Tag: User Configuration
Allow script-initiated windows without size or position constraints
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars. If you enable this policy setting Windows Restrictions security will not apply in this zone. The security zone runs without the added layer of security provided by this feature. If you disable this policy setting the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. If you do not configure this policy setting the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process.
Userdata persistence
This policy setting allows you to manage the preservation of information in the browser’s history in favorites in an XML store or directly within a Web page saved to disk. When a user returns to a persisted page the state of the page can be restored if this policy setting is appropriately configured. If you enable this policy setting users can preserve information in the browser’s history in favorites in an XML store or directly within a Web page saved to disk. If you disable this policy setting users cannot preserve information in the browser’s history in favorites in an XML store or directly within a Web page saved to disk. If you do not configure this policy setting users can preserve information in the browser’s history in favorites in an XML store or directly within a Web page saved to disk.
Run . NET Framework-reliant components not signed with Authenticode
This policy setting allows you to manage whether . NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. If you enable this policy setting Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box Internet Explorer will prompt the user to determine whether to execute unsigned managed components. If you disable this policy setting Internet Explorer will not execute unsigned managed components. If you do not configure this policy setting Internet Explorer will not execute unsigned managed components.
Submit non-encrypted form data
This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission. If you enable this policy setting information using HTML forms on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box users are queried to choose whether to allow information using HTML forms on pages in this zone to be submitted. If you disable this policy setting information using HTML forms on pages in this zone is prevented from being submitted. If you do not configure this policy setting information using HTML forms on pages in this zone can be submitted automatically.
Software channel permissions
This policy setting allows you to manage software channel permissions. If you enable this policy setting you can choose the following options from the drop-down box. Low safety to allow users to be notified of software updates by e-mail software packages to be automatically downloaded to users’ computers and software packages to be automatically installed on users’ computers. Medium safety to allow users to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users’ computers. High safety to prevent users from being notified of software updates by e-mail software packages from being automatically downloaded to users’ computers and software packages from being automatically installed on users’ computers. If you disable this policy setting permissions are set to high safety. If you do not configure this policy setting permissions are set to Low safety.
Run . NET Framework-reliant components signed with Authenticode
This policy setting allows you to manage whether . NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link. If you enable this policy setting Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box Internet Explorer will prompt the user to determine whether to execute signed managed components. If you disable this policy setting Internet Explorer will not execute signed managed components. If you do not configure this policy setting Internet Explorer will not execute signed managed components.
Scripting of Java applets
This policy setting allows you to manage whether applets are exposed to scripts within the zone. If you enable this policy setting scripts can access applets automatically without user intervention. If you select Prompt in the drop-down box users are queried to choose whether to allow scripts to access applets. If you disable this policy setting scripts are prevented from accessing applets. If you do not configure this policy setting scripts can access applets automatically without user intervention.
Initialize and script ActiveX controls not marked as safe
This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting ActiveX controls are run loaded with parameters and scripted without setting object safety for untrusted data or scripts. This setting is not recommended except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted ignoring the Script ActiveX controls marked safe for scripting option. If you enable this policy setting and select Prompt in the drop-down box users are queried whether to allow the control to be loaded with parameters or scripted. If you disable this policy setting ActiveX controls that cannot be made safe are not loaded with parameters or scripted. If you do not configure this policy setting ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
Don’t run antimalware programs against ActiveX controls
This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls to check if they’re safe to load on pages. If you enable this policy setting Internet Explorer won’t check with your antimalware program to see if it’s safe to create an instance of the ActiveX control. If you disable this policy setting Internet Explorer always checks with your antimalware program to see if it’s safe to create an instance of the ActiveX control. If you don’t configure this policy setting Internet Explorer always checks with your antimalware program to see if it’s safe to create an instance of the ActiveX control. Users can turn this behavior on or off using Internet Explorer Security settings.
Script ActiveX controls marked safe for scripting
This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script. If you enable this policy setting script interaction can occur automatically without user intervention. If you select Prompt in the drop-down box users are queried to choose whether to allow script interaction. If you disable this policy setting script interaction is prevented from occurring. If you do not configure this policy setting script interaction can occur automatically without user intervention.