New
#1
IE9 zone settings
Hi.
I'm using IE9's default zone templates, but if I understand what I'm finding in the registry, my local computer zone is set at 'Low' and I'm kind of thinking I'd like to use GP to lock it down at 'High' and do without gadgets etc.
Before using GP I'd like to learn which of the registry keys that contain URLAction flag values are applied where the values in a key are different or a key has no value? Does HKCU's 'Internet Settings' zones override HKLM's 'TemplatePolicies' values? I assume HKCU trumps HKLM's 'Internet settings' values?
Also, outside of applying GP, when (or does?) the 'lockdown_zones' keys apply?
I've only located 48 of the URLAction flags' text names in the registry, the rest of the 75 names (see pic) I know only from TechNet. Discounting duplicate HKEY_Users usersid keys and with no GP settings configured yet in ~\SOFTWARE\Policies\Microsoft\Windows~,
the only other relevant keys for the zone flags I know of are:-
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\zones
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\lockdown_zones
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\zones
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\lockdown_zones
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zones
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\lockdown_zones
HKEY_USERS\<systemsid>\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\zones
HKEY_USERS\<systemsid>\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\zones\lockdown_zones
...and the default Low, MedLow, Medium, MedHigh and High zone templates found in...
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies
Any advice appreciated. Can upload my comparison tables of the 0-4 zones if that'll bring a chuckle...
Erm image uploaded is pretty useless! pic removed..text list below instead:
URLAction Flags List
==============
Download signed ActiveX controls.......................................................1001
Download unsigned ActiveX controls....................................................1004
Run ActiveX controls and plugins.........................................................1200
Initialize and script ActiveX controls not marked as safe for scripting...........1201
Allow scripting of Microsoft web browser control.....................................1206
ACTIVEX_OVERRIDE_REPURPOSEDETECTION........................................1207
Allow previously unused ActiveX controls to run without prompt..................1208
Allow Scriptlets................................................................................1209
Display video and animation on a web page that does not use external media player............................................................................................12 0A
Only allow approved domains to use ActiveX without prompt......................120B
Active scripting................................................................................1400
Scripting of Java applets....................................................................1402
Script ActiveX controls marked safe for scripting.....................................1405
Access data sources across domains.....................................................1406
Allow Programmatic clipboard access {by websites}................................1407
ALLOW_XDOMAIN_SUBFRAME_RESIZE.................................................1408
Enable XSS filter.............................................................................1409
Submit non-encrypted form data.......................................................1601
Font download...............................................................................1604
HTML_JAVA_RUN...........................................................................1605
Userdata persistence......................................................................1606
Navigate windows and frames across different domains..........................1607
Allow META REFRESH.....................................................................1608
Display mixed content...................................................................1609
Include local directory path when uploading files to a server...................160A
???...........................................................................................1800
Drag and drop or copy and paste files................................................1802
File download..............................................................................1803
Launching programs and files in an IFRAME.......................................1804
SHELL_WEBVIEW_VERB................................................................1805
Launching applications and unsafe files.............................................1806
SHELL_EXECUTE_MODRISK..........................................................1807
SHELL_EXECUTE_LOWRISK..........................................................1808
Use Pop-up blocker.....................................................................1809
SHELL_RTF_OBJECTS_LOAD..........................................................180A
SHELL_ENHANCED_DRAGDROP_SECURITY.........................................180B
SHELL_EXTENSIONSECURITY.........................................................180C
SHELL_SECURE_DRAGSOURCE........................................................180D
SHELL_REMOTEQUERY...................................................................180E
SHELL_PREVIEW.........................................................................180F
Logon.......................................................................................1A00
COOKIES...................................................................................1A02
COOKIES_SESSION.......................................................................1A03
Don't prompt for client certificate selection when only one certificate exists...1A04
COOKIES_THIRD_PARTY...............................................................1A05
COOKIES_SESSION_THIRD_PARTY..................................................1A06
COOKIES_ENABLED.......................................................................1A10
???............................................................................................1C00
CHANNEL_SOFTDIST_PERMISSIONS.................................................1e05
Binary and script behaviors.............................................................2000
Run components signed with Authenticode......................................2001
Run components not signed with Authenticode..................................2004
DOTNET_USERCONTROLS..........................................................2005
Permissions for components with manifests....................................2007
Enable MIME Sniffing....................................................................2100
Websites in less privileged web content zone can navigate into this zone.....2101
Allow script-initiated windows without size or position constraints.............2102
Allow status updates via script.........................................................2103
Allow webpages to open windows without address or status bars.................2104
Allow websites to prompt for information using scripted windows...............2105
FEATURE_DATA_BINDING...................................................................2106
FEATURE_CROSSDOMAIN_FOCUS_CHANGE...............................................2107
AUTOMATIC_DOWNLOAD_UI..........................................................2200
Automatic prompting for ActiveX controls.......................................2201
Allow webpages to use restricted protocols for active content..................2300
Use SmartScreen filter.................................................................2301
XAML browser applications..............................................................2400
XPS Documents..........................................................................2401
Loose XAML.................................................................................2402
LOWRIGHTS Protected Mode enabled...............................................2500
Enable .NET Framework setup....................................................2600
INPRIVATE_BLOCKING.............................................................2700
ALLOW_AUDIO_VIDEO..............................................................2701
Allow ActiveX Filtering....................................................................2702
ALLOW_STRUCTURED_STORAGE_SNIFFING..............................................2703