Internet Explorer 8 Security Settings Registry
JSI Tip 5130. How can I manage Internet Explorer Security Zones via the registry?
2.2.1.10.1 Internet Settings Internet Explorer 5 and 6 2.2.1.10.2 Internet Explorer 7 Registry Keys. HKEY_CURRENT_USER Software Microsoft Internet Explorer.
The security zone settings for Internet Explorer are located at:
HKEY_CURRENT_USER SOFTWARE Microsoft Windows CurrentVersion Internet Settings
HKEY_Local_MACHINE SOFTWARE Microsoft Windows CurrentVersion Internet Settings
The values that are located in both keys are additive. If a Web site is added to both keys, only the HKCU sites can be seen in the GUI, but both settings are enforced.
If you only want machine based settings to be enforced, copy and paste the following to a HKLM_Only.reg file and Merge it with the computers registry:
HKEY_LOCAL_MACHINE SOFTWARE Policies Microsoft Windows CurrentVersion Internet Settings
Security_HKLM_only dword:00000001
The sub-keys of the Internet Settings key, for both HKLM and HKCU paths, are:
The Zones sub-key contains a sub-key for each zone defined. The defaults are: Key Meaning 0 My Computer, NOT available in the Zone box of the Security tab. 1 Local Intranet Zone. 2 Trusted sites Zone. 3 Internet Zone. 4 Restricted Sites Zone
These sub-keys contain the following Value Names: Value Name Data Type Meaning Description REG_SZ Displayed when you select a Zone in the Zone box of the GUI. DisplayName REG_SZ Displayed when you select a Zone in the Zone box of the GUI. Icon REG_SZ The icon that is displayed. CurrentLevel REG_DWORD The current Security setting. MinLevel REG_DWORD The lowest Security level allowed before a warning is issued. RecommendedLevel REG_DWORD The recommended Security level. Flags REG_DWORD Controls the users ability to modify the Security settings.
The data values for the CurrentLevel, MinLevel, and RecommendedLevel Value Names are: Data value Meaning 0x00010000 Low Security. 0x00011000 Medium Security. 0x00012000 High Security.
The data values for the Flags value Name are additive: Data value Meaning 1 Allow changes to custom settings. 2 Allow users to add Web sites to this zone. 4 Require HTTPS Web sites. 8 Include Web sites that bypass the proxy server. 16 Include Web sites not listed in other zones. 32 Do NOT show security zone in Internet Properties. 64 Show the Requires Server Verification dialog. 128 UNCs are treated as Intranet connections.
NOTE: The My Computer zone does NOT contain the CurrentLevel, MinLevel, and RecommendedLevel Value Names.
The following Value Names are all REG_DWORD data types. Their data values are: Data value Meaning 0 This action is allowed. 1 This action will generate a prompt. 3 This action is prohibited. Value Setting Name 1001 Download signed ActiveX controls 1004 Download unsigned ActiveX controls 1200 Run ActiveX controls and plug-ins 1201 Initialize and script ActiveX controls not marked as safe 1206 Allow scripting of Internet Explorer Webbrowser control 1400 Active scripting 1402 Scripting of Java applets 1405 Script ActiveX controls marked as safe for scripting 1406 Access data sources across domains 1407 Allow paste operations via script 1601 Submit non-encrypted form data 1604 Font download 1605 Run Java 1606 Userdata persistence 1607 Navigate sub-frames across different domains 1608 Allow META REFRESH 1609 Display mixed content 1800 Installation of desktop items 1802 Drag and drop or copy and paste files 1803 File Download 1804 Launching programs and files in an IFRAME 1805 Launching programs and files in webview 1806 Launching applications and unsafe files 1807 Reserved 1808 Reserved 1809 Use Pop-up Blocker 1A00 Logon 1A02 Allow persistent cookies that are stored on your computer 1A03 Allow per-session cookies not stored 1A04 Don t prompt for client certificate selection when no certificates or only one certificate exists 1A05 Allow 3rd party persistent cookies 1A06 Allow 3rd party session cookies 1A10 Privacy Settings 1C00 Java permissions 1E05 Software channel permissions 1F00 Reserved 2000 Binary and script behaviors 2001 Run. NET components signed with Authenticode 2004 Run. NET components not signed with Authenticode 2100 Open files based on content, not file extension 2101 Web sites in less priveleged web content zone can navigate into this zone 2102 Allow script initiated windows without size or position constraints 2200 Automatic prompting for file downloads 2201 Automatic prompting for ActiveX controls 2300 Allow web pages to use restricted protocols for active content AEBA21FA-782A-4A90-978D-B72164C80120 First Party Cookie A8A88C49-5EB2-4990-A1A2-0876022C854F Third Party Cookie indicates an Internet Explorer 6 or later setting indicates a Windows XP Service Pack 2 or later settingThe 1A00 Value Name, a REG_DWORD data type, has the following possible data values: Decimal Data value Meaning 0 Automatically logon with current username and password. 65536 Prompt for user name and password. 131072 Automatic logon only in the Intranet zone. 196608 Anonymous logon.
The 1C00 Value Name, a REG_DWORD data type, has the following possible JAVA data values: Decimal Data value Meaning 0 Disable Java. 65536 High safety. 131072 Medium safety. 196608 Low safety. 8388608 Custom.
The 1E05 Value Name, a REG_DWORD data type, specifies software channel permissions.
The TemplatePolicies sub-key of the Internet Settings key has the default security zones settings. The Low, Medium, and High sub-keys contains Value Names that represents the Zones default values.
The ZoneMap sub-key of the Internet Settings key has the following sub-keys:
Domains - Contains domains and protocols that have been added. Each added domain is a sub-key of Domains. Sub-domains are sub-keys of the the domain that they belong to. Each domain has a protocol Value Name ftp, http, https, etc. whose data value is the numerical value of the security zone 0x00012000 is High Security to which it is added.
The ProtocolDefaults sub-key of the Internet Settings key defines the default security zone for a given protocol, by adding a Value Name file, ftp, http, https, etc., with NO colons : or slashes /. These REG_DWORD data types the following possible data values: Key Meaning 0 My Computer, NOT available in the Zone box of the Security tab. 1 Local Intranet Zone. 2 Trusted sites Zone. 3 Internet Zone. 4 Restricted Sites Zone
The Ranges sub-key of the Internet Settings key contain arbitrary sub-keys that define the ranges of the TCP/IP address. The :Ranges Value Name of these arbitrary sub-keys, a REG_SZ data type, contains the range affected 192.168.0.. A Value Name, a REG_DWORD data type, contains the security zone that the range falls within 0x1 is Local Intranet.
Aug 01, 2004 Internet Explorer Policy Settings to security settings in the registry that identify Windows Components Internet Explorer Internet.
Please try your request again later
Try searching for what you need
Please enable cookies and refresh the page.
Jun 05, 2012 How to configure Internet Explorer security zone Settings Internet Explorer Internet Explorer Internet Control Panel Security.
Change Internet Explorer Security settings. Windows 7 Windows Vista More. The level of security set for the Internet zone is applied to all websites by default.
Sep 14, 2006 How to strengthen the security settings for the Local Machine zone in Internet Explorer.
- This article describes how and where Internet Explorer security zones and privacy settings are stored and managed in the registry. You can use Group Policy or the.
- Apr 07, 2002 How can I manage Internet Explorer Security Zones via the registry. How can I manage Internet Explorer Security Internet Settings Security.
- Internet Explorer Using Feature Control Registry Settings with Security Zone Settings. Applies To: Windows Server 2003 with SP1.
Windows for IT Pros; Understanding Group Policy Settings In Internet Explorer 8. By Another area of security in Internet Explorer 8 that is configurable.
