Internet Explorer Security Zones

Check Description

This check lists the current and recommended security settings for the Microsoft® Internet Explorer zones for each local user on the scanned computer.

When the security level is customized or when individual settings have been modified through means other than the Internet Options dialog box, individual settings that are set below the recommended level will be identified.

Note

• If you get the message "Error Reading Registry," the Remote Registry service might not be enabled.

The Microsoft Internet Explorer Web content zones divide the Internet or intranet into zones with different levels of security. This capability permits you to set global default settings for the browser, to allow all content on trusted sites or to disallow certain types of content, such as Java applets or ActiveX®controls, depending on the Web site of origin.

The Internet Explorer browsing software comes with four predefined Web content zones: Internet, Local intranet, Trusted sites, and Restricted sites. In the Internet Options dialog box, you can set the security options you want for each zone, and then add or remove sites from any zone (except Internet), depending on your level of trust in the site. In corporate environments, administrators can set up zones for users. They can also add or remove (in advance) the authentication certificates of software publishers that they do or do not trust, so that users do not have to make security decisions while they are using the Internet.

For each security zone, you can choose a high, medium, medium-low, low, or custom security setting. The high setting is recommended for sites in zones of uncertain trustworthiness. The custom choice provides advanced users and administrators with more control over all security options, including the following:

• Access to files, ActiveX controls, and scripts.
• Level of capabilities given to Java applets.
• Site identity designation with Secure Sockets Layer (SSL) authentication.
• Password protection with NTLM authentication. (Depending on which zone a server is in, Internet Explorer can send password information automatically, prompt the user for user and password information, or deny any logon request.)

On systems that have Internet Explorer Enhanced Security Configuration installed, the settings are checked against the default recommended levels for this configuration.

Additional Information

About URL Security Zones Templates

How to Use Security Zones in Internet Explorer (174360)

Managing Internet Explorer Enhanced Security Configuration

©2002-2004 Microsoft Corporation. All rights reserved.