Category: At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1

This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items. If you enable this policy setting and the drop-down box is set to Enable the user does not receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure items?) and nonsecure content can be displayed. If the drop-down box is set to Prompt the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content. If you disable this policy setting users cannot receive the security information message and nonsecure content cannot be displayed. If you do not configure this policy setting the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content.

This policy setting allows you to manage whether script code on pages in the zone is run. If you enable this policy setting script code on pages in the zone can run automatically. If you select Prompt in the drop-down box users are queried to choose whether to allow script code on pages in the zone to run. If you disable this policy setting script code on pages in the zone is prevented from running. If you do not configure this policy setting script code on pages in the zone can run automatically.

This policy setting allows you to manage whether a user’s browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page. If you enable this policy setting a user’s browser that loads a page containing an active Meta Refresh setting can be redirected to another Web page. If you disable this policy setting a user’s browser that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page. If you do not configure this policy setting a user’s browser that loads a page containing an active Meta Refresh setting can be redirected to another Web page.

This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO). If you enable this policy setting users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. If you disable this policy setting users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you do not configure this policy setting users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone.

This policy setting allows you to manage whether Web sites from less privileged zones such as Internet sites can navigate into this zone. If you enable this policy setting Web sites from less privileged zones can open new windows in or navigate into this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box a warning is issued to the user that potentially risky navigation is about to occur. If you disable this policy setting the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control. If you do not configure this policy setting the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.