How can I manage Internet Explorer Security Zones via the registry?
2006-03-09 10:57
543 查看
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
AND
HKEY_Local_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
The values that are located in both keys are additive. If a Web site is added to both keys, only the HKCU sites can be seen in the GUI, but both settings are enforced.
If you only want machine based settings to be enforced, copy and paste the following to a HKLM_Only.reg file and Merge it with the computers registry:
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings]
"Security_HKLM_only"=dword:00000001
The sub-keys of the Internet Settings key, for both HKLM and HKCU paths, are:
TemplatePolicies
ZoneMap
Zones
The Zones sub-key contains a sub-key for each zone defined. The defaults are:
These sub-keys contain the following Value Names:
The data values for the CurrentLevel, MinLevel, and RecommendedLevel Value Names are:
The data values for the Flags value Name are additive:
NOTE: The My Computer zone does NOT contain the CurrentLevel, MinLevel, and RecommendedLevel Value Names.
The following Value Names are all REG_DWORD data types. Their data values are:
The 1C00 Value Name, a REG_DWORD data type, has the following possible JAVA data values:
The 1E05 Value Name, a REG_DWORD data type, specifies software channel permissions.
The TemplatePolicies sub-key of the Internet Settings key has the default security zones settings. The Low, Medium, and High sub-keys contains Value Names that represents the Zones default values.
The ZoneMap sub-key of the Internet Settings key has the following sub-keys:
Domains - Contains domains and protocols that have been added. Each added domain is a sub-key of Domains. Sub-domains are sub-keys of the the domain that they belong to. Each domain has a protocol Value Name (ftp, http, https, etc.) whose data value is the numerical value of the security zone (0x00012000 is High Security) to which it is added.
The ProtocolDefaults sub-key of the Internet Settings key defines the default security zone for a given protocol, by adding a Value Name (file, ftp, http, https, etc.), with NO colons (:) or slashes (/). These REG_DWORD data types the following possible data values:
The Ranges sub-key of the Internet Settings key contain arbitrary sub-keys that define the ranges of the TCP/IP address. The :Ranges Value Name of these arbitrary sub-keys, a REG_SZ data type, contains the range affected (192.168.0.*). A * Value Name, a REG_DWORD data type, contains the security zone that the range falls within (0x1 is Local Intranet).
AND
HKEY_Local_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
The values that are located in both keys are additive. If a Web site is added to both keys, only the HKCU sites can be seen in the GUI, but both settings are enforced.
If you only want machine based settings to be enforced, copy and paste the following to a HKLM_Only.reg file and Merge it with the computers registry:
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings]
"Security_HKLM_only"=dword:00000001
The sub-keys of the Internet Settings key, for both HKLM and HKCU paths, are:
TemplatePolicies
ZoneMap
Zones
The Zones sub-key contains a sub-key for each zone defined. The defaults are:
Key | Meaning |
0 | My Computer, NOT available in the Zone box of the Security tab. |
1 | Local Intranet Zone. |
2 | Trusted sites Zone. |
3 | Internet Zone. |
4 | Restricted Sites Zone |
Value Name | Data Type | Meaning |
Description | REG_SZ | Displayed when you select a Zone in the Zone box of the GUI. |
DisplayName | REG_SZ | Displayed when you select a Zone in the Zone box of the GUI[/b]. |
Icon | REG_SZ | The icon that is displayed. |
CurrentLevel | REG_DWORD | The current Security setting. |
MinLevel | REG_DWORD | The lowest Security level allowed before a warning is issued. |
RecommendedLevel | REG_DWORD | The recommended Security level. |
Flags | REG_DWORD | Controls the users ability to modify the Security settings. |
Data value | Meaning |
0x00010000 | Low Security. |
0x00011000 | Medium Security. |
0x00012000 | High Security. |
Data value | Meaning |
1 | Allow changes to custom settings. |
2 | Allow users to add Web sites to this zone. |
4 | Require HTTPS Web sites. |
8 | Include Web sites that bypass the proxy server. |
16 | Include Web sites not listed in other zones. |
32 | Do NOT show security zone in Internet Properties. |
64 | Show the Requires Server Verification dialog. |
128 | UNCs are treated as Intranet connections. |
The following Value Names are all REG_DWORD data types. Their data values are:
Data value | Meaning |
0 | This action is allowed. |
1 | This action will generate a prompt. |
3 | This action is prohibited. |
Value Setting Name 1001 Download signed ActiveX controls 1004 Download unsigned ActiveX controls 1200 Run ActiveX controls and plug-ins 1201 Initialize and run ActiveX controls and plug-ins not marked as safe 1400 Active scripting 1402 Scripting of Java programs 1405 Script ActiveX controls marked as safe for scripting 1406 Access data sources across domains 1407 Allow paste operations via script 1601 Submit non-encrypted form data 1604 Font download 1605 Unknown 1606 User Data persistence 1607 Navigate sub-frames across different domains 1800 Installation of desktop items 1802 Drag and drop or copy and paste of files 1803 File Download. No prompt setting as download is either allowed or NOT allowed. 1804 Load applications and files in an IFRAME 1805 Unknown 1806 Launching applications and unsafe files 1A02 Allow cookies that are stored on your computer 1A03 Allow per-session cookies (not stored)The 1A00 Value Name, a REG_DWORD data type, has the following possible data values:
Decimal Data value | Meaning |
0 | Automatically logon with current username and password. |
65536 | Prompt for user name and password. |
131072 | Automatic logon only in the Intranet zone. |
196608 | Anonymous logon. |
Decimal Data value | Meaning |
0 | Disable Java. |
65536 | High safety. |
131072 | Medium safety. |
196608 | Low safety. |
8388608 | Custom. |
The TemplatePolicies sub-key of the Internet Settings key has the default security zones settings. The Low, Medium, and High sub-keys contains Value Names that represents the Zones default values.
The ZoneMap sub-key of the Internet Settings key has the following sub-keys:
Domains - Contains domains and protocols that have been added. Each added domain is a sub-key of Domains. Sub-domains are sub-keys of the the domain that they belong to. Each domain has a protocol Value Name (ftp, http, https, etc.) whose data value is the numerical value of the security zone (0x00012000 is High Security) to which it is added.
The ProtocolDefaults sub-key of the Internet Settings key defines the default security zone for a given protocol, by adding a Value Name (file, ftp, http, https, etc.), with NO colons (:) or slashes (/). These REG_DWORD data types the following possible data values:
Key | Meaning |
0 | My Computer, NOT available in the Zone box of the Security tab. |
1 | Local Intranet Zone. |
2 | Trusted sites Zone. |
3 | Internet Zone. |
4 | Restricted Sites Zone |
相关文章推荐
- What is XMLHTTP? How to use security zones in Internet Explorer
- Windows SDK Registry: How can I access the registry?
- Internet Explorer in Protected Mode – How the Low Integrity Environment Gets Created
- Windows SDK Registry: How can I read in data from the registry?
- Internet Explorer Cannot Open the Internet Site Operation Aborted, how to fix this error?
- Windows SDK Registry: How can I write data to the registry?
- How can you disable the UDDI and UDDI Explorer functionality in WebLogic Server? (Doc ID 1274906.1)
- How to add favourite bar items to Internet Explorer via Group Policy
- 互联网工作原理(19.How to Access the Internet via a Satellite Connection)
- How to disable Internet Explorer Enhanced Security Configuration on a Windows 2008 Server? 如何禁用IE增强安全配置?
- It's not always malware: How to fix the top 10 Internet Explorer issues
- How can i get hold of all of the visible items in my QListView?
- how to solve the problem which is the imail software can not send email in wan,but can send email in lan.
- Please read "Security" section of the manual to find out how to run mysqld as root!错误解决
- How LED lights could speed up the internet
- The Microsoft Internet Explorer Weblog
- How can a database be in-memory and durable at the same time?
- how can i get the source code path && file names from an ELF file(compired with -g)?
- How Google Backs Up The Internet Along With Exabytes Of Other Data
- How to pause or end a UIView animation via the CALayer