Tag: Computer Configuration

The MK Protocol Security Restriction policy setting reduces attack surface area by preventing the MK protocol. Resources hosted on the MK protocol will fail. This policy setting allows administrators to define applications for which they want this security feature to be prevented or allowed. If you enable this policy setting and enter a Value of 1 use of the MK protocol is prevented. If you enter a Value of 0 use of the MK protocol is allowed. If a Value Name is empty or the Value is not 0 or 1 the policy setting is ignored. Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled the processes configured in this box take precedence over that setting. If you disable or do not configure this policy setting the policy setting is ignored.

File Explorer and Internet Explorer may be configured to prevent active content obtained through restricted protocols from running in an unsafe manner. This policy setting controls whether restricting content obtained through restricted protocols is prevented or allowed. If you enable this policy setting restricting content obtained through restricted protocols is allowed for File Explorer and Internet Explorer processes. For example you can restrict active content from pages served over the http and https protocols by adding the value names http and https. If you disable this policy setting restricting content obtained through restricted protocols is prevented for File Explorer and Internet Explorer processes. If you do not configure this policy setting the policy setting is ignored.

Internet Explorer may be configured to prevent active content obtained through restricted protocols from running in an unsafe manner. This policy setting controls whether restricting content obtained through restricted protocols is prevented or allowed. This policy setting allows administrators to define applications for which they want restricting content obtained through restricted protocols to be prevented or allowed. If you enable this policy setting and enter a Value of 1 restricting content obtained through restricted protocols is allowed. If you enter a Value of 0 restricting content obtained through restricted protocols is blocked. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1 the policy setting is ignored. Do not enter the File Explorer or Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable these processes. If the All Processes policy setting is enabled the processes configured in this box take precedence over that setting. If you disable or do not configure this policy setting the security feature is allowed.

This policy setting determines whether Internet Explorer MIME sniffing will prevent promotion of a file of one type to a more dangerous file type. This policy setting allows administrators to define applications for which they want this security feature to be prevented or allowed. If you enable this policy setting and enter a Value of 1 this protection will be in effect. If you enter a Value of 0 any file may be promoted to more dangerous file types. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1 the policy setting is ignored. Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled the processes configured in this box take precedence over that setting. If you disable or do not configure this policy setting the security feature is allowed.

This policy setting determines whether Internet Explorer MIME sniffing will prevent promotion of a file of one type to a more dangerous file type. If you enable this policy setting the Mime Sniffing Safety Feature is enabled for all processes. If you disable or do not configure this policy setting the Mime Sniffing Safety Feature is disabled for all processes.

Internet Explorer places zone restrictions on each Web page it opens which are dependent upon the location of the Web page (Internet Intranet Local Machine zone and so on). Web pages on the local computer have the fewest security restrictions and reside in the Local Machine zone. Local Machine zone security applies to all local files and content. This feature helps to mitigate attacks where the Local Machine zone is used as an attack vector to load malicious HTML code. If you enable this policy setting and enter a value of 1 Local Machine Zone security applies. If you enter a value of 0 Local Machine Zone security does not apply. If a Value Name is empty or the Value is not 0 or 1 the policy setting is ignored. Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled the processes configured in this box take precedence over that setting. If you disable or do not configure this policy setting the security feature is allowed.

The MK Protocol Security Restriction policy setting reduces attack surface area by preventing the MK protocol. Resources hosted on the MK protocol will fail. If you enable this policy setting the MK Protocol is disabled for all processes. Any use of the MK Protocol is blocked. If you disable or do not configure this policy setting the MK Protocol is enabled.

This policy setting determines whether Internet Explorer MIME sniffing will prevent promotion of a file of one type to a more dangerous file type. If you enable this policy setting MIME sniffing will never promote a file of one type to a more dangerous file type. If you disable this policy setting Internet Explorer processes will allow a MIME sniff promoting a file of one type to a more dangerous file type. If you do not configure this policy setting MIME sniffing will never promote a file of one type to a more dangerous file type.

This policy setting allows you to manage whether the Notification bar is displayed for Internet Explorer processes when file or code installs are restricted. By default the Notification bar is displayed for Internet Explorer processes. If you enable this policy setting the Notification bar will be displayed for Internet Explorer Processes. If you disable this policy setting the Notification bar will not be displayed for Internet Explorer processes. If you do not configure this policy setting the Notification bar will be displayed for Internet Explorer Processes.

Internet Explorer places zone restrictions on each Web page it opens which are dependent upon the location of the Web page (Internet Intranet Local Machine zone etc. ). Web pages on the local computer have the fewest security restrictions and reside in the Local Machine zone. Local Machine zone security applies to all local files and content. This feature helps to mitigate attacks where the Local Machine zone is used as an attack vector to load malicious HTML code. If you enable this policy setting the Local Machine zone security applies to all local files and content processed by any process other than Internet Explorer or those defined in a process list. If you disable or do not configure this policy setting Local Machine zone security is not applied to local files or content processed by any process other than Internet Explorer or those defined in a process list.