Category: At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1

For each zone the Network Protocol Lockdown security restriction may be configured to prevent active content obtained through restricted protocols from running in an unsafe manner either by prompting the user or simply disabling the content. For each zone this list of protocols may be configured here and applies to all processes which have opted in to the security restriction. If you enable this policy setting for a zone this sets the list of protocols to be restricted if that zone is set to Prompt or Disable for “Allow active content over restricted protocols to access my computer. “If you disable or do not configure this policy setting for a zone no protocols are restricted for that zone regardless of the setting for “Allow active content over restricted protocols to access my computer. “Note. If policy for a zone is set in both Computer Configuration and User Configuration both lists of protocols will be restricted for that zone.

For each zone the Network Protocol Lockdown security restriction may be configured to prevent active content obtained through restricted protocols from running in an unsafe manner either by prompting the user or simply disabling the content. For each zone this list of protocols may be configured here and applies to all processes which have opted in to the security restriction. If you enable this policy setting for a zone this sets the list of protocols to be restricted if that zone is set to Prompt or Disable for “Allow active content over restricted protocols to access my computer. “If you disable or do not configure this policy setting for a zone no protocols are restricted for that zone regardless of the setting for “Allow active content over restricted protocols to access my computer. “Note. If policy for a zone is set in both Computer Configuration and User Configuration both lists of protocols will be restricted for that zone.

This policy setting allows you to manage the crash detection feature of add-on Management. If you enable this policy setting a crash in Internet Explorer will exhibit behavior found in Windows XP Professional Service Pack 1 and earlier namely to invoke Windows Error Reporting. All policy settings for Windows Error Reporting continue to apply. If you disable or do not configure this policy setting the crash detection feature for add-on management will be functional.

This policy setting enables applications hosting the Web Browser Control to block automatic prompting of file downloads that are not user initiated. If you enable this policy setting and enter a Value of 1 automatic prompting of non-initiated file downloads is blocked. If you enter a Value of 0 automatic prompting of non-initiated file downloads is allowed. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1 the policy setting is ignored. Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled the processes configured in this box take precedence over that setting. If you disable or do not configure this policy setting the security feature is allowed.

This policy setting enables blocking of file download prompts that are not user initiated. If you enable this policy setting file download prompts that are not user initiated will be blocked for Internet Explorer processes. If you disable this policy setting prompting will occur for file downloads that are not user initiated for Internet Explorer processes. If you do not configure this policy setting the user’s preference determines whether to prompt for file downloads that are not user initiated for Internet Explorer processes.

Internet Explorer allows scripts to programmatically open resize and reposition windows of various types. The Window Restrictions security feature restricts popup windows and prohibits scripts from displaying windows in which the title and status bars are not visible to the user or obfuscate other Windows’ title and status bars. This policy setting allows administrators to define applications for which they want this security feature to be prevented or allowed. If you enable this policy setting and enter a Value of 1 such windows may not be opened. If you enter a Value of 0 windows have none of these restrictions. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1 the policy setting is ignored. Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled the processes configured in this box take precedence over that setting. If you disable or do not configure this policy setting the security feature is allowed.