Tag: Computer Configuration

For each zone the Network Protocol Lockdown security restriction may be configured to prevent active content obtained through restricted protocols from running in an unsafe manner either by prompting the user or simply disabling the content. For each zone this list of protocols may be configured here and applies to all processes which have opted in to the security restriction. If you enable this policy setting for a zone this sets the list of protocols to be restricted if that zone is set to Prompt or Disable for “Allow active content over restricted protocols to access my computer. “If you disable or do not configure this policy setting for a zone no protocols are restricted for that zone regardless of the setting for “Allow active content over restricted protocols to access my computer. “Note. If policy for a zone is set in both Computer Configuration and User Configuration both lists of protocols will be restricted for that zone.

For each zone the Network Protocol Lockdown security restriction may be configured to prevent active content obtained through restricted protocols from running in an unsafe manner either by prompting the user or simply disabling the content. For each zone this list of protocols may be configured here and applies to all processes which have opted in to the security restriction. If you enable this policy setting for a zone this sets the list of protocols to be restricted if that zone is set to Prompt or Disable for “Allow active content over restricted protocols to access my computer. “If you disable or do not configure this policy setting for a zone no protocols are restricted for that zone regardless of the setting for “Allow active content over restricted protocols to access my computer. “Note. If policy for a zone is set in both Computer Configuration and User Configuration both lists of protocols will be restricted for that zone.

For each zone the Network Protocol Lockdown security restriction may be configured to prevent active content obtained through restricted protocols from running in an unsafe manner either by prompting the user or simply disabling the content. For each zone this list of protocols may be configured here and applies to all processes which have opted in to the security restriction. If you enable this policy setting for a zone this sets the list of protocols to be restricted if that zone is set to Prompt or Disable for “Allow active content over restricted protocols to access my computer. “If you disable or do not configure this policy setting for a zone no protocols are restricted for that zone regardless of the setting for “Allow active content over restricted protocols to access my computer. “Note. If policy for a zone is set in both Computer Configuration and User Configuration both lists of protocols will be restricted for that zone.

Internet Explorer allows scripts to programmatically open resize and reposition windows of various types. The Window Restrictions security feature restricts popup windows and prohibits scripts from displaying windows in which the title and status bars are not visible to the user or obfuscate other Windows’ title and status bars. If you enable this policy setting popup windows and other restrictions apply for File Explorer and Internet Explorer processes. If you disable this policy setting scripts can continue to create popup windows and windows that obfuscate other windows. If you do not configure this policy setting popup windows and other restrictions apply for File Explorer and Internet Explorer processes.

Internet Explorer allows scripts to programmatically open resize and reposition windows of various types. The Window Restrictions security feature restricts popup windows and prohibits scripts from displaying windows in which the title and status bars are not visible to the user or obfuscate other Windows’ title and status bars. This policy setting allows administrators to define applications for which they want this security feature to be prevented or allowed. If you enable this policy setting and enter a Value of 1 such windows may not be opened. If you enter a Value of 0 windows have none of these restrictions. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1 the policy setting is ignored. Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled the processes configured in this box take precedence over that setting. If you disable or do not configure this policy setting the security feature is allowed.

Internet Explorer allows scripts to programmatically open resize and reposition windows of various types. The Window Restrictions security feature restricts popup windows and prohibits scripts from displaying windows in which the title and status bars are not visible to the user or obfuscate other Windows’ title and status bars. If you enable this policy setting scripted windows are restricted for all processes. If you disable or do not configure this policy setting scripted windows are not restricted.

This policy setting enables applications hosting the Web Browser Control to block automatic prompting of file downloads that are not user initiated. If you enable this policy setting and enter a Value of 1 automatic prompting of non-initiated file downloads is blocked. If you enter a Value of 0 automatic prompting of non-initiated file downloads is allowed. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1 the policy setting is ignored. Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled the processes configured in this box take precedence over that setting. If you disable or do not configure this policy setting the security feature is allowed.

This policy setting enables applications hosting the Web Browser Control to block automatic prompting of file downloads that are not user initiated. If you enable this policy setting the Web Browser Control will block automatic prompting of file downloads that are not user initiated for all processes. If you disable this policy setting the Web Browser Control will not block automatic prompting of file downloads that are not user initiated for all processes.

This policy setting enables applications hosting the Web Browser Control to block automatic prompting of ActiveX control installation. If you enable this policy setting the Web Browser Control will block automatic prompting of ActiveX control installation for all processes. If you disable or do not configure this policy setting the Web Browser Control will not block automatic prompting of ActiveX control installation for all processes.

This policy setting enables blocking of ActiveX control installation prompts for Internet Explorer processes. If you enable this policy setting prompting for ActiveX control installations will be blocked for Internet Explorer processes. If you disable this policy setting prompting for ActiveX control installations will not be blocked for Internet Explorer processes. If you do not configure this policy setting the user’s preference will be used to determine whether to block ActiveX control installations for Internet Explorer processes.