Tag: Computer Configuration
Turn on SmartScreen Filter scan
This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy setting SmartScreen Filter scans pages in this zone for malicious content. If you disable this policy setting SmartScreen Filter does not scan pages in this zone for malicious content. If you do not configure this policy setting the user can choose whether SmartScreen Filter scans pages in this zone for malicious content. Note: In Internet Explorer 7 this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
Include local path when user is uploading files to a server
This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent some information may be unintentionally revealed to the server. For instance files sent from the user’s desktop may contain the user name as a part of the path. If you enable this policy setting path information is sent when the user is uploading a file via an HTML form. If you disable this policy setting path information is removed when the user is uploading a file via an HTML form. If you do not configure this policy setting the user can choose whether path information is sent when he or she is uploading a file via an HTML form. By default path information is sent.
Turn on Notification bar notification for intranet content
This policy setting causes a Notification bar notification to appear when intranet content is loaded and the intranet mapping rules have not been configured. The Notification bar allows the user to enable intranet mappings if they require them. If you enable this policy setting a Notification bar notification appears whenever the user browses to a page that loads content from an intranet site. If you disable this policy setting a Notification bar notification does not appear when the user loads content from an intranet site that is being treated as though it is in the Internet zone. If this policy setting is not configured a Notification bar notification appears for intranet content loaded on a browser on a computer that is not a domain member until the user turns off the Notification bar.
Turn off first-run prompt
This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer he or she may be prompted to approve the control. This policy setting determines whether the user is prompted. If you enable this policy setting the first-run prompt is turned off in the corresponding zone. If you disable this policy setting the first-run prompt is turned on in the corresponding zone. If you do not configure this policy setting the first-run prompt is turned on by default.
Allow scriptlets
This policy setting allows you to manage whether the user can run scriptlets. If you enable this policy setting the user can run scriptlets. If you disable this policy setting the user cannot run scriptlets. If you do not configure this policy setting the user can enable or disable scriptlets.
Allow video and animation on a webpage that uses an older media player
This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed because this involves external controls or media players. The dynsrc attribute on the img tag specifies an older media player. Also as of Internet Explorer 8 this policy setting controls HTML+TIME media elements that refer to audio and video files. If you enable this policy setting video and animation can be played through older media players in specified zones. If you disable this policy setting video and animation cannot be played through older media players. If you do not configure this policy setting video and animation can be played through older media players in specified zones.
Allow websites to open windows without status bar or Address bar
This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar. If you enable this policy setting websites can open new Internet Explorer windows that have no status bar or Address bar. If you disable this policy setting websites cannot open new Internet Explorer windows that have no status bar or Address bar. If you do not configure this policy setting the user can choose whether websites can open new Internet Explorer Windows that have no status bar or Address bar.
Turn on automatic detection of intranet
This policy setting enables intranet mapping rules to be applied automatically if the computer belongs to a domain. If you enable this policy setting automatic detection of the intranet is turned on and intranet mapping rules are applied automatically if the computer belongs to a domain. If you disable this policy setting automatic detection of the intranet is turned off and intranet mapping rules are applied however they are configured. If this policy setting is not configured the user can choose whether or not to automatically detect the intranet through the intranet settings dialog in Control Panel.
Site to Zone Assignment List
This policy setting allows you to manage a list of sites that you want to associate with a particular security zone. These zone numbers have associated security settings that apply to all of the sites in the zone. Internet Explorer has 4 security zones numbered 1-4 and these are used by this policy setting to associate sites to zones. They are: (1) Intranet zone (2) Trusted Sites zone (3) Internet zone and (4) Restricted Sites zone. Security settings can be set for each of these zones through other policy settings and their default settings are: Trusted Sites zone (Low template) Intranet zone (Medium-Low template) Internet zone (Medium template) and Restricted Sites zone (High template). (The Local Machine zone and its locked down equivalent have special security settings that protect your local computer. )If you enable this policy setting you can enter a list of sites and their related zone numbers. The association of a site with a zone will ensure that the security settings for the specified zone are applied to the site. For each entry that you add to the list enter the following information:Valuename – A host for an intranet site or a fully qualified domain name for other sites. The valuename may also include a specific protocol. For example if you enter http://www. contoso. com as the valuename other protocols are not affected. If you enter just www. contoso. com then all protocols are affected for that site including http https ftp and so on. The site may also be expressed as an IP address (e. g. 127. 0. 0. 1) or range (e. g. 127. 0. 0. 1-10). To avoid creating conflicting policies do not include additional characters after the domain such as trailing slashes or URL path. For example policy settings for www. contoso. com and www. contoso. com/mail would be treated as the same policy setting by Internet Explorer and would therefore be in conflict. Value – A number indicating the zone with which this site should be associated for security settings. The Internet Explorer zones described above are 1-4. If you disable or do not configure this policy users may choose their own site-to-zone assignments.
Intranet Sites: Include all network paths (UNCs)
This policy setting controls whether URLs representing UNCs are mapped into the local Intranet security zone. If you enable this policy setting all network paths are mapped into the Intranet Zone. If you disable this policy setting network paths are not necessarily mapped into the Intranet Zone (other rules might map one there). If you do not configure this policy setting users choose whether network paths are mapped into the Intranet Zone.