Author: admin

For each zone the Binary and Scripted Behavior security restrictions may be configured to allow only a list of admin-approved behaviors. This list may be configured here and applies to all processes which have opted in to the behavior and to all zones. (Behaviors are components that encapsulate specific functionality or behavior on a page. )If you enable this policy setting this sets the list of behaviors permitted in each zone for which Script and Binary Behaviors is set to ‘admin-approved’. Behaviors must be entered in #package#behavior notation e. g. #default#vml. If you disable this policy setting no behaviors will be allowed in zones set to ‘admin-approved’ just as if those zones were set to ‘disable’. If you do not configure this policy setting only VML will be allowed in zones set to ‘admin-approved’. Note. If this policy is set in both Computer Configuration and User Configuration both lists of behaviors will be allowed as appropriate.

This policy setting allows you to manage whether the listed processes respect add-on management user preferences (as entered into Add-on Manager) or policy settings. By default only Internet Explorer processes use the add-on management user preferences and policy settings. This policy setting allows you to extend support for these user preferences and policy settings to specific processes listed in the process list. If you enable this policy setting and enter a Value of 1 the process entered will respect the add-on management user preferences and policy settings. If you enter a Value of 0 the add-on management user preferences and policy settings are ignored by the specified process. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1 the policy setting is ignored. Do not enter Internet Explorer processes in this list because these processes always respect add-on management user preferences and policy settings. If the All Processes policy setting is enabled the processes configured in this policy setting take precedence over that setting. If you do not configure this policy processes other than the Internet Explorer processes will not be affected by add-on management user preferences or policy settings (unless “All Processes” is enabled).

This policy setting allows you to manage whether processes respect add-on management user preferences (as reflected by Add-on Manager) or policy settings. By default any process other than the Internet Explorer processes or those listed in the ‘Process List’ policy setting ignore add-on management user preferences and policy settings. If you enable this policy setting all processes will respect add-on management user preferences and policy settings. If you disable or do not configure this policy setting all processes will not respect add-on management user preferences or policy settings.

This policy setting allows you to ensure that any Internet Explorer add-ons not listed in the ‘Add-on List’ policy setting are denied. Add-ons in this case are controls like ActiveX Controls Toolbars and Browser Helper Objects (BHOs) which are specifically written to extend or enhance the functionality of the browser or web pages. By default the ‘Add-on List’ policy setting defines a list of add-ons to be allowed or denied through Group Policy. However users can still use the Add-on Manager within Internet Explorer to manage add-ons not listed within the ‘Add-on List’ policy setting. This policy setting effectively removes this option from users – all add-ons are assumed to be denied unless they are specifically allowed through the ‘Add-on List’ policy setting. If you enable this policy setting Internet Explorer only allows add-ons that are specifically listed (and allowed) through the ‘Add-on List’ policy setting. If you disable or do not configure this policy setting users may use Add-on Manager to allow or deny any add-ons that are not included in the ‘Add-on List’ policy setting. Note: If an add-on is listed in the ‘Add-on List’ policy setting the user cannot change its state through Add-on Manager (unless its value has been set to allow user management – see the ‘Add-on List’ policy for more details).