Tag: Computer Configuration

Internet Explorer places zone restrictions on each Web page it opens which are dependent upon the location of the Web page (Internet Intranet Local Machine zone etc. ). Web pages on the local computer have the fewest security restrictions and reside in the Local Machine zone. Local Machine zone security applies to all local files and content processed by Internet Explorer. This feature helps to mitigate attacks where the Local Machine zone is used as an attack vector to load malicious HTML code. If you enable this policy setting the Local Machine zone security applies to all local files and content processed by Internet Explorer. If you disable this policy setting Local Machine zone security is not applied to local files or content processed by Internet Explorer. If you do not configure this policy setting the Local Machine zone security applies to all local files and content processed by Internet Explorer.

This policy setting allows you to manage whether the Notification bar is displayed for processes other than the Internet Explorer processes when file or code installs are restricted. By default the Notification bar is not displayed for any process when file or code installs are restricted (except for the Internet Explorer Processes for which the Notification bar is displayed by default). If you enable this policy setting the Notification bar will be displayed for all processes. If you disable or do not configure this policy setting the Notification bar will not be displayed for all processes other than Internet Explorer or those listed in the Process List.

This policy setting allows you to manage whether the Notification bar is displayed for specific processes when file or code installs are restricted. By default the Notification bar is not displayed for any process when file or code installs are restricted (except for the Internet Explorer Processes for which the Notification bar is displayed by default). If you enable this policy setting and enter a Value of 1 the Notification bar is displayed. If you enter a Value of 0 the Notification bar is not displayed. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1 the policy setting is ignored. Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable for IE processes. If the All Processes policy setting is enabled the processes configured in this box take precedence over that setting. If you disable or do not configure this policy setting the Notification bar is not displayed for the specified processes.

Internet Explorer contains dynamic binary behaviors: components that encapsulate specific functionality for the HTML elements to which they are attached. This policy setting controls whether the Binary Behavior Security Restriction setting is prevented or allowed. This policy setting allows administrators to define applications for which they want this security feature to be prevented or allowed. If you enable this policy setting and enter a Value of 1 binary behaviors are prevented. If you enter a Value of 0 binary behaviors are allowed. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1 the policy setting is ignored. Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled the processes configured in this box take precedence over that setting. If you disable or do not configure this policy setting the security feature is allowed.

Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files received through a Web server. This policy setting determines whether Internet Explorer requires that all file-type information provided by Web servers be consistent. For example if the MIME type of a file is text/plain but the MIME sniff indicates that the file is really an executable file Internet Explorer renames the file by saving it in the Internet Explorer cache and changing its extension. If you enable this policy setting Consistent Mime Handling is enabled for all processes. If you disable or do not configure this policy setting Consistent Mime Handling is prevented for all processes.

Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files received through a Web server. This policy setting determines whether Internet Explorer requires that all file-type information provided by Web servers be consistent. For example if the MIME type of a file is text/plain but the MIME sniff indicates that the file is really an executable file Internet Explorer renames the file by saving it in the Internet Explorer cache and changing its extension. If you enable this policy setting Internet Explorer requires consistent MIME data for all received files. If you disable this policy setting Internet Explorer will not require consistent MIME data for all received files. If you do not configure this policy setting Internet Explorer requires consistent MIME data for all received files.

Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files received through a Web server. This policy setting determines whether Internet Explorer requires that all file-type information provided by Web servers be consistent. For example if the MIME type of a file is text/plain but the MIME sniff indicates that the file is really an executable file Internet Explorer renames the file by saving it in the Internet Explorer cache and changing its extension. This policy setting allows administrators to define applications for which they want this security feature to be prevented or allowed. If you enable this policy setting and enter a Value of 1 MIME handling is in effect. If you enter a Value of 0 file-type information is allowed to be inconsistent. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1 the policy setting is ignored. Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled the processes configured in this box take precedence over that setting. If you disable or do not configure this policy setting the security feature is allowed.

This policy setting allows you to manage whether processes respect add-on management user preferences (as reflected by Add-on Manager) or policy settings. By default any process other than the Internet Explorer processes or those listed in the ‘Process List’ policy setting ignore add-on management user preferences and policy settings. If you enable this policy setting all processes will respect add-on management user preferences and policy settings. If you disable or do not configure this policy setting all processes will not respect add-on management user preferences or policy settings.

This policy setting allows you to ensure that any Internet Explorer add-ons not listed in the ‘Add-on List’ policy setting are denied. Add-ons in this case are controls like ActiveX Controls Toolbars and Browser Helper Objects (BHOs) which are specifically written to extend or enhance the functionality of the browser or web pages. By default the ‘Add-on List’ policy setting defines a list of add-ons to be allowed or denied through Group Policy. However users can still use the Add-on Manager within Internet Explorer to manage add-ons not listed within the ‘Add-on List’ policy setting. This policy setting effectively removes this option from users – all add-ons are assumed to be denied unless they are specifically allowed through the ‘Add-on List’ policy setting. If you enable this policy setting Internet Explorer only allows add-ons that are specifically listed (and allowed) through the ‘Add-on List’ policy setting. If you disable or do not configure this policy setting users may use Add-on Manager to allow or deny any add-ons that are not included in the ‘Add-on List’ policy setting. Note: If an add-on is listed in the ‘Add-on List’ policy setting the user cannot change its state through Add-on Manager (unless its value has been set to allow user management – see the ‘Add-on List’ policy for more details).