Category: At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1

This policy setting allows you to manage a list of sites that you want to associate with a particular security zone. These zone numbers have associated security settings that apply to all of the sites in the zone. Internet Explorer has 4 security zones numbered 1-4 and these are used by this policy setting to associate sites to zones. They are: (1) Intranet zone (2) Trusted Sites zone (3) Internet zone and (4) Restricted Sites zone. Security settings can be set for each of these zones through other policy settings and their default settings are: Trusted Sites zone (Low template) Intranet zone (Medium-Low template) Internet zone (Medium template) and Restricted Sites zone (High template). (The Local Machine zone and its locked down equivalent have special security settings that protect your local computer. )If you enable this policy setting you can enter a list of sites and their related zone numbers. The association of a site with a zone will ensure that the security settings for the specified zone are applied to the site.   For each entry that you add to the list enter the following information:Valuename – A host for an intranet site or a fully qualified domain name for other sites. The valuename may also include a specific protocol. For example if you enter http://www. contoso. com as the valuename other protocols are not affected.  If you enter just www. contoso. com then all protocols are affected for that site including http https ftp and so on. The site may also be expressed as an IP address (e. g. 127. 0. 0. 1) or range (e. g. 127. 0. 0. 1-10). To avoid creating conflicting policies do not include additional characters after the domain such as trailing slashes or URL path. For example policy settings for www. contoso. com and www. contoso. com/mail would be treated as the same policy setting by Internet Explorer and would therefore be in conflict. Value – A number indicating the zone with which this site should be associated for security settings. The Internet Explorer zones described above are 1-4. If you disable or do not configure this policy users may choose their own site-to-zone assignments.

This policy setting controls whether URLs representing UNCs are mapped into the local Intranet security zone. If you enable this policy setting all network paths are mapped into the Intranet Zone. If you disable this policy setting network paths are not necessarily mapped into the Intranet Zone (other rules might map one there). If you do not configure this policy setting users choose whether network paths are mapped into the Intranet Zone.

This policy setting controls whether sites which bypass the proxy server are mapped into the local Intranet security zone. If you enable this policy setting sites which bypass the proxy server are mapped into the Intranet Zone. If you disable this policy setting sites which bypass the proxy server aren’t necessarily mapped into the Intranet Zone (other rules might map one there). If you do not configure this policy setting users choose whether sites which bypass the proxy server are mapped into the Intranet Zone.

This template policy setting allows you to configure policy settings in this zone consistent with a selected security level for example Low Medium Low Medium or High. If you enable this template policy setting and select a security level all values for individual settings in the zone will be overwritten by the standard template defaults. If you disable this template policy setting no security level is configured. If you do not configure this template policy setting no security level is configured. Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL’s zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security) the same change should be made to the Locked-Down equivalent. Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example precedence inheritance or enforce) to apply individual settings to specific targets.

This template policy setting allows you to configure policy settings in this zone consistent with a selected security level for example Low Medium Low Medium or High. If you enable this template policy setting and select a security level all values for individual settings in the zone will be overwritten by the standard template defaults. If you disable this template policy setting no security level is configured. If you do not configure this template policy setting no security level is configured. Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL’s zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security) the same change should be made to the Locked-Down equivalent. Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example precedence inheritance or enforce) to apply individual settings to specific targets.