Tag: User Configuration
Do not allow resetting Internet Explorer settings
This policy setting prevents the user from using the Reset Internet Explorer Settings feature. Reset Internet Explorer Settings allows the user to reset all settings changed since installation delete browsing history and disable add-ons that are not preapproved. If you enable this policy setting the user cannot use Reset Internet Explorer Settings. If you disable or do not configure this policy setting the user can use Reset Internet Explorer Settings.
Allow third-party browser extensions
This policy setting allows you to manage whether Internet Explorer will launch COM add-ons known as browser helper objects such as toolbars. Browser helper objects may contain flaws such as buffer overruns which impact Internet Explorer’s performance or stability. If you enable this policy setting Internet Explorer automatically launches any browser helper objects that are installed on the user’s computer. If you disable this policy setting browser helper objects do not launch. If you do not configure this policy Internet Explorer automatically launches any browser helper objects that are installed on the user’s computer.
Check for signatures on downloaded programs
This policy setting allows you to manage whether Internet Explorer checks for digital signatures (which identifies the publisher of signed software and verifies it hasn’t been modified or tampered with) on user computers before downloading executable programs. If you enable this policy setting Internet Explorer will check the digital signatures of executable programs and display their identities before downloading them to user computers. If you disable this policy setting Internet Explorer will not check the digital signatures of executable programs or display their identities before downloading them to user computers. If you do not configure this policy Internet Explorer will not check the digital signatures of executable programs or display their identities before downloading them to user computers.
Allow Install On Demand (Internet Explorer)
This policy setting allows you to manage whether users can automatically download and install Web components (such as fonts) that can installed by Internet Explorer Active Setup. For example if you open a Web page that requires Japanese-text display support Internet Explorer could prompt the user to download the Japanese Language Pack component if it is not already installed. If you enable this policy setting Web components such as fonts will be automatically installed as necessary. If you disable this policy setting users will be prompted when Web Components such as fonts would be downloaded. If you do not configure this policy users will be prompted when Web Components such as fonts would be downloaded.
Allow Install On Demand (except Internet Explorer)
This policy setting allows you to manage whether users can download and install self-installing program files (non-Internet Explorer components) that are registered with Internet Explorer (such as Macromedia and Java) that are required in order to view web pages as intended. If you enable this policy setting non-Internet Explorer components will be automatically installed as necessary. If you disable this policy setting users will be prompted when non-Internet Explorer components would be installed. If you do not configure this policy setting non-Internet Explorer components will be automatically installed as necessary.
Automatically check for Internet Explorer updates
This policy setting allows you to manage whether Internet Explorer checks the Internet for newer versions. When Internet Explorer is set to do this the checks occur approximately every 30 days and users are prompted to install new versions as they become available. If you enable this policy setting Internet Explorer checks the Internet for a new version approximately every 30 days and prompts the user to download new versions when they are available. If you disable this policy setting Internet Explorer does not check the Internet for new versions of the browser so does not prompt users to install them. If you do not configure this policy setting Internet Explorer does not check the Internet for new versions of the browser so does not prompt users to install them.
Turn on Enhanced Protected Mode
Enhanced Protected Mode provides additional protection against malicious websites by using 64-bit processes on 64-bit versions of Windows. For computers running at least Windows 8 Enhanced Protected Mode also limits the locations Internet Explorer can read from in the registry and the file system. If you enable this policy setting Enhanced Protected Mode will be turned on. Any zone that has Protected Mode enabled will use Enhanced Protected Mode. Users will not be able to disable Enhanced Protected Mode. If you disable this policy setting Enhanced Protected Mode will be turned off. Any zone that has Protected Mode enabled will use the version of Protected Mode introduced in Internet Explorer 7 for Windows Vista. If you do not configure this policy users will be able to turn on or turn off Enhanced Protected Mode on the Advanced tab of the Internet Options dialog.
Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows
This policy setting determines whether Internet Explorer 11 uses 64-bit processes (for greater security) or 32-bit processes (for greater compatibility) when running in Enhanced Protected Mode on 64-bit versions of Windows. Important: Some ActiveX controls and toolbars may not be available when 64-bit processes are used. If you enable this policy setting Internet Explorer 11 will use 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows. If you disable this policy setting Internet Explorer 11 will use 32-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows. If you don’t configure this policy setting users can turn this feature on or off using Internet Explorer settings. This feature is turned off by default.
Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled
This policy setting prevents ActiveX controls from running in Protected Mode when Enhanced Protected Mode is enabled. When a user has an ActiveX control installed that is not compatible with Enhanced Protected Mode and a website attempts to load the control Internet Explorer notifies the user and gives the option to run the website in regular Protected Mode. This policy setting disables this notification and forces all websites to run in Enhanced Protected Mode. Enhanced Protected Mode provides additional protection against malicious websites by using 64-bit processes on 64-bit versions of Windows. For computers running at least Windows 8 Enhanced Protected Mode also limits the locations Internet Explorer can read from in the registry and the file system. When Enhanced Protected Mode is enabled and a user encounters a website that attempts to load an ActiveX control that is not compatible with Enhanced Protected Mode Internet Explorer notifies the user and gives the option to disable Enhanced Protected Mode for that particular website. If you enable this policy setting Internet Explorer will not give the user the option to disable Enhanced Protected Mode. All Protected Mode websites will run in Enhanced Protected Mode. If you disable or do not configure this policy setting Internet Explorer notifies users and provides an option to run websites with incompatible ActiveX controls in regular Protected Mode. This is the default behavior.
Always send Do Not Track header
This policy setting allows you to configure how Internet Explorer sends the Do Not Track (DNT) header. If you enable this policy setting Internet Explorer sends a DNT:1 header with all HTTP and HTTPS requests. The DNT:1 header signals to the servers not to track the user. For Internet Explorer 9 and 10:If you disable this policy setting Internet Explorer only sends the Do Not Track header if a Tracking Protection List is enabled or inPrivate Browsing mode is used. For at least Internet Explorer 11:If you disable this policy setting Internet Explorer only sends the Do Not Track header if inPrivate Browsing mode is used. If you don’t configure the policy setting users can select the Always send Do Not Track header option in Internet Explorer settings. By selecting this option Internet Explorer sends a DNT:1 header with all HTTP and HTTPS requests; unless the user grants a site-specific exception. Internet Explorer sends a DNT:0 header to any sites granted an exception. By default this option is turned on.