Tag: Computer Configuration

This policy setting enables applications hosting the Web Browser Control to block automatic prompting of ActiveX control installation. If you enable this policy setting and enter a Value of 1 automatic prompting of ActiveX control installation is blocked. If you enter a Value of 0 automatic prompting of ActiveX control installation is allowed. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1 the policy setting is ignored. Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled the processes configured in this box take precedence over that setting. If you disable or do not configure this policy setting the security feature is allowed.

This policy setting enables blocking of file download prompts that are not user initiated. If you enable this policy setting file download prompts that are not user initiated will be blocked for Internet Explorer processes. If you disable this policy setting prompting will occur for file downloads that are not user initiated for Internet Explorer processes. If you do not configure this policy setting the user’s preference determines whether to prompt for file downloads that are not user initiated for Internet Explorer processes.

Internet Explorer places restrictions on each Web page it opens. The restrictions are dependent upon the location of the Web page (Internet Intranet Local Machine zone and so on). Web pages on the local computer have the fewest security restrictions and reside in the Local Machine zone making the Local Machine security zone a prime target for malicious users. Zone Elevation also disables JavaScript navigation if there is no security context. This policy setting allows administrators to define applications for which they want this security feature to be prevented or allowed. If you enable this policy setting and enter a Value of 1 elevation to more privileged zones can be prevented. If you enter a Value of 0 elevation to any zone is allowed. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1 the policy setting is ignored. Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled the processes configured in this box take precedence over that setting. If you disable or do not configure this policy setting the security feature is allowed.

Internet Explorer places restrictions on each Web page it opens. The restrictions are dependent upon the location of the Web page (Internet Intranet Local Machine zone etc. ). Web pages on the local computer have the fewest security restrictions and reside in the Local Machine zone making the Local Machine security zone a prime target for malicious users. Zone Elevation also disables JavaScript navigation if there is no security context. If you enable this policy setting any zone can be protected from zone elevation by Internet Explorer processes. If you disable this policy setting no zone receives such protection for Internet Explorer processes. If you do not configure this policy setting any zone can be protected from zone elevation by Internet Explorer processes.

Internet Explorer places restrictions on each Web page it opens. The restrictions are dependent upon the location of the Web page (Internet Intranet Local Machine zone and so on). For example Web pages on the local computer have the fewest security restrictions and reside in the Local Machine zone making the Local Machine security zone a prime target for malicious users. If you enable this policy setting any zone can be protected from zone elevation for all processes. If you disable or do not configure this policy setting processes other than Internet Explorer or those listed in the Process List receive no such protection.

This policy setting defines whether a reference to an object is accessible when the user navigates within the same domain or to a new domain. If you enable this policy setting an object reference is no longer accessible when navigating within or across domains for Internet Explorer processes. If you disable this policy setting an object reference is retained when navigating within or across domains for Internet Explorer processes. If you do not configure this policy setting an object reference is no longer accessible when navigating within or across domains for Internet Explorer processes.

This policy setting defines whether a reference to an object is accessible when the user navigates within the same domain or to a new domain. This policy setting allows administrators to define applications for which they want this security feature to be prevented or allowed. If you enable this policy setting and enter a Value of 1 references to objects are inaccessible after navigation. If you enter a Value of 0 references to objects are still accessible after navigation. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1 the policy setting is ignored. Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled the processes configured in this box take precedence over that setting. If you disable or do not configure this policy setting the security feature is allowed.

This policy setting defines whether a reference to an object is accessible when the user navigates within the same domain or to a new domain. If you enable this policy setting object reference is no longer accessible when navigating within or across domains for all processes. If you disable or do not configure this policy setting object reference is retained when navigating within or across domains in the Restricted Zone sites.

Internet Explorer may be configured to prevent active content obtained through restricted protocols from running in an unsafe manner. This policy setting controls whether restricting content obtained through restricted protocols is prevented or allowed. If you enable this policy setting restricting content obtained through restricted protocols is allowed for all processes other than File Explorer or Internet Explorer. If you disable this policy setting restricting content obtained through restricted protocols is prevented for all processes other than File Explorer or Internet Explorer. If you do not configure this policy setting no policy is enforced for processes other than File Explorer and Internet Explorer.

The MK Protocol Security Restriction policy setting reduces attack surface area by preventing the MK protocol. Resources hosted on the MK protocol will fail. If you enable this policy setting the MK Protocol is prevented for File Explorer and Internet Explorer and resources hosted on the MK protocol will fail. If you disable this policy setting applications can use the MK protocol API. Resources hosted on the MK protocol will work for the File Explorer and Internet Explorer processes. If you do not configure this policy setting the MK Protocol is prevented for File Explorer and Internet Explorer and resources hosted on the MK protocol will fail.