you do not configure this policy
setting, users cannot run unsigned controls. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1004 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Internet Zone |
Initialize and script ActiveX controls not marked as safe |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX
controls are run, loaded with parameters, and scripted without setting object
safety for untrusted data or scripts. This setting is not recommended, except
for secure and administered zones. This setting causes both unsafe and safe
controls to be initialized and scripted, ignoring the Script ActiveX controls
marked safe for scripting option. If
you enable this policy setting and select Prompt in the drop-down box, users
are queried whether to allow the control to be loaded with parameters or
scripted. If you disable this policy
setting, ActiveX controls that cannot be made safe are not loaded with
parameters or scripted. If you do not
configure this policy setting, ActiveX controls that cannot be made safe are
not loaded with parameters or scripted. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1201 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Internet Zone |
Run ActiveX controls and plugins |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the
specified zone. If you enable this
policy setting, controls and plug-ins can run without user intervention. If you selected Prompt in the drop-down
box, users are asked to choose whether to allow the controls or plug-in to
run. If you disable this policy
setting, controls and plug-ins are prevented from running. If you do not configure this policy
setting, controls and plug-ins are prevented from running. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1200 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Internet Zone |
Script ActiveX controls marked safe for scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact
with a script. If you enable this
policy setting, script interaction can occur automatically without user
intervention. If you select Prompt in
the drop-down box, users are queried to choose whether to allow script
interaction. If you disable this
policy setting, script interaction is prevented from occurring. If you do not configure this policy
setting, script interaction can occur automatically without user
intervention. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1405 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Internet Zone |
Allow file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether file downloads are permitted from the zone. This option is
determined by the zone of the page with the link causing the download, not
the zone from which the file is delivered.
If you enable this policy setting, files can be downloaded from the
zone. If you disable this policy
setting, files are prevented from being downloaded from the zone. If you do not configure this policy
setting, files can be downloaded from the zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1803 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Internet Zone |
Allow font downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy setting, HTML
fonts can be downloaded automatically. If you enable this policy setting and
Prompt is selected in the drop-down box, users are queried whether to allow
HTML fonts to download. If you disable
this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting,
HTML fonts can be downloaded automatically. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1604 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Internet Zone |
Java permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage permissions for Java applets.
If you enable this policy setting, you can choose options from the
drop-down box. Custom, to control permissions settings individually. Low Safety enables applets to perform all
operations. Medium Safety enables
applets to run in their sandbox (an area in memory outside of which the
program cannot make calls), plus capabilities like scratch space (a safe and
secure storage area on the client computer) and user-controlled file
I/O. High Safety enables applets to
run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java
applets cannot run. If you do not
configure this policy setting, Java applets are disabled. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1C00 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Internet Zone |
Access data sources across domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether Internet Explorer can access data from another security
zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects
(ADO). If you enable this policy
setting, users can load a page in the zone that uses MSXML or ADO to access
data from another site in the zone. If you select Prompt in the drop-down
box, users are queried to choose whether to allow a page to be loaded in the
zone that uses MSXML or ADO to access data from another site in the zone. If you disable this policy setting, users
cannot load a page in the zone that uses MSXML or ADO to access data from
another site in the zone. If you do
not configure this policy setting, users cannot load a page in the zone that
uses MSXML or ADO to access data from another site in the zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1406 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Internet Zone |
Automatic prompting for file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting determines whether users will be prompted for non user-initiated file downloads.
Regardless of this setting, users will receive file download dialogs for
user-initiated downloads. If you
enable this setting, users will receive a file download dialog for automatic
download attempts. If you disable or
do not configure this setting, file downloads that are not user-initiated
will be blocked, and users will see the Information Bar instead of the file
download dialog. Users can then click the Information Bar to allow the file
download prompt. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2200 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Internet Zone |
Automatic prompting for ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting manages whether users
will be automatically prompted for ActiveX control installations. If you enable this policy setting, users
will receive a prompt when a site instantiates an ActiveX control they do not
have installed. If you disable this
policy setting, ActiveX control installations will be blocked using the
Information Bar. Users can click on the Information Bar to allow the ActiveX
control prompt. If you do not
configure this policy setting, ActiveX control installations will be blocked
using the Information Bar. Users can click on the Information Bar to allow
the ActiveX control prompt. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2201 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Internet Zone |
Allow META REFRESH |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether a user's browser can be redirected to another Web page if
the author of the Web page uses the Meta Refresh setting (tag) to redirect
browsers to another Web page. If you
enable this policy setting, a user's browser that loads a page containing an
active Meta Refresh setting can be redirected to another Web page. If you disable this policy setting, a
user's browser that loads a page containing an active Meta Refresh setting
cannot be redirected to another Web page.
If you do not configure this policy setting, a user's browser that
loads a page containing an active Meta Refresh setting can be redirected to
another Web page. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1608 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Internet Zone |
Allow script-initiated windows without size or position constraints |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that
include the title and status bars. If
you enable this policy setting, Windows Restrictions security will not apply
in this zone. The security zone runs without the added layer of security
provided by this feature. If you
disable this policy setting, the possible harmful actions contained in
script-initiated pop-up windows and windows that include the title and status
bars cannot be run. This Internet Explorer security feature will be on in
this zone as dictated by the Scripted Windows Security Restrictions feature
control setting for the process. If
you do not configure this policy setting, the possible harmful actions
contained in script-initiated pop-up windows and windows that include the
title and status bars cannot be run. This Internet Explorer security feature
will be on in this zone as dictated by the Scripted Windows Security
Restrictions feature control setting for the process. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2102 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Internet Zone |
Allow binary and script behaviors |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate
specific functionality for HTML elements to which they were attached. If you enable this policy setting, binary
and script behaviors are available. If you select Administrator approved in
the drop-down box, only behaviors listed in the Admin-approved Behaviors
under Binary Behaviors Security Restriction policy are available. If you disable this policy setting, binary
and script behaviors are not available unless applications have implemented a
custom security manager. If you do not
configure this policy setting, only behaviors listed in the Admin-approved
Behaviors under Binary Behaviors Security Restriction policy are available. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2000 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Internet Zone |
Display mixed content |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can display nonsecure items and manage whether users
receive a security information message to display pages containing both
secure and nonsecure items. If you
enable this policy setting, and the drop-down box is set to Enable, the user
does not receive a security information message (This page contains both
secure and nonsecure items. Do you want to display the nonsecure items?) and
nonsecure content can be displayed. If
the drop-down box is set to Prompt, the user will receive the security
information message on the Web pages that contain both secure (https://) and
nonsecure (http://) content. If you
disable this policy setting, users cannot receive the security information
message and nonsecure content cannot be displayed. If you do not configure this policy
setting, the user will receive the security information message on the Web
pages that contain both secure (https://) and nonsecure (http://) content. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1609 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Internet Zone |
Do not prompt for client certificate selection when no certificates or only one certificate
exists. |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users are prompted to select a certificate when no
certificate or only one certificate exists.
If you enable this policy setting, Internet Explorer does not prompt
users with a Client Authentication message when they connect to a Web site
that has no certificate or only one certificate. If you disable this policy setting,
Internet Explorer prompts users with a Client Authentication message when
they connect to a Web site that has no certificate or only one
certificate. If you do not configure
this policy setting, Internet Explorer prompts users with a Client
Authentication message when they connect to a Web site that has no certificate
or only one certificate. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1A04 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Internet Zone |
Allow drag and drop or copy and paste files |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can drag files or copy and paste files from a source
within the zone. If you enable this
policy setting, users can drag files or copy and paste files from this zone
automatically. If you select Prompt in the drop-down box, users are queried
to choose whether to drag or copy files from this zone. If you disable this policy setting, users
are prevented from dragging files or copying and pasting files from this zone. If you do not configure this policy
setting, users can drag files or copy and paste files from this zone
automatically. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1802 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Internet Zone |
Allow installation of desktop items |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can install Active Desktop items from this zone. The
settings for this option are: If you enable this policy setting, users can
install desktop items from this zone automatically. If you select Prompt in the drop-down box,
users are queried to choose whether to install desktop items from this
zone. If you disable this policy
setting, users are prevented from installing desktop items from this zone. If you do not configure this policy
setting, users are queried to choose whether to install desktop items from
this zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1800 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Internet Zone |
Launching applications and files in an IFRAME |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether applications may be run and files may be downloaded from an
IFRAME reference in the HTML of the pages in this zone. If you enable this policy setting, users
can run applications and download files from IFRAMEs on the pages in this
zone without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to run applications and download files
from IFRAMEs on the pages in this zone.
If you disable this policy setting, users are prevented from running
applications and downloading files from IFRAMEs on the pages in this
zone. If you do not configure this
policy setting, users are queried to choose whether to run applications and
download files from IFRAMEs on the pages in this zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1804 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Internet Zone |
Navigate sub-frames across different domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage the opening of sub-frames and access of applications across
different domains. If you enable this
policy setting, users can open sub-frames from other domains and access
applications from other domains. If you select Prompt in the drop-down box,
users are queried whether to allow sub-frames or access to applications from
other domains. If you disable this
policy setting, users cannot open sub-frames or access applications from
different domains. If you do not
configure this policy setting, users can open sub-frames from other domains
and access applications from other domains. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1607 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Internet Zone |
Open files based on content, not file extension |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on
a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the
file type based on a bit signature. If
you enable this policy setting, the MIME Sniffing Safety Feature will not
apply in this zone. The security zone will run without the added layer of
security provided by this feature. If
you disable this policy setting, the actions that may be harmful cannot run;
this Internet Explorer security feature will be turned on in this zone, as
dictated by the feature control setting for the process. If you do not configure this policy
setting, the actions that may be harmful cannot run; this Internet Explorer
security feature will be turned on in this zone, as dictated by the feature
control setting for the process. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2100 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Internet Zone |
Software channel permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage software channel permissions.
If you enable this policy setting, you can choose the following
options from the drop-down box. Low
safety to allow users to be notified of software updates by e-mail, software
packages to be automatically downloaded to users' computers, and software
packages to be automatically installed on users' computers. Medium safety to allow users to be notified
of software updates by e-mail and software packages to be automatically
downloaded to (but not installed on) users' computers. High safety to prevent users from being
notified of software updates by e-mail, software packages from being
automatically downloaded to users' computers, and software packages from
being automatically installed on users' computers. If you disable this policy setting,
permissions are set to high safety. If
you do not configure this policy setting, permissions are set to Low safety. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1E05 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Internet Zone |
Submit non-encrypted form data |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted.
Forms sent with SSL (Secure Sockets Layer) encryption are always allowed;
this setting only affects non-SSL form data submission. If you enable this policy setting,
information using HTML forms on pages in this zone can be submitted
automatically. If you select Prompt in the drop-down box, users are queried
to choose whether to allow information using HTML forms on pages in this zone
to be submitted. If you disable this
policy setting, information using HTML forms on pages in this zone is
prevented from being submitted. If you
do not configure this policy setting, users are queried to choose whether to
allow information using HTML forms on pages in this zone to be submitted. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1601 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Internet Zone |
Use Pop-up Blocker |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are
opened when the end user clicks a link are not blocked. If you enable this policy setting, most
unwanted pop-up windows are prevented from appearing. If you disable this policy setting, pop-up
windows are not prevented from appearing.
If you do not configure this policy setting, most unwanted pop-up
windows are prevented from appearing. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1809 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Internet Zone |
Userdata persistence |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage the preservation of information in the browser's history, in
favorites, in an XML store, or directly within a Web page saved to disk. When
a user returns to a persisted page, the state of the page can be restored if
this policy setting is appropriately configured. If you enable this policy setting, users
can preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you disable this policy setting, users
cannot preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you do not configure this policy
setting, users can preserve information in the browser's history, in
favorites, in an XML store, or directly within a Web page saved to disk. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1606 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Internet Zone |
Web sites in less privileged Web content zones can navigate into this zone |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet
sites, can navigate into this zone. If
you enable this policy setting, Web sites from less privileged zones can open
new windows in, or navigate into, this zone. The security zone will run
without the added layer of security that is provided by the Protection from
Zone Elevation security feature. If you select Prompt in the drop-down box, a
warning is issued to the user that potentially risky navigation is about to
occur. If you disable this policy
setting, the possibly harmful navigations are prevented. The Internet
Explorer security feature will be on in this zone as set by Protection from
Zone Elevation feature control. If you
do not configure this policy setting, the possibly harmful navigations are
prevented. The Internet Explorer security feature will be on in this zone as
set by Protection from Zone Elevation feature control. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2101 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Internet Zone |
Allow active scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether script code on pages in the zone is run. If you enable this policy setting, script
code on pages in the zone can run automatically. If you select Prompt in the
drop-down box, users are queried to choose whether to allow script code on
pages in the zone to run. If you
disable this policy setting, script code on pages in the zone is prevented
from running. If you do not configure
this policy setting, users are queried to choose whether to allow script code
on pages in the Local Machine zone to run. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1400 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Internet Zone |
Allow paste operations via script |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether scripts can perform a clipboard operation (for example,
cut, copy, and paste) in a specified region.
If you enable this policy setting, a script can perform a clipboard
operation. If you select Prompt in the
drop-down box, users are queried as to whether to perform clipboard
operations. If you disable this policy
setting, a script cannot perform a clipboard operation. If you do not configure this policy
setting, a script can perform a clipboard operation. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1407 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Internet Zone |
Scripting of Java applets |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether applets are exposed to scripts within the zone. If you enable this policy setting, scripts
can access applets automatically without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to allow scripts to access applets. If you disable this policy setting, scripts
are prevented from accessing applets.
If you do not configure this policy setting, scripts can access
applets automatically without user intervention. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1402 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Internet Zone |
Logon options |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage settings for logon options.
If you enable this policy setting, you can choose from the following
logon options. Anonymous logon to
disable HTTP authentication and use the guest account only for the Common
Internet File System (CIFS) protocol.
Prompt for user name and password to query users for user IDs and
passwords. After a user is queried, these values can be used silently for the
remainder of the session. Automatic
logon only in Intranet zone to query users for user IDs and passwords in
other zones. After a user is queried, these values can be used silently for
the remainder of the session.
Automatic logon with current user name and password to attempt logon
using Windows NT Challenge Response (also known as NTLM authentication). If
Windows NT Challenge Response is supported by the server, the logon uses the
user's network user name and password for logon. If Windows NT Challenge
Response is not supported by the server, the user is queried to provide the
user name and password. If you disable
this policy setting, logon is set to Automatic logon only in Intranet
zone. If you do not configure this
policy setting, logon is set to Automatic logon only in Intranet zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1A00 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Internet Zone |
Run .NET Framework-reliant components
signed with Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode
can be executed from Internet Explorer. These components include managed
controls referenced from an object tag and managed executables referenced
from a link. If you enable this policy
setting, Internet Explorer will execute signed managed components. If you
select Prompt in the drop-down box, Internet Explorer will prompt the user to
determine whether to execute signed managed components. If you disable this policy setting,
Internet Explorer will not execute signed managed components. If you do not configure this policy
setting, Internet Explorer will not execute signed managed components. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2001 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Internet Zone |
Run .NET Framework-reliant components
not signed with Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether .NET Framework components that are not signed with
Authenticode can be executed from Internet Explorer. These components include
managed controls referenced from an object tag and managed executables
referenced from a link. If you enable
this policy setting, Internet Explorer will execute unsigned managed
components. If you select Prompt in the drop-down box, Internet Explorer will
prompt the user to determine whether to execute unsigned managed
components. If you disable this policy
setting, Internet Explorer will not execute unsigned managed components. If you do not configure this policy
setting, Internet Explorer will not execute unsigned managed components. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2004 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Internet Zone |
Download signed ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users may download signed ActiveX controls from a page in
the zone. If you enable this policy,
users can download signed controls without user intervention. If you select
Prompt in the drop-down box, users are queried whether to download controls
signed by publishers who aren't trusted. Code signed by trusted publishers is
silently downloaded. If you disable
the policy setting, signed controls cannot be downloaded. If you do not configure this policy
setting, users are queried whether to download controls signed by publishers
who aren't trusted. Code signed by
trusted publishers is silently downloaded. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1001 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Internet Zone |
Download unsigned ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone.
Such code is potentially harmful, especially when coming from an untrusted
zone. If you enable this policy
setting, users can run unsigned controls without user intervention. If you
select Prompt in the drop-down box, users are queried to choose whether to
allow the unsigned control to run. If
you disable this policy setting, users cannot run unsigned controls. If you do not configure this policy
setting, users cannot run unsigned controls. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1004 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Internet Zone |
Initialize and script ActiveX controls not marked as safe |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX
controls are run, loaded with parameters, and scripted without setting object
safety for untrusted data or scripts. This setting is not recommended, except
for secure and administered zones. This setting causes both unsafe and safe
controls to be initialized and scripted, ignoring the Script ActiveX controls
marked safe for scripting option. If
you enable this policy setting and select Prompt in the drop-down box, users
are queried whether to allow the control to be loaded with parameters or
scripted. If you disable this policy
setting, ActiveX controls that cannot be made safe are not loaded with
parameters or scripted. If you do not
configure this policy setting, ActiveX controls that cannot be made safe are
not loaded with parameters or scripted. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1201 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Internet Zone |
Run ActiveX controls and plugins |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the
specified zone. If you enable this
policy setting, controls and plug-ins can run without user intervention. If you selected Prompt in the drop-down
box, users are asked to choose whether to allow the controls or plug-in to
run. If you disable this policy
setting, controls and plug-ins are prevented from running. If you do not configure this policy
setting, controls and plug-ins are prevented from running. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1200 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Internet Zone |
Script ActiveX controls marked safe for scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact
with a script. If you enable this
policy setting, script interaction can occur automatically without user
intervention. If you select Prompt in
the drop-down box, users are queried to choose whether to allow script
interaction. If you disable this
policy setting, script interaction is prevented from occurring. If you do not configure this policy
setting, script interaction can occur automatically without user
intervention. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1405 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Internet Zone |
Allow file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether file downloads are permitted from the zone. This option is
determined by the zone of the page with the link causing the download, not
the zone from which the file is delivered.
If you enable this policy setting, files can be downloaded from the
zone. If you disable this policy
setting, files are prevented from being downloaded from the zone. If you do not configure this policy
setting, files can be downloaded from the zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1803 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Internet Zone |
Allow font downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy setting, HTML
fonts can be downloaded automatically. If you enable this policy setting and
Prompt is selected in the drop-down box, users are queried whether to allow
HTML fonts to download. If you disable
this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting,
HTML fonts can be downloaded automatically. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1604 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Internet Zone |
Java permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage permissions for Java applets.
If you enable this policy setting, you can choose options from the
drop-down box. Custom, to control permissions settings individually. Low Safety enables applets to perform all
operations. Medium Safety enables
applets to run in their sandbox (an area in memory outside of which the
program cannot make calls), plus capabilities like scratch space (a safe and
secure storage area on the client computer) and user-controlled file
I/O. High Safety enables applets to
run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java
applets cannot run. If you do not
configure this policy setting, Java applets are disabled. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1C00 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Internet Zone |
Access data sources across domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether Internet Explorer can access data from another security
zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects
(ADO). If you enable this policy
setting, users can load a page in the zone that uses MSXML or ADO to access
data from another site in the zone. If you select Prompt in the drop-down
box, users are queried to choose whether to allow a page to be loaded in the
zone that uses MSXML or ADO to access data from another site in the zone. If you disable this policy setting, users
cannot load a page in the zone that uses MSXML or ADO to access data from
another site in the zone. If you do
not configure this policy setting, users cannot load a page in the zone that
uses MSXML or ADO to access data from another site in the zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1406 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Internet Zone |
Automatic prompting for file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting determines whether users will be prompted for non user-initiated file downloads.
Regardless of this setting, users will receive file download dialogs for
user-initiated downloads. If you
enable this setting, users will receive a file download dialog for automatic
download attempts. If you disable or
do not configure this setting, file downloads that are not user-initiated
will be blocked, and users will see the Information Bar instead of the file
download dialog. Users can then click the Information Bar to allow the file
download prompt. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2200 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Internet Zone |
Automatic prompting for ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting manages whether users
will be automatically prompted for ActiveX control installations. If you enable this policy setting, users
will receive a prompt when a site instantiates an ActiveX control they do not
have installed. If you disable this
policy setting, ActiveX control installations will be blocked using the
Information Bar. Users can click on the Information Bar to allow the ActiveX
control prompt. If you do not
configure this policy setting, ActiveX control installations will be blocked
using the Information Bar. Users can click on the Information Bar to allow
the ActiveX control prompt. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2201 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Internet Zone |
Allow META REFRESH |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether a user's browser can be redirected to another Web page if
the author of the Web page uses the Meta Refresh setting (tag) to redirect
browsers to another Web page. If you
enable this policy setting, a user's browser that loads a page containing an
active Meta Refresh setting can be redirected to another Web page. If you disable this policy setting, a
user's browser that loads a page containing an active Meta Refresh setting
cannot be redirected to another Web page.
If you do not configure this policy setting, a user's browser that
loads a page containing an active Meta Refresh setting can be redirected to
another Web page. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1608 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Internet Zone |
Allow script-initiated windows without size or position constraints |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that
include the title and status bars. If
you enable this policy setting, Windows Restrictions security will not apply
in this zone. The security zone runs without the added layer of security
provided by this feature. If you
disable this policy setting, the possible harmful actions contained in
script-initiated pop-up windows and windows that include the title and status
bars cannot be run. This Internet Explorer security feature will be on in
this zone as dictated by the Scripted Windows Security Restrictions feature
control setting for the process. If
you do not configure this policy setting, the possible harmful actions
contained in script-initiated pop-up windows and windows that include the
title and status bars cannot be run. This Internet Explorer security feature
will be on in this zone as dictated by the Scripted Windows Security
Restrictions feature control setting for the process. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2102 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Internet Zone |
Allow binary and script behaviors |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate
specific functionality for HTML elements to which they were attached. If you enable this policy setting, binary
and script behaviors are available. If you select Administrator approved in
the drop-down box, only behaviors listed in the Admin-approved Behaviors
under Binary Behaviors Security Restriction policy are available. If you disable this policy setting, binary
and script behaviors are not available unless applications have implemented a
custom security manager. If you do not
configure this policy setting, only behaviors listed in the Admin-approved
Behaviors under Binary Behaviors Security Restriction policy are available. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2000 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Internet Zone |
Display mixed content |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can display nonsecure items and manage whether users
receive a security information message to display pages containing both
secure and nonsecure items. If you
enable this policy setting, and the drop-down box is set to Enable, the user
does not receive a security information message (This page contains both
secure and nonsecure items. Do you want to display the nonsecure items?) and
nonsecure content can be displayed. If
the drop-down box is set to Prompt, the user will receive the security
information message on the Web pages that contain both secure (https://) and
nonsecure (http://) content. If you
disable this policy setting, users cannot receive the security information
message and nonsecure content cannot be displayed. If you do not configure this policy
setting, the user will receive the security information message on the Web
pages that contain both secure (https://) and nonsecure (http://) content. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1609 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Internet Zone |
Do not prompt for client certificate selection when no certificates or only one certificate
exists. |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users are prompted to select a certificate when no
certificate or only one certificate exists.
If you enable this policy setting, Internet Explorer does not prompt
users with a Client Authentication message when they connect to a Web site
that has no certificate or only one certificate. If you disable this policy setting,
Internet Explorer prompts users with a Client Authentication message when
they connect to a Web site that has no certificate or only one
certificate. If you do not configure
this policy setting, Internet Explorer prompts users with a Client
Authentication message when they connect to a Web site that has no certificate
or only one certificate. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1A04 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Internet Zone |
Allow drag and drop or copy and paste files |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can drag files or copy and paste files from a source
within the zone. If you enable this
policy setting, users can drag files or copy and paste files from this zone
automatically. If you select Prompt in the drop-down box, users are queried
to choose whether to drag or copy files from this zone. If you disable this policy setting, users
are prevented from dragging files or copying and pasting files from this zone. If you do not configure this policy
setting, users can drag files or copy and paste files from this zone
automatically. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1802 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Internet Zone |
Allow installation of desktop items |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can install Active Desktop items from this zone. The
settings for this option are: If you enable this policy setting, users can
install desktop items from this zone automatically. If you select Prompt in the drop-down box,
users are queried to choose whether to install desktop items from this
zone. If you disable this policy
setting, users are prevented from installing desktop items from this zone. If you do not configure this policy
setting, users are queried to choose whether to install desktop items from
this zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1800 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Internet Zone |
Launching applications and files in an IFRAME |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether applications may be run and files may be downloaded from an
IFRAME reference in the HTML of the pages in this zone. If you enable this policy setting, users
can run applications and download files from IFRAMEs on the pages in this
zone without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to run applications and download files
from IFRAMEs on the pages in this zone.
If you disable this policy setting, users are prevented from running
applications and downloading files from IFRAMEs on the pages in this
zone. If you do not configure this
policy setting, users are queried to choose whether to run applications and
download files from IFRAMEs on the pages in this zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1804 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Internet Zone |
Navigate sub-frames across different domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage the opening of sub-frames and access of applications across
different domains. If you enable this
policy setting, users can open sub-frames from other domains and access
applications from other domains. If you select Prompt in the drop-down box,
users are queried whether to allow sub-frames or access to applications from
other domains. If you disable this
policy setting, users cannot open sub-frames or access applications from
different domains. If you do not
configure this policy setting, users can open sub-frames from other domains
and access applications from other domains. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1607 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Internet Zone |
Open files based on content, not file extension |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on
a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the
file type based on a bit signature. If
you enable this policy setting, the MIME Sniffing Safety Feature will not
apply in this zone. The security zone will run without the added layer of
security provided by this feature. If
you disable this policy setting, the actions that may be harmful cannot run;
this Internet Explorer security feature will be turned on in this zone, as
dictated by the feature control setting for the process. If you do not configure this policy
setting, the actions that may be harmful cannot run; this Internet Explorer
security feature will be turned on in this zone, as dictated by the feature
control setting for the process. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2100 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Internet Zone |
Software channel permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage software channel permissions.
If you enable this policy setting, you can choose the following
options from the drop-down box. Low
safety to allow users to be notified of software updates by e-mail, software
packages to be automatically downloaded to users' computers, and software
packages to be automatically installed on users' computers. Medium safety to allow users to be notified
of software updates by e-mail and software packages to be automatically
downloaded to (but not installed on) users' computers. High safety to prevent users from being
notified of software updates by e-mail, software packages from being
automatically downloaded to users' computers, and software packages from
being automatically installed on users' computers. If you disable this policy setting,
permissions are set to high safety. If
you do not configure this policy setting, permissions are set to Low safety. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1E05 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Internet Zone |
Submit non-encrypted form data |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted.
Forms sent with SSL (Secure Sockets Layer) encryption are always allowed;
this setting only affects non-SSL form data submission. If you enable this policy setting,
information using HTML forms on pages in this zone can be submitted
automatically. If you select Prompt in the drop-down box, users are queried
to choose whether to allow information using HTML forms on pages in this zone
to be submitted. If you disable this
policy setting, information using HTML forms on pages in this zone is
prevented from being submitted. If you
do not configure this policy setting, users are queried to choose whether to
allow information using HTML forms on pages in this zone to be submitted. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1601 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Internet Zone |
Use Pop-up Blocker |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are
opened when the end user clicks a link are not blocked. If you enable this policy setting, most
unwanted pop-up windows are prevented from appearing. If you disable this policy setting, pop-up
windows are not prevented from appearing.
If you do not configure this policy setting, most unwanted pop-up
windows are prevented from appearing. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1809 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Internet Zone |
Userdata persistence |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage the preservation of information in the browser's history, in
favorites, in an XML store, or directly within a Web page saved to disk. When
a user returns to a persisted page, the state of the page can be restored if
this policy setting is appropriately configured. If you enable this policy setting, users
can preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you disable this policy setting, users
cannot preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you do not configure this policy
setting, users can preserve information in the browser's history, in
favorites, in an XML store, or directly within a Web page saved to disk. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1606 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Internet Zone |
Web sites in less privileged Web content zones can navigate into this zone |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet
sites, can navigate into this zone. If
you enable this policy setting, Web sites from less privileged zones can open
new windows in, or navigate into, this zone. The security zone will run
without the added layer of security that is provided by the Protection from
Zone Elevation security feature. If you select Prompt in the drop-down box, a
warning is issued to the user that potentially risky navigation is about to
occur. If you disable this policy
setting, the possibly harmful navigations are prevented. The Internet
Explorer security feature will be on in this zone as set by Protection from
Zone Elevation feature control. If you
do not configure this policy setting, the possibly harmful navigations are
prevented. The Internet Explorer security feature will be on in this zone as
set by Protection from Zone Elevation feature control. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2101 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Internet Zone |
Allow active scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether script code on pages in the zone is run. If you enable this policy setting, script
code on pages in the zone can run automatically. If you select Prompt in the
drop-down box, users are queried to choose whether to allow script code on
pages in the zone to run. If you
disable this policy setting, script code on pages in the zone is prevented
from running. If you do not configure
this policy setting, users are queried to choose whether to allow script code
on pages in the Local Machine zone to run. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1400 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Internet Zone |
Allow paste operations via script |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether scripts can perform a clipboard operation (for example,
cut, copy, and paste) in a specified region.
If you enable this policy setting, a script can perform a clipboard
operation. If you select Prompt in the
drop-down box, users are queried as to whether to perform clipboard
operations. If you disable this policy
setting, a script cannot perform a clipboard operation. If you do not configure this policy
setting, a script can perform a clipboard operation. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1407 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Internet Zone |
Scripting of Java applets |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether applets are exposed to scripts within the zone. If you enable this policy setting, scripts
can access applets automatically without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to allow scripts to access applets. If you disable this policy setting, scripts
are prevented from accessing applets.
If you do not configure this policy setting, scripts can access
applets automatically without user intervention. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1402 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Internet Zone |
Logon options |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage settings for logon options.
If you enable this policy setting, you can choose from the following
logon options. Anonymous logon to
disable HTTP authentication and use the guest account only for the Common
Internet File System (CIFS) protocol.
Prompt for user name and password to query users for user IDs and
passwords. After a user is queried, these values can be used silently for the
remainder of the session. Automatic
logon only in Intranet zone to query users for user IDs and passwords in
other zones. After a user is queried, these values can be used silently for
the remainder of the session.
Automatic logon with current user name and password to attempt logon
using Windows NT Challenge Response (also known as NTLM authentication). If
Windows NT Challenge Response is supported by the server, the logon uses the
user's network user name and password for logon. If Windows NT Challenge
Response is not supported by the server, the user is queried to provide the
user name and password. If you disable
this policy setting, logon is set to Automatic logon only in Intranet
zone. If you do not configure this
policy setting, logon is set to Automatic logon only in Intranet zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1A00 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Intranet Zone |
Run .NET Framework-reliant components
signed with Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode
can be executed from Internet Explorer. These components include managed
controls referenced from an object tag and managed executables referenced
from a link. If you enable this policy
setting, Internet Explorer will execute signed managed components. If you
select Prompt in the drop-down box, Internet Explorer will prompt the user to
determine whether to execute signed managed components. If you disable this policy setting,
Internet Explorer will not execute signed managed components. If you do not configure this policy
setting, Internet Explorer will not execute signed managed components. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2001 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Intranet Zone |
Run .NET Framework-reliant components
not signed with Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether .NET Framework components that are not signed with
Authenticode can be executed from Internet Explorer. These components include
managed controls referenced from an object tag and managed executables
referenced from a link. If you enable
this policy setting, Internet Explorer will execute unsigned managed
components. If you select Prompt in the drop-down box, Internet Explorer will
prompt the user to determine whether to execute unsigned managed
components. If you disable this policy
setting, Internet Explorer will not execute unsigned managed components. If you do not configure this policy
setting, Internet Explorer will not execute unsigned managed components. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2004 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Intranet Zone |
Download signed ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users may download signed ActiveX controls from a page in
the zone. If you enable this policy,
users can download signed controls without user intervention. If you select
Prompt in the drop-down box, users are queried whether to download controls
signed by publishers who aren't trusted. Code signed by trusted publishers is
silently downloaded. If you disable
the policy setting, signed controls cannot be downloaded. If you do not configure this policy
setting, users are queried whether to download controls signed by publishers
who aren't trusted. Code signed by
trusted publishers is silently downloaded. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1001 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Intranet Zone |
Download unsigned ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone.
Such code is potentially harmful, especially when coming from an untrusted
zone. If you enable this policy
setting, users can run unsigned controls without user intervention. If you
select Prompt in the drop-down box, users are queried to choose whether to
allow the unsigned control to run. If
you disable this policy setting, users cannot run unsigned controls. If you do not configure this policy
setting, users cannot run unsigned controls. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1004 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Intranet Zone |
Initialize and script ActiveX controls not marked as safe |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX
controls are run, loaded with parameters, and scripted without setting object
safety for untrusted data or scripts. This setting is not recommended, except
for secure and administered zones. This setting causes both unsafe and safe
controls to be initialized and scripted, ignoring the Script ActiveX controls
marked safe for scripting option. If
you enable this policy setting and select Prompt in the drop-down box, users
are queried whether to allow the control to be loaded with parameters or
scripted. If you disable this policy
setting, ActiveX controls that cannot be made safe are not loaded with
parameters or scripted. If you do not
configure this policy setting, ActiveX controls that cannot be made safe are
not loaded with parameters or scripted. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1201 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Intranet Zone |
Run ActiveX controls and plugins |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the
specified zone. If you enable this
policy setting, controls and plug-ins can run without user intervention. If you selected Prompt in the drop-down
box, users are asked to choose whether to allow the controls or plug-in to
run. If you disable this policy
setting, controls and plug-ins are prevented from running. If you do not configure this policy
setting, controls and plug-ins are prevented from running. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1200 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Intranet Zone |
Script ActiveX controls marked safe for scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact
with a script. If you enable this
policy setting, script interaction can occur automatically without user
intervention. If you select Prompt in
the drop-down box, users are queried to choose whether to allow script
interaction. If you disable this
policy setting, script interaction is prevented from occurring. If you do not configure this policy
setting, script interaction can occur automatically without user
intervention. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1405 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Intranet Zone |
Allow file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether file downloads are permitted from the zone. This option is
determined by the zone of the page with the link causing the download, not
the zone from which the file is delivered.
If you enable this policy setting, files can be downloaded from the
zone. If you disable this policy
setting, files are prevented from being downloaded from the zone. If you do not configure this policy
setting, files can be downloaded from the zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1803 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Intranet Zone |
Allow font downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy setting, HTML
fonts can be downloaded automatically. If you enable this policy setting and
Prompt is selected in the drop-down box, users are queried whether to allow
HTML fonts to download. If you disable
this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting,
HTML fonts can be downloaded automatically. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1604 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Intranet Zone |
Java permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage permissions for Java applets.
If you enable this policy setting, you can choose options from the
drop-down box. Custom, to control permissions settings individually. Low Safety enables applets to perform all
operations. Medium Safety enables
applets to run in their sandbox (an area in memory outside of which the
program cannot make calls), plus capabilities like scratch space (a safe and
secure storage area on the client computer) and user-controlled file
I/O. High Safety enables applets to
run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java
applets cannot run. If you do not
configure this policy setting, Java applets are disabled. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1C00 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Intranet Zone |
Access data sources across domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether Internet Explorer can access data from another security
zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects
(ADO). If you enable this policy
setting, users can load a page in the zone that uses MSXML or ADO to access
data from another site in the zone. If you select Prompt in the drop-down
box, users are queried to choose whether to allow a page to be loaded in the
zone that uses MSXML or ADO to access data from another site in the zone. If you disable this policy setting, users
cannot load a page in the zone that uses MSXML or ADO to access data from
another site in the zone. If you do
not configure this policy setting, users are queried to choose whether to
allow a page to be loaded in the zone that uses MSXML or ADO to access data
from another site in the zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1406 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Intranet Zone |
Automatic prompting for file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting determines whether users will be prompted for non user-initiated file downloads.
Regardless of this setting, users will receive file download dialogs for
user-initiated downloads. If you
enable this setting, users will receive a file download dialog for automatic
download attempts. If you disable or
do not configure this setting, file downloads that are not user-initiated
will be blocked, and users will see the Information Bar instead of the file
download dialog. Users can then click the Information Bar to allow the file
download prompt. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2200 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Intranet Zone |
Automatic prompting for ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting manages whether users
will be automatically prompted for ActiveX control installations. If you enable this policy setting, users
will receive a prompt when a site instantiates an ActiveX control they do not
have installed. If you disable this
policy setting, ActiveX control installations will be blocked using the
Information Bar. Users can click on the Information Bar to allow the ActiveX
control prompt. If you do not
configure this policy setting, ActiveX control installations will be blocked
using the Information Bar. Users can click on the Information Bar to allow
the ActiveX control prompt. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2201 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Intranet Zone |
Allow META REFRESH |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether a user's browser can be redirected to another Web page if
the author of the Web page uses the Meta Refresh setting (tag) to redirect
browsers to another Web page. If you
enable this policy setting, a user's browser that loads a page containing an
active Meta Refresh setting can be redirected to another Web page. If you disable this policy setting, a
user's browser that loads a page containing an active Meta Refresh setting
cannot be redirected to another Web page.
If you do not configure this policy setting, a user's browser that
loads a page containing an active Meta Refresh setting can be redirected to
another Web page. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1608 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Intranet Zone |
Allow script-initiated windows without size or position constraints |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that
include the title and status bars. If
you enable this policy setting, Windows Restrictions security will not apply
in this zone. The security zone runs without the added layer of security
provided by this feature. If you
disable this policy setting, the possible harmful actions contained in
script-initiated pop-up windows and windows that include the title and status
bars cannot be run. This Internet Explorer security feature will be on in
this zone as dictated by the Scripted Windows Security Restrictions feature
control setting for the process. If
you do not configure this policy setting, the possible harmful actions
contained in script-initiated pop-up windows and windows that include the
title and status bars cannot be run. This Internet Explorer security feature
will be on in this zone as dictated by the Scripted Windows Security
Restrictions feature control setting for the process. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2102 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Intranet Zone |
Allow binary and script behaviors |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate
specific functionality for HTML elements to which they were attached. If you enable this policy setting, binary
and script behaviors are available. If you select Administrator approved in
the drop-down box, only behaviors listed in the Admin-approved Behaviors
under Binary Behaviors Security Restriction policy are available. If you disable this policy setting, binary
and script behaviors are not available unless applications have implemented a
custom security manager. If you do not
configure this policy setting, only behaviors listed in the Admin-approved
Behaviors under Binary Behaviors Security Restriction policy are available. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2000 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Intranet Zone |
Display mixed content |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can display nonsecure items and manage whether users
receive a security information message to display pages containing both
secure and nonsecure items. If you
enable this policy setting, and the drop-down box is set to Enable, the user
does not receive a security information message (This page contains both
secure and nonsecure items. Do you want to display the nonsecure items?) and
nonsecure content can be displayed. If
the drop-down box is set to Prompt, the user will receive the security
information message on the Web pages that contain both secure (https://) and
nonsecure (http://) content. If you
disable this policy setting, users cannot receive the security information
message and nonsecure content cannot be displayed. If you do not configure this policy
setting, the user will receive the security information message on the Web
pages that contain both secure (https://) and nonsecure (http://) content. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1609 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Intranet Zone |
Do not prompt for client certificate selection when no certificates or only one certificate
exists. |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users are prompted to select a certificate when no
certificate or only one certificate exists.
If you enable this policy setting, Internet Explorer does not prompt
users with a Client Authentication message when they connect to a Web site
that has no certificate or only one certificate. If you disable this policy setting,
Internet Explorer prompts users with a Client Authentication message when
they connect to a Web site that has no certificate or only one
certificate. If you do not configure
this policy setting, Internet Explorer prompts users with a Client
Authentication message when they connect to a Web site that has no certificate
or only one certificate. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1A04 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Intranet Zone |
Allow drag and drop or copy and paste files |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can drag files or copy and paste files from a source
within the zone. If you enable this
policy setting, users can drag files or copy and paste files from this zone
automatically. If you select Prompt in the drop-down box, users are queried
to choose whether to drag or copy files from this zone. If you disable this policy setting, users
are prevented from dragging files or copying and pasting files from this zone. If you do not configure this policy
setting, users can drag files or copy and paste files from this zone
automatically. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1802 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Intranet Zone |
Allow installation of desktop items |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can install Active Desktop items from this zone. The
settings for this option are: If you enable this policy setting, users can
install desktop items from this zone automatically. If you select Prompt in the drop-down box,
users are queried to choose whether to install desktop items from this
zone. If you disable this policy
setting, users are prevented from installing desktop items from this zone. If you do not configure this policy
setting, users are queried to choose whether to install desktop items from
this zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1800 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Intranet Zone |
Launching applications and files in an IFRAME |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether applications may be run and files may be downloaded from an
IFRAME reference in the HTML of the pages in this zone. If you enable this policy setting, users
can run applications and download files from IFRAMEs on the pages in this
zone without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to run applications and download files
from IFRAMEs on the pages in this zone.
If you disable this policy setting, users are prevented from running
applications and downloading files from IFRAMEs on the pages in this
zone. If you do not configure this
policy setting, users are queried to choose whether to run applications and
download files from IFRAMEs on the pages in this zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1804 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Intranet Zone |
Navigate sub-frames across different domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage the opening of sub-frames and access of applications across
different domains. If you enable this
policy setting, users can open sub-frames from other domains and access
applications from other domains. If you select Prompt in the drop-down box,
users are queried whether to allow sub-frames or access to applications from
other domains. If you disable this
policy setting, users cannot open sub-frames or access applications from
different domains. If you do not
configure this policy setting, users can open sub-frames from other domains
and access applications from other domains. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1607 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Intranet Zone |
Open files based on content, not file extension |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on
a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the
file type based on a bit signature. If
you enable this policy setting, the MIME Sniffing Safety Feature will not
apply in this zone. The security zone will run without the added layer of
security provided by this feature. If
you disable this policy setting, the actions that may be harmful cannot run;
this Internet Explorer security feature will be turned on in this zone, as
dictated by the feature control setting for the process. If you do not configure this policy
setting, the actions that may be harmful cannot run; this Internet Explorer
security feature will be turned on in this zone, as dictated by the feature
control setting for the process. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2100 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Intranet Zone |
Software channel permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage software channel permissions.
If you enable this policy setting, you can choose the following
options from the drop-down box. Low
safety to allow users to be notified of software updates by e-mail, software
packages to be automatically downloaded to users' computers, and software
packages to be automatically installed on users' computers. Medium safety to allow users to be notified
of software updates by e-mail and software packages to be automatically
downloaded to (but not installed on) users' computers. High safety to prevent users from being
notified of software updates by e-mail, software packages from being
automatically downloaded to users' computers, and software packages from
being automatically installed on users' computers. If you disable this policy setting,
permissions are set to high safety. If
you do not configure this policy setting, permissions are set to Low safety. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1E05 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Intranet Zone |
Submit non-encrypted form data |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted.
Forms sent with SSL (Secure Sockets Layer) encryption are always allowed;
this setting only affects non-SSL form data submission. If you enable this policy setting,
information using HTML forms on pages in this zone can be submitted
automatically. If you select Prompt in the drop-down box, users are queried
to choose whether to allow information using HTML forms on pages in this zone
to be submitted. If you disable this
policy setting, information using HTML forms on pages in this zone is
prevented from being submitted. If you
do not configure this policy setting, information using HTML forms on pages
in this zone can be submitted automatically. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1601 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Intranet Zone |
Use Pop-up Blocker |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are
opened when the end user clicks a link are not blocked. If you enable this policy setting, most
unwanted pop-up windows are prevented from appearing. If you disable this policy setting, pop-up
windows are not prevented from appearing.
If you do not configure this policy setting, pop-up windows are not
prevented from appearing. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1809 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Intranet Zone |
Userdata persistence |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage the preservation of information in the browser's history, in
favorites, in an XML store, or directly within a Web page saved to disk. When
a user returns to a persisted page, the state of the page can be restored if
this policy setting is appropriately configured. If you enable this policy setting, users
can preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you disable this policy setting, users
cannot preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you do not configure this policy
setting, users can preserve information in the browser's history, in
favorites, in an XML store, or directly within a Web page saved to disk. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1606 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Intranet Zone |
Web sites in less privileged Web content zones can navigate into this zone |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet
sites, can navigate into this zone. If
you enable this policy setting, Web sites from less privileged zones can open
new windows in, or navigate into, this zone. The security zone will run
without the added layer of security that is provided by the Protection from
Zone Elevation security feature. If you select Prompt in the drop-down box, a
warning is issued to the user that potentially risky navigation is about to
occur. If you disable this policy
setting, the possibly harmful navigations are prevented. The Internet
Explorer security feature will be on in this zone as set by Protection from
Zone Elevation feature control. If you
do not configure this policy setting, the possibly harmful navigations are
prevented. The Internet Explorer security feature will be on in this zone as
set by Protection from Zone Elevation feature control. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2101 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Intranet Zone |
Allow active scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether script code on pages in the zone is run. If you enable this policy setting, script
code on pages in the zone can run automatically. If you select Prompt in the
drop-down box, users are queried to choose whether to allow script code on
pages in the zone to run. If you
disable this policy setting, script code on pages in the zone is prevented
from running. If you do not configure
this policy setting, users are queried to choose whether to allow script code
on pages in the Local Machine zone to run. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1400 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Intranet Zone |
Allow paste operations via script |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether scripts can perform a clipboard operation (for example,
cut, copy, and paste) in a specified region.
If you enable this policy setting, a script can perform a clipboard
operation. If you select Prompt in the
drop-down box, users are queried as to whether to perform clipboard
operations. If you disable this policy
setting, a script cannot perform a clipboard operation. If you do not configure this policy
setting, a script can perform a clipboard operation. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1407 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Intranet Zone |
Scripting of Java applets |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether applets are exposed to scripts within the zone. If you enable this policy setting, scripts
can access applets automatically without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to allow scripts to access applets. If you disable this policy setting, scripts
are prevented from accessing applets.
If you do not configure this policy setting, scripts can access
applets automatically without user intervention. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1402 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Intranet Zone |
Logon options |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage settings for logon options.
If you enable this policy setting, you can choose from the following
logon options. Anonymous logon to
disable HTTP authentication and use the guest account only for the Common
Internet File System (CIFS) protocol.
Prompt for user name and password to query users for user IDs and
passwords. After a user is queried, these values can be used silently for the
remainder of the session. Automatic
logon only in Intranet zone to query users for user IDs and passwords in
other zones. After a user is queried, these values can be used silently for
the remainder of the session.
Automatic logon with current user name and password to attempt logon
using Windows NT Challenge Response (also known as NTLM authentication). If
Windows NT Challenge Response is supported by the server, the logon uses the
user's network user name and password for logon. If Windows NT Challenge
Response is not supported by the server, the user is queried to provide the
user name and password. If you disable
this policy setting, logon is set to Automatic logon only in Intranet
zone. If you do not configure this
policy setting, logon is set to Automatic logon only in Intranet zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1A00 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Intranet Zone |
Run .NET Framework-reliant components
signed with Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode
can be executed from Internet Explorer. These components include managed
controls referenced from an object tag and managed executables referenced
from a link. If you enable this policy
setting, Internet Explorer will execute signed managed components. If you
select Prompt in the drop-down box, Internet Explorer will prompt the user to
determine whether to execute signed managed components. If you disable this policy setting,
Internet Explorer will not execute signed managed components. If you do not configure this policy
setting, Internet Explorer will not execute signed managed components. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2001 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Intranet Zone |
Run .NET Framework-reliant components
not signed with Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether .NET Framework components that are not signed with
Authenticode can be executed from Internet Explorer. These components include
managed controls referenced from an object tag and managed executables
referenced from a link. If you enable
this policy setting, Internet Explorer will execute unsigned managed
components. If you select Prompt in the drop-down box, Internet Explorer will
prompt the user to determine whether to execute unsigned managed
components. If you disable this policy
setting, Internet Explorer will not execute unsigned managed components. If you do not configure this policy
setting, Internet Explorer will not execute unsigned managed components. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2004 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Intranet Zone |
Download signed ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users may download signed ActiveX controls from a page in
the zone. If you enable this policy,
users can download signed controls without user intervention. If you select
Prompt in the drop-down box, users are queried whether to download controls
signed by publishers who aren't trusted. Code signed by trusted publishers is
silently downloaded. If you disable
the policy setting, signed controls cannot be downloaded. If you do not configure this policy
setting, users are queried whether to download controls signed by publishers
who aren't trusted. Code signed by
trusted publishers is silently downloaded. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1001 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Intranet Zone |
Download unsigned ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone.
Such code is potentially harmful, especially when coming from an untrusted
zone. If you enable this policy
setting, users can run unsigned controls without user intervention. If you
select Prompt in the drop-down box, users are queried to choose whether to
allow the unsigned control to run. If
you disable this policy setting, users cannot run unsigned controls. If you do not configure this policy
setting, users cannot run unsigned controls. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1004 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Intranet Zone |
Initialize and script ActiveX controls not marked as safe |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX
controls are run, loaded with parameters, and scripted without setting object
safety for untrusted data or scripts. This setting is not recommended, except
for secure and administered zones. This setting causes both unsafe and safe
controls to be initialized and scripted, ignoring the Script ActiveX controls
marked safe for scripting option. If
you enable this policy setting and select Prompt in the drop-down box, users
are queried whether to allow the control to be loaded with parameters or
scripted. If you disable this policy
setting, ActiveX controls that cannot be made safe are not loaded with
parameters or scripted. If you do not
configure this policy setting, ActiveX controls that cannot be made safe are
not loaded with parameters or scripted. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1201 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Intranet Zone |
Run ActiveX controls and plugins |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the
specified zone. If you enable this
policy setting, controls and plug-ins can run without user intervention. If you selected Prompt in the drop-down
box, users are asked to choose whether to allow the controls or plug-in to
run. If you disable this policy
setting, controls and plug-ins are prevented from running. If you do not configure this policy
setting, controls and plug-ins are prevented from running. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1200 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Intranet Zone |
Script ActiveX controls marked safe for scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact
with a script. If you enable this
policy setting, script interaction can occur automatically without user
intervention. If you select Prompt in
the drop-down box, users are queried to choose whether to allow script
interaction. If you disable this
policy setting, script interaction is prevented from occurring. If you do not configure this policy
setting, script interaction can occur automatically without user
intervention. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1405 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Intranet Zone |
Allow file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether file downloads are permitted from the zone. This option is
determined by the zone of the page with the link causing the download, not
the zone from which the file is delivered.
If you enable this policy setting, files can be downloaded from the
zone. If you disable this policy
setting, files are prevented from being downloaded from the zone. If you do not configure this policy
setting, files can be downloaded from the zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1803 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Intranet Zone |
Allow font downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy setting, HTML
fonts can be downloaded automatically. If you enable this policy setting and
Prompt is selected in the drop-down box, users are queried whether to allow
HTML fonts to download. If you disable
this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting,
HTML fonts can be downloaded automatically. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1604 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Intranet Zone |
Java permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage permissions for Java applets.
If you enable this policy setting, you can choose options from the
drop-down box. Custom, to control permissions settings individually. Low Safety enables applets to perform all
operations. Medium Safety enables
applets to run in their sandbox (an area in memory outside of which the
program cannot make calls), plus capabilities like scratch space (a safe and
secure storage area on the client computer) and user-controlled file
I/O. High Safety enables applets to
run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java
applets cannot run. If you do not
configure this policy setting, Java applets are disabled. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1C00 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Intranet Zone |
Access data sources across domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether Internet Explorer can access data from another security
zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects
(ADO). If you enable this policy
setting, users can load a page in the zone that uses MSXML or ADO to access
data from another site in the zone. If you select Prompt in the drop-down
box, users are queried to choose whether to allow a page to be loaded in the
zone that uses MSXML or ADO to access data from another site in the zone. If you disable this policy setting, users
cannot load a page in the zone that uses MSXML or ADO to access data from
another site in the zone. If you do
not configure this policy setting, users are queried to choose whether to
allow a page to be loaded in the zone that uses MSXML or ADO to access data
from another site in the zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1406 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Intranet Zone |
Automatic prompting for file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting determines whether users will be prompted for non user-initiated file downloads.
Regardless of this setting, users will receive file download dialogs for
user-initiated downloads. If you
enable this setting, users will receive a file download dialog for automatic
download attempts. If you disable or
do not configure this setting, file downloads that are not user-initiated
will be blocked, and users will see the Information Bar instead of the file
download dialog. Users can then click the Information Bar to allow the file
download prompt. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2200 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Intranet Zone |
Automatic prompting for ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting manages whether users
will be automatically prompted for ActiveX control installations. If you enable this policy setting, users
will receive a prompt when a site instantiates an ActiveX control they do not
have installed. If you disable this
policy setting, ActiveX control installations will be blocked using the
Information Bar. Users can click on the Information Bar to allow the ActiveX
control prompt. If you do not
configure this policy setting, ActiveX control installations will be blocked
using the Information Bar. Users can click on the Information Bar to allow
the ActiveX control prompt. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2201 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Intranet Zone |
Allow META REFRESH |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether a user's browser can be redirected to another Web page if
the author of the Web page uses the Meta Refresh setting (tag) to redirect
browsers to another Web page. If you
enable this policy setting, a user's browser that loads a page containing an
active Meta Refresh setting can be redirected to another Web page. If you disable this policy setting, a
user's browser that loads a page containing an active Meta Refresh setting
cannot be redirected to another Web page.
If you do not configure this policy setting, a user's browser that
loads a page containing an active Meta Refresh setting can be redirected to
another Web page. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1608 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Intranet Zone |
Allow script-initiated windows without size or position constraints |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that
include the title and status bars. If
you enable this policy setting, Windows Restrictions security will not apply
in this zone. The security zone runs without the added layer of security
provided by this feature. If you
disable this policy setting, the possible harmful actions contained in
script-initiated pop-up windows and windows that include the title and status
bars cannot be run. This Internet Explorer security feature will be on in
this zone as dictated by the Scripted Windows Security Restrictions feature
control setting for the process. If
you do not configure this policy setting, the possible harmful actions
contained in script-initiated pop-up windows and windows that include the
title and status bars cannot be run. This Internet Explorer security feature
will be on in this zone as dictated by the Scripted Windows Security
Restrictions feature control setting for the process. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2102 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Intranet Zone |
Allow binary and script behaviors |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate
specific functionality for HTML elements to which they were attached. If you enable this policy setting, binary
and script behaviors are available. If you select Administrator approved in
the drop-down box, only behaviors listed in the Admin-approved Behaviors
under Binary Behaviors Security Restriction policy are available. If you disable this policy setting, binary
and script behaviors are not available unless applications have implemented a
custom security manager. If you do not
configure this policy setting, only behaviors listed in the Admin-approved
Behaviors under Binary Behaviors Security Restriction policy are available. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2000 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Intranet Zone |
Display mixed content |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can display nonsecure items and manage whether users
receive a security information message to display pages containing both
secure and nonsecure items. If you
enable this policy setting, and the drop-down box is set to Enable, the user
does not receive a security information message (This page contains both
secure and nonsecure items. Do you want to display the nonsecure items?) and
nonsecure content can be displayed. If
the drop-down box is set to Prompt, the user will receive the security
information message on the Web pages that contain both secure (https://) and
nonsecure (http://) content. If you
disable this policy setting, users cannot receive the security information
message and nonsecure content cannot be displayed. If you do not configure this policy
setting, the user will receive the security information message on the Web
pages that contain both secure (https://) and nonsecure (http://) content. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1609 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Intranet Zone |
Do not prompt for client certificate selection when no certificates or only one certificate
exists. |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users are prompted to select a certificate when no
certificate or only one certificate exists.
If you enable this policy setting, Internet Explorer does not prompt
users with a Client Authentication message when they connect to a Web site
that has no certificate or only one certificate. If you disable this policy setting,
Internet Explorer prompts users with a Client Authentication message when
they connect to a Web site that has no certificate or only one
certificate. If you do not configure
this policy setting, Internet Explorer prompts users with a Client
Authentication message when they connect to a Web site that has no certificate
or only one certificate. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1A04 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Intranet Zone |
Allow drag and drop or copy and paste files |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can drag files or copy and paste files from a source
within the zone. If you enable this
policy setting, users can drag files or copy and paste files from this zone
automatically. If you select Prompt in the drop-down box, users are queried
to choose whether to drag or copy files from this zone. If you disable this policy setting, users
are prevented from dragging files or copying and pasting files from this zone. If you do not configure this policy
setting, users can drag files or copy and paste files from this zone
automatically. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1802 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Intranet Zone |
Allow installation of desktop items |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can install Active Desktop items from this zone. The
settings for this option are: If you enable this policy setting, users can
install desktop items from this zone automatically. If you select Prompt in the drop-down box,
users are queried to choose whether to install desktop items from this
zone. If you disable this policy
setting, users are prevented from installing desktop items from this zone. If you do not configure this policy
setting, users are queried to choose whether to install desktop items from
this zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1800 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Intranet Zone |
Launching applications and files in an IFRAME |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether applications may be run and files may be downloaded from an
IFRAME reference in the HTML of the pages in this zone. If you enable this policy setting, users
can run applications and download files from IFRAMEs on the pages in this
zone without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to run applications and download files
from IFRAMEs on the pages in this zone.
If you disable this policy setting, users are prevented from running
applications and downloading files from IFRAMEs on the pages in this
zone. If you do not configure this
policy setting, users are queried to choose whether to run applications and
download files from IFRAMEs on the pages in this zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1804 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Intranet Zone |
Navigate sub-frames across different domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage the opening of sub-frames and access of applications across
different domains. If you enable this
policy setting, users can open sub-frames from other domains and access
applications from other domains. If you select Prompt in the drop-down box,
users are queried whether to allow sub-frames or access to applications from
other domains. If you disable this
policy setting, users cannot open sub-frames or access applications from
different domains. If you do not
configure this policy setting, users can open sub-frames from other domains
and access applications from other domains. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1607 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Intranet Zone |
Open files based on content, not file extension |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on
a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the
file type based on a bit signature. If
you enable this policy setting, the MIME Sniffing Safety Feature will not
apply in this zone. The security zone will run without the added layer of
security provided by this feature. If
you disable this policy setting, the actions that may be harmful cannot run;
this Internet Explorer security feature will be turned on in this zone, as
dictated by the feature control setting for the process. If you do not configure this policy
setting, the actions that may be harmful cannot run; this Internet Explorer
security feature will be turned on in this zone, as dictated by the feature
control setting for the process. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2100 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Intranet Zone |
Software channel permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage software channel permissions.
If you enable this policy setting, you can choose the following
options from the drop-down box. Low
safety to allow users to be notified of software updates by e-mail, software
packages to be automatically downloaded to users' computers, and software
packages to be automatically installed on users' computers. Medium safety to allow users to be notified
of software updates by e-mail and software packages to be automatically
downloaded to (but not installed on) users' computers. High safety to prevent users from being
notified of software updates by e-mail, software packages from being
automatically downloaded to users' computers, and software packages from
being automatically installed on users' computers. If you disable this policy setting,
permissions are set to high safety. If
you do not configure this policy setting, permissions are set to Low safety. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1E05 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Intranet Zone |
Submit non-encrypted form data |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted.
Forms sent with SSL (Secure Sockets Layer) encryption are always allowed;
this setting only affects non-SSL form data submission. If you enable this policy setting,
information using HTML forms on pages in this zone can be submitted
automatically. If you select Prompt in the drop-down box, users are queried
to choose whether to allow information using HTML forms on pages in this zone
to be submitted. If you disable this
policy setting, information using HTML forms on pages in this zone is
prevented from being submitted. If you
do not configure this policy setting, information using HTML forms on pages
in this zone can be submitted automatically. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1601 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Intranet Zone |
Use Pop-up Blocker |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are
opened when the end user clicks a link are not blocked. If you enable this policy setting, most
unwanted pop-up windows are prevented from appearing. If you disable this policy setting, pop-up
windows are not prevented from appearing.
If you do not configure this policy setting, pop-up windows are not
prevented from appearing. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1809 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Intranet Zone |
Userdata persistence |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage the preservation of information in the browser's history, in
favorites, in an XML store, or directly within a Web page saved to disk. When
a user returns to a persisted page, the state of the page can be restored if
this policy setting is appropriately configured. If you enable this policy setting, users
can preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you disable this policy setting, users
cannot preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you do not configure this policy
setting, users can preserve information in the browser's history, in
favorites, in an XML store, or directly within a Web page saved to disk. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1606 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Intranet Zone |
Web sites in less privileged Web content zones can navigate into this zone |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet
sites, can navigate into this zone. If
you enable this policy setting, Web sites from less privileged zones can open
new windows in, or navigate into, this zone. The security zone will run
without the added layer of security that is provided by the Protection from
Zone Elevation security feature. If you select Prompt in the drop-down box, a
warning is issued to the user that potentially risky navigation is about to
occur. If you disable this policy
setting, the possibly harmful navigations are prevented. The Internet
Explorer security feature will be on in this zone as set by Protection from
Zone Elevation feature control. If you
do not configure this policy setting, the possibly harmful navigations are
prevented. The Internet Explorer security feature will be on in this zone as
set by Protection from Zone Elevation feature control. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2101 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Intranet Zone |
Allow active scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether script code on pages in the zone is run. If you enable this policy setting, script
code on pages in the zone can run automatically. If you select Prompt in the
drop-down box, users are queried to choose whether to allow script code on
pages in the zone to run. If you
disable this policy setting, script code on pages in the zone is prevented
from running. If you do not configure
this policy setting, users are queried to choose whether to allow script code
on pages in the Local Machine zone to run. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1400 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Intranet Zone |
Allow paste operations via script |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether scripts can perform a clipboard operation (for example,
cut, copy, and paste) in a specified region.
If you enable this policy setting, a script can perform a clipboard
operation. If you select Prompt in the
drop-down box, users are queried as to whether to perform clipboard
operations. If you disable this policy
setting, a script cannot perform a clipboard operation. If you do not configure this policy
setting, a script can perform a clipboard operation. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1407 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Intranet Zone |
Scripting of Java applets |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether applets are exposed to scripts within the zone. If you enable this policy setting, scripts
can access applets automatically without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to allow scripts to access applets. If you disable this policy setting, scripts
are prevented from accessing applets.
If you do not configure this policy setting, scripts can access
applets automatically without user intervention. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1402 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Intranet Zone |
Logon options |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage settings for logon options.
If you enable this policy setting, you can choose from the following
logon options. Anonymous logon to
disable HTTP authentication and use the guest account only for the Common
Internet File System (CIFS) protocol.
Prompt for user name and password to query users for user IDs and
passwords. After a user is queried, these values can be used silently for the
remainder of the session. Automatic
logon only in Intranet zone to query users for user IDs and passwords in
other zones. After a user is queried, these values can be used silently for
the remainder of the session.
Automatic logon with current user name and password to attempt logon
using Windows NT Challenge Response (also known as NTLM authentication). If
Windows NT Challenge Response is supported by the server, the logon uses the
user's network user name and password for logon. If Windows NT Challenge
Response is not supported by the server, the user is queried to provide the
user name and password. If you disable
this policy setting, logon is set to Automatic logon only in Intranet
zone. If you do not configure this
policy setting, logon is set to Automatic logon only in Intranet zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1A00 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Restricted Sites Zone |
Run .NET Framework-reliant components
signed with Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode
can be executed from Internet Explorer. These components include managed
controls referenced from an object tag and managed executables referenced
from a link. If you enable this policy
setting, Internet Explorer will execute signed managed components. If you
select Prompt in the drop-down box, Internet Explorer will prompt the user to
determine whether to execute signed managed components. If you disable this policy setting,
Internet Explorer will not execute signed managed components. If you do not configure this policy
setting, Internet Explorer will not execute signed managed components. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2001 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Restricted Sites Zone |
Run .NET Framework-reliant components
not signed with Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether .NET Framework components that are not signed with
Authenticode can be executed from Internet Explorer. These components include
managed controls referenced from an object tag and managed executables
referenced from a link. If you enable
this policy setting, Internet Explorer will execute unsigned managed
components. If you select Prompt in the drop-down box, Internet Explorer will
prompt the user to determine whether to execute unsigned managed
components. If you disable this policy
setting, Internet Explorer will not execute unsigned managed components. If you do not configure this policy
setting, Internet Explorer will not execute unsigned managed components. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2004 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Restricted Sites Zone |
Download signed ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users may download signed ActiveX controls from a page in
the zone. If you enable this policy,
users can download signed controls without user intervention. If you select
Prompt in the drop-down box, users are queried whether to download controls
signed by publishers who aren't trusted. Code signed by trusted publishers is
silently downloaded. If you disable
the policy setting, signed controls cannot be downloaded. If you do not configure this policy
setting, signed controls cannot be downloaded. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1001 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Restricted Sites Zone |
Download unsigned ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone.
Such code is potentially harmful, especially when coming from an untrusted
zone. If you enable this policy
setting, users can run unsigned controls without user intervention. If you
select Prompt in the drop-down box, users are queried to choose whether to
allow the unsigned control to run. If
you disable this policy setting, users cannot run unsigned controls. If you do not configure this policy
setting, users cannot run unsigned controls. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1004 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Restricted Sites Zone |
Initialize and script ActiveX controls not marked as safe |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX
controls are run, loaded with parameters, and scripted without setting object
safety for untrusted data or scripts. This setting is not recommended, except
for secure and administered zones. This setting causes both unsafe and safe
controls to be initialized and scripted, ignoring the Script ActiveX controls
marked safe for scripting option. If
you enable this policy setting and select Prompt in the drop-down box, users
are queried whether to allow the control to be loaded with parameters or
scripted. If you disable this policy
setting, ActiveX controls that cannot be made safe are not loaded with
parameters or scripted. If you do not
configure this policy setting, ActiveX controls that cannot be made safe are
not loaded with parameters or scripted. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1201 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Restricted Sites Zone |
Run ActiveX controls and plugins |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the
specified zone. If you enable this
policy setting, controls and plug-ins can run without user intervention. If you selected Prompt in the drop-down
box, users are asked to choose whether to allow the controls or plug-in to
run. If you disable this policy
setting, controls and plug-ins are prevented from running. If you do not configure this policy
setting, controls and plug-ins are prevented from running. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1200 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Restricted Sites Zone |
Script ActiveX controls marked safe for scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact
with a script. If you enable this
policy setting, script interaction can occur automatically without user
intervention. If you select Prompt in
the drop-down box, users are queried to choose whether to allow script
interaction. If you disable this
policy setting, script interaction is prevented from occurring. If you do not configure this policy
setting, script interaction is prevented from occurring. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1405 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Restricted Sites Zone |
Allow file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether file downloads are permitted from the zone. This option is
determined by the zone of the page with the link causing the download, not
the zone from which the file is delivered.
If you enable this policy setting, files can be downloaded from the
zone. If you disable this policy
setting, files are prevented from being downloaded from the zone. If you do not configure this policy
setting, files are prevented from being downloaded from the zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1803 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Restricted Sites Zone |
Allow font downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy setting, HTML
fonts can be downloaded automatically. If you enable this policy setting and
Prompt is selected in the drop-down box, users are queried whether to allow
HTML fonts to download. If you disable
this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting,
users are queried whether to allow HTML fonts to download. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1604 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Restricted Sites Zone |
Java permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage permissions for Java applets.
If you enable this policy setting, you can choose options from the
drop-down box. Custom, to control permissions settings individually. Low Safety enables applets to perform all
operations. Medium Safety enables
applets to run in their sandbox (an area in memory outside of which the
program cannot make calls), plus capabilities like scratch space (a safe and
secure storage area on the client computer) and user-controlled file
I/O. High Safety enables applets to
run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java
applets cannot run. If you do not
configure this policy setting, Java applets are disabled. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1C00 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Restricted Sites Zone |
Access data sources across domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether Internet Explorer can access data from another security
zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects
(ADO). If you enable this policy
setting, users can load a page in the zone that uses MSXML or ADO to access
data from another site in the zone. If you select Prompt in the drop-down
box, users are queried to choose whether to allow a page to be loaded in the
zone that uses MSXML or ADO to access data from another site in the zone. If you disable this policy setting, users
cannot load a page in the zone that uses MSXML or ADO to access data from
another site in the zone. If you do
not configure this policy setting, users cannot load a page in the zone that
uses MSXML or ADO to access data from another site in the zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1406 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Restricted Sites Zone |
Automatic prompting for file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting determines whether users will be prompted for non user-initiated file downloads.
Regardless of this setting, users will receive file download dialogs for
user-initiated downloads. If you
enable this setting, users will receive a file download dialog for automatic
download attempts. If you disable or
do not configure this setting, file downloads that are not user-initiated
will be blocked, and users will see the Information Bar instead of the file
download dialog. Users can then click the Information Bar to allow the file
download prompt. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2200 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Restricted Sites Zone |
Automatic prompting for ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting manages whether users
will be automatically prompted for ActiveX control installations. If you enable this policy setting, users
will receive a prompt when a site instantiates an ActiveX control they do not
have installed. If you disable this
policy setting, ActiveX control installations will be blocked using the
Information Bar. Users can click on the Information Bar to allow the ActiveX
control prompt. If you do not
configure this policy setting, ActiveX control installations will be blocked
using the Information Bar. Users can click on the Information Bar to allow
the ActiveX control prompt. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2201 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Restricted Sites Zone |
Allow META REFRESH |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether a user's browser can be redirected to another Web page if
the author of the Web page uses the Meta Refresh setting (tag) to redirect
browsers to another Web page. If you
enable this policy setting, a user's browser that loads a page containing an
active Meta Refresh setting can be redirected to another Web page. If you disable this policy setting, a
user's browser that loads a page containing an active Meta Refresh setting
cannot be redirected to another Web page.
If you do not configure this policy setting, a user's browser that
loads a page containing an active Meta Refresh setting cannot be redirected
to another Web page. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1608 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Restricted Sites Zone |
Allow script-initiated windows without size or position constraints |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that
include the title and status bars. If
you enable this policy setting, Windows Restrictions security will not apply
in this zone. The security zone runs without the added layer of security
provided by this feature. If you
disable this policy setting, the possible harmful actions contained in
script-initiated pop-up windows and windows that include the title and status
bars cannot be run. This Internet Explorer security feature will be on in
this zone as dictated by the Scripted Windows Security Restrictions feature
control setting for the process. If
you do not configure this policy setting, the possible harmful actions
contained in script-initiated pop-up windows and windows that include the
title and status bars cannot be run. This Internet Explorer security feature
will be on in this zone as dictated by the Scripted Windows Security
Restrictions feature control setting for the process. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2102 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Restricted Sites Zone |
Allow binary and script behaviors |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate
specific functionality for HTML elements to which they were attached. If you enable this policy setting, binary
and script behaviors are available. If you select Administrator approved in
the drop-down box, only behaviors listed in the Admin-approved Behaviors
under Binary Behaviors Security Restriction policy are available. If you disable this policy setting, binary
and script behaviors are not available unless applications have implemented a
custom security manager. If you do not
configure this policy setting, binary and script behaviors are not available
unless applications have implemented a custom security manager. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2000 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Restricted Sites Zone |
Display mixed content |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can display nonsecure items and manage whether users
receive a security information message to display pages containing both
secure and nonsecure items. If you
enable this policy setting, and the drop-down box is set to Enable, the user
does not receive a security information message (This page contains both
secure and nonsecure items. Do you want to display the nonsecure items?) and
nonsecure content can be displayed. If
the drop-down box is set to Prompt, the user will receive the security
information message on the Web pages that contain both secure (https://) and
nonsecure (http://) content. If you
disable this policy setting, users cannot receive the security information
message and nonsecure content cannot be displayed. If you do not configure this policy
setting, the user will receive the security information message on the Web
pages that contain both secure (https://) and nonsecure (http://) content. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1609 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Restricted Sites Zone |
Do not prompt for client certificate selection when no certificates or only one certificate
exists. |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users are prompted to select a certificate when no
certificate or only one certificate exists.
If you enable this policy setting, Internet Explorer does not prompt
users with a Client Authentication message when they connect to a Web site
that has no certificate or only one certificate. If you disable this policy setting,
Internet Explorer prompts users with a Client Authentication message when
they connect to a Web site that has no certificate or only one
certificate. If you do not configure
this policy setting, Internet Explorer prompts users with a Client
Authentication message when they connect to a Web site that has no certificate
or only one certificate. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1A04 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Restricted Sites Zone |
Allow drag and drop or copy and paste files |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can drag files or copy and paste files from a source
within the zone. If you enable this
policy setting, users can drag files or copy and paste files from this zone
automatically. If you select Prompt in the drop-down box, users are queried
to choose whether to drag or copy files from this zone. If you disable this policy setting, users
are prevented from dragging files or copying and pasting files from this zone. If you do not configure this policy
setting, users are queried to choose whether to drag or copy files from this
zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1802 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Restricted Sites Zone |
Allow installation of desktop items |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can install Active Desktop items from this zone. The
settings for this option are: If you enable this policy setting, users can
install desktop items from this zone automatically. If you select Prompt in the drop-down box,
users are queried to choose whether to install desktop items from this
zone. If you disable this policy
setting, users are prevented from installing desktop items from this zone. If you do not configure this policy
setting, users are prevented from installing desktop items from this zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1800 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Restricted Sites Zone |
Launching applications and files in an IFRAME |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether applications may be run and files may be downloaded from an
IFRAME reference in the HTML of the pages in this zone. If you enable this policy setting, users
can run applications and download files from IFRAMEs on the pages in this
zone without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to run applications and download files
from IFRAMEs on the pages in this zone.
If you disable this policy setting, users are prevented from running
applications and downloading files from IFRAMEs on the pages in this
zone. If you do not configure this
policy setting, users are prevented from running applications and downloading
files from IFRAMEs on the pages in this zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1804 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Restricted Sites Zone |
Navigate sub-frames across different domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage the opening of sub-frames and access of applications across
different domains. If you enable this
policy setting, users can open additional sub-frames from other domains and
access applications from other domains. If you select Prompt in the drop-down
box, users are queried whether to allow additional sub-frames or access to
applications from other domains. If
you disable this policy setting, users cannot open other sub-frames or access
applications from different domains.
If you do not configure this policy setting, users cannot open other
sub-frames or access applications from different domains. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1607 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Restricted Sites Zone |
Open files based on content, not file extension |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on
a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the
file type based on a bit signature. If
you enable this policy setting, the MIME Sniffing Safety Feature will not
apply in this zone. The security zone will run without the added layer of
security provided by this feature. If
you disable this policy setting, the actions that may be harmful cannot run;
this Internet Explorer security feature will be turned on in this zone, as
dictated by the feature control setting for the process. If you do not configure this policy
setting, the actions that may be harmful cannot run; this Internet Explorer
security feature will be turned on in this zone, as dictated by the feature
control setting for the process. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2100 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Restricted Sites Zone |
Software channel permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage software channel permissions.
If you enable this policy setting, you can choose the following
options from the drop-down box. Low
safety to allow users to be notified of software updates by e-mail, software
packages to be automatically downloaded to users' computers, and software
packages to be automatically installed on users' computers. Medium safety to allow users to be notified
of software updates by e-mail and software packages to be automatically
downloaded to (but not installed on) users' computers. High safety to prevent users from being
notified of software updates by e-mail, software packages from being
automatically downloaded to users' computers, and software packages from
being automatically installed on users' computers. If you disable this policy setting,
permissions are set to high safety. If
you do not configure this policy setting, permissions are set to Low safety. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1E05 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Restricted Sites Zone |
Submit non-encrypted form data |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted.
Forms sent with SSL (Secure Sockets Layer) encryption are always allowed;
this setting only affects non-SSL form data submission. If you enable this policy setting,
information using HTML forms on pages in this zone can be submitted
automatically. If you select Prompt in the drop-down box, users are queried
to choose whether to allow information using HTML forms on pages in this zone
to be submitted. If you disable this
policy setting, information using HTML forms on pages in this zone is
prevented from being submitted. If you
do not configure this policy setting, users are queried to choose whether to
allow information using HTML forms on pages in this zone to be submitted. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1601 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Restricted Sites Zone |
Use Pop-up Blocker |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are
opened when the end user clicks a link are not blocked. If you enable this policy setting, most
unwanted pop-up windows are prevented from appearing. If you disable this policy setting, pop-up
windows are not prevented from appearing.
If you do not configure this policy setting, most unwanted pop-up
windows are prevented from appearing. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1809 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Restricted Sites Zone |
Userdata persistence |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage the preservation of information in the browser's history, in
favorites, in an XML store, or directly within a Web page saved to disk. When
a user returns to a persisted page, the state of the page can be restored if
this policy setting is appropriately configured. If you enable this policy setting, users
can preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you disable this policy setting, users
cannot preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you do not configure this policy
setting, users cannot preserve information in the browser's history, in
favorites, in an XML store, or directly within a Web page saved to disk. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1606 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Restricted Sites Zone |
Web sites in less privileged Web content zones can navigate into this zone |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet
sites, can navigate into this zone. If
you enable this policy setting, Web sites from less privileged zones can open
new windows in, or navigate into, this zone. The security zone will run
without the added layer of security that is provided by the Protection from
Zone Elevation security feature. If you select Prompt in the drop-down box, a
warning is issued to the user that potentially risky navigation is about to
occur. If you disable this policy
setting, the possibly harmful navigations are prevented. The Internet
Explorer security feature will be on in this zone as set by Protection from
Zone Elevation feature control. If you
do not configure this policy setting, the possibly harmful navigations are
prevented. The Internet Explorer security feature will be on in this zone as
set by Protection from Zone Elevation feature control. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2101 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Restricted Sites Zone |
Allow active scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether script code on pages in the zone is run. If you enable this policy setting, script
code on pages in the zone can run automatically. If you select Prompt in the
drop-down box, users are queried to choose whether to allow script code on
pages in the zone to run. If you
disable this policy setting, script code on pages in the zone is prevented
from running. If you do not configure
this policy setting, script code on pages in the zone is prevented from
running. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1400 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Restricted Sites Zone |
Allow paste operations via script |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether scripts can perform a clipboard operation (for example,
cut, copy, and paste) in a specified region.
If you enable this policy setting, a script can perform a clipboard
operation. If you select Prompt in the
drop-down box, users are queried as to whether to perform clipboard
operations. If you disable this policy
setting, a script cannot perform a clipboard operation. If you do not configure this policy
setting, a script cannot perform a clipboard operation. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1407 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Restricted Sites Zone |
Scripting of Java applets |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether applets are exposed to scripts within the zone. If you enable this policy setting, scripts
can access applets automatically without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to allow scripts to access applets. If you disable this policy setting, scripts
are prevented from accessing applets.
If you do not configure this policy setting, scripts are prevented
from accessing applets. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1402 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Restricted Sites Zone |
Logon options |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage settings for logon options.
If you enable this policy setting, you can choose from the following
logon options. Anonymous logon to
disable HTTP authentication and use the guest account only for the Common
Internet File System (CIFS) protocol.
Prompt for user name and password to query users for user IDs and
passwords. After a user is queried, these values can be used silently for the
remainder of the session. Automatic
logon only in Intranet zone to query users for user IDs and passwords in
other zones. After a user is queried, these values can be used silently for
the remainder of the session.
Automatic logon with current user name and password to attempt logon
using Windows NT Challenge Response (also known as NTLM authentication). If
Windows NT Challenge Response is supported by the server, the logon uses the
user's network user name and password for logon. If Windows NT Challenge
Response is not supported by the server, the user is queried to provide the
user name and password. If you disable
this policy setting, logon is set to Automatic logon only in Intranet
zone. If you do not configure this
policy setting, logon is set to Prompt for username and password. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1A00 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Restricted Sites Zone |
Run .NET Framework-reliant components
signed with Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode
can be executed from Internet Explorer. These components include managed
controls referenced from an object tag and managed executables referenced
from a link. If you enable this policy
setting, Internet Explorer will execute signed managed components. If you
select Prompt in the drop-down box, Internet Explorer will prompt the user to
determine whether to execute signed managed components. If you disable this policy setting,
Internet Explorer will not execute signed managed components. If you do not configure this policy
setting, Internet Explorer will not execute signed managed components. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2001 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Restricted Sites Zone |
Run .NET Framework-reliant components
not signed with Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether .NET Framework components that are not signed with
Authenticode can be executed from Internet Explorer. These components include
managed controls referenced from an object tag and managed executables
referenced from a link. If you enable
this policy setting, Internet Explorer will execute unsigned managed
components. If you select Prompt in the drop-down box, Internet Explorer will
prompt the user to determine whether to execute unsigned managed
components. If you disable this policy
setting, Internet Explorer will not execute unsigned managed components. If you do not configure this policy
setting, Internet Explorer will not execute unsigned managed components. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2004 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Restricted Sites Zone |
Download signed ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users may download signed ActiveX controls from a page in
the zone. If you enable this policy,
users can download signed controls without user intervention. If you select
Prompt in the drop-down box, users are queried whether to download controls
signed by publishers who aren't trusted. Code signed by trusted publishers is
silently downloaded. If you disable
the policy setting, signed controls cannot be downloaded. If you do not configure this policy
setting, signed controls cannot be downloaded. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1001 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Restricted Sites Zone |
Download unsigned ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone.
Such code is potentially harmful, especially when coming from an untrusted
zone. If you enable this policy
setting, users can run unsigned controls without user intervention. If you
select Prompt in the drop-down box, users are queried to choose whether to
allow the unsigned control to run. If
you disable this policy setting, users cannot run unsigned controls. If you do not configure this policy
setting, users cannot run unsigned controls. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1004 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Restricted Sites Zone |
Initialize and script ActiveX controls not marked as safe |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX
controls are run, loaded with parameters, and scripted without setting object
safety for untrusted data or scripts. This setting is not recommended, except
for secure and administered zones. This setting causes both unsafe and safe
controls to be initialized and scripted, ignoring the Script ActiveX controls
marked safe for scripting option. If
you enable this policy setting and select Prompt in the drop-down box, users
are queried whether to allow the control to be loaded with parameters or
scripted. If you disable this policy
setting, ActiveX controls that cannot be made safe are not loaded with
parameters or scripted. If you do not
configure this policy setting, ActiveX controls that cannot be made safe are
not loaded with parameters or scripted. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1201 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Restricted Sites Zone |
Run ActiveX controls and plugins |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the
specified zone. If you enable this
policy setting, controls and plug-ins can run without user intervention. If you selected Prompt in the drop-down
box, users are asked to choose whether to allow the controls or plug-in to
run. If you disable this policy
setting, controls and plug-ins are prevented from running. If you do not configure this policy
setting, controls and plug-ins are prevented from running. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1200 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Restricted Sites Zone |
Script ActiveX controls marked safe for scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact
with a script. If you enable this
policy setting, script interaction can occur automatically without user
intervention. If you select Prompt in
the drop-down box, users are queried to choose whether to allow script
interaction. If you disable this
policy setting, script interaction is prevented from occurring. If you do not configure this policy
setting, script interaction is prevented from occurring. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1405 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Restricted Sites Zone |
Allow file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether file downloads are permitted from the zone. This option is
determined by the zone of the page with the link causing the download, not
the zone from which the file is delivered.
If you enable this policy setting, files can be downloaded from the
zone. If you disable this policy
setting, files are prevented from being downloaded from the zone. If you do not configure this policy
setting, files are prevented from being downloaded from the zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1803 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Restricted Sites Zone |
Allow font downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy setting, HTML
fonts can be downloaded automatically. If you enable this policy setting and
Prompt is selected in the drop-down box, users are queried whether to allow
HTML fonts to download. If you disable
this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting,
users are queried whether to allow HTML fonts to download. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1604 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Restricted Sites Zone |
Java permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage permissions for Java applets.
If you enable this policy setting, you can choose options from the
drop-down box. Custom, to control permissions settings individually. Low Safety enables applets to perform all
operations. Medium Safety enables
applets to run in their sandbox (an area in memory outside of which the
program cannot make calls), plus capabilities like scratch space (a safe and
secure storage area on the client computer) and user-controlled file
I/O. High Safety enables applets to
run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java
applets cannot run. If you do not
configure this policy setting, Java applets are disabled. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1C00 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Restricted Sites Zone |
Access data sources across domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether Internet Explorer can access data from another security
zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects
(ADO). If you enable this policy
setting, users can load a page in the zone that uses MSXML or ADO to access
data from another site in the zone. If you select Prompt in the drop-down
box, users are queried to choose whether to allow a page to be loaded in the
zone that uses MSXML or ADO to access data from another site in the zone. If you disable this policy setting, users
cannot load a page in the zone that uses MSXML or ADO to access data from
another site in the zone. If you do
not configure this policy setting, users cannot load a page in the zone that
uses MSXML or ADO to access data from another site in the zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1406 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Restricted Sites Zone |
Automatic prompting for file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting determines whether users will be prompted for non user-initiated file downloads.
Regardless of this setting, users will receive file download dialogs for
user-initiated downloads. If you
enable this setting, users will receive a file download dialog for automatic
download attempts. If you disable or
do not configure this setting, file downloads that are not user-initiated
will be blocked, and users will see the Information Bar instead of the file
download dialog. Users can then click the Information Bar to allow the file
download prompt. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2200 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Restricted Sites Zone |
Automatic prompting for ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting manages whether users
will be automatically prompted for ActiveX control installations. If you enable this policy setting, users
will receive a prompt when a site instantiates an ActiveX control they do not
have installed. If you disable this
policy setting, ActiveX control installations will be blocked using the
Information Bar. Users can click on the Information Bar to allow the ActiveX
control prompt. If you do not
configure this policy setting, ActiveX control installations will be blocked
using the Information Bar. Users can click on the Information Bar to allow
the ActiveX control prompt. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2201 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Restricted Sites Zone |
Allow META REFRESH |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether a user's browser can be redirected to another Web page if
the author of the Web page uses the Meta Refresh setting (tag) to redirect
browsers to another Web page. If you
enable this policy setting, a user's browser that loads a page containing an
active Meta Refresh setting can be redirected to another Web page. If you disable this policy setting, a
user's browser that loads a page containing an active Meta Refresh setting
cannot be redirected to another Web page.
If you do not configure this policy setting, a user's browser that
loads a page containing an active Meta Refresh setting cannot be redirected
to another Web page. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1608 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Restricted Sites Zone |
Allow script-initiated windows without size or position constraints |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that
include the title and status bars. If
you enable this policy setting, Windows Restrictions security will not apply
in this zone. The security zone runs without the added layer of security
provided by this feature. If you
disable this policy setting, the possible harmful actions contained in
script-initiated pop-up windows and windows that include the title and status
bars cannot be run. This Internet Explorer security feature will be on in
this zone as dictated by the Scripted Windows Security Restrictions feature
control setting for the process. If
you do not configure this policy setting, the possible harmful actions
contained in script-initiated pop-up windows and windows that include the
title and status bars cannot be run. This Internet Explorer security feature
will be on in this zone as dictated by the Scripted Windows Security
Restrictions feature control setting for the process. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2102 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Restricted Sites Zone |
Allow binary and script behaviors |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate
specific functionality for HTML elements to which they were attached. If you enable this policy setting, binary
and script behaviors are available. If you select Administrator approved in
the drop-down box, only behaviors listed in the Admin-approved Behaviors
under Binary Behaviors Security Restriction policy are available. If you disable this policy setting, binary
and script behaviors are not available unless applications have implemented a
custom security manager. If you do not
configure this policy setting, binary and script behaviors are not available
unless applications have implemented a custom security manager. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2000 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Restricted Sites Zone |
Display mixed content |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can display nonsecure items and manage whether users
receive a security information message to display pages containing both
secure and nonsecure items. If you
enable this policy setting, and the drop-down box is set to Enable, the user
does not receive a security information message (This page contains both
secure and nonsecure items. Do you want to display the nonsecure items?) and
nonsecure content can be displayed. If
the drop-down box is set to Prompt, the user will receive the security
information message on the Web pages that contain both secure (https://) and
nonsecure (http://) content. If you
disable this policy setting, users cannot receive the security information
message and nonsecure content cannot be displayed. If you do not configure this policy
setting, the user will receive the security information message on the Web
pages that contain both secure (https://) and nonsecure (http://) content. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1609 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Restricted Sites Zone |
Do not prompt for client certificate selection when no certificates or only one certificate
exists. |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users are prompted to select a certificate when no
certificate or only one certificate exists.
If you enable this policy setting, Internet Explorer does not prompt
users with a Client Authentication message when they connect to a Web site
that has no certificate or only one certificate. If you disable this policy setting,
Internet Explorer prompts users with a Client Authentication message when
they connect to a Web site that has no certificate or only one
certificate. If you do not configure
this policy setting, Internet Explorer prompts users with a Client
Authentication message when they connect to a Web site that has no certificate
or only one certificate. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1A04 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Restricted Sites Zone |
Allow drag and drop or copy and paste files |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can drag files or copy and paste files from a source
within the zone. If you enable this
policy setting, users can drag files or copy and paste files from this zone
automatically. If you select Prompt in the drop-down box, users are queried
to choose whether to drag or copy files from this zone. If you disable this policy setting, users
are prevented from dragging files or copying and pasting files from this zone. If you do not configure this policy
setting, users are queried to choose whether to drag or copy files from this
zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1802 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Restricted Sites Zone |
Allow installation of desktop items |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can install Active Desktop items from this zone. The
settings for this option are: If you enable this policy setting, users can
install desktop items from this zone automatically. If you select Prompt in the drop-down box,
users are queried to choose whether to install desktop items from this
zone. If you disable this policy
setting, users are prevented from installing desktop items from this zone. If you do not configure this policy
setting, users are prevented from installing desktop items from this zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1800 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Restricted Sites Zone |
Launching applications and files in an IFRAME |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether applications may be run and files may be downloaded from an
IFRAME reference in the HTML of the pages in this zone. If you enable this policy setting, users
can run applications and download files from IFRAMEs on the pages in this
zone without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to run applications and download files
from IFRAMEs on the pages in this zone.
If you disable this policy setting, users are prevented from running
applications and downloading files from IFRAMEs on the pages in this
zone. If you do not configure this
policy setting, users are prevented from running applications and downloading
files from IFRAMEs on the pages in this zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1804 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Restricted Sites Zone |
Navigate sub-frames across different domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage the opening of sub-frames and access of applications across
different domains. If you enable this
policy setting, users can open additional sub-frames from other domains and
access applications from other domains. If you select Prompt in the drop-down
box, users are queried whether to allow additional sub-frames or access to
applications from other domains. If
you disable this policy setting, users cannot open other sub-frames or access
applications from different domains.
If you do not configure this policy setting, users cannot open other
sub-frames or access applications from different domains. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1607 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Restricted Sites Zone |
Open files based on content, not file extension |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on
a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the
file type based on a bit signature. If
you enable this policy setting, the MIME Sniffing Safety Feature will not
apply in this zone. The security zone will run without the added layer of
security provided by this feature. If
you disable this policy setting, the actions that may be harmful cannot run;
this Internet Explorer security feature will be turned on in this zone, as
dictated by the feature control setting for the process. If you do not configure this policy
setting, the actions that may be harmful cannot run; this Internet Explorer
security feature will be turned on in this zone, as dictated by the feature
control setting for the process. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2100 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Restricted Sites Zone |
Software channel permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage software channel permissions.
If you enable this policy setting, you can choose the following
options from the drop-down box. Low
safety to allow users to be notified of software updates by e-mail, software
packages to be automatically downloaded to users' computers, and software
packages to be automatically installed on users' computers. Medium safety to allow users to be notified
of software updates by e-mail and software packages to be automatically
downloaded to (but not installed on) users' computers. High safety to prevent users from being
notified of software updates by e-mail, software packages from being
automatically downloaded to users' computers, and software packages from
being automatically installed on users' computers. If you disable this policy setting,
permissions are set to high safety. If
you do not configure this policy setting, permissions are set to Low safety. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1E05 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Restricted Sites Zone |
Submit non-encrypted form data |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted.
Forms sent with SSL (Secure Sockets Layer) encryption are always allowed;
this setting only affects non-SSL form data submission. If you enable this policy setting,
information using HTML forms on pages in this zone can be submitted
automatically. If you select Prompt in the drop-down box, users are queried
to choose whether to allow information using HTML forms on pages in this zone
to be submitted. If you disable this
policy setting, information using HTML forms on pages in this zone is
prevented from being submitted. If you
do not configure this policy setting, users are queried to choose whether to
allow information using HTML forms on pages in this zone to be submitted. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1601 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Restricted Sites Zone |
Use Pop-up Blocker |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are
opened when the end user clicks a link are not blocked. If you enable this policy setting, most
unwanted pop-up windows are prevented from appearing. If you disable this policy setting, pop-up
windows are not prevented from appearing.
If you do not configure this policy setting, most unwanted pop-up
windows are prevented from appearing. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1809 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Restricted Sites Zone |
Userdata persistence |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage the preservation of information in the browser's history, in
favorites, in an XML store, or directly within a Web page saved to disk. When
a user returns to a persisted page, the state of the page can be restored if
this policy setting is appropriately configured. If you enable this policy setting, users
can preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you disable this policy setting, users
cannot preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you do not configure this policy
setting, users cannot preserve information in the browser's history, in
favorites, in an XML store, or directly within a Web page saved to disk. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1606 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Restricted Sites Zone |
Web sites in less privileged Web content zones can navigate into this zone |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet
sites, can navigate into this zone. If
you enable this policy setting, Web sites from less privileged zones can open
new windows in, or navigate into, this zone. The security zone will run
without the added layer of security that is provided by the Protection from
Zone Elevation security feature. If you select Prompt in the drop-down box, a
warning is issued to the user that potentially risky navigation is about to
occur. If you disable this policy
setting, the possibly harmful navigations are prevented. The Internet
Explorer security feature will be on in this zone as set by Protection from
Zone Elevation feature control. If you
do not configure this policy setting, the possibly harmful navigations are
prevented. The Internet Explorer security feature will be on in this zone as
set by Protection from Zone Elevation feature control. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2101 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Restricted Sites Zone |
Allow active scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether script code on pages in the zone is run. If you enable this policy setting, script
code on pages in the zone can run automatically. If you select Prompt in the
drop-down box, users are queried to choose whether to allow script code on
pages in the zone to run. If you
disable this policy setting, script code on pages in the zone is prevented
from running. If you do not configure
this policy setting, script code on pages in the zone is prevented from
running. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1400 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Restricted Sites Zone |
Allow paste operations via script |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether scripts can perform a clipboard operation (for example,
cut, copy, and paste) in a specified region.
If you enable this policy setting, a script can perform a clipboard
operation. If you select Prompt in the
drop-down box, users are queried as to whether to perform clipboard
operations. If you disable this policy
setting, a script cannot perform a clipboard operation. If you do not configure this policy
setting, a script cannot perform a clipboard operation. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1407 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Restricted Sites Zone |
Scripting of Java applets |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether applets are exposed to scripts within the zone. If you enable this policy setting, scripts
can access applets automatically without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to allow scripts to access applets. If you disable this policy setting, scripts
are prevented from accessing applets.
If you do not configure this policy setting, scripts are prevented
from accessing applets. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1402 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Restricted Sites Zone |
Logon options |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage settings for logon options.
If you enable this policy setting, you can choose from the following
logon options. Anonymous logon to
disable HTTP authentication and use the guest account only for the Common
Internet File System (CIFS) protocol.
Prompt for user name and password to query users for user IDs and
passwords. After a user is queried, these values can be used silently for the
remainder of the session. Automatic
logon only in Intranet zone to query users for user IDs and passwords in
other zones. After a user is queried, these values can be used silently for
the remainder of the session.
Automatic logon with current user name and password to attempt logon
using Windows NT Challenge Response (also known as NTLM authentication). If
Windows NT Challenge Response is supported by the server, the logon uses the
user's network user name and password for logon. If Windows NT Challenge
Response is not supported by the server, the user is queried to provide the
user name and password. If you disable
this policy setting, logon is set to Automatic logon only in Intranet
zone. If you do not configure this
policy setting, logon is set to Prompt for username and password. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1A00 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Trusted Sites Zone |
Run .NET Framework-reliant components
signed with Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode
can be executed from Internet Explorer. These components include managed
controls referenced from an object tag and managed executables referenced
from a link. If you enable this policy
setting, Internet Explorer will execute signed managed components. If you
select Prompt in the drop-down box, Internet Explorer will prompt the user to
determine whether to execute signed managed components. If you disable this policy setting,
Internet Explorer will not execute signed managed components. If you do not configure this policy
setting, Internet Explorer will not execute signed managed components. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2001 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Trusted Sites Zone |
Run .NET Framework-reliant components
not signed with Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether .NET Framework components that are not signed with
Authenticode can be executed from Internet Explorer. These components include
managed controls referenced from an object tag and managed executables
referenced from a link. If you enable
this policy setting, Internet Explorer will execute unsigned managed
components. If you select Prompt in the drop-down box, Internet Explorer will
prompt the user to determine whether to execute unsigned managed
components. If you disable this policy
setting, Internet Explorer will not execute unsigned managed components. If you do not configure this policy
setting, Internet Explorer will not execute unsigned managed components. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2004 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Trusted Sites Zone |
Download signed ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users may download signed ActiveX controls from a page in
the zone. If you enable this policy,
users can download signed controls without user intervention. If you select
Prompt in the drop-down box, users are queried whether to download controls
signed by publishers who aren't trusted. Code signed by trusted publishers is
silently downloaded. If you disable
the policy setting, signed controls cannot be downloaded. If you do not configure this policy
setting, users can download signed controls without user intervention. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1001 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Trusted Sites Zone |
Download unsigned ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone.
Such code is potentially harmful, especially when coming from an untrusted
zone. If you enable this policy
setting, users can run unsigned controls without user intervention. If you
select Prompt in the drop-down box, users are queried to choose whether to
allow the unsigned control to run. If
you disable this policy setting, users cannot run unsigned controls. If you do not configure this policy
setting, users cannot run unsigned controls. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1004 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Trusted Sites Zone |
Initialize and script ActiveX controls not marked as safe |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX
controls are run, loaded with parameters, and scripted without setting object
safety for untrusted data or scripts. This setting is not recommended, except
for secure and administered zones. This setting causes both unsafe and safe
controls to be initialized and scripted, ignoring the Script ActiveX controls
marked safe for scripting option. If
you enable this policy setting and select Prompt in the drop-down box, users
are queried whether to allow the control to be loaded with parameters or
scripted. If you disable this policy
setting, ActiveX controls that cannot be made safe are not loaded with
parameters or scripted. If you do not
configure this policy setting, ActiveX controls that cannot be made safe are
not loaded with parameters or scripted. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1201 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Trusted Sites Zone |
Run ActiveX controls and plugins |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the
specified zone. If you enable this
policy setting, controls and plug-ins can run without user intervention. If you selected Prompt in the drop-down
box, users are asked to choose whether to allow the controls or plug-in to
run. If you disable this policy
setting, controls and plug-ins are prevented from running. If you do not configure this policy
setting, controls and plug-ins are prevented from running. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1200 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Trusted Sites Zone |
Script ActiveX controls marked safe for scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact
with a script. If you enable this
policy setting, script interaction can occur automatically without user
intervention. If you select Prompt in
the drop-down box, users are queried to choose whether to allow script
interaction. If you disable this
policy setting, script interaction is prevented from occurring. If you do not configure this policy
setting, script interaction can occur automatically without user
intervention. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1405 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Trusted Sites Zone |
Allow file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether file downloads are permitted from the zone. This option is
determined by the zone of the page with the link causing the download, not
the zone from which the file is delivered.
If you enable this policy setting, files can be downloaded from the
zone. If you disable this policy
setting, files are prevented from being downloaded from the zone. If you do not configure this policy
setting, files can be downloaded from the zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1803 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Trusted Sites Zone |
Allow font downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy setting, HTML
fonts can be downloaded automatically. If you enable this policy setting and
Prompt is selected in the drop-down box, users are queried whether to allow
HTML fonts to download. If you disable
this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting,
HTML fonts can be downloaded automatically. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1604 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Trusted Sites Zone |
Java permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage permissions for Java applets.
If you enable this policy setting, you can choose options from the
drop-down box. Custom, to control permissions settings individually. Low Safety enables applets to perform all
operations. Medium Safety enables
applets to run in their sandbox (an area in memory outside of which the
program cannot make calls), plus capabilities like scratch space (a safe and
secure storage area on the client computer) and user-controlled file
I/O. High Safety enables applets to
run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java
applets cannot run. If you do not
configure this policy setting, Java applets are disabled. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1C00 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Trusted Sites Zone |
Access data sources across domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether Internet Explorer can access data from another security
zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects
(ADO). If you enable this policy
setting, users can load a page in the zone that uses MSXML or ADO to access
data from another site in the zone. If you select Prompt in the drop-down
box, users are queried to choose whether to allow a page to be loaded in the
zone that uses MSXML or ADO to access data from another site in the zone. If you disable this policy setting, users
cannot load a page in the zone that uses MSXML or ADO to access data from
another site in the zone. If you do
not configure this policy setting, users can load a page in the zone that
uses MSXML or ADO to access data from another site in the zone. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1406 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Trusted Sites Zone |
Automatic prompting for file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting determines whether users will be prompted for non user-initiated file downloads.
Regardless of this setting, users will receive file download dialogs for
user-initiated downloads. If you
enable this setting, users will receive a file download dialog for automatic
download attempts. If you disable or
do not configure this setting, file downloads that are not user-initiated
will be blocked, and users will see the Information Bar instead of the file
download dialog. Users can then click the Information Bar to allow the file
download prompt. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2200 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Trusted Sites Zone |
Automatic prompting for ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting manages whether users
will be automatically prompted for ActiveX control installations. If you enable this policy setting, users
will receive a prompt when a site instantiates an ActiveX control they do not
have installed. If you disable this
policy setting, ActiveX control installations will be blocked using the
Information Bar. Users can click on the Information Bar to allow the ActiveX
control prompt. If you do not
configure this policy setting, ActiveX control installations will be blocked
using the Information Bar. Users can click on the Information Bar to allow
the ActiveX control prompt. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2201 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Trusted Sites Zone |
Allow META REFRESH |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether a user's browser can be redirected to another Web page if
the author of the Web page uses the Meta Refresh setting (tag) to redirect
browsers to another Web page. If you
enable this policy setting, a user's browser that loads a page containing an
active Meta Refresh setting can be redirected to another Web page. If you disable this policy setting, a
user's browser that loads a page containing an active Meta Refresh setting
cannot be redirected to another Web page.
If you do not configure this policy setting, a user's browser that
loads a page containing an active Meta Refresh setting can be redirected to
another Web page. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1608 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Trusted Sites Zone |
Allow script-initiated windows without size or position constraints |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that
include the title and status bars. If
you enable this policy setting, Windows Restrictions security will not apply
in this zone. The security zone runs without the added layer of security
provided by this feature. If you
disable this policy setting, the possible harmful actions contained in
script-initiated pop-up windows and windows that include the title and status
bars cannot be run. This Internet Explorer security feature will be on in
this zone as dictated by the Scripted Windows Security Restrictions feature
control setting for the process. If
you do not configure this policy setting, the possible harmful actions
contained in script-initiated pop-up windows and windows that include the
title and status bars cannot be run. This Internet Explorer security feature
will be on in this zone as dictated by the Scripted Windows Security
Restrictions feature control setting for the process. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2102 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Trusted Sites Zone |
Allow binary and script behaviors |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate
specific functionality for HTML elements to which they were attached. If you enable this policy setting, binary
and script behaviors are available. If you select Administrator approved in
the drop-down box, only behaviors listed in the Admin-approved Behaviors
under Binary Behaviors Security Restriction policy are available. If you disable this policy setting, binary
and script behaviors are not available unless applications have implemented a
custom security manager. If you do not
configure this policy setting, only behaviors listed in the Admin-approved
Behaviors under Binary Behaviors Security Restriction policy are available. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2000 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Trusted Sites Zone |
Display mixed content |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can display nonsecure items and manage whether users
receive a security information message to display pages containing both
secure and nonsecure items. If you
enable this policy setting, and the drop-down box is set to Enable, the user
does not receive a security information message (This page contains both
secure and nonsecure items. Do you want to display the nonsecure items?) and
nonsecure content can be displayed. If
the drop-down box is set to Prompt, the user will receive the security
information message on the Web pages that contain both secure (https://) and
nonsecure (http://) content. If you
disable this policy setting, users cannot receive the security information
message and nonsecure content cannot be displayed. If you do not configure this policy
setting, the user will receive the security information message on the Web
pages that contain both secure (https://) and nonsecure (http://) content. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1609 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Trusted Sites Zone |
Do not prompt for client certificate selection when no certificates or only one certificate
exists. |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users are prompted to select a certificate when no
certificate or only one certificate exists.
If you enable this policy setting, Internet Explorer does not prompt
users with a Client Authentication message when they connect to a Web site
that has no certificate or only one certificate. If you disable this policy setting,
Internet Explorer prompts users with a Client Authentication message when
they connect to a Web site that has no certificate or only one
certificate. If you do not configure
this policy setting, Internet Explorer prompts users with a Client
Authentication message when they connect to a Web site that has no certificate
or only one certificate. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1A04 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Trusted Sites Zone |
Allow drag and drop or copy and paste files |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can drag files or copy and paste files from a source
within the zone. If you enable this
policy setting, users can drag files or copy and paste files from this zone
automatically. If you select Prompt in the drop-down box, users are queried
to choose whether to drag or copy files from this zone. If you disable this policy setting, users
are prevented from dragging files or copying and pasting files from this zone. If you do not configure this policy
setting, users can drag files or copy and paste files from this zone
automatically. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1802 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Trusted Sites Zone |
Allow installation of desktop items |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can install Active Desktop items from this zone. The
settings for this option are: If you enable this policy setting, users can
install desktop items from this zone automatically. If you select Prompt in the drop-down box,
users are queried to choose whether to install desktop items from this
zone. If you disable this policy
setting, users are prevented from installing desktop items from this zone. If you do not configure this policy
setting, users can install desktop items from this zone automatically. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1800 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Trusted Sites Zone |
Launching applications and files in an IFRAME |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether applications may be run and files may be downloaded from an
IFRAME reference in the HTML of the pages in this zone. If you enable this policy setting, users
can run applications and download files from IFRAMEs on the pages in this
zone without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to run applications and download files
from IFRAMEs on the pages in this zone.
If you disable this policy setting, users are prevented from running
applications and downloading files from IFRAMEs on the pages in this
zone. If you do not configure this
policy setting, users can run applications and download files from IFRAMEs on
the pages in this zone without user intervention. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1804 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Trusted Sites Zone |
Navigate sub-frames across different domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage the opening of sub-frames and access of applications across
different domains. If you enable this
policy setting, users can open sub-frames from other domains and access
applications from other domains. If you select Prompt in the drop-down box,
users are queried whether to allow sub-frames or access to applications from
other domains. If you disable this
policy setting, users cannot open sub-frames or access applications from
different domains. If you do not
configure this policy setting, users can open sub-frames from other domains
and access applications from other domains. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1607 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Trusted Sites Zone |
Open files based on content, not file extension |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on
a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the
file type based on a bit signature. If
you enable this policy setting, the MIME Sniffing Safety Feature will not
apply in this zone. The security zone will run without the added layer of
security provided by this feature. If
you disable this policy setting, the actions that may be harmful cannot run;
this Internet Explorer security feature will be turned on in this zone, as
dictated by the feature control setting for the process. If you do not configure this policy
setting, the actions that may be harmful cannot run; this Internet Explorer
security feature will be turned on in this zone, as dictated by the feature
control setting for the process. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2100 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Trusted Sites Zone |
Software channel permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage software channel permissions.
If you enable this policy setting, you can choose the following
options from the drop-down box. Low
safety to allow users to be notified of software updates by e-mail, software
packages to be automatically downloaded to users' computers, and software
packages to be automatically installed on users' computers. Medium safety to allow users to be notified
of software updates by e-mail and software packages to be automatically
downloaded to (but not installed on) users' computers. High safety to prevent users from being
notified of software updates by e-mail, software packages from being
automatically downloaded to users' computers, and software packages from
being automatically installed on users' computers. If you disable this policy setting,
permissions are set to high safety. If
you do not configure this policy setting, permissions are set to Low safety. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1E05 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Trusted Sites Zone |
Submit non-encrypted form data |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted.
Forms sent with SSL (Secure Sockets Layer) encryption are always allowed;
this setting only affects non-SSL form data submission. If you enable this policy setting,
information using HTML forms on pages in this zone can be submitted
automatically. If you select Prompt in the drop-down box, users are queried
to choose whether to allow information using HTML forms on pages in this zone
to be submitted. If you disable this
policy setting, information using HTML forms on pages in this zone is
prevented from being submitted. If you
do not configure this policy setting, information using HTML forms on pages
in this zone can be submitted automatically. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1601 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Trusted Sites Zone |
Use Pop-up Blocker |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are
opened when the end user clicks a link are not blocked. If you enable this policy setting, most
unwanted pop-up windows are prevented from appearing. If you disable this policy setting, pop-up
windows are not prevented from appearing.
If you do not configure this policy setting, pop-up windows are not
prevented from appearing. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1809 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Trusted Sites Zone |
Userdata persistence |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage the preservation of information in the browser's history, in
favorites, in an XML store, or directly within a Web page saved to disk. When
a user returns to a persisted page, the state of the page can be restored if
this policy setting is appropriately configured. If you enable this policy setting, users
can preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you disable this policy setting, users
cannot preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you do not configure this policy
setting, users can preserve information in the browser's history, in
favorites, in an XML store, or directly within a Web page saved to disk. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1606 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Trusted Sites Zone |
Web sites in less privileged Web content zones can navigate into this zone |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet
sites, can navigate into this zone. If
you enable this policy setting, Web sites from less privileged zones can open
new windows in, or navigate into, this zone. The security zone will run
without the added layer of security that is provided by the Protection from
Zone Elevation security feature. If you select Prompt in the drop-down box, a
warning is issued to the user that potentially risky navigation is about to
occur. If you disable this policy
setting, the possibly harmful navigations are prevented. The Internet
Explorer security feature will be on in this zone as set by Protection from
Zone Elevation feature control. If you
do not configure this policy setting, the possibly harmful navigations are
prevented. The Internet Explorer security feature will be on in this zone as
set by Protection from Zone Elevation feature control. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2101 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Trusted Sites Zone |
Allow active scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether script code on pages in the zone is run. If you enable this policy setting, script
code on pages in the zone can run automatically. If you select Prompt in the
drop-down box, users are queried to choose whether to allow script code on
pages in the zone to run. If you
disable this policy setting, script code on pages in the zone is prevented
from running. If you do not configure
this policy setting, users are queried to choose whether to allow script code
on pages in the Local Machine zone to run. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1400 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Trusted Sites Zone |
Allow paste operations via script |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether scripts can perform a clipboard operation (for example,
cut, copy, and paste) in a specified region.
If you enable this policy setting, a script can perform a clipboard
operation. If you select Prompt in the
drop-down box, users are queried as to whether to perform clipboard
operations. If you disable this policy
setting, a script cannot perform a clipboard operation. If you do not configure this policy
setting, a script can perform a clipboard operation. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1407 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Trusted Sites Zone |
Scripting of Java applets |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether applets are exposed to scripts within the zone. If you enable this policy setting, scripts
can access applets automatically without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to allow scripts to access applets. If you disable this policy setting, scripts
are prevented from accessing applets.
If you do not configure this policy setting, scripts can access
applets automatically without user intervention. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1402 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Trusted Sites Zone |
Logon options |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage settings for logon options.
If you enable this policy setting, you can choose from the following
logon options. Anonymous logon to
disable HTTP authentication and use the guest account only for the Common
Internet File System (CIFS) protocol.
Prompt for user name and password to query users for user IDs and
passwords. After a user is queried, these values can be used silently for the
remainder of the session. Automatic
logon only in Intranet zone to query users for user IDs and passwords in
other zones. After a user is queried, these values can be used silently for
the remainder of the session.
Automatic logon with current user name and password to attempt logon
using Windows NT Challenge Response (also known as NTLM authentication). If
Windows NT Challenge Response is supported by the server, the logon uses the
user's network user name and password for logon. If Windows NT Challenge
Response is not supported by the server, the user is queried to provide the
user name and password. If you disable
this policy setting, logon is set to Automatic logon only in Intranet
zone. If you do not configure this
policy setting, logon is set to Automatic logon with current username and
password. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1A00 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Trusted Sites Zone |
Run .NET Framework-reliant components
signed with Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode
can be executed from Internet Explorer. These components include managed
controls referenced from an object tag and managed executables referenced
from a link. If you enable this policy
setting, Internet Explorer will execute signed managed components. If you
select Prompt in the drop-down box, Internet Explorer will prompt the user to
determine whether to execute signed managed components. If you disable this policy setting,
Internet Explorer will not execute signed managed components. If you do not configure this policy
setting, Internet Explorer will not execute signed managed components. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2001 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Trusted Sites Zone |
Run .NET Framework-reliant components
not signed with Authenticode |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether .NET Framework components that are not signed with
Authenticode can be executed from Internet Explorer. These components include
managed controls referenced from an object tag and managed executables
referenced from a link. If you enable
this policy setting, Internet Explorer will execute unsigned managed
components. If you select Prompt in the drop-down box, Internet Explorer will
prompt the user to determine whether to execute unsigned managed
components. If you disable this policy
setting, Internet Explorer will not execute unsigned managed components. If you do not configure this policy
setting, Internet Explorer will not execute unsigned managed components. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2004 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Trusted Sites Zone |
Download signed ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users may download signed ActiveX controls from a page in
the zone. If you enable this policy,
users can download signed controls without user intervention. If you select
Prompt in the drop-down box, users are queried whether to download controls
signed by publishers who aren't trusted. Code signed by trusted publishers is
silently downloaded. If you disable
the policy setting, signed controls cannot be downloaded. If you do not configure this policy
setting, users can download signed controls without user intervention. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1001 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Trusted Sites Zone |
Download unsigned ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone.
Such code is potentially harmful, especially when coming from an untrusted
zone. If you enable this policy
setting, users can run unsigned controls without user intervention. If you
select Prompt in the drop-down box, users are queried to choose whether to
allow the unsigned control to run. If
you disable this policy setting, users cannot run unsigned controls. If you do not configure this policy
setting, users cannot run unsigned controls. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1004 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Trusted Sites Zone |
Initialize and script ActiveX controls not marked as safe |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX
controls are run, loaded with parameters, and scripted without setting object
safety for untrusted data or scripts. This setting is not recommended, except
for secure and administered zones. This setting causes both unsafe and safe
controls to be initialized and scripted, ignoring the Script ActiveX controls
marked safe for scripting option. If
you enable this policy setting and select Prompt in the drop-down box, users
are queried whether to allow the control to be loaded with parameters or
scripted. If you disable this policy
setting, ActiveX controls that cannot be made safe are not loaded with
parameters or scripted. If you do not
configure this policy setting, ActiveX controls that cannot be made safe are
not loaded with parameters or scripted. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1201 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Trusted Sites Zone |
Run ActiveX controls and plugins |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the
specified zone. If you enable this
policy setting, controls and plug-ins can run without user intervention. If you selected Prompt in the drop-down
box, users are asked to choose whether to allow the controls or plug-in to
run. If you disable this policy
setting, controls and plug-ins are prevented from running. If you do not configure this policy
setting, controls and plug-ins are prevented from running. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1200 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Trusted Sites Zone |
Script ActiveX controls marked safe for scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact
with a script. If you enable this
policy setting, script interaction can occur automatically without user
intervention. If you select Prompt in
the drop-down box, users are queried to choose whether to allow script
interaction. If you disable this
policy setting, script interaction is prevented from occurring. If you do not configure this policy
setting, script interaction can occur automatically without user
intervention. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1405 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Trusted Sites Zone |
Allow file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether file downloads are permitted from the zone. This option is
determined by the zone of the page with the link causing the download, not
the zone from which the file is delivered.
If you enable this policy setting, files can be downloaded from the
zone. If you disable this policy
setting, files are prevented from being downloaded from the zone. If you do not configure this policy
setting, files can be downloaded from the zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1803 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Trusted Sites Zone |
Allow font downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy setting, HTML
fonts can be downloaded automatically. If you enable this policy setting and
Prompt is selected in the drop-down box, users are queried whether to allow
HTML fonts to download. If you disable
this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting,
HTML fonts can be downloaded automatically. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1604 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Trusted Sites Zone |
Java permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage permissions for Java applets.
If you enable this policy setting, you can choose options from the
drop-down box. Custom, to control permissions settings individually. Low Safety enables applets to perform all
operations. Medium Safety enables
applets to run in their sandbox (an area in memory outside of which the
program cannot make calls), plus capabilities like scratch space (a safe and
secure storage area on the client computer) and user-controlled file
I/O. High Safety enables applets to
run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java
applets cannot run. If you do not
configure this policy setting, Java applets are disabled. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1C00 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Trusted Sites Zone |
Access data sources across domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether Internet Explorer can access data from another security
zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects
(ADO). If you enable this policy
setting, users can load a page in the zone that uses MSXML or ADO to access
data from another site in the zone. If you select Prompt in the drop-down
box, users are queried to choose whether to allow a page to be loaded in the
zone that uses MSXML or ADO to access data from another site in the zone. If you disable this policy setting, users
cannot load a page in the zone that uses MSXML or ADO to access data from
another site in the zone. If you do
not configure this policy setting, users can load a page in the zone that
uses MSXML or ADO to access data from another site in the zone. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1406 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Trusted Sites Zone |
Automatic prompting for file downloads |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting determines whether users will be prompted for non user-initiated file downloads.
Regardless of this setting, users will receive file download dialogs for
user-initiated downloads. If you
enable this setting, users will receive a file download dialog for automatic
download attempts. If you disable or
do not configure this setting, file downloads that are not user-initiated
will be blocked, and users will see the Information Bar instead of the file
download dialog. Users can then click the Information Bar to allow the file
download prompt. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2200 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Trusted Sites Zone |
Automatic prompting for ActiveX controls |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting manages whether users
will be automatically prompted for ActiveX control installations. If you enable this policy setting, users
will receive a prompt when a site instantiates an ActiveX control they do not
have installed. If you disable this
policy setting, ActiveX control installations will be blocked using the
Information Bar. Users can click on the Information Bar to allow the ActiveX
control prompt. If you do not
configure this policy setting, ActiveX control installations will be blocked
using the Information Bar. Users can click on the Information Bar to allow
the ActiveX control prompt. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2201 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Trusted Sites Zone |
Allow META REFRESH |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether a user's browser can be redirected to another Web page if
the author of the Web page uses the Meta Refresh setting (tag) to redirect
browsers to another Web page. If you
enable this policy setting, a user's browser that loads a page containing an
active Meta Refresh setting can be redirected to another Web page. If you disable this policy setting, a
user's browser that loads a page containing an active Meta Refresh setting
cannot be redirected to another Web page.
If you do not configure this policy setting, a user's browser that
loads a page containing an active Meta Refresh setting can be redirected to
another Web page. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1608 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Trusted Sites Zone |
Allow script-initiated windows without size or position constraints |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that
include the title and status bars. If
you enable this policy setting, Windows Restrictions security will not apply
in this zone. The security zone runs without the added layer of security
provided by this feature. If you
disable this policy setting, the possible harmful actions contained in
script-initiated pop-up windows and windows that include the title and status
bars cannot be run. This Internet Explorer security feature will be on in
this zone as dictated by the Scripted Windows Security Restrictions feature
control setting for the process. If
you do not configure this policy setting, the possible harmful actions
contained in script-initiated pop-up windows and windows that include the
title and status bars cannot be run. This Internet Explorer security feature
will be on in this zone as dictated by the Scripted Windows Security
Restrictions feature control setting for the process. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2102 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Trusted Sites Zone |
Allow binary and script behaviors |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate
specific functionality for HTML elements to which they were attached. If you enable this policy setting, binary
and script behaviors are available. If you select Administrator approved in
the drop-down box, only behaviors listed in the Admin-approved Behaviors
under Binary Behaviors Security Restriction policy are available. If you disable this policy setting, binary
and script behaviors are not available unless applications have implemented a
custom security manager. If you do not
configure this policy setting, only behaviors listed in the Admin-approved
Behaviors under Binary Behaviors Security Restriction policy are available. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2000 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Trusted Sites Zone |
Display mixed content |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can display nonsecure items and manage whether users
receive a security information message to display pages containing both
secure and nonsecure items. If you
enable this policy setting, and the drop-down box is set to Enable, the user
does not receive a security information message (This page contains both
secure and nonsecure items. Do you want to display the nonsecure items?) and
nonsecure content can be displayed. If
the drop-down box is set to Prompt, the user will receive the security
information message on the Web pages that contain both secure (https://) and
nonsecure (http://) content. If you
disable this policy setting, users cannot receive the security information
message and nonsecure content cannot be displayed. If you do not configure this policy
setting, the user will receive the security information message on the Web
pages that contain both secure (https://) and nonsecure (http://) content. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1609 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Trusted Sites Zone |
Do not prompt for client certificate selection when no certificates or only one certificate
exists. |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users are prompted to select a certificate when no
certificate or only one certificate exists.
If you enable this policy setting, Internet Explorer does not prompt
users with a Client Authentication message when they connect to a Web site
that has no certificate or only one certificate. If you disable this policy setting,
Internet Explorer prompts users with a Client Authentication message when
they connect to a Web site that has no certificate or only one
certificate. If you do not configure
this policy setting, Internet Explorer prompts users with a Client
Authentication message when they connect to a Web site that has no certificate
or only one certificate. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1A04 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Trusted Sites Zone |
Allow drag and drop or copy and paste files |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can drag files or copy and paste files from a source
within the zone. If you enable this
policy setting, users can drag files or copy and paste files from this zone
automatically. If you select Prompt in the drop-down box, users are queried
to choose whether to drag or copy files from this zone. If you disable this policy setting, users
are prevented from dragging files or copying and pasting files from this zone. If you do not configure this policy
setting, users can drag files or copy and paste files from this zone
automatically. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1802 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Trusted Sites Zone |
Allow installation of desktop items |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether users can install Active Desktop items from this zone. The
settings for this option are: If you enable this policy setting, users can
install desktop items from this zone automatically. If you select Prompt in the drop-down box,
users are queried to choose whether to install desktop items from this
zone. If you disable this policy
setting, users are prevented from installing desktop items from this zone. If you do not configure this policy
setting, users can install desktop items from this zone automatically. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1800 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Trusted Sites Zone |
Launching applications and files in an IFRAME |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether applications may be run and files may be downloaded from an
IFRAME reference in the HTML of the pages in this zone. If you enable this policy setting, users
can run applications and download files from IFRAMEs on the pages in this
zone without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to run applications and download files
from IFRAMEs on the pages in this zone.
If you disable this policy setting, users are prevented from running
applications and downloading files from IFRAMEs on the pages in this
zone. If you do not configure this
policy setting, users can run applications and download files from IFRAMEs on
the pages in this zone without user intervention. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1804 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Trusted Sites Zone |
Navigate sub-frames across different domains |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage the opening of sub-frames and access of applications across
different domains. If you enable this
policy setting, users can open sub-frames from other domains and access
applications from other domains. If you select Prompt in the drop-down box,
users are queried whether to allow sub-frames or access to applications from
other domains. If you disable this
policy setting, users cannot open sub-frames or access applications from
different domains. If you do not
configure this policy setting, users can open sub-frames from other domains
and access applications from other domains. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1607 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Trusted Sites Zone |
Open files based on content, not file extension |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on
a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the
file type based on a bit signature. If
you enable this policy setting, the MIME Sniffing Safety Feature will not
apply in this zone. The security zone will run without the added layer of
security provided by this feature. If
you disable this policy setting, the actions that may be harmful cannot run;
this Internet Explorer security feature will be turned on in this zone, as
dictated by the feature control setting for the process. If you do not configure this policy
setting, the actions that may be harmful cannot run; this Internet Explorer
security feature will be turned on in this zone, as dictated by the feature
control setting for the process. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2100 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Trusted Sites Zone |
Software channel permissions |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage software channel permissions.
If you enable this policy setting, you can choose the following
options from the drop-down box. Low
safety to allow users to be notified of software updates by e-mail, software
packages to be automatically downloaded to users' computers, and software
packages to be automatically installed on users' computers. Medium safety to allow users to be notified
of software updates by e-mail and software packages to be automatically
downloaded to (but not installed on) users' computers. High safety to prevent users from being
notified of software updates by e-mail, software packages from being
automatically downloaded to users' computers, and software packages from
being automatically installed on users' computers. If you disable this policy setting,
permissions are set to high safety. If
you do not configure this policy setting, permissions are set to Low safety. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1E05 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Trusted Sites Zone |
Submit non-encrypted form data |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted.
Forms sent with SSL (Secure Sockets Layer) encryption are always allowed;
this setting only affects non-SSL form data submission. If you enable this policy setting,
information using HTML forms on pages in this zone can be submitted
automatically. If you select Prompt in the drop-down box, users are queried
to choose whether to allow information using HTML forms on pages in this zone
to be submitted. If you disable this
policy setting, information using HTML forms on pages in this zone is
prevented from being submitted. If you
do not configure this policy setting, information using HTML forms on pages
in this zone can be submitted automatically. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1601 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Trusted Sites Zone |
Use Pop-up Blocker |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are
opened when the end user clicks a link are not blocked. If you enable this policy setting, most
unwanted pop-up windows are prevented from appearing. If you disable this policy setting, pop-up
windows are not prevented from appearing.
If you do not configure this policy setting, pop-up windows are not
prevented from appearing. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1809 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Trusted Sites Zone |
Userdata persistence |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage the preservation of information in the browser's history, in
favorites, in an XML store, or directly within a Web page saved to disk. When
a user returns to a persisted page, the state of the page can be restored if
this policy setting is appropriately configured. If you enable this policy setting, users
can preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you disable this policy setting, users
cannot preserve information in the browser's history, in favorites, in an XML
store, or directly within a Web page saved to disk. If you do not configure this policy
setting, users can preserve information in the browser's history, in
favorites, in an XML store, or directly within a Web page saved to disk. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1606 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Trusted Sites Zone |
Web sites in less privileged Web content zones can navigate into this zone |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet
sites, can navigate into this zone. If
you enable this policy setting, Web sites from less privileged zones can open
new windows in, or navigate into, this zone. The security zone will run
without the added layer of security that is provided by the Protection from
Zone Elevation security feature. If you select Prompt in the drop-down box, a
warning is issued to the user that potentially risky navigation is about to
occur. If you disable this policy
setting, the possibly harmful navigations are prevented. The Internet
Explorer security feature will be on in this zone as set by Protection from
Zone Elevation feature control. If you
do not configure this policy setting, the possibly harmful navigations are
prevented. The Internet Explorer security feature will be on in this zone as
set by Protection from Zone Elevation feature control. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2101 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Trusted Sites Zone |
Allow active scripting |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether script code on pages in the zone is run. If you enable this policy setting, script
code on pages in the zone can run automatically. If you select Prompt in the
drop-down box, users are queried to choose whether to allow script code on
pages in the zone to run. If you
disable this policy setting, script code on pages in the zone is prevented
from running. If you do not configure
this policy setting, users are queried to choose whether to allow script code
on pages in the Local Machine zone to run. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1400 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Trusted Sites Zone |
Allow paste operations via script |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether scripts can perform a clipboard operation (for example,
cut, copy, and paste) in a specified region.
If you enable this policy setting, a script can perform a clipboard
operation. If you select Prompt in the
drop-down box, users are queried as to whether to perform clipboard
operations. If you disable this policy
setting, a script cannot perform a clipboard operation. If you do not configure this policy
setting, a script can perform a clipboard operation. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1407 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Trusted Sites Zone |
Scripting of Java applets |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage whether applets are exposed to scripts within the zone. If you enable this policy setting, scripts
can access applets automatically without user intervention. If you select Prompt in the drop-down box,
users are queried to choose whether to allow scripts to access applets. If you disable this policy setting, scripts
are prevented from accessing applets.
If you do not configure this policy setting, scripts can access
applets automatically without user intervention. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1402 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Locked-Down
Trusted Sites Zone |
Logon options |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This policy setting allows you to manage settings for logon options.
If you enable this policy setting, you can choose from the following
logon options. Anonymous logon to
disable HTTP authentication and use the guest account only for the Common
Internet File System (CIFS) protocol.
Prompt for user name and password to query users for user IDs and
passwords. After a user is queried, these values can be used silently for the
remainder of the session. Automatic
logon only in Intranet zone to query users for user IDs and passwords in
other zones. After a user is queried, these values can be used silently for
the remainder of the session.
Automatic logon with current user name and password to attempt logon
using Windows NT Challenge Response (also known as NTLM authentication). If
Windows NT Challenge Response is supported by the server, the logon uses the
user's network user name and password for logon. If Windows NT Challenge
Response is not supported by the server, the user is queried to provide the
user name and password. If you disable
this policy setting, logon is set to Automatic logon only in Intranet
zone. If you do not configure this
policy setting, logon is set to Automatic logon with current username and
password. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1A00 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page |
Locked-Down
Internet Zone Template |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This template policy setting allows you to configure policy settings in this zone consistent with a selected
security level, for example, Low, Medium Low, Medium, or High. If you enable this template policy setting
and select a security level, all values for individual settings in the zone
will be overwritten by the standard template defaults. If you disable this template policy
setting, no security level is configured.
If you do not configure this template policy setting, no security
level is configured. Note. Local
Machine Zone Lockdown Security and Network Protocol Lockdown operate by
comparing the settings in the active URL's zone against those in the
Locked-Down equivalent zone. If you select a security level for any zone
(including selecting no security), the same change should be made to the
Locked-Down equivalent. Note. It is
recommended to configure template policy settings in one Group Policy object
(GPO) and configure any related individual policy settings in a separate GPO.
You can then use Group Policy management features (for example, precedence,
inheritance, or enforce) to apply individual settings to specific targets. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Lockdown Settings\Template Policies!InternetZoneLockdownTemplate,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Lockdown
Settings\Template Policies!Locked-Down Internet, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2201 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page |
Locked-Down
Intranet Zone Template |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This template policy setting allows you to configure policy settings in this zone consistent with a selected
security level, for example, Low, Medium Low, Medium, or High. If you enable this template policy setting
and select a security level, all values for individual settings in the zone
will be overwritten by the standard template defaults. If you disable this template policy
setting, no security level is configured.
If you do not configure this template policy setting, no security
level is configured. Note. Local
Machine Zone Lockdown Security and Network Protocol Lockdown operate by
comparing the settings in the active URL's zone against those in the
Locked-Down equivalent zone. If you select a security level for any zone
(including selecting no security), the same change should be made to the
Locked-Down equivalent. Note. It is
recommended to configure template policy settings in one Group Policy object
(GPO) and configure any related individual policy settings in a separate GPO.
You can then use Group Policy management features (for example, precedence,
inheritance, or enforce) to apply individual settings to specific targets. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Intranet
Lockdown Settings\Template Policies!IntranetZoneLockdownTemplate,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Intranet Lockdown
Settings\Template Policies!Locked-Down Intranet, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2201 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page |
Locked-Down
Trusted Sites Zone Template |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This template policy setting allows you to configure policy settings in this zone consistent with a selected
security level, for example, Low, Medium Low, Medium, or High. If you enable this template policy setting
and select a security level, all values for individual settings in the zone
will be overwritten by the standard template defaults. If you disable this template policy
setting, no security level is configured.
If you do not configure this template policy setting, no security
level is configured. Note. Local
Machine Zone Lockdown Security and Network Protocol Lockdown operate by
comparing the settings in the active URL's zone against those in the
Locked-Down equivalent zone. If you select a security level for any zone
(including selecting no security), the same change should be made to the
Locked-Down equivalent. Note. It is
recommended to configure template policy settings in one Group Policy object
(GPO) and configure any related individual policy settings in a separate GPO.
You can then use Group Policy management features (for example, precedence,
inheritance, or enforce) to apply individual settings to specific targets. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Trusted
Sites Lockdown Settings\Template Policies!TrustedSitesZoneLockdownTemplate,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Trusted Sites
Lockdown Settings\Template Policies!Locked-Down Trusted Sites,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1405, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2100, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2102, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1804, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1A00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2201 |
|
| Windows Server 2003 SP1 |
inetres |
USER |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page |
Locked-Down
Restricted Sites Zone Template |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This template policy setting allows you to configure policy settings in this zone consistent with a selected
security level, for example, Low, Medium Low, Medium, or High. If you enable this template policy setting
and select a security level, all values for individual settings in the zone
will be overwritten by the standard template defaults. If you disable this template policy
setting, no security level is configured.
If you do not configure this template policy setting, no security
level is configured. Note. Local
Machine Zone Lockdown Security and Network Protocol Lockdown operate by
comparing the settings in the active URL's zone against those in the
Locked-Down equivalent zone. If you select a security level for any zone
(including selecting no security), the same change should be made to the
Locked-Down equivalent. Note. It is
recommended to configure template policy settings in one Group Policy object
(GPO) and configure any related individual policy settings in a separate GPO.
You can then use Group Policy management features (for example, precedence,
inheritance, or enforce) to apply individual settings to specific targets. |
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Restricted
Sites Lockdown Settings\Template
Policies!RestrictedSitesZoneLockdownTemplate,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Restricted Sites
Lockdown Settings\Template Policies!Locked-Down Restricted Sites,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1609, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1C00, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1201, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1606, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1802, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1809, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2000, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1402, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1407, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1608, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1A04, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2004, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1400,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1406, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1601,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1604, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1607,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1800, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1803,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1E05, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2101, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1001,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1200,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1201,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1400, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1402,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1405,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1406,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1407,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1601, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1604,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1606,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1607, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1608,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1609,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1800,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1802,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1803, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1804,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1809,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1A00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1A04,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1C00,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1E05,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2000,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2001, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2004,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2100,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2101,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2102,
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2200, HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2201 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page |
Locked-Down
Internet Zone Template |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This template policy setting allows you to configure policy settings in this zone consistent with a selected
security level, for example, Low, Medium Low, Medium, or High. If you enable this template policy setting
and select a security level, all values for individual settings in the zone
will be overwritten by the standard template defaults. If you disable this template policy
setting, no security level is configured.
If you do not configure this template policy setting, no security
level is configured. Note. Local
Machine Zone Lockdown Security and Network Protocol Lockdown operate by
comparing the settings in the active URL's zone against those in the
Locked-Down equivalent zone. If you select a security level for any zone
(including selecting no security), the same change should be made to the
Locked-Down equivalent. Note. It is
recommended to configure template policy settings in one Group Policy object
(GPO) and configure any related individual policy settings in a separate GPO.
You can then use Group Policy management features (for example, precedence,
inheritance, or enforce) to apply individual settings to specific targets. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Lockdown Settings\Template Policies!InternetZoneLockdownTemplate,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Lockdown
Settings\Template Policies!Locked-Down Internet, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1400, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1607, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1803, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2001, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2200, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1004, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1405, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1609, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1809, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2100, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1001, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1201, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1407, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1802, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1A04, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2000, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2102, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1402, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1604, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1804, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1E05, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2004, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2201, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1406, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1607, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1800, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1A00, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2101, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\3!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2201 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page |
Locked-Down
Intranet Zone Template |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This template policy setting allows you to configure policy settings in this zone consistent with a selected
security level, for example, Low, Medium Low, Medium, or High. If you enable this template policy setting
and select a security level, all values for individual settings in the zone
will be overwritten by the standard template defaults. If you disable this template policy
setting, no security level is configured.
If you do not configure this template policy setting, no security
level is configured. Note. Local
Machine Zone Lockdown Security and Network Protocol Lockdown operate by
comparing the settings in the active URL's zone against those in the
Locked-Down equivalent zone. If you select a security level for any zone
(including selecting no security), the same change should be made to the
Locked-Down equivalent. Note. It is
recommended to configure template policy settings in one Group Policy object
(GPO) and configure any related individual policy settings in a separate GPO.
You can then use Group Policy management features (for example, precedence,
inheritance, or enforce) to apply individual settings to specific targets. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Intranet
Lockdown Settings\Template Policies!IntranetZoneLockdownTemplate,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Intranet Lockdown
Settings\Template Policies!Locked-Down Intranet, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1400, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1607, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1803, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2001, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2200, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1004, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1405, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1609, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1809, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2100, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1001, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1201, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1407, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1802, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1A04, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2000, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2102, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1606, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1609, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1803, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1A00, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!1E05, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\1!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1200, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1604, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1800, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!1E05, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2101, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\1!2201 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page |
Locked-Down
Trusted Sites Zone Template |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This template policy setting allows you to configure policy settings in this zone consistent with a selected
security level, for example, Low, Medium Low, Medium, or High. If you enable this template policy setting
and select a security level, all values for individual settings in the zone
will be overwritten by the standard template defaults. If you disable this template policy
setting, no security level is configured.
If you do not configure this template policy setting, no security
level is configured. Note. Local
Machine Zone Lockdown Security and Network Protocol Lockdown operate by
comparing the settings in the active URL's zone against those in the
Locked-Down equivalent zone. If you select a security level for any zone
(including selecting no security), the same change should be made to the
Locked-Down equivalent. Note. It is
recommended to configure template policy settings in one Group Policy object
(GPO) and configure any related individual policy settings in a separate GPO.
You can then use Group Policy management features (for example, precedence,
inheritance, or enforce) to apply individual settings to specific targets. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Trusted
Sites Lockdown Settings\Template Policies!TrustedSitesZoneLockdownTemplate,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Trusted Sites
Lockdown Settings\Template Policies!Locked-Down Trusted Sites,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1004, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1400, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1601, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1803, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1C00, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2200, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1201, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1405, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1606, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1809, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2000, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2100, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1001, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1407, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1608, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1A04, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2004, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2102, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1200, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1604, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1800, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1804, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1E05, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2201, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1400, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1607, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1803, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1A00, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2001, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2!2201 |
|
| Windows Server 2003 SP1 |
inetres |
MACHINE |
Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page |
Locked-Down
Restricted Sites Zone Template |
at least Internet Explorer v6.0 in Windows XP Service Pack 2
or Windows Server 2003 Service Pack 1 |
This template policy setting allows you to configure policy settings in this zone consistent with a selected
security level, for example, Low, Medium Low, Medium, or High. If you enable this template policy setting
and select a security level, all values for individual settings in the zone
will be overwritten by the standard template defaults. If you disable this template policy
setting, no security level is configured.
If you do not configure this template policy setting, no security
level is configured. Note. Local
Machine Zone Lockdown Security and Network Protocol Lockdown operate by
comparing the settings in the active URL's zone against those in the
Locked-Down equivalent zone. If you select a security level for any zone
(including selecting no security), the same change should be made to the
Locked-Down equivalent. Note. It is
recommended to configure template policy settings in one Group Policy object
(GPO) and configure any related individual policy settings in a separate GPO.
You can then use Group Policy management features (for example, precedence,
inheritance, or enforce) to apply individual settings to specific targets. |
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Restricted
Sites Lockdown Settings\Template
Policies!RestrictedSitesZoneLockdownTemplate,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Restricted Sites
Lockdown Settings\Template Policies!Locked-Down Restricted Sites,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1004, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1601, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1609, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1803, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1C00, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2200, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1201, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1606, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1802, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1809, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2000, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1001, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1402, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1407, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1608, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1A04, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2004, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1200, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1400,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1406, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1601,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1604, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1607,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1800, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1803,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1E05, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2101, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1001,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1200,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1201,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1400, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1402,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1405,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1406,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1407,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1601, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1604,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1606,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1607, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1608,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1609,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1800,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1802,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1803, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1804,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1809,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1A00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1A04,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1C00,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!1E05,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2000,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2001, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2004,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2100,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2101,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2102,
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2200, HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\4!2201 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|