Tag: User Configuration

This policy setting defines whether a reference to an object is accessible when the user navigates within the same domain or to a new domain. If you enable this policy setting object reference is no longer accessible when navigating within or across domains for all processes. If you disable or do not configure this policy setting object reference is retained when navigating within or across domains in the Restricted Zone sites.

Internet Explorer places zone restrictions on each Web page it opens which are dependent upon the location of the Web page (Internet Intranet Local Machine zone etc. ). Web pages on the local computer have the fewest security restrictions and reside in the Local Machine zone. Local Machine zone security applies to all local files and content processed by Internet Explorer. This feature helps to mitigate attacks where the Local Machine zone is used as an attack vector to load malicious HTML code. If you enable this policy setting the Local Machine zone security applies to all local files and content processed by Internet Explorer. If you disable this policy setting Local Machine zone security is not applied to local files or content processed by Internet Explorer. If you do not configure this policy setting the Local Machine zone security applies to all local files and content processed by Internet Explorer.

Internet Explorer places zone restrictions on each Web page it opens which are dependent upon the location of the Web page (Internet Intranet Local Machine zone and so on). Web pages on the local computer have the fewest security restrictions and reside in the Local Machine zone. Local Machine zone security applies to all local files and content. This feature helps to mitigate attacks where the Local Machine zone is used as an attack vector to load malicious HTML code. If you enable this policy setting and enter a value of 1 Local Machine Zone security applies. If you enter a value of 0 Local Machine Zone security does not apply. If a Value Name is empty or the Value is not 0 or 1 the policy setting is ignored. Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled the processes configured in this box take precedence over that setting. If you disable or do not configure this policy setting the security feature is allowed.

This policy setting determines whether Internet Explorer MIME sniffing will prevent promotion of a file of one type to a more dangerous file type. If you enable this policy setting the Mime Sniffing Safety Feature is enabled for all processes. If you disable or do not configure this policy setting the Mime Sniffing Safety Feature is disabled for all processes.

This policy setting determines whether Internet Explorer MIME sniffing will prevent promotion of a file of one type to a more dangerous file type. If you enable this policy setting MIME sniffing will never promote a file of one type to a more dangerous file type. If you disable this policy setting Internet Explorer processes will allow a MIME sniff promoting a file of one type to a more dangerous file type. If you do not configure this policy setting MIME sniffing will never promote a file of one type to a more dangerous file type.

This policy setting determines whether Internet Explorer MIME sniffing will prevent promotion of a file of one type to a more dangerous file type. This policy setting allows administrators to define applications for which they want this security feature to be prevented or allowed. If you enable this policy setting and enter a Value of 1 this protection will be in effect. If you enter a Value of 0 any file may be promoted to more dangerous file types. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1 the policy setting is ignored. Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled the processes configured in this box take precedence over that setting. If you disable or do not configure this policy setting the security feature is allowed.

The MK Protocol Security Restriction policy setting reduces attack surface area by preventing the MK protocol. Resources hosted on the MK protocol will fail. If you enable this policy setting the MK Protocol is disabled for all processes. Any use of the MK Protocol is blocked. If you disable or do not configure this policy setting the MK Protocol is enabled.

This policy setting allows you to manage whether the Notification bar is displayed for Internet Explorer processes when file or code installs are restricted. By default the Notification bar is displayed for Internet Explorer processes. If you enable this policy setting the Notification bar will be displayed for Internet Explorer Processes. If you disable this policy setting the Notification bar will not be displayed for Internet Explorer processes. If you do not configure this policy setting the Notification bar will be displayed for Internet Explorer Processes.

This policy setting allows you to manage whether the Notification bar is displayed for processes other than the Internet Explorer processes when file or code installs are restricted. By default the Notification bar is not displayed for any process when file or code installs are restricted (except for the Internet Explorer Processes for which the Notification bar is displayed by default). If you enable this policy setting the Notification bar will be displayed for all processes. If you disable or do not configure this policy setting the Notification bar will not be displayed for all processes other than Internet Explorer or those listed in the Process List.

This policy setting allows you to manage whether the Notification bar is displayed for specific processes when file or code installs are restricted. By default the Notification bar is not displayed for any process when file or code installs are restricted (except for the Internet Explorer Processes for which the Notification bar is displayed by default). If you enable this policy setting and enter a Value of 1 the Notification bar is displayed. If you enter a Value of 0 the Notification bar is not displayed. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1 the policy setting is ignored. Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable for IE processes. If the All Processes policy setting is enabled the processes configured in this box take precedence over that setting. If you disable or do not configure this policy setting the Notification bar is not displayed for the specified processes.