<string id="Advanced_ExplainCDUnlock">This policy setting allows you to manage whether users receive a dialog requesting permission for active content on a CD to run.
If you enable this policy setting, active content on a CD will run without a prompt.
If you disable this policy setting, active content on a CD will always prompt before running.
If you do not configure this policy, users can choose whether to be prompted before running active content on a CD.</string>
<string id="Advanced_ExplainCertificateRevocation">This policy setting allows you to manage whether Internet Explorer will check revocation status of servers' certificates. Certificates are revoked when they have been compromised or are no longer valid, and this option protects users from submitting confidential data to a site that may be fraudulent or not secure.
If you enable this policy setting, Internet Explorer will check to see if server certificates have been revoked.
If you disable this policy setting, Internet Explorer will not check server certificates to see if they have been revoked.
If you do not configure this policy setting, Internet Explorer will not check server certificates to see if they have been revoked.</string>
<string id="Advanced_ExplainDisableRIED">This policy setting prevents users from using the Reset Internet Explorer Settings feature. Reset Internet Explorer Settings will allow the users to reset all settings changed since install, delete browsing history and disable add-ons that are not preapproved.
If you enable this policy setting, users will not be able to use Reset Internet Explorer Settings.
If you disable or do not configure this policy setting, users will be able to use Reset Internet Explorer Settings.</string>
<string id="Advanced_ExplainDownloadSignatures">This policy setting allows you to manage whether Internet Explorer checks for digital signatures (which identifies the publisher of signed software and verifies it hasn't been modified or tampered with) on user computers before downloading executable programs.
If you enable this policy setting, Internet Explorer will check the digital signatures of executable programs and display their identities before downloading them to user computers.
If you disable this policy setting, Internet Explorer will not check the digital signatures of executable programs or display their identities before downloading them to user computers.
If you do not configure this policy, Internet Explorer will not check the digital signatures of executable programs or display their identities before downloading them to user computers.</string>
<string id="Advanced_ExplainEnableBrowserExtensions">This policy setting allows you to manage whether Internet Explorer will launch COM add-ons known as browser helper objects, such as toolbars. Browser helper objects may contain flaws such as buffer overruns which impact Internet Explorer's performance or stability.
If you enable this policy setting, Internet Explorer automatically launches any browser helper objects that are installed on the user's computer.
If you disable this policy setting, browser helper objects do not launch.
If you do not configure this policy, Internet Explorer automatically launches any browser helper objects that are installed on the user's computer.</string>
<string id="Advanced_ExplainInstallOnDemand_IE">This policy setting allows you to manage whether users can automatically download and install Web components (such as fonts) that can installed by Internet Explorer Active Setup. For example, if you open a Web page that requires Japanese-text display support, Internet Explorer could prompt the user to download the Japanese Language Pack component if it is not already installed.
If you enable this policy setting, Web components such as fonts will be automatically installed as necessary.
If you disable this policy setting, users will be prompted when Web Components such as fonts would be downloaded.
If you do not configure this policy, users will be prompted when Web Components such as fonts would be downloaded.</string>
<string id="Advanced_ExplainInstallOnDemand_Other">This policy setting allows you to manage whether users can download and install self-installing program files (non-Internet Explorer components) that are registered with Internet Explorer (such as Macromedia and Java) that are required in order to view web pages as intended.
If you enable this policy setting, non-Internet Explorer components will be automatically installed as necessary.
If you disable this policy setting, users will be prompted when non-Internet Explorer components would be installed.
If you do not configure this policy setting, non-Internet Explorer components will be automatically installed as necessary.</string>
<string id="Advanced_ExplainInternetExplorerUpdates">This policy setting allows you to manage whether Internet Explorer checks the Internet for newer versions. When Internet Explorer is set to do this, the checks occur approximately every 30 days, and users are prompted to install new versions as they become available.
If you enable this policy setting, Internet Explorer checks the Internet for a new version approximately every 30 days and prompts the user to download new versions when they are available.
If you disable this policy setting, Internet Explorer does not check the Internet for new versions of the browser, so does not prompt users to install them.
If you do not configure this policy setting, Internet Explorer does not check the Internet for new versions of the browser, so does not prompt users to install them.</string>
<string id="Advanced_ExplainInvalidSignatureBlock">This policy setting allows you to manage whether software, such as ActiveX controls and file downloads, can be installed or run by the user even though the signature is invalid. An invalid signature might indicate that someone has tampered with the file.
If you enable this policy setting, users will be prompted to install or run files with an invalid signature.
If you disable this policy setting, users cannot run or install files with an invalid signature.
If you do not configure this policy, users can choose to run or install files with an invalid signature.</string>
<string id="Advanced_ExplainPlayAnimations">This policy setting allows you to manage whether Internet Explorer will display animated pictures found in Web content. Generally only animated GIF files are affected by this setting; active Web content such as java applets are not.
If you enable this policy setting, Internet Explorer will play animated pictures found in Web content.
If you disable this policy setting, Internet Explorer will not play or download animated pictures, helping pages display more quickly.
If you do not configure this policy setting, Internet Explorer will play animated pictures found in Web content.</string>
<string id="Advanced_ExplainPlaySounds">This policy setting allows you to manage whether Internet Explorer will play sounds found in web content. Generally only sound files such as MIDI files are affected by this setting; active Web content such as java applets are not.
If you enable this policy setting, Internet Explorer will play sounds found in Web content.
If you disable this policy setting, Internet Explorer will not play or download sounds in Web content, helping pages display more quickly.
If you enable this policy setting, Internet Explorer will play sounds found in Web content.</string>
<string id="Advanced_ExplainPlayVideos">This policy setting allows you to manage whether Internet Explorer will display videos found in Web content. Generally only embedded video files are affected by this setting; active Web content such as java applets are not.
If you enable this policy setting, Internet Explorer will play videos found in Web content.
If you disable this policy setting, Internet Explorer will not play or download videos, helping pages display more quickly.
If you do not configure this policy setting, Internet Explorer will play videos found in Web content.</string>
<string id="Advanced_ExplainProfileAssistant">This policy setting specifies whether you will accept requests from Web sites for Profile Assistant information.
If you enable this policy setting, Profile Assistant information will not be provided, and users will not be prompted to provide information.
If you disable this policy setting, then when a Web site requests Profile Assistant information, users will be prompted to choose which information to share. At that time, users can also choose to allow this information to be shared with the Web site in the future without being prompted.
If you do not configure this policy setting, a user will have the freedom to accept requests from Web sites for Profile Assistant information.</string>
<string id="Advanced_ExplainSaveEncryptedPages">This policy setting allows you to manage whether Internet Explorer will save encrypted pages that contain secure (HTTPS) information such as passwords and credit card numbers to the Internet Explorer cache, which may be insecure.
If you enable this policy setting, Internet Explorer will not save encrypted pages containing secure (HTTPS) information to the cache.
If you disable this policy setting, Internet Explorer will save encrypted pages containing secure (HTTPS) information to the cache.
If you do not configure this policy, Internet Explorer will save encrypted pages containing secure (HTTPS) information to the cache.</string>
<string id="Advanced_ExplainTemporaryInternetFiles">This policy setting allows you to manage whether Internet Explorer deletes the contents of the Temporary Internet Files folder after all browser windows are closed. This protects against storing dangerous files on the computer, or storing sensitive files that other users could see, in addition to managing total disk space usage.
If you enable this policy setting, Internet Explorer will delete the contents of the user's Temporary Internet Files folder when all browser windows are closed.
If you disable this policy setting, Internet Explorer will not delete the contents of the user's Temporary Internet Files folder when browser windows are closed.
If you do not configure this policy, Internet Explorer will not delete the contents of the Temporary Internet Files folder when browser windows are closed.</string>
<string id="Advanced_InstallOnDemand_IE">Allow Install On Demand (Internet Explorer)</string>
<string id="Advanced_InstallOnDemand_Other">Allow Install On Demand (except Internet Explorer)</string>
<string id="Advanced_InternetExplorerUpdates">Automatically check for Internet Explorer updates</string>
<string id="Advanced_InvalidSignatureBlock">Allow software to run or install even if the signature is invalid</string>
<string id="Advanced_PlayAnimations">Play animations in web pages</string>
<string id="Advanced_PlaySounds">Play sounds in web pages</string>
<string id="Advanced_PlayVideos">Play videos in web pages</string>
<string id="Advanced_ProfileAssistant">Turn off Profile Assistant</string>
<string id="Advanced_SaveEncryptedPages">Do not save encrypted pages to disk</string>
<string id="Advanced_TemporaryInternetFiles">Empty Temporary Internet Files folder when browser is closed</string>
<string id="AdvancedPage">Advanced Page</string>
<string id="Always">Always</string>
<string id="AlwaysShowMenu">Turn on menu bar by default</string>
<string id="AnchorColorHover_Explain">This policy setting prevents users from specifying the color to which hyperlinks change when the mouse pointer pauses on them.
If you enable this policy setting, a user cannot configure the hover color. You must specify the hover color (for example: 192,192,192).
If you disable or do not configure this policy setting, users can configure the hover color.</string>
<string id="AnchorColorHoverPol">Prevent users from configuring the hover color</string>
<string id="AutoComplete">Turn on inline AutoComplete for Web addresses</string>
<string id="AutoComplete_Explain">This policy setting lets you turn on inline AutoComplete for Web addresses. The AutoComplete feature provides suggestions for what you type by automatically completing the address or command with the closest match. By default, this functionality is turned off for Web addresses in Internet Explorer.
If you enable this policy setting, the inline AutoComplete for Web addresses is turned on. The user cannot change turn it off.
If you disable this policy setting, the inline AutoComplete for Web addresses is turned off. The user cannot change turn it on.
If you do not configure this policy setting, a user will have the freedom to turn on or off the inline AutoComplete for Web addresses.</string>
<string id="AutoCompleteIntegrated">Turn off inline AutoComplete in Windows Explorer</string>
<string id="AutoCompleteIntegrated_Explain">This policy setting let you turn off Inline AutoComplete in Windows Explorer. Inline AutoComplete provides suggestions for what you type by automatically completing the command inline with the closest match. By default, this functionality is turned on in Windows Explorer.
If you enable this policy setting, Inline AutoComplete for Windows Explorer is turned off. The user cannot turn it on.
If you disable this policy setting, Inline AutoComplete for Windows Explorer is turned on. The user cannot turn it off.
If you do not configure this policy setting, a user will have the freedom to turn on or off Inline AutoComplete for Windows Explorer.</string>
<string id="AutomaticPhishing">Automatic</string>
<string id="AutoProxyCache">Disable caching of Auto-Proxy scripts</string>
<string id="AutoSearch0">Do not search from the address bar</string>
<string id="AutoSearch1">Just display the results in the main window</string>
<string id="Background">Background</string>
<string id="BackgroundColor_Explain">This policy setting prevents users from configuring the background color in Internet Explorer.
If you enable this policy setting, a user cannot choose the background color in Internet Explorer. You must specify the background color (for example: 192,192,192).
If you disable or do not configure this policy setting, users can choose the background color in Internet Explorer.</string>
<string id="BackgroundColorPol">Prevent users from configuring background color</string>
<string id="BackgroundColors">Allow the printing of background colors and images</string>
<string id="Branding_NoExternalBranding">Disable external branding of Internet Explorer</string>
<string id="CodeDownloadPOl">Prevent setting of the code download path for each machine</string>
<string id="CodeDownloadPOl_Explain">This policy setting prevents the setting of the code download path for each machine. The Internet Component Download service exposes a function that is called by an application to download, verify, and install code for an OLE component. Using this setting, the user can set the code download path.
If you enable this policy setting, the user cannot specify the download path for the code. You must specify the download path.
If you disable or do not configure this policy setting, the user can specify the download path for the code.</string>
<string id="Disable_Managing_Phishing_Filter">Turn off Managing Phishing filter</string>
<string id="Disable_Security_Settings_Check">Turn off the Security Settings Check feature</string>
<string id="DisableDebugger">Turn on script debugging</string>
<string id="DisableDebugger_Explain">This policy setting allows you to turn on your script debugger, if one is installed. Script debuggers are used by Web site developers to test programs and scripts on their Web pages. You can use the script debugger to browse, edit, and debug .htm and .asp files that contain Microsoft Visual Basic Scripting Edition (VBScript) or Microsoft JScript.
If you enable this policy setting, script debugging will be turned on. The user cannot change the "Disable script debugging" option.
If you disable this policy setting, script debugging will be turned off. The user cannot change the "Disable script debugging" option.
If you do not configure this policy setting, the user can turn on or off the "Disable script debugging" option.</string>
<string id="DisableInterchangingMenuBarNavBar">Moving the menu bar above the navigation bar</string>
<string id="DisablePopupFilterLevel">Turn off managing Pop-up filter level</string>
<string id="DisableToolbarUpgrader">Turn off toolbar upgrade tool</string>
<string id="DisplayScriptFailureUI">Display error message on proxy script download failure</string>
<string id="Enable_Compat_Logging">Turn on Compatibility Logging</string>
<string id="EnableTabs">Internet Control Panel</string>
<string id="Encoding">URL Encoding</string>
<string id="EnforceFullscreen">Enforce Full Screen Mode</string>
<string id="Existing">Open in existing Internet Explorer window</string>
<string id="Explain_Advanced_DisableClearType">This policy setting prevents the text on the screen from being rendered using the ClearType technology that enhances the readability of text on LCD displays.
If you enable this policy setting, applications hosting MSHTML will not render text using the Microsoft ClearType rendering engine.
If you disable or do not configure this policy setting, applications hosting MSHTML will render text using the Microsoft ClearType rendering engine.</string>
<string id="ExplainHelp_NoTutorial">Prevents users from running the Internet Explorer Tour from the Help menu in Internet Explorer.
If you enable this policy, the Tour command is removed from the Help menu.
If you disable this policy or do not configure it, users can run the tour from the Help menu.</string>
<string id="ExplainPopupBlocker_AllowList">This policy setting allows you to specify a list of web sites that will be allowed to open pop-up windows regardless of the Internet Explorer process's Pop-Up Blocker settings.
If you enable this policy setting, you can enter a list of sites which will be allowed to open pop-up windows regardless of user settings. Only the domain name is allowed, so www.contoso.com is valid, but not http://www.contoso.com. Wildcards are allowed, so *.contoso.com is also valid.
If you disable this or do not configure this policy setting, you will not be able to provide a default Pop-up Blocker exception list.
Note: You can disable users from adding or removing websites to the exception list by enabling "Turn off Managing Pop-up Allow list" policy.</string>
<string id="ExplainScriptPaste_AllProcs_Explain">This policy setting allows this feature to be prevented or allowed for all processes running on the machine.
If you enable this policy setting, a script running on any of the processes on the machine can perform a clipboard operation without prompting. This means if the zone behavior is currently set to prompt it will be bypassed and enabled.
If you disable this policy setting, a script running in any of the processes on the machine cannot bypass the prompt for cut, copy or paste operations from the clipboard.
If this is not configured, current values of the URL Action for the application/processes in on the machine prevail.</string>
<string id="ExplainScriptPaste_IE_Explain">This policy setting allows you bypass prompting when scripts running within the Internet Explorer process attempt to perform a clipboard operation (for example, cut, copy, and paste) and the URLAction for the zone is set to prompt.
If you enable this policy setting, a script running in the Internet Explorer Process can perform a clipboard operation without prompting. In the internet explorer process if the zone behavior is currently set to prompt it will be bypassed and enabled.
If you disable this policy setting, the script cannot bypass the prompt for cut, copy or paste operations from the clipboard in the internet explorer process.
If you do not configure this policy setting, current values of the URL Action for the internet explorer process will prevail.</string>
<string id="ExplainScriptPaste_ProcList_Explain">This policy setting allows administrators to define applications for which they want this feature to be prevented or allowed.
Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.
If you enable this policy setting and enter a Value of 1, prompts will be bypassed. If you enter a Value of 0, prompts will not be bypassed. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.
If you enable this policy setting for the application process in the list, a script can perform a clipboard operation without prompting. This means if the zone behavior is currently set to prompt it will be bypassed and enabled.
If you disable this policy setting for the application/process in the list, a script running in the application/process in the list cannot bypass the prompt for cut, copy or paste operations from the clipboard.
If this is not configured, current values of the URL Action for the application/process in the list prevail.</string>
<string id="FavImportExport">Disable importing and exporting of favorites and feeds</string>
<string id="File_NoBrowserClose">File menu: Disable closing the browser and Explorer windows</string>
<string id="File_NoBrowserSaveAs">File menu: Disable Save As... menu option</string>
<string id="File_NoBrowserSaveWebComplete">File menu: Disable Save As Web Page Complete</string>
<string id="File_NoFileNew">File menu: Disable New menu option</string>
<string id="File_NoFileOpen">File menu: Disable Open menu option</string>
<string id="Flash">Shockwave Flash</string>
<string id="Font0">Smallest</string>
<string id="Font1">Smaller</string>
<string id="Font2">Medium</string>
<string id="Font3">Larger</string>
<string id="Font4">Largest</string>
<string id="FontSize">Prevent users from choosing default text size</string>
<string id="FontSizeDefault_Explain">This policy setting allows the user to choose the default text size in Internet Explorer.
If you enable this policy setting, a user cannot choose the default text size in Internet Explorer. You must specify the default text size:
ΓÇó Largest
ΓÇó Larger
ΓÇó Medium
ΓÇó Smaller
ΓÇó Smallest
If you disable or do not configure this policy setting, users can choose the default text size in Internet Explorer.</string>
<string id="ForceNewTab">Force pop-ups to open in a new tab</string>
<string id="ForceNewWindow">Force pop-ups to open in a new window</string>
<string id="Foreground">Foreground</string>
<string id="FriendlyErrorText">Turn off friendly http error messages</string>
<string id="FriendlyErrorText_Explain">This policy setting specifies whether, when there is a problem connecting with an Internet server, to provide a detailed description with hints about how to correct the problem. If you clear this check box, you will see only the error code and the name of the error.
If you enable this policy setting, when there is a problem connecting with an Internet server, the user will not get a detailed description or hints about how to correct the problem. The user cannot change this policy setting.
If you disable this policy setting, when there is a problem connecting with an Internet server, the user will get a detailed description with hints about how to correct the problem. The user cannot change this policy setting.
If you do not configure this policy setting, the user can turn on or off friendly http error messages.</string>
<string id="General_Zooming">Turn off page zooming functionality</string>
<string id="Help_NoFeedback">Help menu: Remove 'Send Feedback' menu option</string>
<string id="Help_NoNetscapeHelp">Help menu: Remove 'For Netscape Users' menu option</string>
<string id="Help_NoTip">Help menu: Remove 'Tip of the Day' menu option</string>
<string id="Help_NoTutorial">Help menu: Remove 'Tour' menu option</string>
<string id="HelpAbout128">Help Menu > About Internet Explorer</string>
<string id="HelpAbout128Pol">Prevent the configuration of cipher strength update information URLs</string>
<string id="HelpAbout128Pol_Explain">This policy setting prevents the configuration of cipher strength update information URLs. When you log on to secure pages, access cannot be granted unless your Internet browser connects with a prespecified encryption. To ensure that your browser meets this requirement, this policy setting allows you to specify the URL to update your browser security setting.
If you enable this policy setting, the user will not be able to configure the cipher strength update information URL. You must specify the cipher strength update information URL.
If you disable or do not configure this policy setting, the user can configure the cipher strength update information URL.</string>
<string id="Hover">Hover</string>
<string id="ICWComplete">Turn on the Internet Connection Wizard Auto Detect</string>
<string id="ICWComplete_Explain">This policy setting determines if the Internet Connection Wizard was completed. If it was not completed, it launches the Internet Connection Wizard.
If you enable this policy setting, the Internet Connection Wizard is launched automatically if it was not completed before. The user cannot prevent the wizard from launching.
If you disable this policy setting, the Internet Connection Wizard is not launched automatically. The user can launch the wizard manually.
If you do not configure this policy setting, the user will have the freedom to decide whether the Internet Connection Wizard should be launched automatically.</string>
<string id="Identities">Identity Manager: Prevent users from using Identities</string>
<string id="IDN_Always">Always convert to IDN format</string>
<string id="IDN_Intranet">Convert Intranet addresses to IDN format</string>
<string id="IDN_Never">Never convert to IDN format</string>
<string id="IDN_NonIntranet">Convert non-Intranet addresses to IDN format</string>
<string id="IE_Explain_Customized_UserAgent_String">This policy setting allows you to customize the Internet Explorer version string as reported to Web servers in the HTTP User Agent header.
If you enable this policy setting, Internet Explorer will send the specified custom string in the version portion of the User Agent header.
If you disable or do not configure this policy setting, Internet Explorer will send the current Internet Explorer version in the User Agent header (for example, "MSIE 7.0").</string>
<string id="IE_Explain_DisableBackgroundSyncing">This policy setting controls whether to have background sync for feeds.
If you enable the policy setting, the ability to sync feeds in the background is disabled.
If you disable or do not configure this policy setting, users are allowed to sync their feeds in the background.</string>
<string id="IE_Explain_DisableDownloadingofEnclosures">This policy setting prevents users from having enclosures (file attachments) downloaded from a feed to the user's computer.
If you enable this policy setting, the setting to download an enclosure is disabled. A developer cannot change the download setting through the Feed application programming interfaces (APIs).
If you disable this policy setting, a user can set the Feed Sync Engine to download an enclosure through the Feed property page. A developer can change the download setting through the Feed APIs.
If you do not configure this policy setting, the user can set the Feed Sync Engine to download an enclosure through the Feed property page. A developer can change the download setting by using the Feed APIs.</string>
<string id="IE_Explain_DisableFeedAddRemove">This policy setting prevents the users from subscribing to a feed or deleting a subscribed feed.
If you enable this policy setting, the menu item to subscribe to the feed and the menu item to delete the feed are disabled. A developer cannot add a feed or delete a feed by using the Feed application programming interfaces (APIs). They are also not allowed to create folders or delete them.
If you disable or do not configure this policy setting, the user can add a feed through the Subscribe button in Internet Explorer and delete a feed through the feed list control. A developer can add or delete a feed by using the Feed APIs.</string>
<string id="IE_Explain_DisableFeedDiscovery">This policy setting prevents users from having Internet Explorer automatically detect if there is a feed available for an associated webpage.
If you enable this policy setting, the user does not get notification on the toolbar that there is a feed available.
If you disable or do not configure this policy setting, users can see when there is a feed available and click on the feed discovery button.</string>
<string id="IE_Explain_DisableFeedPane">This policy setting prevents users from using Internet Explorer as a feed reader. This setting has no impact on the RSS Platform.
If you enable this policy setting, the user cannot access the feed list located in the favorites center.
If you disable or do not configure this policy setting, users can access the feeds list in the favorites center.</string>
<string id="IE_Explain_DisableFixSecuritySettings">This policy setting prevents users from performing the "Fix settings" functionality related to Security Settings Check.
If you enable this policy setting, users cannot use the "Fix settings" functionality.
If you disable this policy setting, users can use the "Fix settings" functionality.
If you do not configure this policy setting, users will be able to use the "Fix settings" functionality.
Note: When this policy setting is enabled, the "Fix settings" option in the Information bar shortcut menu should be disabled.</string>
<string id="IE_Explain_DisableInterchangingMenuBarNavBar">The navigation bar contains icons for a variety of features including navigating among web pages, searching the web using a selection of search tools, accessing and managing Favorites, viewing a History of visited pages, printing, and accessing email and newsgroups. The menu bar contains menu items that open up dropdown lists for related options. Among the items are options for printing, customizing Internet Explorer, copying and pasting text, managing Favorites, and accessing Help.
If you enable this policy, the menu bar will be above the navigation bar. Users will not be able to interchange positions of the menu and navigation bars.
If you disable this policy, the menu bar will be below the navigation bar. Users will not be able to interchange positions of the menu and navigation bars.
If you do not configure this policy, users will be able to interchange positions of the menu and navigation bars.</string>
<string id="IE_Explain_DisableManagingPhishingFilter">This policy setting allows the user to enable a phishing filter that will warn if the Web site being visited is known for fraudulent attempts to gather personal information through "phishing."
If you enable this policy setting, the user will not be prompted to enable the phishing filter. You must specify which mode the phishing filter uses: manual, automatic, or off.
If you select manual mode, the phishing filter performs only local analysis and users are prompted to permit any data to be sent to Microsoft.
If the feature is fully enabled, all website addresses not contained on the filter's whitelist will be sent automatically to Microsoft without prompting the user.
If you disable or do not configure this policy setting, the user will be prompted to decide the mode of operation for the phishing filter.</string>
<string id="IE_Explain_DisableSecuritySettingsCheck">This policy setting turns off the Security Settings Check feature, which checks Internet Explorer security settings to determine when the settings put Internet Explorer at risk.
If you enable this policy setting, the security settings check will not be performed.
If you disable or do not configure this policy setting, the security settings check will be performed.</string>
<string id="IE_Explain_EnableCompatLogging">This policy setting logs information that is blocked by new features in Internet Explorer. The logged data is displayed in the Windows Event Viewer.
If you enable this policy setting, the user will be able to log information blocked by new Internet Explorer features. The user cannot turn off logging.
If you disable this policy setting, the user will not be able to log information blocked by new Internet Explorer features. The user cannot turn on logging.
If you do not configure this policy setting, the user can change the logging settings.</string>
<string id="IE_Explain_EnforceFullscreen">The Navigation bar includes features for navigating among Web pages, searching the Web using a selection of search tools, viewing a History of visited pages, printing, and accessing email and newsgroups. The Menu bar contains menu items that open up dropdown lists for related options. Among the items are options for printing, customizing Internet Explorer, copying and pasting text, managing Favorites, and accessing Help. The command bar contains accessing and managing Favorites, feeds and the shortcuts to home page, feeds etc. Full screen mode will disable these three bars and Internet Explorer will appear in full screen mode. The shortcuts to these bars will also not work.
If you enable this policy setting, the navigation bar, command bar and menu bar will not be visible and the user will not be able to access them.
If you disable or do not configure this policy setting, the user will be able to view and access the navigation bar, command bar and menu bar.</string>
<string id="IE_Explain_Microsoft_Agent">Designates the Microsoft Agent ActiveX control as administrator-approved.
Microsoft Agent is a set of software services that supports the presentation of software agents as interactive personalities within the Microsoft Windows interface.
If you enable this policy, this control can be run in security zones in which you specify that administrator-approved controls can be run.
If you disable this policy or do not configure it, these controls will not be designated as administrator-approved.
To specify how administrator-approved controls are handled for each security zone, carry out the following steps:
1. In Group Policy, click User Configuration, click Internet Explorer Maintenance, and then click Security.
2. Double-click Security Zones and Content Ratings, click Import the Current Security Zones Settings, and then click Modify Settings.
3. Select the content zone in which you want to manage ActiveX controls, and then click Custom Level.
4. In the Run ActiveX Controls and Plug-ins area, click Administrator Approved.</string>
<string id="IE_ExplainAddonManagement_AddOnList">This policy setting allows you to manage a list of add-ons to be allowed or denied by Internet Explorer.
This list can be used with the 'Deny all add-ons unless specifically allowed in the Add-on List' policy setting, which defines whether add-ons not listed here are assumed to be denied.
If you enable this policy setting, you can enter a list of add-ons to be allowed or denied by Internet Explorer. For each entry that you add to the list, enter the following information:
Name of the Value - the CLSID (class identifier) for the add-on you wish to add to the list. The CLSID should be in brackets for example, ΓÇÿ{000000000-0000-0000-0000-0000000000000}'. The CLSID for an add-on can be obtained by reading the OBJECT tag from a Web page on which the add-on is referenced.
Value - A number indicating whether Internet Explorer should deny or allow the add-on to be loaded. To specify that an add-on should be denied enter a 0 (zero) into this field. To specify that an add-on should be allowed, enter a 1 (one) into this field. To specify that an add-on should be allowed and also permit the user to manage the add-on through Add-on Manager, enter a 2 (two) into this field.
If you disable this policy setting, the list is deleted. The 'Deny all add-ons unless specifically allowed in the Add-on List' policy setting will still determine whether add-ons not in this list are assumed to be denied.</string>
<string id="IE_ExplainAddonManagement_ManagementMode">This policy setting allows you to ensure that any Internet Explorer add-ons not listed in the 'Add-on List' policy setting are denied.
By default, the 'Add-on List' policy setting defines a list of add-ons to be allowed or denied through Group Policy. However, users can still use the Add-on Manager within Internet Explorer to manage add-ons not listed within the 'Add-on List' policy setting. This policy setting effectively removes this option from users - all add-ons are assumed to be denied unless they are specifically allowed through the 'Add-on List' policy setting.
If you enable this policy setting, Internet Explorer only allows add-ins that are specifically listed (and allowed) through the 'Add-on List' policy setting.
If you disable or do not configure this policy setting, users may use Add-on Manager to allow or deny any add-ons that are not included in the 'Add-on List' policy setting.
Note: If an add-on is listed in the 'Add-on List' policy setting, the user cannot change its state through Add-on Manager (unless its value has been set to allow user management - see the 'Add-on List' policy for more details).</string>
<string id="IE_ExplainAddonManagement_RestrictCrashDetection">This policy setting allows you to manage the crash detection feature of add-on Management.
If you enable this policy setting, a crash in Internet Explorer will exhibit behavior found in Windows XP Professional Service Pack 1 and earlier, namely to invoke Windows Error Reporting. All policy settings for Windows Error Reporting continue to apply.
If you disable or do not configure this policy setting, the crash detection feature for add-on management will be functional.</string>
<string id="IE_ExplainAddonManagement_RestrictExtensionManagement">This policy setting allows you to manage whether users have the ability to allow or deny add-ons through Add-On Manager.
If you enable this policy setting, users cannot enable or disable add-ons through Add-On Manager. The only exception occurs if an add-on has been specifically entered into the 'Add-On List' policy setting in such a way as to allow users to continue to manage the add-on. In this case, the user can still manage the add-on through the Add-On Manager.
If you disable or do not configure this policy setting, the appropriate controls in the Add-On Manager will be available to the user.</string>
<string id="IE_ExplainAddSearchProvider">This policy setting allows you to add a specific set of search providers to the user's default search provider list. Normally, search providers can be added from third-party toolbars or in Setup, but can also be added by the user from a search provider's Web site.
If you enable this policy setting, users can add and remove search providers, but only from the set of search providers specified in the list of search provider policy keys (found under [HKCU or HKLM\Software\policies\Microsoft\Internet Explorer\SearchScopes]). Note: This list can be created using a custom administrative template file. For information on creating this custom administrative template file, see the Internet Explorer documentation on search providers.
If you disable or do not configure this policy setting, the user will be able to configure their search provider list unless there is another policy setting restricting such configuration.</string>
<string id="IE_ExplainAdminApprovedCategory">Contains settings to enable or disable ActiveX controls.</string>
<string id="IE_ExplainAlwaysShowMenu">This policy setting allows you to turn on or turn off the legacy "File, Edit, View, etc. ..." menus in Internet Explorer.
If you enable this policy setting, the menu bar will appear in Internet Explorer by default and the users cannot turn it off.
If you disable this policy setting, the menu bar will not appear in Internet Explorer by default and the users cannot turn it on.
If you do not configure this policy setting, the menu bar will be turned off by default. The users are free to turn on or turn off the menu bar.</string>
<string id="IE_ExplainAudio_Video_Player">Designates the Audio/Video Player ActiveX control as administrator-approved.
This control is used for playing sounds, videos, and other media.
If you enable this policy, this control can be run in security zones in which you specify that administrator-approved controls can be run.
If you disable this policy or do not configure it, this control will not be designated as administrator-approved.
To specify how administrator-approved controls are handled for each security zone, carry out the following steps:
1. In Group Policy, click User Configuration, click Internet Explorer Maintenance, and then click Security.
2. Double-click Security Zones and Content Ratings, click Import the Current Security Zones Settings, and then click Modify Settings.
3. Select the content zone in which you want to manage ActiveX controls, and then click Custom Level.
4. In the Run ActiveX Controls and Plug-ins area, click Administrator Approved.</string>
<string id="IE_ExplainAutoProxyCache">Prevents automatic proxy scripts, which interact with a server to automatically configure users' proxy settings, from being stored in the users' cache.
If you enable this policy, automatic proxy scripts will not be stored temporarily on the users' computer.
If you disable this policy or do not configure it, automatic proxy scripts can be stored in the users' cache.</string>
<string id="IE_ExplainBranding_NoExternalBranding">Prevents branding of Internet programs, such as customization of Internet Explorer and Outlook Express logos and title bars, by another party.
If you enable this policy, it prevents customization of the browser by another party, such as an Internet service provider or Internet content provider.
If you disable this policy or do not configure it, users could install customizations from another party-for example, when signing up for Internet services.
This policy is intended for administrators who want to maintain a consistent browser across an organization.</string>
<string id="IE_ExplainCarpoint">Designates the Microsoft Network (MSN) Carpoint automatic pricing control as administrator-approved.
This control enables enhanced pricing functionality on the Carpoint Web site, where users can shop for and obtain information about vehicles.
If you enable this policy, this control can be run in security zones in which you specify that administrator-approved controls can be run.
If you disable this policy or do not configure it, this control will not be designated as administrator-approved.
To specify how administrator-approved controls are handled for each security zone, carry out the following steps:
1. In Group Policy, click User Configuration, click Internet Explorer Maintenance, and then click Security.
2. Double-click Security Zones and Content Ratings, click Import the Current Security Zones Settings, and then click Modify Settings.
3. Select the content zone in which you want to manage ActiveX controls, and then click Custom Level.
4. In the Run ActiveX Controls and Plug-ins area, click Administrator Approved.</string>
<string id="IE_ExplainCat">Contains settings to configure Internet Explorer</string>
<string id="IE_ExplainChannels">Contains settings for Offline pages and channels.</string>
<string id="IE_ExplainControlPanel_RestrictAdvanced">Prevents users from changing settings on the Advanced tab in the Internet Options dialog box.
If you enable this policy, users are prevented from changing advanced Internet settings, such as security, multimedia, and printing. Users cannot select or clear the check boxes on the Advanced tab.
If you disable this policy or do not configure it, users can select or clear settings on the Advanced tab.
If you set the "Disable the Advanced page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), you do not need to set this policy, because the "Disable the Advanced page" policy removes the Advanced tab from the interface.</string>
<string id="IE_ExplainControlPanel_RestrictAdvancedTab">Removes the Advanced tab from the interface in the Internet Options dialog box.
If you enable this policy, users are prevented from seeing and changing advanced Internet settings, such as security, multimedia, and printing.
If you disable this policy or do not configure it, users can see and change these settings.
When you set this policy, you do not need to set the "Disable changing Advanced page settings" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\), because this policy removes the Advanced tab from the interface.</string>
<string id="IE_ExplainControlPanel_RestrictConnectionsTab">Removes the Connections tab from the interface in the Internet Options dialog box.
If you enable this policy, users are prevented from seeing and changing connection and proxy settings.
If you disable this policy or do not configure it, users can see and change these settings.
When you set this policy, you do not need to set the following policies for the Content tab, because this policy removes the Connections tab from the interface:
<string id="IE_ExplainControlPanel_RestrictContentTab">If you enable this policy setting, users are prevented from seeing and changing ratings, certificates, AutoComplete, Wallet, and Profile Assistant settings.
If you disable this policy or do not configure it, users can see and change these settings.</string>
<string id="IE_ExplainControlPanel_RestrictGeneralTab">Removes the General tab from the interface in the Internet Options dialog box.
If you enable this policy, users are unable to see and change settings for the home page, the cache, history, Web page appearance, and accessibility.
If you disable this policy or do not configure it, users can see and change these settings.
When you set this policy, you do not need to set the following Internet Explorer policies (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\), because this policy removes the General tab from the interface:
"Disable changing home page settings"
"Disable changing Temporary Internet files settings"
<string id="IE_ExplainControlPanel_RestrictPrivacyTab">Removes the Privacy tab from the interface in the Internet Options dialog box.
If you enable this policy, users are prevented from seeing and changing default settings for privacy.
If you disable this policy or do not configure it, users can see and change these settings.</string>
<string id="IE_ExplainControlPanel_RestrictProgramsTab">Removes the Programs tab from the interface in the Internet Options dialog box.
If you enable this policy, users are prevented from seeing and changing default settings for Internet programs.
If you disable this policy or do not configure it, users can see and change these settings.
When you set this policy, you do not need to set the following policies for the Programs tab, because this policy removes the Programs tab from the interface:
"Disable changing Messaging settings"
"Disable changing Calendar and Contact settings"
"Disable the Reset Web Settings feature"
"Disable changing default browser check"</string>
<string id="IE_ExplainControlPanel_RestrictSecurityTab">Removes the Security tab from the interface in the Internet Options dialog box.
If you enable this policy, it prevents users from seeing and changing settings for security zones, such as scripting, downloads, and user authentication.
If you disable this policy or do not configure it, users can see and change these settings.
When you set this policy, you do not need to set the following Internet Explorer policies, because this policy removes the Security tab from the interface:
"Security zones: Do not allow users to change policies"
"Security zones: Do not allow users to add/delete sites"</string>
<string id="IE_ExplainControlPanel_SendIDNNames">This policy setting allows you to manage whether Internet Explorer converts Unicode domain names to IDN format (Punycode) before sending them to Domain Name System (DNS) servers or to proxy servers.
If you enable this policy setting, you must specify when IDN server names should be sent:
0) Unicode domain names will never be converted to IDN format
1) Unicode domain names will be converted to IDN format only for addresses that are not in the Intranet Zone
2) Unicode domain names will be converted to IDN format only for addresses in the Intranet Zone
3) Unicode domain names always be converted to IDN format
If you disable or do not configure this policy setting, the user can control this setting by using the Advanced Options in Internet Control Panel. By default, domain names will be converted to IDN format only for addresses that are not in the Intranet Zone.</string>
<string id="IE_ExplainControlPanel_SendUTF8Query">This policy setting allows you to manage whether Internet Explorer uses UTF-8 for mailto links.
If you enable this policy setting, Internet Explorer will encode mailto links in UTF-8.
If you disable this policy setting, Internet Explorer will send mailto links encoded through the current userΓÇÖs code page. This behavior matches the behavior of Internet Explorer 6 and earlier.
If you do not configure this policy setting, Internet Explorer will send mailto links encoded through the current userΓÇÖs code page. Users can change this behavior in the Internet Explorer Tools menu: Click Internet Options, click the Advanced tab, and under International select the "Use UTF-8 for mailto links" check box.</string>
<string id="IE_ExplainDHTMLEdit">This ActiveX control enables users to edit HTML text and see a faithful rendition of how the text would look in the browser. There are two versions of the control: a more powerful version that cannot be invoked by a web site because it includes file access and other features, and a "safe for scripting" version that has restricted functionality and is intended for use by web sites.
If you enable this policy, this control will be available as an administrator approved control and can be run if the user specifies to run administrator-approved Active-X controls and plug-ins under security zones.
If you disable this policy or do not configure it, this control will not be designated as administrator-approved.
</string>
<string id="IE_ExplainDialupSettings">Specifies that Automatic Detection will be used to configure dial-up settings for users.
Automatic Detection uses a DHCP (Dynamic Host Configuration Protocol) or DNS server to customize the browser the first time it is started.
If you enable this policy, users' dial-up settings will be configured by Automatic Detection.
If you disable this policy or do not configure it, dial-up settings will not be configured by Automatic Detection, unless specified by the user.</string>
<string id="IE_ExplainDisablePopupFilterLevel">You can block or allow pop-ups based on three filter levels:
High ΓÇô Block All Pop-ups
Medium ΓÇô Block most Automatic pop-ups
Low ΓÇô Allow pop-ups from secure sites.
If you enable this policy, users will not be able to change the filter levels. You can specify the pop-up filter level by importing Privacy settings from your machine under Internet Explorer Maintenance.
If you disable or do not configure this policy, users will be able to manage pop-ups based on the filter levels.
You may also want to enable "Turn off Managing Pop-up Allow list" and "Turn off Pop-Up Management" policies to disable users from configuring pop up behavior.</string>
<string id="IE_ExplainDisableToolbarUpgrader">The toolbar upgrade tool will check to see if incompatible toolbars or browser helper objects are installed when Internet Explorer is launched. When detected the user will be prompted to update or disable the toolbar. Specific toolbars or browser helper objects that are enabled or disabled via policy will not undergo this check.
If this policy is enabled the toolbar upgrade tool will not check for incompatible toolbars. The user will not be prompted, and incompatible toolbars will run unless previously disabled through policy or the user.
If this policy is disabled or not configured the toolbar upgrade tool will check for incompatible toolbars. The user will be given the option to enable or disable incompatible toolbars. Toolbars that are enabled or disabled via policy will not undergo these checks.</string>
<string id="IE_ExplainDisplayScriptFailureUI">Specifies that error messages will be displayed to users if problems occur with proxy scripts.
If you enable this policy, error messages will be displayed when the browser does not download or run a script to set proxy settings.
If you disable this policy or do not configure it, error messages will not be displayed when problems occur with proxy scripts.</string>
<string id="IE_ExplainEnableTabsCategory">Contains settings to add or remove tabs from the Internet Options dialog.</string>
<string id="IE_ExplainFavImportExport">Prevents users from exporting or importing favorite links and feeds by using the Import/Export Wizard.
If you enable this policy, the Import/Export Wizard cannot import or export favorite links, feeds or cookies, which are small text files that contain settings for Web sites.
If you disable this policy or do not configure it, users can import and export favorites and feeds in Internet Explorer by clicking the File menu, clicking Import and Export, and then running the Import/Export Wizard.
Note: If you enable this policy, users can still view screens in the wizard, but when users click Finish, a prompt will appear that states that this feature has been disabled.</string>
<string id="IE_ExplainFile_NoBrowserClose">Prevents users from closing Microsoft Internet Explorer and Windows Explorer.
If you enable this policy, the Close command on the File menu will appear dimmed.
If you disable this policy or do not configure it, users are not prevented from closing the browser or Windows Explorer.
Note: The Close button in the top right corner of the program will not work; if users click the Close button, they will be informed that the command is not available.</string>
<string id="IE_ExplainFile_NoBrowserSaveAs">Prevents users from saving Web pages from the browser File menu to their hard disk or to a network share.
If you enable this policy, the Save As command on the File menu will be removed.
If you disable this policy or do not configure it, users can save Web pages for later viewing.
This policy takes precedence over the "File Menu: Disable Save As Web Page Complete" policy, which prevents users from saving the entire contents that are displayed or run from a Web Page, such as graphics, scripts, and linked files, but does not prevent users from saving the text of a Web page.
Caution: If you enable this policy, users are not prevented from saving Web content by pointing to a link on a Web page, clicking the right mouse button, and then clicking Save Target As.</string>
<string id="IE_ExplainFile_NoBrowserSaveWebComplete">Prevents users from saving the complete contents that are displayed on or run from a Web page, including the graphics, scripts, linked files, and other elements. It does not prevent users from saving the text of a Web page.
If you enable this policy, the Web Page, Complete file type option will be removed from the Save as Type box in the Save Web Page dialog box. Users can still save Web pages as hypertext markup language (HTML) files or as text files, but graphics, scripts, and other elements are not saved. To display the Save Web Page dialog box, users click the File menu, and then click the Save As command.
If you disable this policy or do not configure it, users can save all elements on a Web page.
The "File menu: Disable Save As... menu option" policy, which removes the Save As command, takes precedence over this policy. If it is enabled, this policy is ignored.</string>
<string id="IE_ExplainFile_NoFileNew">Prevents users from opening a new browser window from the File menu.
If this policy is enabled, users cannot open a new browser window by clicking the File menu, pointing to the New menu, and then clicking Window. The user interface is not changed, but a new window will not be opened, and users will be informed that the command is not available.
If you disable this policy or do not configure it, users can open a new browser window from the File menu.
Caution: This policy does not prevent users from opening a new browser window by right-clicking, and then clicking the Open in New Window command. To prevent users from using the shortcut menu to open new browser windows, you should also set the "Disable Open in New Window menu option" policy, which disables this command on the shortcut menu, or the "Disable context menu" policy, which disables the entire shortcut menu.
Note: the user will still be able to open New Tabs.</string>
<string id="IE_ExplainFile_NoFileOpen">Prevents users from opening a file or Web page from the File menu in Internet Explorer.
If you enable this policy, the Open dialog box will not appear when users click the Open command on the File menu. If users click the Open command, they will be notified that the command is not available.
If you disable this policy or do not configure it, users can open a Web page from the browser File menu.
Caution: This policy does not prevent users from right-clicking a link on a Web page, and then clicking the Open or Open in New Window command. To prevent users from opening Web pages by using the shortcut menu, set the "Disable Open in New Window menu option" policy, which disables this command on the shortcut menu, or the "Disable context menu" policy, which disables the entire shortcut menu.</string>
<string id="IE_ExplainFlash">Designates Shockwave flash as an administrator approved control.
If you enable this policy, this control can be run in security zones in which you specify that administrator-approved controls can be run.
If you disable this policy or do not configure it, this control will not be designated as administrator-approved.
To specify how administrator-approved controls are handled for each security zone, carry out the following steps:
1. In Group Policy, click User Configuration, click Internet Explorer Maintenance, and then click Security.
2. Double-click Security Zones and Content Ratings, click Import the Current Security Zones Settings, and then click Modify Settings.
3. Select the content zone in which you want to manage ActiveX controls, and then click Custom Level.
4. In the Run ActiveX Controls and Plug-ins area, click Administrator Approved.</string>
<string id="IE_ExplainGeneral_Zooming">This policy setting prevents the user from zooming into or out of a page to better see the content.
If you enable this policy setting, applications hosting MSHTML will not respond to user input that causes the content to be re-rendered at a scaled size.
If you disable this policy setting, applications hosting MSHTML will respond to user input that causes the content to be re-rendered at a scaled size.
Note: This policy setting is disabled by default.</string>
<string id="IE_ExplainHelp_NoFeedback">Prevents users from sending feedback to Microsoft by clicking the Send Feedback command on the Help menu.
If you enable this policy, the Send Feedback command is removed from the Help menu.
If you disable this policy or do not configure it, users can fill out an Internet form to provide feedback about Microsoft products.</string>
<string id="IE_ExplainHelp_NoNetscapeHelp">Prevents users from displaying tips for users who are switching from Netscape.
If you enable this policy, the For Netscape Users command is removed from the Help menu.
If you disable this policy or do not configure it, users can display content about switching from Netscape by clicking the For Netscape Users command on the Help menu.
Caution: Enabling this policy does not remove the tips for Netscape users from the Microsoft Internet Explorer Help file.</string>
<string id="IE_ExplainHelp_NoTip">Prevents users from viewing or changing the Tip of the Day interface in Microsoft Internet Explorer.
If you enable this policy, the Tip of the Day command is removed from the Help menu.
If you disable this policy or do not configure it, users can enable or disable the Tip of the Day, which appears at the bottom of the browser.</string>
<string id="IE_ExplainIdentities">Prevents users from configuring unique identities by using Identity Manager.
Identity Manager enables users to create multiple accounts, such as e-mail accounts, on the same computer. Each user has a unique identity, with a different password and different program preferences.
If you enable this policy, users will not be able to create new identities, manage existing identities, or switch identities. The Switch Identity option will be removed from the File menu in Address Book.
If you disable this policy or do not configure it, users can set up and change identities.</string>
<string id="IE_ExplainInvestor">Designates a set of Microsoft Network (MSN) Investor controls as administrator-approved.
These controls enable users to view updated lists of stocks on their Web pages.
If you enable this policy, these controls can be run in security zones in which you specify that administrator-approved controls can be run.
If you disable this policy or do not configure it, these controls will not be designated as administrator-approved.
Select the check boxes for the controls that you want to designate as administrator-approved.
To specify how administrator-approved controls are handled for each security zone, carry out the following steps:
1. In Group Policy, click User Configuration, click Internet Explorer Maintenance, and then click Security.
2. Double-click Security Zones and Content Ratings, click Import the Current Security Zones Settings, and then click Modify Settings.
3. Select the content zone in which you want to manage ActiveX controls, and then click Custom Level.
4. In the Run ActiveX Controls and Plug-ins area, click Administrator Approved.</string>
<string id="IE_ExplainMaxSubscription">Restricts the amount of information downloaded for offline viewing.
If you enable this policy, you can set limits to the size and number of pages that users can download. If users attempt to exceed the number of subscriptions, a prompt will appear that states that they cannot set up more Web sites for offline viewing.
If you disable this policy or do not configure it, then users can determine the amount of content that is searched for new information and downloaded.
Caution: Although the Maximum Number of Offline Pages option determines how many levels of a Web site are searched for new information, it does not change the user interface in the Offline Favorites wizard.
Note: The begin and end times for downloading are measured in minutes after midnight. The Maximum Offline Page Crawl Depth setting specifies how many levels of a Web site are searched for new information.</string>
<string id="IE_ExplainMediaExpBar">Allows Administrators to enable and disable the Media Explorer Bar and set the auto-play default.
The Media Explorer Bar plays music and video content from the Internet.
If you disable the Media explorer bar, users cannot display the Media Explorer Bar. The auto-play feature is also disabled. When users click on a link within Internet Explorer, the content will be played by the default media client on their system.
If you enable the Media Explorer Bar or do not configure it, users can show and hide the Media Explorer Bar.
Administrators also have the ability to turn the auto-play feature on or off. This setting only applies if the Media Explorer Bar is enabled.
If checked, the Media Explorer Bar will automatically display and play the media content when the user clicks on a media link.
If unchecked, the content will be played by the default media client on their system.</string>
<string id="IE_ExplainMenu_Controls">Designates a set of Microsoft ActiveX controls used to manipulate pop-up menus in the browser as administrator-approved.
If you enable this policy, these controls can be run in security zones in which you specify that administrator-approved controls can be run.
If you disable this policy or do not configure it, these controls will not be designated as administrator-approved.
To specify a control as administrator-approved, click Enabled, and then select the check box for the control:
-- MCSiMenu - enables Web authors to control the placement and appearance of Windows pop-up menus on Web pages
-- Popup Menu Object - enables Web authors to add pop-up menus to Web pages
To specify how administrator-approved controls are handled for each security zone, carry out the following steps:
1. In Group Policy, click User Configuration, click Internet Explorer Maintenance, and then click Security.
2. Double-click Security Zones and Content Ratings, click Import the Current Security Zones Settings, and then click Modify Settings.
3. Select the content zone in which you want to manage ActiveX controls, and then click Custom Level.
4. In the Run ActiveX Controls and Plug-ins area, click Administrator Approved.</string>
<string id="IE_ExplainMenusCategory">Contains settings for showing or hiding menus and menu options in Internet Explorer.</string>
<string id="IE_ExplainMicrosoft_Chat">Designates the Microsoft Chat ActiveX control as administrator-approved.
This control is used by Web authors to build text-based and graphical-based Chat communities for real-time conversations on the Web.
If you enable this policy, this control can be run in security zones in which you specify that administrator-approved controls can be run.
If you disable this policy or do not configure it, this control will not be designated as administrator-approved.
To specify how administrator-approved controls are handled for each security zone, carry out the following steps:
1. In Group Policy, click User Configuration, click Internet Explorer Maintenance, and then click Security.
2. Double-click Security Zones and Content Ratings, click Import the Current Security Zones Settings, and then click Modify Settings.
3. Select the content zone in which you want to manage ActiveX controls, and then click Custom Level.
4. In the Run ActiveX Controls and Plug-ins area, click Administrator Approved.</string>
<string id="IE_ExplainMSNBC">Designates a set of MSNBC controls as administrator-approved.
These controls enable enhanced browsing of news reports on the MSNBC Web site.
If you enable this policy, these controls can be run in security zones in which you specify that administrator-approved controls can be run.
If you disable this policy or do not configure it, these controls will not be designated as administrator-approved.
Select the check boxes for the controls that you want to designate as administrator-approved.
To specify how administrator-approved controls are handled for each security zone, carry out the following steps:
1. In Group Policy, click User Configuration, click Internet Explorer Maintenance, and then click Security.
2. Double-click Security Zones and Content Ratings, click Import the Current Security Zones Settings, and then click Modify Settings.
3. Select the content zone in which you want to manage ActiveX controls, and then click Custom Level.
4. In the Run ActiveX Controls and Plug-ins area, click Administrator Approved.</string>
<string id="IE_ExplainNetShowFile">Designates NetShow File Transfer Control as an administrator approved control.
If you enable this policy, this control can be run in security zones in which you specify that administrator-approved controls can be run.
If you disable this policy or do not configure it, this control will not be designated as administrator-approved.
To specify how administrator-approved controls are handled for each security zone, carry out the following steps:
1. In Group Policy, click User Configuration, click Internet Explorer Maintenance, and then click Security.
2. Double-click Security Zones and Content Ratings, click Import the Current Security Zones Settings, and then click Modify Settings.
3. Select the content zone in which you want to manage ActiveX controls, and then click Custom Level.
4. In the Run ActiveX Controls and Plug-ins area, click Administrator Approved.</string>
<string id="IE_ExplainNoAddingChannels">Prevents users from adding channels to Internet Explorer.
Channels are Web sites that are updated automatically on your computer, according to a schedule specified by the channel provider.
If you enable this policy, the Add Active Channel button, which appears on a channel that users haven't yet subscribed to, will be disabled. Users also cannot add content that is based on a channel, such as some of the Active Desktop items from Microsoft's Active Desktop Gallery, to their desktop.
If you disable this policy or do not configure it, users can add channels to the Channel bar or to their desktop.
Note: Most channel providers use the words Add Active Channel for this option; however, a few use different words, such as Subscribe.</string>
<string id="IE_ExplainNoAddingSubscriptions">Prevents users from specifying that Web pages can be downloaded for viewing offline. When users make Web pages available for offline viewing, they can view the content when their computer is not connected to the Internet.
If you enable this policy, users cannot add new schedules for downloading offline content. The Make Available Offline check box will be dimmed in the Add Favorite dialog box.
If you disable this policy or do not configure it, users can add new offline content schedules.
This policy is intended for organizations that are concerned about server load for downloading content.
The "Hide Favorites menu" policy (located in User Configuration\Administrative Templates\Windows Components\Internet Explorer) takes precedence over this policy. If it is enabled, this policy is ignored.</string>
<string id="IE_ExplainNoBandCustomize">Prevents users from determining which toolbars are displayed in Microsoft Internet Explorer and Windows Explorer.
If you enable this policy, the list of toolbars, which users can display by clicking the View menu and then pointing to the Toolbars command, will appear dimmed.
If you disable this policy or do not configure it, users can determine which toolbars are displayed in Windows Explorer and Internet Explorer.
This policy can be used in coordination with the "Disable customizing browser toolbar buttons" policy, which prevents users from adding or removing toolbars from Internet Explorer.</string>
<string id="IE_ExplainNoBrowserContextMenu">Prevents the shortcut menu from appearing when users click the right mouse button while using the browser.
If you enable this policy, the shortcut menu will not appear when users point to a Web page, and then click the right mouse button.
If you disable this policy or do not configure it, users can use the shortcut menu.
This policy can be used to ensure that the shortcut menu is not used as an alternate method of running commands that have been removed from other parts of the interface.</string>
<string id="IE_ExplainNoCertError">Internet Explorer treats as fatal any Secure Socket Layer/Transport Layer Security (SSL/TLS) certificate errors that interrupt navigation (such as "expired," "revoked," or "name mismatch" errors).
If you enable this policy setting, the user is not permitted to continue navigation.
If you disable this policy setting or do not configure it, the user may elect to ignore certificate errors and continue navigation.</string>
<string id="IE_ExplainNoChannelLogging">Prevents channel providers from recording information about when their channel pages are viewed by users who are working offline.
If you enable this policy, it disables any channel logging settings set by channel providers in the channel definition format (.cdf) file. The .cdf file determines the schedule and other settings for downloading Web content.
If you disable this policy or do not configure it, channel providers can record information about when their channel pages are viewed by users who are working offline.</string>
<string id="IE_ExplainNoChannelUI">Prevents users from viewing the Channel bar interface. Channels are Web sites that are automatically updated on their computer according to a schedule specified by the channel provider.
If you enable this policy, the Channel bar interface will be disabled, and users cannot select the Internet Explorer Channel Bar check box on the Web tab in the Display Properties dialog box.
If you disable this policy or do not configure it, users can view and subscribe to channels from the Channel bar interface.</string>
<string id="IE_ExplainNoDelBrowsingHistory">This policy setting prevents users from performing the "Delete Browsing History" action in Internet Explorer.
If you enable this policy setting, users cannot perform the "Delete Browsing History" action in Internet Options for Internet Explorer 7.
If you disable or do not configure this policy setting, users can perform the "Delete Browsing History" action in Internet Options for Internet Explorer 7.</string>
<string id="IE_ExplainNoDelForms">This policy setting prevents the user from clearing forms. This is available as "Delete Forms" option in the "Delete Browsing History" dialog box in Internet Explorer 7 and as "Clear Forms" under "Clear AutoComplete history" in tools, Internet Options, content tab, Auto Complete Settings in Internet Explorer 6.
If you enable this policy setting, users cannot delete forms.
If you disable or do not configure this policy setting, users have the freedom to delete forms.</string>
<string id="IE_ExplainNoDelPasswords">This policy setting prevents the user from clearing passwords. This option is available as "Delete Passwords" option in the "Delete Browsing History" dialog box in Internet Explorer 7 and as "Clear Passwords" under "Clear AutoComplete history" in tools, Internet Options, content tab, Auto Complete Settings in Internet Explorer 6.
If you enable this policy setting, users cannot delete passwords.
If you disable or do not configure this policy setting, users will have the freedom to delete passwords.</string>
<string id="IE_ExplainNoEditingScheduleGroups">Prevents users from adding, editing, or removing schedules for offline viewing of Web pages and groups of Web pages that users have subscribed to.
A subscription group is a favorite Web page plus the Web pages it links to.
If you enable this policy, the Add, Remove, and Edit buttons on the Schedule tab in the Web page Properties dialog box are dimmed. To display this tab, users click the Tools menu, click Synchronize, select a Web page, click the Properties button, and then click the Schedule tab.
If you disable this policy or do not configure it, users can add, remove, and edit schedules for Web sites and groups of Web sites.
The "Disable editing schedules for offline pages" policy and the "Hide Favorites menu" policy (located in User Configuration\Administrative Templates\Windows Components\Internet Explorer) take precedence over this policy. If either policy is enabled, this policy is ignored.</string>
<string id="IE_ExplainNoEditingSubscriptions">Prevents users from editing an existing schedule for downloading Web pages for offline viewing.
When users make Web pages available for offline viewing, they can view content when their computer is not connected to the Internet.
If you enable this policy, users cannot display the schedule properties of pages that have been set up for offline viewing. If users click the Tools menu, click Synchronize, select a Web page, and then click the Properties button, no properties are displayed. Users do not receive an alert stating that the command is unavailable.
If you disable this policy or do not configure it, users can edit an existing schedule for downloading Web content for offline viewing.
This policy is intended for organizations that are concerned about server load for downloading content.
The "Hide Favorites menu" policy (located in User Configuration\Administrative Templates\Windows Components\Internet Explorer) takes precedence over this policy. If it is enabled, this policy is ignored.</string>
<string id="IE_ExplainNoFavorites">Prevents users from adding, removing, editing or viewing the list of Favorite links.
The Favorites list is a way to store popular links for future use.
If you enable this policy, the Favorites menu is removed from the interface, and the Favorites button on the browser toolbar appears dimmed. The Add to Favorites command on the shortcut menu is disabled; when users click it, they are informed that the command is unavailable.
f you disable this policy or do not configure it, users can manage their Favorites list.
Note: If you enable this policy, users also cannot click Synchronize on the Tools menu (in Internet Explorer 6) to manage their favorite links that are set up for offline viewing.</string>
<string id="IE_ExplainNoFirstRunCustomise">This policy setting prevents performance of the First Run Customize settings ability and controls what the user will see when they launch Internet Explorer for the first time after installation of Internet Explorer.
If you enable this policy setting, users must make one of two choices:
1: Skip Customize Settings, and go directly to the userΓÇÖs home page.
2: Skip Customize Settings, and go directly to the "Welcome to Internet Explorer" Web page.
If you disable or do not configure this policy setting, users go through the regular first run process.</string>
<string id="IE_ExplainNoHelpMenu">This policy setting allows you to turn off the Help menu in Internet Explorer.
If you enable this policy setting, users will not be able to use the Internet Explorer help.
- Help will be removed from the command bar.
- Help menu in the menu bar will not be functional.
- The use of the shortcut key F1 for help will be restricted.
If you disable or do not configure this policy setting, Internet Explorer Help menu will be available to the users and they can also use F1 to access help.</string>
<string id="IE_ExplainNoIESearchBox">This policy setting allows you to disable the Internet Explorer search box, which includes a drop-down list of all installed search providers as well as a link to search settings.
If you enable this policy setting, the search box in Internet Explorer will be disabled and will not appear in the Internet Explorer frame.
If you disable or do not configure this policy setting, the search box will by default appear in the Internet Explorer frame.</string>
<string id="IE_ExplainNoJITSetup">Prevents Internet Explorer from automatically installing components.
If you enable this policy, it prevents Internet Explorer from downloading a component when users browse to a Web site that needs that component.
If you disable this policy or do not configure it, users will be prompted to download and install a component when visiting a Web site that uses that component.
This policy is intended to help the administrator control which components the user installs.</string>
<string id="IE_ExplainNoOpeninNewWnd">Prevents using the shortcut menu to open a link in a new browser window.
If you enable this policy, users cannot point to a link, click the right mouse button, and then click the Open in New Window command.
If you disable this policy or do not configure it, users can open a Web page in a new browser window by using the shortcut menu.
This policy can be used in coordination with the "File menu: Disable New menu option" policy, which prevents users from opening the browser in a new window by clicking the File menu, pointing to New, and then clicking Window.
Note: When users click the Open in New Window command, the link will not open in a new window and they will be informed that the command is not available.</string>
<string id="IE_ExplainNoQuickTabs">This policy setting allows you to turn off the Quick Tabs functionality in Internet Explorer.
If you enable this policy setting, the entry points to Quick Tabs will be removed from the Internet Explorer user interface.
If you disable or do not configure this policy setting, Quick Tabs will not be affected by this setting.</string>
<string id="IE_ExplainNoRemovingChannels">Prevents users from disabling channel synchronization in Microsoft Internet Explorer.
Channels are Web sites that are automatically updated on your computer according to a schedule specified by the channel provider.
If you enable this policy, users cannot prevent channels from being synchronized.
If you disable this policy or do not configure it, users can disable the synchronization of channels.
This policy is intended to help administrators ensure that users' computers are being updated uniformly across their organization.
Note: This policy does not prevent users from removing active content from the desktop interface.</string>
<string id="IE_ExplainNoRemovingSubscriptions">Prevents users from clearing the preconfigured settings for Web pages to be downloaded for offline viewing.
When users make Web pages available for offline viewing, they can view content when their computer is not connected to the Internet.
If you enable this policy, the Make Available Offline check box in the Organize Favorites Favorite dialog box and the Make This Page Available Offline check box will be selected but dimmed. To display the Make This Page Available Offline check box, users click the Tools menu, click Synchronize, and then click the Properties button.
If you disable this policy or do not configure it, users can remove the preconfigured settings for pages to be downloaded for offline viewing.
This policy is intended for organizations that are concerned about server load for downloading content.
The "Hide Favorites menu" policy (located in User Configuration\Administrative Templates\Windows Components\Internet Explorer) takes precedence over this policy. If it is enabled, this policy is ignored.</string>
<string id="IE_ExplainNoScheduledUpdates">Disables existing schedules for downloading Web pages for offline viewing.
When users make Web pages available for offline viewing, they can view content when their computer is not connected to the Internet.
If you enable this policy, the check boxes for schedules on the Schedule tab of the Web page properties are cleared and users cannot select them. To display this tab, users click the Tools menu, click Synchronize, select a Web page, click the Properties button, and then click the Schedule tab.
If you disable this policy, then Web pages can be updated on the schedules specified on the Schedule tab.
This policy is intended for organizations that are concerned about server load for downloading content.
The "Hide Favorites menu" policy (located in User Configuration\Administrative Templates\Windows Components\Internet Explorer) takes precedence over this policy. If it is enabled, this policy is ignored.</string>
<string id="IE_ExplainNoSearchCustomization">Makes the Customize button in the Search Assistant appear dimmed.
The Search Assistant is a tool that appears in the Search bar to help users search the Internet.
If you enable this policy, users cannot change their Search Assistant settings, such as setting default search engines for specific tasks.
If you disable this policy or do not configure it, users can change their settings for the Search Assistant.
This policy is designed to help administrators maintain consistent settings for searching across an organization.</string>
<string id="IE_ExplainNoSearchProvider">This policy setting prevents you from setting the default search provider for the address bar and the Toolbar Search Box.
If you enable this policy setting, users will not be able to change the default search provider.
If you disable or do not configure this policy setting, users will have the freedom to change the default search provider.</string>
<string id="IE_ExplainNoSelectDownloadDir">Prevents users from saving a program or file that Microsoft Internet Explorer has downloaded to the hard disk.
If you enable this policy, users cannot save a program to disk by clicking the Save This Program to Disk command while attempting to download a file. The file will not be downloaded and users will be informed that the command is not available.
If you disable this policy or do not configure it, users can download programs from their browsers.</string>
<string id="IE_ExplainNoSplash">Prevents the Internet Explorer splash screen from appearing when users start the browser.
If you enable this policy, the splash screen, which displays the program name, licensing, and copyright information, is not displayed.
If you disable this policy or do not configure it, the splash screen will be displayed when users start their browsers.</string>
<string id="IE_ExplainNoSubscriptionContent">Prevents content from being downloaded from Web sites that users have subscribed to.
When users make Web pages available for offline viewing, they can view content when their computer is not connected to the Internet.
If you enable this policy, content will not be downloaded from Web sites that users have subscribed to. However, synchronization with the Web pages will still occur to determine if any content has been updated since the last time the user synchronized with or visited the page.
If you disable this policy or do not configure it, content will not be prevented from being downloaded.
The "Disable downloading of site subscription content" policy and the "Hide Favorites menu" policy (located in User Configuration\Administrative Templates\Windows Components\Internet Explorer) take precedence over this policy. If either policy is enabled, this policy is ignored.</string>
<string id="IE_ExplainNoTabBrowsing">This policy setting allows you to turn off tabbed browsing and related entry points from the Internet Explorer user interface.
If you enable this policy setting, tabbed browsing and related entry points will be disabled for Internet Explorer, and this setting cannot be changed by the user.
If you disable this policy setting, tabbed browsing and related entry points will appear in the user interface for Internet Explorer and this setting cannot be changed by the user.
If you do not configure this policy setting, the user will be able to enable or disable tabbed browsing.</string>
<string id="IE_ExplainNoTabBrowsingPopups">This policy setting allows you to define the user experience related to pop-up windows and tabbed browsing in Internet Explorer.
If you enable this policy setting, the user will not be able to configure the tabbed browsing pop-up behavior. You will have to specify the behavior desired.
The value choices are:
0: Let Internet Explorer decide.
1: Force pop-up windows to open in new windows.
2: Force pop-up windows to open in new tabs.
If you disable or do not configure this setting, the user's setting for tabbed browsing pop-up behavior will be used.</string>
<string id="IE_ExplainNoToolbarCustomize">Prevents users from determining which buttons appear on the Microsoft Internet Explorer and Windows Explorer standard toolbars. The buttons appearing on the toolbar can be customized by the "Customize" option. This is present under the Toolbars submenu of the View menu in Internet Explorer 6 and under the Toolbars submenu of the Tools menu in the Command bar in Internet Explorer 7.
If you enable this policy, the Customize option will be removed from the menu.
If you disable this policy or do not configure it, users can customize which buttons appear on the Internet Explorer and Windows Explorer toolbars.
This policy can be used in coordination with the "Disable customizing browser toolbars" policy, which prevents users from determining which toolbars are displayed in Internet Explorer and Windows Explorer.</string>
<string id="IE_ExplainNoUpdateCheck">Prevents Internet Explorer from checking whether a new version of the browser is available.
If you enable this policy, it prevents Internet Explorer from checking to see whether it is the latest available browser version and notifying users if a new version is available.
If you disable this policy or do not configure it, Internet Explorer checks every 30 days by default, and then notifies users if a new version is available.
This policy is intended to help the administrator maintain version control for Internet Explorer by preventing users from being notified about new versions of the browser.</string>
<string id="IE_ExplainNoWindowReuse">This policy setting allows you to configure the behavior of new windows in Internet Explorer.
If you enable this policy setting, the user will not be able to configure the behavior of window reuse. You must specify whether links from other applications will:
ΓÇó Open in an existing Internet Explorer window. If tabbed browsing is enabled, a new tab will be created in this scenario.
ΓÇó Open a new Internet Explorer window.
If you disable or do not configure this policy setting, the user will be able to change window reuse.</string>
<string id="IE_ExplainOEVirusProtection">Allows Administrators to enable and disable the ability for Outlook Express users to save or open attachments that can potentially contain a virus.
If you check the block attachments setting, users will be unable to open or save attachments that could potentially contain a virus. Users will not be able to disable the blocking of attachments in options.
If the block attachments setting is not checked, the user can specify to enable or disable the blocking of attachments in options.</string>
<string id="IE_ExplainPersistence_FileLimits0">Limits the amount of storage that a page or site using the DHTML Persistence behavior can use for the Local Computer security zone.
If you enable this policy, you can specify the persistence storage amount per domain or per document for this security zone.
If you disable this policy or do not configure it, you cannot set this limit.
Note: This setting does not appear in the user interface.</string>
<string id="IE_ExplainPersistence_FileLimits1">Limits the amount of storage that a page or site using the DHTML Persistence behavior can use for the Local Intranet security zone.
If you enable this policy, you can specify the persistence storage amount per domain or per document for this security zone.
If you disable this policy or do not configure it, you cannot set this limit.
Note: This setting does not appear in the user interface.</string>
<string id="IE_ExplainPersistence_FileLimits2">Limits the amount of storage that a page or site using the DHTML Persistence behavior can use for the Trusted Sites security zone.
If you enable this policy, you can specify the persistence storage amount per domain or per document for this security zone.
If you disable this policy or do not configure it, you cannot set this limit.
Note: This setting does not appear in the user interface.</string>
<string id="IE_ExplainPersistence_FileLimits3">Limits the amount of storage that a page or site using the DHTML Persistence behavior can use for the Internet security zone.
If you enable this policy, you can specify the persistence storage amount per domain or per document for this security zone.
If you disable this policy or do not configure it, you cannot set this limit.
Note: This setting does not appear in the user interface.</string>
<string id="IE_ExplainPersistence_FileLimits4">Limits the amount of storage that a page or site using the DHTML Persistence behavior can use for the Restricted Sites security zone.
If you enable this policy, you can specify the persistence storage amount per domain or per document for this security zone.
If you disable this policy or do not configure it, you cannot set this limit.
Note: This setting does not appear in the user interface.</string>
<string id="IE_ExplainPersistenceCategory">Contains settings for file size limits in internet security zones.</string>
<string id="IE_ExplainRestrictAccessibility">If you enable this policy, the user cannot modify the Accessibility options. All options in the "Accessibility" window on the General Tab in the Internet Options dialog box appear dimmed.
If you disable this policy or do not configure it, users can change accessibility settings, such as overriding fonts and colors on Web pages.
If you set the "Disable the General page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), you do not need to set this policy, because the "Disable the General page" policy removes the General tab from the interface.
</string>
<string id="IE_ExplainRestrictAutoconfig">This setting specifies to automatically detect the proxy server settings used to connect to the Internet and customize Internet Explorer. This setting specifies that Internet explorer use the configuration settings provided in a file by the system administrator.
If you enable this policy setting, the user will not be able to do automatic configuration. You can import your current connection settings from your machine using Internet Explorer Maintenance under Admin Templates using group policy editor.
If you disable or do no configure this policy setting, the user will have the freedom to automatically configure these settings.</string>
<string id="IE_ExplainRestrictCache">Prevents users from changing the browser cache settings, such as the location and amount of disk space to use for the Temporary Internet Files folder.
If you enable this policy, the browser cache settings appear dimmed. These settings are found in the dialog box that appears when users click the General tab and then click the Settings button in the Internet Options dialog box.
If you disable this policy or do not configure it, users can change their cache settings.
If you set the "Disable the General page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), you do not need to set this policy, because the "Disable the General page" policy removes the General tab from the interface.</string>
<string id="IE_ExplainRestrictCalendarContact">Prevents users from changing the default programs for managing schedules and contacts.
If you enable this policy, the Calendar and Contact combo boxes appear dimmed in the Internet Programs area. To display these options, users open the Internet Options dialog box, and then click the Programs tab.
If you disable this policy or do not configure it, users can determine which programs to use for managing schedules and contacts, if programs that perform these tasks are installed.
This "Disable the Programs Page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel) takes precedence over this policy. If it is enabled, this policy is ignored.</string>
<string id="IE_ExplainRestrictCertificates">Prevents users from changing certificate settings in Internet Explorer. Certificates are used to verify the identity of software publishers.
If you enable this policy, the settings in the Certificates area on the Content tab in the Internet Options dialog box appear dimmed.
If you disable this policy or do not configure it, users can import new certificates, remove approved publishers, and change settings for certificates that have already been accepted.
The "Disable the Content page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), which removes the Content tab from Internet Explorer in Control Panel, takes precedence over this policy. If it is enabled, this policy is ignored.
Caution: If you enable this policy, users can still run the Certificate Manager Import Wizard by double-clicking a software publishing certificate (.spc) file. This wizard enables users to import and configure settings for certificates from software publishers that haven't already been configured for Internet Explorer.</string>
<string id="IE_ExplainRestrictCheckBrowser">Prevents Microsoft Internet Explorer from checking to see whether it is the default browser.
If you enable this policy, the Internet Explorer Should Check to See Whether It Is the Default Browser check box on the Programs tab in the Internet Options dialog box appears dimmed.
If you disable this policy or do not configure it, users can determine whether Internet Explorer will check to see if it is the default browser. When Internet Explorer performs this check, it prompts the user to specify which browser to use as the default.
This policy is intended for organizations that do not want users to determine which browser should be their default.
The "Disable the Programs page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), which removes the Programs tab from Internet Explorer in Control Panel, takes precedence over this policy. If it is enabled, this policy is ignored.</string>
<string id="IE_ExplainRestrictColors">Prevents users from changing the default Web page colors.
If you enable this policy, the color settings for Web pages appear dimmed. The settings are located in the Colors area in the dialog box that appears when the user clicks the General tab and then clicks the Colors button in the Internet Options dialog box.
If you disable this policy or do not configure it, users can change the default background and text color of Web pages.
If you set the "Disable the General page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), you do not need to set this policy, because the "Disable the General page" policy removes the General tab from the interface.
Note: The default Web page colors are ignored on Web pages in which the author has specified the background and text colors.</string>
<string id="IE_ExplainRestrictConnectionSettings">Prevents users from changing dial-up settings.
If you enable this policy, the Settings button on the Connections tab in the Internet Options dialog box appears dimmed.
If you disable this policy or do not configure it, users can change their settings for dial-up connections.
If you set the "Disable the Connections page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), you do not need to set this policy, because the "Disable the Connections page" policy removes the Connections tab from the interface.</string>
<string id="IE_ExplainRestrictConnectionWizard">Prevents users from running the Internet Connection Wizard.
If you enable this policy, the Setup button on the Connections tab in the Internet Options dialog box appears dimmed.
Users will also be prevented from running the wizard by clicking the Connect to the Internet icon on the desktop or by clicking Start, pointing to Programs, pointing to Accessories, pointing to Communications, and then clicking Internet Connection Wizard.
If you disable this policy or do not configure it, users can change their connection settings by running the Internet Connection Wizard.
Note: This policy overlaps with the "Disable the Connections page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), which removes the Connections tab from the interface. Removing the Connections tab from the interface, however, does not prevent users from running the Internet Connection Wizard from the desktop or the Start menu.</string>
<string id="IE_ExplainRestrictFonts">Prevents users from changing font settings.
If you enable this policy, users will not be able to change font settings for viewing Web pages. All font settings visible after pressing the "Fonts" button on the General Tab in the Internet Options dialog box will be disabled.
If you disable this policy or do not configure it, users can change the default fonts for viewing Web pages.
If you set the "Disable the General page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), you do not need to set this policy, because the "Disable the General page" policy removes the General tab from the interface.
Note: The default font settings colors are ignored in cases in which the Web page author has specified the font attributes.</string>
<string id="IE_ExplainRestrictFormSuggest">This AutoComplete feature suggests possible matches when users are filling up forms.
If you enable this setting, the user is not suggested matches when filling forms. The user cannot change it.
If you disable this setting, the user is suggested possible matches when filling forms. The user cannot change it.
If you do not configure this setting, the user has the freedom to turn on the auto-complete feature for forms.
To display this option, the users open the Internet Options dialog box, click the Contents Tab and click the Settings button.</string>
<string id="IE_ExplainRestrictFormSuggestPW">This AutoComplete feature can remember and suggest User names and passwords on Forms.
If you enable this setting, the user cannot change "User name and passwords on forms" or "prompt me to save passwords". The Auto Complete feature for User names and passwords on Forms will be turned on. You have to decide whether to select "prompt me to save passwords".
If you disable this setting the user cannot change "User name and passwords on forms" or "prompt me to save passwords". The Auto Complete feature for User names and passwords on Forms is turned off. The user also cannot opt to be prompted to save passwords.
If you do not configure this setting, the user has the freedom of turning on Auto complete for User name and passwords on forms and the option of prompting to save passwords.To display this option, the users open the Internet Options dialog box, click the Contents Tab and click the Settings button.</string>
<string id="IE_ExplainRestrictHistory">This setting specifies the number of days that Internet Explorer keeps track of the pages viewed in the History List. The delete Browsing History option can be accessed using Tools, Internet Options and General tab. It is also available as Delete History directly under tools, Internet options, Delete Browsing History in Internet Explorer 7.
If you enable this policy setting, a user cannot set the number of days that Internet Explorer keeps track of the pages viewed in the History List. You must specify the number of days that Internet Explorer keeps track of the pages viewed in the History List. Users will not be able to delete browsing history.
If you disable or do not configure this policy setting, a user can set the number of days that Internet Explorer keeps track of the pages viewed in the History List and has the freedom to Delete Browsing History.</string>
<string id="IE_ExplainRestrictHomePage">The Home page in the Internet Options Settings is the default web page that internet explorer loads whenever it is run.
If you enable this policy setting, a user cannot set a custom default home page. You must specify which default home page should load on the user machine.
If you disable or do not configure this policy setting, the Home Page textbox is enabled and users can choose their own home page.</string>
<string id="IE_ExplainRestrictLanguages">Prevents users from changing language preference settings.
If you enable this policy, users will not be able to set language preferences to read websites. Language preference settings visible after pressing the "Languages" button on the General Tab in the Internet Options dialog box will be disabled.
If you disable this policy or do not configure it, users can change the language preference settings for viewing Web sites for languages in which the character set has been installed.
If you set the "Disable the General page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), you do not need to set this policy, because the "Disable the General page" policy removes the General tab from the interface.</string>
<string id="IE_ExplainRestrictLinks">Prevents users from changing the colors of links on Web pages.
If you enable this policy, the color settings for links appear dimmed. The settings are located in the Links area of the dialog box that appears when users click the General tab and then click the Colors button in the Internet Options dialog box.
If you disable this policy or do not configure it, users can change the default color of links on Web pages.
If you set the "Disable the General page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), you do not need to set this policy, because the "Disable the General page" policy removes the General tab from the interface.
Note: The default link colors are ignored on Web pages on which the author has specified link colors.</string>
<string id="IE_ExplainRestrictMessaging">Prevents users from changing the default programs for messaging tasks.
If you enable this policy, the E-mail, Newsgroups, and Internet Call options in the Internet Programs area appear dimmed. To display these options, users open the Internet Options dialog box, and then click the Programs tab.
If you disable this policy or do not configure it, users can determine which programs to use for sending mail, viewing newsgroups, and placing Internet calls, if programs that perform these tasks are installed.
The "Disable the Programs page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), which removes the Programs tab from Internet Explorer in Control Panel, takes precedence over this policy. If it is enabled, this policy is ignored.</string>
<string id="IE_ExplainRestrictPopupExceptionList">You can allow Pop-ups from specific websites by adding the site to the exceptions list.
If you enable this policy, users will not be able to add or remove websites to the exception list.
If you disable or do not configure this policy setting, users will be able to specify websites in the allow pop-ups exceptions list.
Note: You can allow a default list of sites which will be allowed to open pop-up windows regardless of the Internet Explorer process's Pop-Up Blocker settings by enabling "Pop-up allow list" policy.</string>
<string id="IE_ExplainRestrictPopupManagement">This policy setting allows you to manage pop-up management functionality in Internet Explorer.
If you enable this policy setting, the Control Panel information relating to pop-up management will be unavailable (grayed out) and all other pop-up manager controls, notifications, and dialog boxes will not appear. Pop-up windows will continue to function as they did in Windows XP Service Pack 1 or earlier, although windows launched off screen will continue to be re-positioned onscreen.
If you disable or do not configure this policy setting, the popup management feature will be functional.</string>
<string id="IE_ExplainRestrictProfiles">Prevents users from changing Profile Assistant settings.
If you enable this policy, the My Profile button appears dimmed in the Personal Information area on the Content tab in the Internet Options dialog box.
If you disable this policy or do not configure it, users can change their profile information, such as their street and e-mail addresses.
The "Disable the Content page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), which removes the Content tab from Internet Explorer in Control Panel, takes precedence over this policy. If it is enabled, this policy is ignored.</string>
<string id="IE_ExplainRestrictProxy">This setting specifies to connect to the internet using the proxy server settings specified. A proxy server acts as an intermediary between your internal network (intranet) and the Internet, retrieving files from remote Web servers. This setting specifies whether the user wants to connect to the local intranet addresses using the proxy server or wants to bypass it for the intranet addresses.
If you enable this policy, the user will not be able to configure proxy settings. You can import your current Proxy settings from your machine using Internet Explorer Maintenance under Admin Templates using group policy editor.
If you disable or do not configure this policy setting, the user will have the freedom to configure proxy settings.</string>
<string id="IE_ExplainRestrictRatings">Prevents users from changing ratings that help control the type of Internet content that can be viewed.
If you enable this policy, the settings in the Content Advisor area on the Content tab in the Internet Options dialog box appear dimmed.
If you disable this policy or do not configure it, users can change their ratings settings.
The "Disable the Ratings page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), which removes the Ratings tab from Internet Explorer in Control Panel, takes precedence over this policy. If it is enabled, this policy is ignored.</string>
<string id="IE_ExplainRestrictResetWebSettings">Prevents users from restoring default settings for home and search pages.
If you enable this policy, the Reset Web Settings button on the Programs tab in the Internet Options dialog box appears dimmed.
If you disable this policy or do not configure it, users can restore the default settings for home and search pages.
The "Disable the Programs page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), which removes the Programs tab from Internet Explorer in Control Panel, takes precedence over this policy. If it is enabled, this policy is ignored.</string>
<string id="IE_ExplainRestrictSettings">This policy setting is used to manage temporary Internet files and cookies associated with your Internet browsing history, available by clicking Tools, Internet Options, and then Delete Browsing History in Internet Explorer 7.
If you enable this policy setting, users will not be able to delete temporary Internet files and cookies.
If you disable or do not configure this policy setting, users will be able to delete temporary Internet files and cookies.</string>
<string id="IE_ExplainRestrictWebAddressSuggest">This AutoComplete feature suggests possible matches when users are entering Web addresses in the browser address bar.
If you enable this policy setting, user will not be suggested matches when entering Web addresses. The user cannot change the auto-complete for web-address setting.
If you disable this policy setting, user will be suggested matches when entering Web addresses. The user cannot change the auto-complete for web-address setting.
If you do not configure this policy setting, a user will have the freedom to choose to turn the auto-complete setting for web-addresses on or off.</string>
<string id="IE_ExplainScriptlet">Designates Microsoft Scriptlet Component as an administrator approved control. It is an Active X control which is used to render HTML pages.
If you enable this policy, this control can be run in security zones in which you specify that administrator-approved controls can be run.
If you disable this policy or do not configure it, this control will not be designated as administrator-approved.
To specify how administrator-approved controls are handled for each security zone, carry out the following steps:
1. In Group Policy, click User Configuration, click Internet Explorer Maintenance, and then click Security.
2. Double-click Security Zones and Content Ratings, click Import the Current Security Zones Settings, and then click Modify Settings.
3. Select the content zone in which you want to manage ActiveX controls, and then click Custom Level.
4. In the Run ActiveX Controls and Plug-ins area, click Administrator Approved.</string>
<string id="IE_ExplainSearch_NoFindFiles">Disables using the F3 key to search in Internet Explorer and Windows Explorer.
If you enable this policy, the search functionality of the F3 key is disabled. Users cannot press F3 to search the Internet (from Internet Explorer) or to search the hard disk (from Windows Explorer). If the user presses F3, a prompt appears that informs the user that this feature has been disabled.
If you disable this policy or do not configure it, users can press F3 to search the Internet (from Internet Explorer) or the hard disk (from Windows Explorer).
This policy is intended for situations in which administrators do not want users to explore the Internet or the hard disk.
This policy can be used in coordination with the "File Menu: Disable Open menu option" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Browser Menus), which prevents users from opening files by using the browser.</string>
<string id="IE_ExplainSecurity_HKLM_only">Applies security zone information to all users of the same computer. A security zone is a group of Web sites with the same security level.
If you enable this policy, changes that the user makes to a security zone will apply to all users of that computer.
If you disable this policy or do not configure it, users of the same computer can establish their own security zone settings.
This policy is intended to ensure that security zone settings apply uniformly to the same computer and do not vary from user to user.
Also, see the "Security zones: Do not allow users to change policies" policy.</string>
<string id="IE_ExplainSecurity_options_edit">Prevents users from changing security zone settings. A security zone is a group of Web sites with the same security level.
If you enable this policy, the Custom Level button and security-level slider on the Security tab in the Internet Options dialog box are disabled.
If you disable this policy or do not configure it, users can change the settings for security zones.
This policy prevents users from changing security zone settings established by the administrator.
Note: The "Disable the Security page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), which removes the Security tab from Internet Explorer in Control Panel, takes precedence over this policy. If it is enabled, this policy is ignored.
Also, see the "Security zones: Use only machine settings" policy.</string>
<string id="IE_ExplainSecurity_zones_map_edit">Prevents users from adding or removing sites from security zones. A security zone is a group of Web sites with the same security level.
If you enable this policy, the site management settings for security zones are disabled. (To see the site management settings for security zones, in the Internet Options dialog box, click the Security tab, and then click the Sites button.)
If you disable this policy or do not configure it, users can add Web sites to or remove sites from the Trusted Sites and Restricted Sites zones, and alter settings for the Local Intranet zone.
This policy prevents users from changing site management settings for security zones established by the administrator.
Note: The "Disable the Security page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), which removes the Security tab from the interface, takes precedence over this policy. If it is enabled, this policy is ignored.
Also, see the "Security zones: Use only machine settings" policy.</string>
<string id="IE_ExplainSecurityPage_AutoDetect">This policy setting enables intranet mapping rules to be applied automatically when the computer belongs to a domain.
If you enable this policy setting, intranet automatic detection will be enabled and the intranet mapping rules will be applied automatically if the computer belongs to a domain.
If you disable this policy setting, intranet automatic detection will be disabled and the intranet mapping rules will be applied however they are configured.
If this policy setting is not configured, the user can choose whether or not to automatically detect the intranet through the intranet settings dialog shown by the Control Panel.</string>
<string id="IE_ExplainSecurityPage_WarnOnIntranet">This policy setting allows an Information bar notification to be shown to the user when intranet content is loaded and the intranet mapping rules have not been configured. The Information bar allows the user to enable the intranet mappings, if they require them.
If you enable this policy setting, then an Information bar notification will be shown whenever a user navigates to a page that loads content from an intranet site.
If you disable this policy setting, no Information bar notification will be shown when users load content from an intranet site that is being treated as though it is in the Internet zone.
If this policy setting is not configured, then the Information bar will be shown for intranet content loaded in a browser on a nondomain joined machine until the Information bar is turned off through one of the Information bar options.</string>
<string id="IE_ExplainShellNotifications">Specifies that programs using the Microsoft Software Distribution Channel will not notify users when they install new components. The Software Distribution Channel is a means of updating software dynamically on users' computers by using Open Software Distribution (.osd) technologies.
If you enable this policy, users will not be notified if their programs are updated using Software Distribution Channels.
If you disable this policy or do not configure it, users will be notified before their programs are updated.
This policy is intended for administrators who want to use Software Distribution Channels to update their users' programs without user intervention.</string>
<string id="IE_ExplainSpecificSearchProvider">This policy setting allows you to restrict the search providers that will appear in the search box in Internet Explorer to a list defined in the list of search provider policy keys (found under [HKCU or HKLM\Software\policies\Microsoft\Internet Explorer\SearchScopes]). Normally, search providers can be added from third-party toolbars or in Setup, but can also be added by the user from a search provider's Web site.
If you enable this policy setting, the user will not be able to configure the list of search providers on their computer, and any default providers installed will not appear (including providers installed from other applications). The only providers that will appear will be those in the list of search provider policy keys (found under [HKCU or HKLM\Software\policies\Microsoft\Internet Explorer\SearchScopes]). Note: This list can be created using a custom administrative template file. For information on creating this custom administrative template file, see the Internet Explorer documentation on search providers.
If you disable or do not configure this policy setting, users will be able to configure their list of search providers</string>
<string id="IE_ExplainSQM_DisableCEIP">This policy setting prevents users from participating in the Customer Experience Improvement Program (CEIP).
If you enable this policy setting, it prevents users from participating in the CEIP and removes the "Customer Feedback Options" menu item from the Help menu.
If you disable this policy setting, users must participate in the CEIP. It also removes the "Customer Feedback Options" menu item from the Help menu.
If you do not configure this policy setting, users can choose to participate in the CEIP.</string>
<string id="IE_ExplainSurvey">Designates Microsoft Survey Control as an administrator approved control.
If you enable this policy, this control can be run in security zones in which you specify that administrator-approved controls can be run.
If you disable this policy or do not configure it, this control will not be designated as administrator-approved.
To specify how administrator-approved controls are handled for each security zone, carry out the following steps:
1. In Group Policy, click User Configuration, click Internet Explorer Maintenance, and then click Security.
2. Double-click Security Zones and Content Ratings, click Import the Current Security Zones Settings, and then click Modify Settings.
3. Select the content zone in which you want to manage ActiveX controls, and then click Custom Level.
4. In the Run ActiveX Controls and Plug-ins area, click Administrator Approved.</string>
<string id="IE_ExplainTabOpenInFgBg">This policy setting allows you to configure the default behavior of new tab creation in Internet Explorer.
If you enable this policy setting, the user will not be able to configure tab behavior. You must specify whether tabs should open in the foreground or background. The user will not be able to open the tabs in the background by pressing CTRL+SHIFT+SELECT or to open the tabs in the foreground by pressing CTRL+SHIFT+SELECT.
If you disable or do not configure this policy setting, the user will be able to control the tab opening behavior.</string>
<string id="IE_ExplainToolbarButtons">Specifies which buttons will be displayed on the standard toolbar in Microsoft Internet Explorer.
If you enable this policy, you can specify whether or not each button will be displayed by selecting or clearing the check boxes for each button.
If you disable this policy or do not configure it, the standard toolbar will be displayed with its default settings, unless users customize it.</string>
<string id="IE_ExplainToolbarsCategory">Contains settings to allow and restrict users from editing the toolbars in Internet Explorer. Administrators can also set the default toolbar buttons.</string>
<string id="IE_ExplainTools_Menu">Prevents users from opening the Internet Options dialog box from the Tools menu in Microsoft Internet Explorer.
If you enable this policy, users cannot change their Internet options, such as default home page, cache size, and connection and proxy settings, from the browser Tools menu. When users click the Internet Options command on the Tools menu, they are informed that the command is unavailable.
If you disable this policy or do not configure it, users can change their Internet settings from the browser Tools menu.
Caution: This policy does not prevent users from viewing and changing Internet settings by clicking the Internet Options icon in Windows Control Panel.
Also, see policies for Internet options in the \Administrative Templates\Windows Components\Internet Explorer and in \Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel folders.</string>
<string id="IE_ExplainUserProxy">Applies proxy settings to all users of the same computer.
If you enable this policy, users cannot set user-specific proxy settings. They must use the zones created for all users of the computer.
If you disable this policy or do not configure it, users of the same computer can establish their own proxy settings.
This policy is intended to ensure that proxy settings apply uniformly to the same computer and do not vary from user to user.</string>
<string id="IE_ExplainView_NoTheaterMode">Prevents users from displaying the browser in full-screen (kiosk) mode, without the standard toolbar.
If you enable this policy, the Full Screen command on the View menu will appear dimmed, and pressing F11 will not display the browser in a full screen.
If you disable this policy or do not configure it, users can display the browser in a full screen.
This policy is intended to prevent users from displaying the browser without toolbars, which might be confusing for some beginning users.</string>
<string id="IE_ExplainView_NoViewSource">Prevents users from viewing the HTML source of Web pages by clicking the Source command on the View menu.
If you enable this policy, the Source command on the View menu will appear dimmed.
If you disable this policy or do not configure it, then users can view the HTML source of Web pages from the browser View menu.
Caution: This policy does not prevent users from viewing the HTML source of a Web page by right-clicking a Web page to open the shortcut menu, and then clicking View Source. To prevent users from viewing the HTML source of a Web page from the shortcut menu, set the "Disable context menu" policy, which disables the entire shortcut menu.</string>
<string id="IEDecide">Let Internet Explorer decide</string>
<string id="IESF_AddOnManagement_AllProcs_Explain">This policy setting allows you to manage whether processes respect add-on management user preferences (as reflected by Add-on Manager) or policy settings. By default, any process other than the Internet Explorer processes or those listed in the 'Process List' policy setting ignore add-on management user preferences and policy settings.
If you enable this policy setting, all processes will respect add-on management user preferences and policy settings.
If you disable or do not configure this policy setting, all processes will not respect add-on management user preferences or policy settings.</string>
<string id="IESF_AddOnManagement_ProcList_Explain">This policy setting allows you to manage whether the listed processes respect add-on management user preferences (as entered into Add-on Manager) or policy settings. By default, only Internet Explorer processes use the add-on management user preferences and policy settings. This policy setting allows you to extend support for these user preferences and policy settings to specific processes listed in the process list.
If you enable this policy setting and enter a Value of 1, the process entered will respect the add-on management user preferences and policy settings. If you enter a Value of 0, the add-on management user preferences and policy settings are ignored by the specified process. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.
Do not enter Internet Explorer processes in this list because these processes always respect add-on management user preferences and policy settings. If the All Processes policy setting is enabled, the processes configured in this policy setting take precedence over that setting.
If you do not configure this policy, processes other than the Internet Explorer processes will not be affected by add-on management user preferences or policy settings (unless "All Processes" is enabled).</string>
<string id="IESF_Explain_BinaryBehaviorAdminAllow">For each zone, the Binary and Scripted Behavior security restrictions may be configured to allow only a list of admin-approved behaviors. This list may be configured here, and applies to all processes which have opted in to the behavior, and to all zones. (Behaviors are components that encapsulate specific functionality or behavior on a page.)
If you enable this policy setting, this sets the list of behaviors permitted in each zone for which Script and Binary Behaviors is set to 'admin-approved'. Behaviors must be entered in #package#behavior notation, e.g., #default#vml.
If you disable this policy setting, no behaviors will be allowed in zones set to 'admin-approved', just as if those zones were set to 'disable'.
If you do not configure this policy setting, only VML will be allowed in zones set to 'admin-approved'.
Note. If this policy is set in both Computer Configuration and User Configuration, both lists of behaviors will be allowed as appropriate.</string>
<string id="IESF_ExplainAddOnManagementCategory">Internet Explorer allows users and administrators to decide which add-ons are permitted to load. Applications hosting the Web Browser Control can be configured to respect the same settings as Internet Explorer.</string>
<string id="IESF_ExplainBinaryBehaviorSecurityRestriction_AllProcs_Explain">Internet Explorer contains dynamic binary behaviors: components that encapsulate specific functionality for the HTML elements to which they are attached. This policy setting controls whether the Binary Behavior Security Restriction setting is prevented or allowed.
If you enable this policy setting, binary behaviors are prevented for all processes. Any use of binary behaviors for HTML rendering is blocked.
If you disable or do not configure this policy setting, binary behaviors are allowed for all processes.</string>
<string id="IESF_ExplainBinaryBehaviorSecurityRestriction_IE_Explain">Internet Explorer contains dynamic binary behaviors: components that encapsulate specific functionality for the HTML elements to which they are attached. This policy setting controls whether the Binary Behavior Security Restriction setting is prevented or allowed.
If you enable this policy setting, binary behaviors are prevented for the Windows Explorer and Internet Explorer processes.
If you disable this policy setting, binary behaviors are allowed for the Windows Explorer and Internet Explorer processes.
If you do not configure this policy setting, binary behaviors are prevented for the Windows Explorer and Internet Explorer processes.</string>
<string id="IESF_ExplainBinaryBehaviorSecurityRestriction_ProcList_Explain">Internet Explorer contains dynamic binary behaviors: components that encapsulate specific functionality for the HTML elements to which they are attached. This policy setting controls whether the Binary Behavior Security Restriction setting is prevented or allowed.
This policy setting allows administrators to define applications for which they want this security feature to be prevented or allowed.
If you enable this policy setting and enter a Value of 1 binary behaviors are prevented. If you enter a Value of 0 binary behaviors are allowed. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.
Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.
If you disable or do not configure this policy setting, the security feature is allowed.
</string>
<string id="IESF_ExplainBinaryBehaviorSecurityRestrictionCategory">Internet Explorer contains dynamic binary behaviors: components that encapsulate specific functionality for HTML elements to which they were attached. These binary behaviors are not controlled by any pages in zones such as Restricted Sites. In Windows XP Service Pack 2, there is a new Internet Explorer security setting for binary behaviors. This new binary behaviors security setting provides a general mitigation to vulnerabilities in Internet Explorer binary behaviors, and disables any binary behaviors for HTML rendering from the Restricted Sites zone by default.</string>
<string id="IESF_ExplainConsistentMimeHandling_AllProcs_Explain">Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files received through a Web server.
This policy setting determines whether Internet Explorer requires that all file-type information provided by Web servers be consistent. For example, if the MIME type of a file is text/plain but the MIME sniff indicates that the file is really an executable file, Internet Explorer renames the file by saving it in the Internet Explorer cache and changing its extension.
If you enable this policy setting, Consistent Mime Handling is enabled for all processes.
If you disable or do not configure this policy setting, Consistent Mime Handling is prevented for all processes.</string>
<string id="IESF_ExplainConsistentMimeHandling_IE_Explain">Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files received through a Web server.
This policy setting determines whether Internet Explorer requires that all file-type information provided by Web servers be consistent. For example, if the MIME type of a file is text/plain but the MIME sniff indicates that the file is really an executable file, Internet Explorer renames the file by saving it in the Internet Explorer cache and changing its extension.
If you enable this policy setting, Internet Explorer requires consistent MIME data for all received files.
If you disable this policy setting, Internet Explorer will not require consistent MIME data for all received files.
If you do not configure this policy setting, Internet Explorer requires consistent MIME data for all received files.</string>
<string id="IESF_ExplainConsistentMimeHandling_ProcList_Explain">Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files received through a Web server.
This policy setting determines whether Internet Explorer requires that all file-type information provided by Web servers be consistent. For example, if the MIME type of a file is text/plain but the MIME sniff indicates that the file is really an executable file, Internet Explorer renames the file by saving it in the Internet Explorer cache and changing its extension.
This policy setting allows administrators to define applications for which they want this security feature to be prevented or allowed.
If you enable this policy setting and enter a Value of 1, MIME handling is in effect. If you enter a Value of 0 file-type information is allowed to be inconsistent. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.
Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.
If you disable or do not configure this policy setting, the security feature is allowed.
</string>
<string id="IESF_ExplainConsistentMimeHandlingCategory">Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) type information to decide how to handle files that have been sent by a Web server. For example, when there is a Hypertext Transfer Protocol (HTTP) request for .jpg files, on receipt are generally displayed to the user in an Internet Explorer window. If Internet Explorer receives an executable file, Internet Explorer generally prompted the user for how to handle the file.
In Windows XP Service Pack 2, Internet Explorer follows stricter rules that are designed to reduce the attack surface for spoofing the Internet Explorer MIME-handling logic.
When files are served to the client, Internet Explorer uses the following pieces of information to decide how to handle the file:
- File name extension
- Content-Type from the HTTP header (MIME type)
- Content-Disposition from the HTTP header
- Results of the MIME sniff
In Windows XP Service Pack 2, Internet Explorer requires that all file-type information that is provided by Web servers is consistent. For example, if the MIME type of a file is "text/plain" but the MIME sniff indicates that the file is really an executable file, Internet Explorer renames the file by saving the file in the Internet Explorer cache and changes its extension. (In a MIME sniff, Internet Explorer examines, or sniffs, a file to recognize the bit signatures of certain types of files.)</string>
<string id="IESF_ExplainDisableXMLHTTP">This policy setting allows users to run natively implemented scriptable XMLHTTP.
If you enable this policy setting, the users will be allowed to use natively implemented scriptable XMLHTTP.
If you disable this policy setting, the users will be prevented from running scriptable native XMLHTTP.
If you do not configure this policy setting, the user can choose to run scriptable native XMLHTTP.</string>
<string id="IESF_ExplainInformationBar_AllProcs_Explain">This policy setting allows you to manage whether the Information Bar is displayed for processes other than the Internet Explorer processes when file or code installs are restricted. By default, the Information Bar is not displayed for any process when file or code installs are restricted (except for the Internet Explorer Processes, for which the Information Bar is displayed by default).
If you enable this policy setting, the Information Bar will be displayed for all processes.
If you disable or do not configure this policy setting, the Information Bar will not be displayed for all processes other than Internet Explorer or those listed in the Process List.</string>
<string id="IESF_ExplainInformationBar_IE_Explain">This policy setting allows you to manage whether the Information Bar is displayed for Internet Explorer processes when file or code installs are restricted. By default, the Information Bar is displayed for Internet Explorer processes.
If you enable this policy setting, the Information Bar will be displayed for Internet Explorer Processes.
If you disable this policy setting, the Information Bar will not be displayed for Internet Explorer processes.
If you do not configure this policy setting, the Information Bar will be displayed for Internet Explorer Processes.</string>
<string id="IESF_ExplainInformationBar_ProcList_Explain">This policy setting allows you to manage whether the Information Bar is displayed for specific processes when file or code installs are restricted. By default, the Information Bar is not displayed for any process when file or code installs are restricted (except for the Internet Explorer Processes, for which the Information Bar is displayed by default).
If you enable this policy setting and enter a Value of 1, the Information Bar is displayed. If you enter a Value of 0 the Information Bar is not displayed. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.
Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable for IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.
If you disable or do not configure this policy setting, the Information Bar is not displayed for the specified processes.</string>
<string id="IESF_ExplainInformationBarCategory">Enables applications hosting the Web Browser Control to automatically show the Information Bar when file downloads or code installs are restricted.</string>
<string id="IESF_ExplainLocalMachineZoneLockdownSecurity_AllProcs_Explain">Internet Explorer places zone restrictions on each Web page it opens, which are dependent upon the location of the Web page (Internet, Intranet, Local Machine zone, etc.). Web pages on the local computer have the fewest security restrictions and reside in the Local Machine zone.
Local Machine zone security applies to all local files and content. This feature helps to mitigate attacks where the Local Machine zone is used as an attack vector to load malicious HTML code.
If you enable this policy setting, the Local Machine zone security applies to all local files and content processed by any process other than Internet Explorer or those defined in a process list.
If you disable or do not configure this policy setting, Local Machine zone security is not applied to local files or content processed by any process other than Internet Explorer or those defined in a process list.</string>
<string id="IESF_ExplainLocalMachineZoneLockdownSecurity_IE_Explain">Internet Explorer places zone restrictions on each Web page it opens, which are dependent upon the location of the Web page (Internet, Intranet, Local Machine zone, etc.). Web pages on the local computer have the fewest security restrictions and reside in the Local Machine zone.
Local Machine zone security applies to all local files and content processed by Internet Explorer. This feature helps to mitigate attacks where the Local Machine zone is used as an attack vector to load malicious HTML code.
If you enable this policy setting, the Local Machine zone security applies to all local files and content processed by Internet Explorer.
If you disable this policy setting, Local Machine zone security is not applied to local files or content processed by Internet Explorer.
If you do not configure this policy setting, the Local Machine zone security applies to all local files and content processed by Internet Explorer.</string>
<string id="IESF_ExplainLocalMachineZoneLockdownSecurity_ProcList_Explain">Internet Explorer places zone restrictions on each Web page it opens, which are dependent upon the location of the Web page (Internet, Intranet, Local Machine zone, and so on). Web pages on the local computer have the fewest security restrictions and reside in the Local Machine zone.
Local Machine zone security applies to all local files and content. This feature helps to mitigate attacks where the Local Machine zone is used as an attack vector to load malicious HTML code.
If you enable this policy setting and enter a value of 1, Local Machine Zone security applies. If you enter a value of 0, Local Machine Zone security does not apply. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.
Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.
If you disable or do not configure this policy setting, the security feature is allowed.</string>
<string id="IESF_ExplainLocalMachineZoneLockdownSecurityCategory">When Internet Explorer opens a Web page, it places restrictions on what the page can do, based on the location of the Web page. For example, Web pages that are located on the Internet might not be able to perform some operations, such as accessing information from the local hard drive.
On the other hand, Web pages on the local computer are in the Local Machine zone, where they have the fewest security restrictions. The Local Machine zone is an Internet Explorer security zone, but is not displayed in the settings for Internet Explorer. The Local Machine zone allows Web content to run with fewer restrictions. Unfortunately, attackers also try to take advantage of the Local Machine zone to elevate their privileges and compromise a computer.
In Windows XP Service Pack 2, all local files and content that is processed by Internet Explorer has the security of the Local Machine zone applied to it. This differs from previous versions, where local content was considered to be secure and had no zone-based security was placed on it.
This feature dramatically restricts HTML in the Local Machine zone and controls running in the Local Machine Zone. This helps to mitigate attacks where the Local Machine zone is used as an attack vector to load malicious code.</string>
<string id="IESF_ExplainMimeSniffingSafetyFeature_AllProcs_Explain">This policy setting determines whether Internet Explorer MIME sniffing will prevent promotion of a file of one type to a more dangerous file type.
If you enable this policy setting, the Mime Sniffing Safety Feature is enabled for all processes.
If you disable or do not configure this policy setting, the Mime Sniffing Safety Feature is disabled for all processes.</string>
<string id="IESF_ExplainMimeSniffingSafetyFeature_IE_Explain">This policy setting determines whether Internet Explorer MIME sniffing will prevent promotion of a file of one type to a more dangerous file type.
If you enable this policy setting, MIME sniffing will never promote a file of one type to a more dangerous file type.
If you disable this policy setting, Internet Explorer processes will allow a MIME sniff promoting a file of one type to a more dangerous file type.
If you do not configure this policy setting, MIME sniffing will never promote a file of one type to a more dangerous file type.</string>
<string id="IESF_ExplainMimeSniffingSafetyFeature_ProcList_Explain">This policy setting determines whether Internet Explorer MIME sniffing will prevent promotion of a file of one type to a more dangerous file type.
This policy setting allows administrators to define applications for which they want this security feature to be prevented or allowed.
If you enable this policy setting and enter a Value of 1, this protection will be in effect. If you enter a Value of 0, any file may be promoted to more dangerous file types. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.
Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.
If you disable or do not configure this policy setting, the security feature is allowed.</string>
<string id="IESF_ExplainMimeSniffingSafetyFeatureCategory">One of the backup criteria for determining a file type is the result of the MIME sniff. By examining (or sniffing) a file, Internet Explorer can recognize the bit signatures of certain types of files. In Windows XP Service Pack 2, Internet Explorer MIME sniffing will never promote a file of one type to a more dangerous file type. For example, files that are received as plain text but that include HTML code will not be promoted to the HTML type, which could contain malicious code.
In the absence of other file type information, the MIME sniff might be the only information that determines how to handle a given file download. If, for instance, Internet Explorer upgrades a text file to an HTML file, the file might execute code from the browser and possibly elevate the file's security privilege.
Settings note: this feature can be turned off by zone in IE security zones settings.</string>
<string id="IESF_ExplainMKProtocolSecurityRestriction_AllProcs_Explain">The MK Protocol Security Restriction policy setting reduces attack surface area by preventing the MK protocol. Resources hosted on the MK protocol will fail.
If you enable this policy setting, the MK Protocol is disabled for all processes. Any use of the MK Protocol is blocked.
If you disable or do not configure this policy setting, the MK Protocol is enabled.</string>
<string id="IESF_ExplainMKProtocolSecurityRestriction_IE_Explain">The MK Protocol Security Restriction policy setting reduces attack surface area by preventing the MK protocol. Resources hosted on the MK protocol will fail.
If you enable this policy setting, the MK Protocol is prevented for Windows Explorer and Internet Explorer, and resources hosted on the MK protocol will fail.
If you disable this policy setting, applications can use the MK protocol API. Resources hosted on the MK protocol will work for the Windows Explorer and Internet Explorer processes.
If you do not configure this policy setting, the MK Protocol is prevented for Windows Explorer and Internet Explorer, and resources hosted on the MK protocol will fail.</string>
<string id="IESF_ExplainMKProtocolSecurityRestriction_ProcList_Explain">The MK Protocol Security Restriction policy setting reduces attack surface area by preventing the MK protocol. Resources hosted on the MK protocol will fail.
This policy setting allows administrators to define applications for which they want this security feature to be prevented or allowed.
If you enable this policy setting and enter a Value of 1, use of the MK protocol is prevented. If you enter a Value of 0, use of the MK protocol is allowed. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.
Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.
If you disable or do not configure this policy setting, the policy setting is ignored.
</string>
<string id="IESF_ExplainMKProtocolSecurityRestrictionCategory">In a reduction of attack surface, retired protocols are no longer supported. This feature disables the MK protocol. Resources hosted on the MK protocol will fail. Some legacy middleware apps may use this API, and this registry key can be set to allow them to continue to use it.</string>
<string id="IESF_ExplainNetworkProtocolLockdown_AllProcs_Explain">Internet Explorer may be configured to prevent active content obtained through restricted protocols from running in an unsafe manner. This policy setting controls whether restricting content obtained through restricted protocols is prevented or allowed.
If you enable this policy setting, restricting content obtained through restricted protocols is allowed for all processes other than Windows Explorer or Internet Explorer.
If you disable this policy setting, restricting content obtained through restricted protocols is prevented for all processes other than Windows Explorer or Internet Explorer.
If you do not configure this policy setting, no policy is enforced for processes other than Windows Explorer and Internet Explorer.</string>
<string id="IESF_ExplainNetworkProtocolLockdown_IE_Explain">Windows Explorer and Internet Explorer may be configured to prevent active content obtained through restricted protocols from running in an unsafe manner. This policy setting controls whether restricting content obtained through restricted protocols is prevented or allowed.
If you enable this policy setting, restricting content obtained through restricted protocols is allowed for Windows Explorer and Internet Explorer processes. For example, you can restrict active content from pages served over the http and https protocols by adding the value names http and https.
If you disable this policy setting, restricting content obtained through restricted protocols is prevented for Windows Explorer and Internet Explorer processes.
If you do not configure this policy setting, the policy setting is ignored.</string>
<string id="IESF_ExplainNetworkProtocolLockdown_ProcList_Explain">Internet Explorer may be configured to prevent active content obtained through restricted protocols from running in an unsafe manner. This policy setting controls whether restricting content obtained through restricted protocols is prevented or allowed.
This policy setting allows administrators to define applications for which they want restricting content obtained through restricted protocols to be prevented or allowed.
If you enable this policy setting and enter a Value of 1, restricting content obtained through restricted protocols is allowed. If you enter a Value of 0, restricting content obtained through restricted protocols is blocked. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.
Do not enter the Windows Explorer or Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable these processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.
If you disable or do not configure this policy setting, the security feature is allowed.</string>
<string id="IESF_ExplainNetworkProtocolLockdownCategory">In Windows Explorer, Internet Explorer, or any other process which opts into the security restriction, Network Protocol Lockdown may be implemented in any security zone in order to prevent active content obtained through restricted protocols from running in an unsafe manner, if the target URL is in that zone. Each zone may be set to either prompt the user when such content attempts to run, or to simply disallow the content in that zone.</string>
<string id="IESF_ExplainObjectCachingProtection_AllProcs_Explain">This policy setting defines whether a reference to an object is accessible when the user navigates within the same domain or to a new domain.
If you enable this policy setting, object reference is no longer accessible when navigating within or across domains for all processes.
If you disable or do not configure this policy setting, object reference is retained when navigating within or across domains in the Restricted Zone sites.</string>
<string id="IESF_ExplainObjectCachingProtection_IE_Explain">This policy setting defines whether a reference to an object is accessible when the user navigates within the same domain or to a new domain.
If you enable this policy setting, an object reference is no longer accessible when navigating within or across domains for Internet Explorer processes.
If you disable this policy setting, an object reference is retained when navigating within or across domains for Internet Explorer processes.
If you do not configure this policy setting, an object reference is no longer accessible when navigating within or across domains for Internet Explorer processes.</string>
<string id="IESF_ExplainObjectCachingProtection_ProcList_Explain">This policy setting defines whether a reference to an object is accessible when the user navigates within the same domain or to a new domain.
This policy setting allows administrators to define applications for which they want this security feature to be prevented or allowed.
If you enable this policy setting and enter a Value of 1, references to objects are inaccessible after navigation. If you enter a Value of 0, references to objects are still accessible after navigation. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.
Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.
If you disable or do not configure this policy setting, the security feature is allowed.</string>
<string id="IESF_ExplainObjectCachingProtectionCategory">In previous versions of Windows with Internet Explorer, some Web pages could access objects cached from another Web site. In Windows XP Service Pack 2, a reference to an object is no longer accessible when the user navigates to a new domain.
For Windows XP Service Pack 2, there is now a new security context on all scriptable objects so that access to all cached objects is blocked. In addition to blocking access when navigating across domains, access is also blocked when navigating within the same domain. (In this context, a domain is defined as a fully qualified domain name (FQDN)). A reference to an object is no longer accessible after the context has changed due to navigation.</string>
<string id="IESF_ExplainProtectionFromZoneElevation_AllProcs_Explain">Internet Explorer places restrictions on each Web page it opens. The restrictions are dependent upon the location of the Web page (Internet, Intranet, Local Machine zone, and so on). For example, Web pages on the local computer have the fewest security restrictions and reside in the Local Machine zone, making the Local Machine security zone a prime target for malicious users.
If you enable this policy setting, any zone can be protected from zone elevation for all processes.
If you disable or do not configure this policy setting, processes other than Internet Explorer or those listed in the Process List receive no such protection.</string>
<string id="IESF_ExplainProtectionFromZoneElevation_IE_Explain">Internet Explorer places restrictions on each Web page it opens. The restrictions are dependent upon the location of the Web page (Internet, Intranet, Local Machine zone, etc.). Web pages on the local computer have the fewest security restrictions and reside in the Local Machine zone, making the Local Machine security zone a prime target for malicious users. Zone Elevation also disables JavaScript navigation if there is no security context.
If you enable this policy setting, any zone can be protected from zone elevation by Internet Explorer processes.
If you disable this policy setting, no zone receives such protection for Internet Explorer processes.
If you do not configure this policy setting, any zone can be protected from zone elevation by Internet Explorer processes.</string>
<string id="IESF_ExplainProtectionFromZoneElevation_ProcList_Explain">Internet Explorer places restrictions on each Web page it opens. The restrictions are dependent upon the location of the Web page (Internet, Intranet, Local Machine zone, and so on). Web pages on the local computer have the fewest security restrictions and reside in the Local Machine zone, making the Local Machine security zone a prime target for malicious users. Zone Elevation also disables JavaScript navigation if there is no security context.
This policy setting allows administrators to define applications for which they want this security feature to be prevented or allowed.
If you enable this policy setting and enter a Value of 1, elevation to more privileged zones can be prevented. If you enter a Value of 0, elevation to any zone is allowed. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.
Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.
If you disable or do not configure this policy setting, the security feature is allowed.</string>
<string id="IESF_ExplainProtectionFromZoneElevationCategory">When a Web page is opened in Internet Explorer, Internet Explorer puts restrictions on what the page can do, based on where that Web page came from: the Internet, a local intranet server, a trusted site, and so on. For example, pages on the Internet have stricter security restrictions than pages on a user's local intranet. Web pages on a user's computer are in the Local Machine security zone, where they have the fewest security restrictions. This makes the Local Machine security zone a prime target for malicious users. Zone Elevation Blocks makes it harder to get code to run in this zone. (As a separate feature, Local Machine Zone Lockdown makes the zone less vulnerable to malicious users by changing its security settings.)
Internet Explorer prevents the overall security context for any link on a page from being higher than the security context of the root URL. This means, for example, that a page in the Internet zone cannot navigate to a page in the Local Intranet zone, except as the result of a user-initiated action. A script, for example, could not cause this navigation. For the purpose of this mitigation, the security context ranking of the zones, from highest security context to lowest, is: Restricted Sites zone, Internet zone, Local Intranet zone, Trusted Sites zone, and Local Machine zone.
Zone Elevation also disables JavaScript navigation if there is no security context.
Settings note: this feature can be turned off or set to prompt by zone in IE security zones settings.</string>
<string id="IESF_ExplainRestrictActiveXInstall_AllProcs_Explain">This policy setting enables applications hosting the Web Browser Control to block automatic prompting of ActiveX control installation.
If you enable this policy setting, the Web Browser Control will block automatic prompting of ActiveX control installation for all processes.
If you disable or do not configure this policy setting, the Web Browser Control will not block automatic prompting of ActiveX control installation for all processes.</string>
<string id="IESF_ExplainRestrictActiveXInstall_IE_Explain">This policy setting enables blocking of ActiveX control installation prompts for Internet Explorer processes.
If you enable this policy setting, prompting for ActiveX control installations will be blocked for Internet Explorer processes.
If you disable this policy setting, prompting for ActiveX control installations will not be blocked for Internet Explorer processes.
If you do not configure this policy setting, the user's preference will be used to determine whether to block ActiveX control installations for Internet Explorer processes.</string>
<string id="IESF_ExplainRestrictActiveXInstall_ProcList_Explain">This policy setting enables applications hosting the Web Browser Control to block automatic prompting of ActiveX control installation.
If you enable this policy setting and enter a Value of 1, automatic prompting of ActiveX control installation is blocked. If you enter a Value of 0, automatic prompting of ActiveX control installation is allowed. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.
Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.
If you disable or do not configure this policy setting, the security feature is allowed.</string>
<string id="IESF_ExplainRestrictActiveXInstallCategory">Enables applications hosting the Web Browser Control to block automatic prompting of ActiveX control installation. If a policy setting blocks prompting for an ActiveX control installation, the Information Bar appears instead.</string>
<string id="IESF_ExplainRestrictFileDownload_AllProcs_Explain">This policy setting enables applications hosting the Web Browser Control to block automatic prompting of file downloads that are not user initiated.
If you enable this policy setting, the Web Browser Control will block automatic prompting of file downloads that are not user initiated for all processes.
If you disable this policy setting, the Web Browser Control will not block automatic prompting of file downloads that are not user initiated for all processes.</string>
<string id="IESF_ExplainRestrictFileDownload_IE_Explain">This policy setting enables blocking of file download prompts that are not user initiated.
If you enable this policy setting, file download prompts that are not user initiated will be blocked for Internet Explorer processes.
If you disable this policy setting, prompting will occur for file downloads that are not user initiated for Internet Explorer processes.
If you do not configure this policy setting, the user's preference determines whether to prompt for file downloads that are not user initiated for Internet Explorer processes.</string>
<string id="IESF_ExplainRestrictFileDownload_ProcList_Explain">This policy setting enables applications hosting the Web Browser Control to block automatic prompting of file downloads that are not user initiated.
If you enable this policy setting and enter a Value of 1, automatic prompting of non-initiated file downloads is blocked. If you enter a Value of 0, automatic prompting of non-initiated file downloads is allowed. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.
Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.
If you disable or do not configure this policy setting, the security feature is allowed.</string>
<string id="IESF_ExplainRestrictFileDownloadCategory">Enables applications hosting the Web Browser Control to block automatic prompting of file downloads that were not user initiated. If a policy setting blocks prompting for a file download, the Information Bar appears instead.</string>
<string id="IESF_ExplainScriptedWindowSecurityRestrictions_AllProcs_Explain">Internet Explorer allows scripts to programmatically open, resize, and reposition windows of various types. The Window Restrictions security feature restricts popup windows and prohibits scripts from displaying windows in which the title and status bars are not visible to the user or obfuscate other Windows' title and status bars.
If you enable this policy setting, scripted windows are restricted for all processes.
If you disable or do not configure this policy setting, scripted windows are not restricted.</string>
<string id="IESF_ExplainScriptedWindowSecurityRestrictions_IE_Explain">Internet Explorer allows scripts to programmatically open, resize, and reposition windows of various types. The Window Restrictions security feature restricts popup windows and prohibits scripts from displaying windows in which the title and status bars are not visible to the user or obfuscate other Windows' title and status bars.
If you enable this policy setting, popup windows and other restrictions apply for Windows Explorer and Internet Explorer processes.
If you disable this policy setting, scripts can continue to create popup windows and windows that obfuscate other windows.
If you do not configure this policy setting, popup windows and other restrictions apply for Windows Explorer and Internet Explorer processes.</string>
<string id="IESF_ExplainScriptedWindowSecurityRestrictions_ProcList_Explain">Internet Explorer allows scripts to programmatically open, resize, and reposition windows of various types. The Window Restrictions security feature restricts popup windows and prohibits scripts from displaying windows in which the title and status bars are not visible to the user or obfuscate other Windows' title and status bars.
This policy setting allows administrators to define applications for which they want this security feature to be prevented or allowed.
If you enable this policy setting and enter a Value of 1, such windows may not be opened. If you enter a Value of 0, windows have none of these restrictions. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.
Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.
If you disable or do not configure this policy setting, the security feature is allowed.</string>
<string id="IESF_ExplainScriptedWindowSecurityRestrictionsCategory">Internet Explorer provides the capability for scripts to programmatically open additional windows of various types, and to resize and reposition existing windows. The Window Restrictions security feature restricts two types of script-initiated windows that have been used by malicious persons to deceive users: popup windows (which do not have components such as the address bar, title bar, status bar, and toolbars) and windows that include the title bar and status bar.
Script-initiated windows with the title bar and status bar are constrained in scripted movement to ensure that these important and informative bars remain visible after the operation completes.
- Scripts cannot position windows so that the title bar or address bar are above the visible top of the display.
- Scripts cannot position windows such that the status bar is below the visible bottom of the display.
- Script-initiated windows that include a title bar and status bar are constrained in scripted sizing to ensure that the title bar and status bar remain visible after the operation completes.
- Scripts cannot resize windows such that the title bar, address bar, or status bar cannot be seen.
- When creating a window, the definition of the fullscreen=yes specification is changed to mean "show the window as maximized," which will keep the title bar, address bar, and status bar visible.
Internet Explorer has been modified to not turn off the status bar for any windows. The status bar is always visible for all Internet Explorer windows.
Script-initiated popup windows are now constrained so that they:
- Do not extend above the top or below the bottom of the parent Internet Explorer Web Object Control (WebOC) window.
- Are smaller in height than the parent WebOC window.
- Overlap the parent window horizontally.
- Stay with the parent window if the parent window moves.
- Appear above its parent so other windows (such as a dialog box) cannot be hidden.</string>
<string id="IESF_ExplainSecurityFeaturesCategory">Contains settings to enable or disable security features for Internet Explorer, Windows Explorer and other applications.</string>
<string id="IESF_NPLRest_Category">Restricted Protocols Per Security Zone</string>
<string id="IESF_NPLRest_Category_Explain">The list of restricted protocols governed by Network Protocol Lockdown varies per security zone. Use these policies to set the restricted protocol list for each zone.
If policy is set in both Computer Configuration and User Configuration, the two lists are combined.</string>
<string id="IESF_NPLRest_InternetZone">Internet Zone Restricted Protocols</string>
<string id="IESF_NPLRest_IntranetZone">Intranet Zone Restricted Protocols</string>
<string id="IESF_NPLRest_LocalMachineZone">Local Machine Zone Restricted Protocols</string>
<string id="IESF_NPLRest_RestrictedSitesZone">Restricted Sites Zone Restricted Protocols</string>
<string id="IESF_NPLRest_TrustedSitesZone">Trusted Sites Zone Restricted Protocols</string>
<string id="IESF_NPLRestrictionsList_Explain">For each zone, the Network Protocol Lockdown security restriction may be configured to prevent active content obtained through restricted protocols from running in an unsafe manner, either by prompting the user, or simply disabling the content. For each zone, this list of protocols may be configured here, and applies to all processes which have opted in to the security restriction.
If you enable this policy setting for a zone, this sets the list of protocols to be restricted if that zone is set to Prompt or Disable for "Allow active content over restricted protocols to access my computer."
If you disable or do not configure this policy setting for a zone, no protocols are restricted for that zone, regardless of the setting for "Allow active content over restricted protocols to access my computer."
Note. If policy for a zone is set in both Computer Configuration and User Configuration, both lists of protocols will be restricted for that zone.</string>
<string id="IZ_ExplainIncludeUnspecifiedLocalSites">This policy setting controls whether local sites which are not explicitly mapped into any Security Zone are forced into the local Intranet security zone.
If you enable this policy setting, local sites which are not explicitly mapped into a zone are considered to be in the Intranet Zone.
If you disable this policy setting, local sites which are not explicitly mapped into a zone will not be considered to be in the Intranet Zone (so would typically be in the Internet Zone).
If you do not configure this policy setting, users choose whether to force local sites into the Intranet Zone.</string>
<string id="IZ_ExplainProxyByPass">This policy setting controls whether sites which bypass the proxy server are mapped into the local Intranet security zone.
If you enable this policy setting, sites which bypass the proxy server are mapped into the Intranet Zone.
If you disable this policy setting, sites which bypass the proxy server aren't necessarily mapped into the Intranet Zone (other rules might map one there).
If you do not configure this policy setting, users choose whether sites which bypass the proxy server are mapped into the Intranet Zone.</string>
<string id="IZ_ExplainUNCAsIntranet">This policy setting controls whether URLs representing UNCs are mapped into the local Intranet security zone.
If you enable this policy setting, all network paths are mapped into the Intranet Zone.
If you disable this policy setting, network paths are not necessarily mapped into the Intranet Zone (other rules might map one there).
If you do not configure this policy setting, users choose whether network paths are mapped into the Intranet Zone.</string>
<string id="IZ_ExplainZonemaps">This policy setting allows you to manage a list of sites that you want to associate with a particular security zone. These zone numbers have associated security settings that apply to all of the sites in the zone.
Internet Explorer has 4 security zones, numbered 1-4, and these are used by this policy setting to associate sites to zones. They are: (1) Intranet zone, (2) Trusted Sites zone, (3) Internet zone, and (4) Restricted Sites zone. Security settings can be set for each of these zones through other policy settings, and their default settings are: Trusted Sites zone (Low template), Intranet zone (Medium-Low template), Internet zone (Medium template), and Restricted Sites zone (High template). (The Local Machine zone and its locked down equivalent have special security settings that protect your local computer.)
If you enable this policy setting, you can enter a list of sites and their related zone numbers. The association of a site with a zone will ensure that the security settings for the specified zone are applied to the site.  For each entry that you add to the list, enter the following information:
Valuename – A host for an intranet site, or a fully qualified domain name for other sites. The valuename may also include a specific protocol. For example, if you enter http://www.contoso.com as the valuename, other protocols are not affected. If you enter just www.contoso.com, then all protocols are affected for that site, including http, https, ftp, and so on. The site may also be expressed as an IP address (e.g., 127.0.0.1) or range (e.g., 127.0.0.1-10). To avoid creating conflicting policies, do not include additional characters after the domain such as trailing slashes or URL path. For example, policy settings for www.contoso.com and www.contoso.com/mail would be treated as the same policy setting by Internet Explorer, and would therefore be in conflict.
Value - A number indicating the zone with which this site should be associated for security settings. The Internet Explorer zones described above are 1-4.
If you disable this policy setting, any such list is deleted and no site-to-zone assignments are permitted.
If this policy is not configured, users may choose their own site-to-zone assignments.</string>
<string id="IZ_ExplainZoneTemplatesPolicy">This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.
If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.
If you disable this template policy setting, no security level is configured.
If you do not configure this template policy setting, no security level is configured.
Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.
Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.</string>
<string id="IZ_IncludeUnspecifiedLocalSites">Intranet Sites: Include all local (intranet) sites not listed in other zones</string>
<string id="IZ_InternetZoneLockdown">Locked-Down Internet Zone</string>
<string id="IZ_InternetZoneLockdown_Explain">The settings in this zone apply only if the Internet Zone is in 'lockdown' mode, such as when the Network Protocol Lockdown security feature is in effect. If the zone is locked down, these URL action settings do not override the standard Internet Zone settings, but are compared against them. If the settings for that URL action in the two zones are the same, then that setting is used. Otherwise, the user is presented with an Information Bar, and may allow the zone to operate with the standard (non-lockdown) zone's setting.</string>
<string id="IZ_IntranetZoneLockdown_Explain">The settings in this zone apply only if the Intranet Zone is in 'lockdown' mode, such as when the Network Protocol Lockdown security feature is in effect. If the zone is locked down, these URL action settings do not override the standard Intranet Zone settings, but are compared against them. If the settings for that URL action in the two zones are the same, then that setting is used. Otherwise, the user is presented with an Information Bar, and may allow the zone to operate with the standard (non-lockdown) zone's setting.</string>
<string id="IZ_LocalMachineZoneLockdown">Locked-Down Local Machine Zone</string>
<string id="IZ_LocalMachineZoneLockdown_Explain">The settings in this zone apply only if the Local Machine Zone is in 'lockdown' mode, such as when the Local Machine Zone Lockdown security feature is in effect. If the zone is locked down, these URL action settings do not override the standard Local Machine Zone settings, but are compared against them. If the settings for that URL action in the two zones are the same, then that setting is used. Otherwise, the user is presented with an Information Bar, and may allow the zone to operate with the standard (non-lockdown) zone's setting.</string>
<string id="IZ_Policy_AddressStatusBar">Allow websites to open windows without address or status bars</string>
<string id="IZ_Policy_AddressStatusBar_Explain">This policy setting controls whether websites can open new Internet Explorer Windows with no Status Bar or Address Bar.
If you enable this policy setting, websites can open new Internet Explorer Windows with no Status Bar or Address Bar.
If you disable this policy setting, websites cannot open new Internet Explorer Windows with no Status Bar or Address Bar.
If you do not configure this policy setting, user can choose whether websites can open new Internet Explorer Windows with no Status Bar or Address Bar.</string>
<string id="IZ_Policy_AllowDynsrcPlayback">Allow video and animation on a webpage that does not use external media player (through dynsrc attribute)</string>
<string id="IZ_Policy_AllowDynsrcPlayback_Explain">This policy setting allows you to play video and animation through the dynsrc/img tag in a specified zone. This means video and animation using DirectShow will be enabled or disabled using this policy. Please note video and animation playback through the object tag may still be allowed as this involves external controls/media players.
If you enable this policy setting, video and animation can be played through the img/dynsrc tag in the zones chosen.
If you disable this policy setting, video and animation cannot be played through the img/dynsrc tag.
If you do not configure this policy setting, video and animation can be played through the img/dynsrc tag in the zones chosen.</string>
<string id="IZ_Policy_AllowScriptlets_Explain">This policy setting allows you to manage whether scriptlets can be allowed.
If you enable this policy setting, users will be able to run scriptlets.
If you disable this policy setting, users will not be able to run scriptlets.
If you do not configure this policy setting, a scriptlet can be enabled or disabled by the user.</string>
<string id="IZ_Policy_FirstRunOptIn">Turn Off First-Run Opt-In</string>
<string id="IZ_Policy_FirstRunOptIn_ExplainDefaultDisable">This policy setting controls the First Run response that users see on a zone by zone basis. When a user encounters a new control that has not previously run in Internet Explorer, they may be prompted to approve the control. This feature determines if the user gets the prompt or not.
If you enable this policy setting, the Gold Bar prompt will be turned off in the corresponding zone.
If you disable this policy setting, the Gold Bar prompt will be turned on in the corresponding zone.
If you do not configure this policy setting, the first-run prompt is turned off by default.</string>
<string id="IZ_Policy_FirstRunOptIn_ExplainDefaultEnable">This policy setting controls the First Run response that users see on a zone by zone basis. When a user encounters a new control that has not previously run in Internet Explorer, they may be prompted to approve the control. This feature determines if the user gets the prompt or not.
If you enable this policy setting, the Gold Bar prompt will be turned off in the corresponding zone.
If you disable this policy setting, the Gold Bar prompt will be turned on in the corresponding zone.
If you do not configure this policy setting, the first-run prompt is turned on by default.</string>
<string id="IZ_Policy_LocalPathForUpload">Include local directory path when uploading files to a server</string>
<string id="IZ_Policy_LocalPathForUpload_Explain">This policy setting controls whether or not the local path information will be sent when uploading a file via a HTML form. If the local path information is sent, some information may be unintentionally revealed to the server. For instance, files sent from the a user's desktop may contain the username as a part of the path.
If you enable this policy setting, path information will be sent when uploading files via a HTML form.
If you disable this policy setting, path information will be removed when uploading a file via a HTML form.
If you do not configure this policy setting, user can choose whether path information will be sent when uploading a file via a form. By default, path information will be sent.</string>
If you enable this policy setting, script Prompts will be shown.
If you disable this policy setting, users must choose to display any script Prompts using the Information bar.
If you do not configure this policy setting, the Information bar behavior can be enabled or disabled by the user.</string>
<string id="IZ_Policy_ScriptStatusBar">Allow status bar updates via script</string>
<string id="IZ_Policy_ScriptStatusBar_ExplainDefaultDisable">This policy setting allows you to manage whether script is allowed to update the status bar within the zone.
If you enable this policy setting, script is allowed to update the status bar.
If you disable this policy setting, script is not allowed to update the status bar.
If you do not configure this policy setting, status bar updates via scripts will be disabled.</string>
<string id="IZ_Policy_ScriptStatusBar_ExplainDefaultEnable">This policy setting allows you to manage whether script is allowed to update the status bar within the zone.
If you enable this policy setting, script is allowed to update the status bar.
If you disable this policy setting, script is not allowed to update the status bar.
If you do not configure this policy, status bar updates via scripts will be enabled.</string>
<string id="IZ_Policy_TurnOnProtectedMode">Turn on Protected Mode</string>
<string id="IZ_Policy_TurnOnProtectedMode_Explain">Protected mode protects Internet Explorer from exploited vulnerabilities by reducing the locations Internet Explorer can write to in the registry and the file system.
If you enable this policy setting, Protected Mode will be turned on. Users will not be able to turn off protected mode.
If you disable this policy setting, Protected Mode will be turned off. It will revert to Internet Explorer 6 behavior that allows for Internet Explorer to write to the registry and the file system. Users will not be able to turn on protected mode.
If you do not configure this policy, users will be able to turn on or off protected mode.</string>
<string id="IZ_Policy_UnsafeFiles">Launching programs and unsafe files</string>
<string id="IZ_Policy_UnsafeFiles_Explain">This policy setting controls whether or not the "Open File - Security Warning" prompt is shown when launching executables or other unsafe files.
For instance, if the user launches an executable from an Intranet file share using Windows Explorer, this setting controls whether or not a prompt is shown before the file is opened.
If you enable this policy setting and the dropdown box is set to Enable, files will open without a security prompt. If the dropdown box is set to Prompt, a security prompt will be shown before opening the files.
If you disable this policy setting, files will not be opened.
If you do not configure this policy setting, users can configure the prompt behavior. By default, execution is blocked in the Restricted Zone, enabled in the Intranet and Local Computer zone, and set to prompt in the Internet and Trusted zones.</string>
<string id="IZ_Policy_WebBrowserApps_Explain">These are browser-hosted, ClickOnce-deployed applications built using WinFX. These applications execute in a security sandbox and harness the power of the Windows Presentation Foundation platform for the Web.
If you enable this policy setting and the dropdown box is set to Enable, .XBAPs will be automatically loaded inside Internet Explorer 7.0. User will not be able to change this behavior. If the dropdown box is set to Prompt, users will receive a prompt for loading .XBAPs.
If you disable this policy setting, .XBAPs will not be loaded inside Internet Explorer 7.0. User will not be able to change this behavior.
If you do not configure this policy setting, users will have the freedom to decide whether to load XBAPs inside Internet Explorer 7.0.</string>
<string id="IZ_Policy_WebBrowserControl">Allow scripting of Internet Explorer web browser control</string>
<string id="IZ_Policy_WebBrowserControl_Explain">This policy setting controls whether a page may control embedded WebBrowser Controls via script.
If you enable this policy setting, script access to the WebBrowser Control is allowed.
If you disable this policy setting, script access to the WebBrowser Control is not allowed.
If you do not configure this policy setting, script access to the WebBrowser Control can be enabled or disabled by the user. By default, script access to the WebBrowser Control is only allowed in the Local Machine and Intranet zones.</string>
<string id="IZ_Policy_WinFXRuntimeComponent_Explain">This feature represents the setup of WinFX Runtime Components. WinFX is the next generation platform for Windows, utilizing the Common Language Runtime (.NET v2.0) and incorporating support from a number of developer tools. WinFX is the specification for the new managed code APIs for Windows. It is the successor to Win32 and supersets the APIs in the .NET Framework.
This policy setting prevents the user machine from launching WinFX Setup when navigating to WinFX contents in IE7.
If you enable this policy setting, WinFX Runtime Components Setup will be disabled. User will not be able to change this behavior.
If you disable this policy setting, WinFX Runtime Components Setup will be enabled. User will not be able to change this behavior.
If you do not configure this policy setting, WinFX Runtime Components Setup will be enabled by default. User will have the freedom to change this behavior.</string>
<string id="IZ_Policy_XAML">Loose or un-compiled XAML files</string>
<string id="IZ_Policy_XAML_Explain">These are eXtensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that leverage the Windows Presentation Foundation.
If you enable this policy setting and the dropdown box is set to Enable, .XAML files will be automatically loaded inside Internet Explorer 7.0. User will not be able to change this behavior. If the dropdown box is set to Prompt, users will receive a prompt for loading .XAML files.
If you disable this policy setting, .XAML files will not be loaded inside Internet Explorer 7. User will not be able to change this behavior.
If you do not configure this policy setting, users will have the freedom to decide whether to load XAML files inside Internet Explorer 7.0.</string>
<string id="IZ_Policy_XPS">XPS files</string>
<string id="IZ_Policy_XPS_Explain">These are files authored using the XML Paper Specification document format that contain a fixed-layout representation of its paginated content and is portable across platforms, devices, and applications.
If you enable this policy setting and the dropdown box is set to Enable, .XPS files will be automatically loaded inside Internet Explorer 7.0. Users will not be able to change this behavior. If the dropdown box is set to Prompt, users will receive a prompt for loading .XPS files.
If you disable this policy setting, .XPS files will not be loaded inside Internet Explorer 7. User will not be able to change this behavior.
If you do not configure this policy setting, users will have the freedom to decide whether to load XPS files inside Internet Explorer 7.0.</string>
<string id="IZ_PolicyAccessDataSourcesAcrossDomains">Access data sources across domains</string>
<string id="IZ_PolicyAccessDataSourcesAcrossDomains_ExplainDefaultDisable">This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).
If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.</string>
<string id="IZ_PolicyAccessDataSourcesAcrossDomains_ExplainDefaultEnable">This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).
If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone.</string>
<string id="IZ_PolicyAccessDataSourcesAcrossDomains_ExplainDefaultPrompt">This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).
If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
If you do not configure this policy setting, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.</string>
<string id="IZ_PolicyActiveScripting">Allow active scripting</string>
<string id="IZ_PolicyActiveScripting_ExplainDefaultDisable">This policy setting allows you to manage whether script code on pages in the zone is run.
If you enable this policy setting, script code on pages in the zone can run automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow script code on pages in the zone to run.
If you disable this policy setting, script code on pages in the zone is prevented from running.
If you do not configure this policy setting, script code on pages in the zone is prevented from running.</string>
<string id="IZ_PolicyActiveScripting_ExplainDefaultEnable">This policy setting allows you to manage whether script code on pages in the zone is run.
If you enable this policy setting, script code on pages in the zone can run automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow script code on pages in the zone to run.
If you disable this policy setting, script code on pages in the zone is prevented from running.
If you do not configure this policy setting, script code on pages in the zone can run automatically.</string>
<string id="IZ_PolicyActiveScripting_ExplainDefaultPrompt">This policy setting allows you to manage whether script code on pages in the zone is run.
If you enable this policy setting, script code on pages in the zone can run automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow script code on pages in the zone to run.
If you disable this policy setting, script code on pages in the zone is prevented from running.
If you do not configure this policy setting, users are queried to choose whether to allow script code on pages in the Local Machine zone to run.</string>
<string id="IZ_PolicyAllowMETAREFRESH">Allow META REFRESH</string>
<string id="IZ_PolicyAllowMETAREFRESH_ExplainDefaultDisable">This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.
If you enable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to another Web page.
If you disable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page.
If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page.</string>
<string id="IZ_PolicyAllowMETAREFRESH_ExplainDefaultEnable">This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.
If you enable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to another Web page.
If you disable this policy setting, a user's browser that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page.
If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected to another Web page.</string>
<string id="IZ_PolicyAllowPasteViaScript">Allow cut, copy or paste operations from the clipboard via script</string>
<string id="IZ_PolicyAllowPasteViaScript_ExplainDefaultDisable">This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste) in a specified region.
If you enable this policy setting, a script can perform a clipboard operation.
If you select Prompt in the drop-down box, users are queried as to whether to perform clipboard operations.
If you disable this policy setting, a script cannot perform a clipboard operation.
If you do not configure this policy setting, a script cannot perform a clipboard operation.</string>
<string id="IZ_PolicyAllowPasteViaScript_ExplainDefaultEnable">This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste) in a specified region.
If you enable this policy setting, a script can perform a clipboard operation.
If you select Prompt in the drop-down box, users are queried as to whether to perform clipboard operations.
If you disable this policy setting, a script cannot perform a clipboard operation.
If you do not configure this policy setting, a script can perform a clipboard operation.</string>
<string id="IZ_PolicyBinaryBehaviors">Allow binary and script behaviors</string>
<string id="IZ_PolicyBinaryBehaviors_ExplainDefaultAdminApproved">This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.
If you enable this policy setting, binary and script behaviors are available. If you select Administrator approved in the drop-down box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available.
If you disable this policy setting, binary and script behaviors are not available unless applications have implemented a custom security manager.
If you do not configure this policy setting, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available.</string>
<string id="IZ_PolicyBinaryBehaviors_ExplainDefaultDisable">This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.
If you enable this policy setting, binary and script behaviors are available. If you select Administrator approved in the drop-down box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available.
If you disable this policy setting, binary and script behaviors are not available unless applications have implemented a custom security manager.
If you do not configure this policy setting, binary and script behaviors are not available unless applications have implemented a custom security manager.</string>
<string id="IZ_PolicyBinaryBehaviors_ExplainDefaultEnable">This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.
If you enable this policy setting, binary and script behaviors are available. If you select Administrator approved in the drop-down box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available.
If you disable this policy setting, binary and script behaviors are not available unless applications have implemented a custom security manager.
If you do not configure this policy setting, binary and script behaviors are available.</string>
<string id="IZ_PolicyBlockPopupWindows_ExplainDefaultDisable">This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.
If you enable this policy setting, most unwanted pop-up windows are prevented from appearing.
If you disable this policy setting, pop-up windows are not prevented from appearing.
If you do not configure this policy setting, pop-up windows are not prevented from appearing.</string>
<string id="IZ_PolicyBlockPopupWindows_ExplainDefaultEnable">This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.
If you enable this policy setting, most unwanted pop-up windows are prevented from appearing.
If you disable this policy setting, pop-up windows are not prevented from appearing.
If you do not configure this policy setting, most unwanted pop-up windows are prevented from appearing.</string>
<string id="IZ_PolicyDisplayMixedContent_ExplainDefaultPrompt">This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.
If you enable this policy setting, and the drop-down box is set to Enable, the user does not receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure items?) and nonsecure content can be displayed.
If the drop-down box is set to Prompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content.
If you disable this policy setting, users cannot receive the security information message and nonsecure content cannot be displayed.
If you do not configure this policy setting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http://) content.</string>
<string id="IZ_PolicyDownloadSignedActiveX">Download signed ActiveX controls</string>
<string id="IZ_PolicyDownloadSignedActiveX_ExplainDefaultDisable">This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.
If you enable this policy, users can download signed controls without user intervention. If you select Prompt in the drop-down box, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded.
If you disable the policy setting, signed controls cannot be downloaded.
If you do not configure this policy setting, signed controls cannot be downloaded.</string>
<string id="IZ_PolicyDownloadSignedActiveX_ExplainDefaultEnable">This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.
If you enable this policy, users can download signed controls without user intervention. If you select Prompt in the drop-down box, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded.
If you disable the policy setting, signed controls cannot be downloaded.
If you do not configure this policy setting, users can download signed controls without user intervention.</string>
<string id="IZ_PolicyDownloadSignedActiveX_ExplainDefaultPrompt">This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.
If you enable this policy, users can download signed controls without user intervention. If you select Prompt in the drop-down box, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded.
If you disable the policy setting, signed controls cannot be downloaded.
If you do not configure this policy setting, users are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded.</string>
<string id="IZ_PolicyDownloadUnsignedActiveX_ExplainDefaultDisable">This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an untrusted zone.
If you enable this policy setting, users can run unsigned controls without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to allow the unsigned control to run.
If you disable this policy setting, users cannot run unsigned controls.
If you do not configure this policy setting, users cannot run unsigned controls.</string>
<string id="IZ_PolicyDownloadUnsignedActiveX_ExplainDefaultEnable">This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an untrusted zone.
If you enable this policy setting, users can run unsigned controls without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to allow the unsigned control to run.
If you disable this policy setting, users cannot run unsigned controls.
If you do not configure this policy setting, users can run unsigned controls without user intervention.</string>
<string id="IZ_PolicyDownloadUnsignedActiveX_ExplainDefaultPrompt">This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful, especially when coming from an untrusted zone.
If you enable this policy setting, users can run unsigned controls without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to allow the unsigned control to run.
If you disable this policy setting, users cannot run unsigned controls.
If you do not configure this policy setting, users are queried to choose whether to allow the unsigned control to run.</string>
<string id="IZ_PolicyDropOrPasteFiles">Allow drag and drop or copy and paste files</string>
<string id="IZ_PolicyDropOrPasteFiles_ExplainDefaultEnable">This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.
If you enable this policy setting, users can drag files or copy and paste files from this zone automatically. If you select Prompt in the drop-down box, users are queried to choose whether to drag or copy files from this zone.
If you disable this policy setting, users are prevented from dragging files or copying and pasting files from this zone.
If you do not configure this policy setting, users can drag files or copy and paste files from this zone automatically.</string>
<string id="IZ_PolicyDropOrPasteFiles_ExplainDefaultPrompt">This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.
If you enable this policy setting, users can drag files or copy and paste files from this zone automatically. If you select Prompt in the drop-down box, users are queried to choose whether to drag or copy files from this zone.
If you disable this policy setting, users are prevented from dragging files or copying and pasting files from this zone.
If you do not configure this policy setting, users are queried to choose whether to drag or copy files from this zone.</string>
<string id="IZ_PolicyFileDownload_ExplainDefaultDisable">This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download, not the zone from which the file is delivered.
If you enable this policy setting, files can be downloaded from the zone.
If you disable this policy setting, files are prevented from being downloaded from the zone.
If you do not configure this policy setting, files are prevented from being downloaded from the zone.</string>
<string id="IZ_PolicyFileDownload_ExplainDefaultEnable">This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download, not the zone from which the file is delivered.
If you enable this policy setting, files can be downloaded from the zone.
If you disable this policy setting, files are prevented from being downloaded from the zone.
If you do not configure this policy setting, files can be downloaded from the zone.</string>
<string id="IZ_PolicyFontDownload">Allow font downloads</string>
<string id="IZ_PolicyFontDownload_ExplainDefaultEnable">This policy setting allows you to manage whether pages of the zone may download HTML fonts.
If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.
If you disable this policy setting, HTML fonts are prevented from downloading.
If you do not configure this policy setting, HTML fonts can be downloaded automatically.</string>
<string id="IZ_PolicyFontDownload_ExplainDefaultPrompt">This policy setting allows you to manage whether pages of the zone may download HTML fonts.
If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.
If you disable this policy setting, HTML fonts are prevented from downloading.
If you do not configure this policy setting, users are queried whether to allow HTML fonts to download.</string>
<string id="IZ_PolicyInstallDesktopItems">Allow installation of desktop items</string>
<string id="IZ_PolicyInstallDesktopItems_ExplainDefaultDisable">This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting, users can install desktop items from this zone automatically.
If you select Prompt in the drop-down box, users are queried to choose whether to install desktop items from this zone.
If you disable this policy setting, users are prevented from installing desktop items from this zone.
If you do not configure this policy setting, users are prevented from installing desktop items from this zone.</string>
<string id="IZ_PolicyInstallDesktopItems_ExplainDefaultEnable">This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting, users can install desktop items from this zone automatically.
If you select Prompt in the drop-down box, users are queried to choose whether to install desktop items from this zone.
If you disable this policy setting, users are prevented from installing desktop items from this zone.
If you do not configure this policy setting, users can install desktop items from this zone automatically.</string>
<string id="IZ_PolicyInstallDesktopItems_ExplainDefaultPrompt">This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting, users can install desktop items from this zone automatically.
If you select Prompt in the drop-down box, users are queried to choose whether to install desktop items from this zone.
If you disable this policy setting, users are prevented from installing desktop items from this zone.
If you do not configure this policy setting, users are queried to choose whether to install desktop items from this zone.</string>
<string id="IZ_PolicyInternetZoneLockdownTemplate">Locked-Down Internet Zone Template</string>
<string id="IZ_PolicyInternetZoneTemplate">Internet Zone Template</string>
<string id="IZ_PolicyIntranetZoneLockdownTemplate">Locked-Down Intranet Zone Template</string>
<string id="IZ_PolicyIntranetZoneTemplate">Intranet Zone Template</string>
<string id="IZ_PolicyJavaPermissions_ExplainDefaultDisable">This policy setting allows you to manage permissions for Java applets.
If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually.
Low Safety enables applets to perform all operations.
Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.
High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.
If you disable this policy setting, Java applets cannot run.
If you do not configure this policy setting, Java applets are disabled.</string>
<string id="IZ_PolicyJavaPermissions_ExplainDefaultHigh">This policy setting allows you to manage permissions for Java applets.
If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually.
Low Safety enables applets to perform all operations.
Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.
High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.
If you disable this policy setting, Java applets cannot run.
If you do not configure this policy setting, the permission is set to High Safety.</string>
<string id="IZ_PolicyJavaPermissions_ExplainDefaultLow">This policy setting allows you to manage permissions for Java applets.
If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually.
Low Safety enables applets to perform all operations.
Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.
High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.
If you disable this policy setting, Java applets cannot run.
If you do not configure this policy setting, the permission is set to Low Safety.</string>
<string id="IZ_PolicyJavaPermissions_ExplainDefaultMedium">This policy setting allows you to manage permissions for Java applets.
If you enable this policy setting, you can choose options from the drop-down box. Custom, to control permissions settings individually.
Low Safety enables applets to perform all operations.
Medium Safety enables applets to run in their sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file I/O.
High Safety enables applets to run in their sandbox. Disable Java to prevent any applets from running.
If you disable this policy setting, Java applets cannot run.
If you do not configure this policy setting, the permission is set to Medium Safety.</string>
<string id="IZ_PolicyLaunchAppsAndFilesInIFRAME">Launching applications and files in an IFRAME</string>
<string id="IZ_PolicyLaunchAppsAndFilesInIFRAME_ExplainDefaultDisable">This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.
If you enable this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone.
If you disable this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in this zone.
If you do not configure this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in this zone.</string>
<string id="IZ_PolicyLaunchAppsAndFilesInIFRAME_ExplainDefaultEnable">This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.
If you enable this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone.
If you disable this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in this zone.
If you do not configure this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user intervention.</string>
<string id="IZ_PolicyLaunchAppsAndFilesInIFRAME_ExplainDefaultPrompt">This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.
If you enable this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user intervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone.
If you disable this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in this zone.
If you do not configure this policy setting, users are queried to choose whether to run applications and download files from IFRAMEs on the pages in this zone.</string>
<string id="IZ_PolicyLocalMachineZoneLockdownTemplate">Locked-Down Local Machine Zone Template</string>
<string id="IZ_PolicyLocalMachineZoneTemplate">Local Machine Zone Template</string>
<string id="IZ_PolicyLogon_ExplainDefaultAutomatic">This policy setting allows you to manage settings for logon options.
If you enable this policy setting, you can choose from the following logon options.
Anonymous logon to disable HTTP authentication and use the guest account only for the Common Internet File System (CIFS) protocol.
Prompt for user name and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder of the session.
Automatic logon only in Intranet zone to query users for user IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session.
Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not supported by the server, the user is queried to provide the user name and password.
If you disable this policy setting, logon is set to Automatic logon only in Intranet zone.
If you do not configure this policy setting, logon is set to Automatic logon with current username and password.</string>
<string id="IZ_PolicyLogon_ExplainDefaultLogonInIntranet">This policy setting allows you to manage settings for logon options.
If you enable this policy setting, you can choose from the following logon options.
Anonymous logon to disable HTTP authentication and use the guest account only for the Common Internet File System (CIFS) protocol.
Prompt for user name and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder of the session.
Automatic logon only in Intranet zone to query users for user IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session.
Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not supported by the server, the user is queried to provide the user name and password.
If you disable this policy setting, logon is set to Automatic logon only in Intranet zone.
If you do not configure this policy setting, logon is set to Automatic logon only in Intranet zone.</string>
<string id="IZ_PolicyLogon_ExplainDefaultPrompt">This policy setting allows you to manage settings for logon options.
If you enable this policy setting, you can choose from the following logon options.
Anonymous logon to disable HTTP authentication and use the guest account only for the Common Internet File System (CIFS) protocol.
Prompt for user name and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder of the session.
Automatic logon only in Intranet zone to query users for user IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session.
Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not supported by the server, the user is queried to provide the user name and password.
If you disable this policy setting, logon is set to Automatic logon only in Intranet zone.
If you do not configure this policy setting, logon is set to Prompt for username and password.</string>
<string id="IZ_PolicyMimeSniffingURLaction">Open files based on content, not file extension</string>
<string id="IZ_PolicyMimeSniffingURLaction_ExplainDefaultDisable">This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.
If you enable this policy setting, the MIME Sniffing Safety Feature will not apply in this zone. The security zone will run without the added layer of security provided by this feature.
If you disable this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the feature control setting for the process.
If you do not configure this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the feature control setting for the process.</string>
<string id="IZ_PolicyMimeSniffingURLaction_ExplainDefaultEnable">This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.
If you enable this policy setting, the MIME Sniffing Safety Feature will not apply in this zone. The security zone will run without the added layer of security provided by this feature.
If you disable this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dictated by the feature control setting for the process.
If you do not configure this policy setting, the MIME Sniffing Safety Feature will not apply in this zone.</string>
<string id="IZ_PolicyNavigateSubframesAcrossDomains">Navigate sub-frames across different domains</string>
<string id="IZ_PolicyNavigateSubframesAcrossDomains_ExplainDefaultDisable">This policy setting allows you to manage the opening of sub-frames and access of applications across different domains.
If you enable this policy setting, users can open additional sub-frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow additional sub-frames or access to applications from other domains.
If you disable this policy setting, users cannot open other sub-frames or access applications from different domains.
If you do not configure this policy setting, users cannot open other sub-frames or access applications from different domains.</string>
<string id="IZ_PolicyNavigateSubframesAcrossDomains_ExplainDefaultEnable">This policy setting allows you to manage the opening of sub-frames and access of applications across different domains.
If you enable this policy setting, users can open sub-frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow sub-frames or access to applications from other domains.
If you disable this policy setting, users cannot open sub-frames or access applications from different domains.
If you do not configure this policy setting, users can open sub-frames from other domains and access applications from other domains.</string>
<string id="IZ_PolicyNetworkProtocolLockdown">Allow active content over restricted protocols to access my computer</string>
<string id="IZ_PolicyNetworkProtocolLockdown_ExplainDefaultDisable">This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Trusted Sites Zone can run active content such as script, ActiveX, Java and Binary Behaviors. The list of restricted protocols may be set in the Trusted Sites Zone Restricted Protocols section under Network Protocol Lockdown policy.
If you enable this policy setting, no Trusted Sites Zone content accessed is affected, even for protocols on the restricted list. If you select Prompt from the drop-down box, the Information Bar will appear to allow control over questionable content accessed over any restricted protocols; content over other protocols is unaffected.
If you disable this policy setting, all attempts to access such content over the restricted protocols is blocked.
If you do not configure this policy setting, all attempts to access such content over the restricted protocols is blocked when the Network Protocol Lockdown security feature is enabled.</string>
<string id="IZ_PolicyNetworkProtocolLockdown_ExplainDefaultPrompt">This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script, ActiveX, Java and Binary Behaviors. The list of restricted protocols may be set in the Intranet Zone Restricted Protocols section under Network Protocol Lockdown policy.
If you enable this policy setting, no Intranet Zone content accessed is affected, even for protocols on the restricted list. If you select Prompt from the drop-down box, the Information Bar will appear to allow control over questionable content accessed over any restricted protocols; content over other protocols is unaffected.
If you disable this policy setting, all attempts to access such content over the restricted protocols is blocked.
If you do not configure this policy setting, the Information Bar will appear to allow control over questionable content accessed over any restricted protocols when the Network Protocol Lockdown security feature is enabled.</string>
<string id="IZ_PolicyNoPromptForOneOrNoClientCertificate">Do not prompt for client certificate selection when no certificates or only one certificate exists.</string>
<string id="IZ_PolicyNoPromptForOneOrNoClientCertificate_ExplainDefaultDisable">This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.
If you enable this policy setting, Internet Explorer does not prompt users with a "Client Authentication" message when they connect to a Web site that has no certificate or only one certificate.
If you disable this policy setting, Internet Explorer prompts users with a "Client Authentication" message when they connect to a Web site that has no certificate or only one certificate.
If you do not configure this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a Web site that has no certificate or only one certificate.</string>
<string id="IZ_PolicyNoPromptForOneOrNoClientCertificate_ExplainDefaultEnable">This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.
If you enable this policy setting, Internet Explorer does not prompt users with a "Client Authentication" message when they connect to a Web site that has no certificate or only one certificate.
If you disable this policy setting, Internet Explorer prompts users with a "Client Authentication" message when they connect to a Web site that has no certificate or only one certificate.
If you do not configure this policy setting, Internet Explorer does not prompt users with a "Client Authentication" message when they connect to a Web site that has no certificate or only one certificate.</string>
<string id="IZ_PolicyNotificationBarActiveXURLaction">Automatic prompting for ActiveX controls</string>
<string id="IZ_PolicyNotificationBarActiveXURLaction_ExplainDefaultDisable">This policy setting manages whether users will be automatically prompted for ActiveX control installations.
If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.
If you disable this policy setting, ActiveX control installations will be blocked using the Information Bar. Users can click on the Information Bar to allow the ActiveX control prompt.
If you do not configure this policy setting, ActiveX control installations will be blocked using the Information Bar. Users can click on the Information Bar to allow the ActiveX control prompt.</string>
<string id="IZ_PolicyNotificationBarActiveXURLaction_ExplainDefaultEnable">This policy setting manages whether users will be automatically prompted for ActiveX control installations.
If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.
If you disable this policy setting, ActiveX control installations will be blocked using the Information Bar. Users can click on the Information Bar to allow the ActiveX control prompt.
If you do not configure this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.</string>
<string id="IZ_PolicyNotificationBarDownloadURLaction">Automatic prompting for file downloads</string>
<string id="IZ_PolicyNotificationBarDownloadURLaction_ExplainDefaultDisable">This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.
If you enable this setting, users will receive a file download dialog for automatic download attempts.
If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Information Bar instead of the file download dialog. Users can then click the Information Bar to allow the file download prompt.</string>
<string id="IZ_PolicyNotificationBarDownloadURLaction_ExplainDefaultEnable">This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.
If you enable this setting, users will receive a file download dialog for automatic download attempts.
If you disable or do not configure this setting, users will receive a file download dialog for automatic download attempts.</string>
<string id="IZ_PolicyRestrictedSitesZoneLockdownTemplate">Locked-Down Restricted Sites Zone Template</string>
<string id="IZ_PolicyRestrictedSitesZoneTemplate">Restricted Sites Zone Template</string>
<string id="IZ_PolicyRunActiveXControls">Run ActiveX controls and plugins</string>
<string id="IZ_PolicyRunActiveXControls_ExplainDefaultDisable">This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.
If you enable this policy setting, controls and plug-ins can run without user intervention.
If you selected Prompt in the drop-down box, users are asked to choose whether to allow the controls or plug-in to run.
If you disable this policy setting, controls and plug-ins are prevented from running.
If you do not configure this policy setting, controls and plug-ins are prevented from running.</string>
<string id="IZ_PolicyRunActiveXControls_ExplainDefaultEnable">This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.
If you enable this policy setting, controls and plug-ins can run without user intervention.
If you selected Prompt in the drop-down box, users are asked to choose whether to allow the controls or plug-in to run.
If you disable this policy setting, controls and plug-ins are prevented from running.
If you do not configure this policy setting, controls and plug-ins can run without user intervention.</string>
<string id="IZ_PolicyScriptActiveXMarkedSafe">Script ActiveX controls marked safe for scripting</string>
<string id="IZ_PolicyScriptActiveXMarkedSafe_ExplainDefaultDisable">This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.
If you enable this policy setting, script interaction can occur automatically without user intervention.
If you select Prompt in the drop-down box, users are queried to choose whether to allow script interaction.
If you disable this policy setting, script interaction is prevented from occurring.
If you do not configure this policy setting, script interaction is prevented from occurring.</string>
<string id="IZ_PolicyScriptActiveXMarkedSafe_ExplainDefaultEnable">This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.
If you enable this policy setting, script interaction can occur automatically without user intervention.
If you select Prompt in the drop-down box, users are queried to choose whether to allow script interaction.
If you disable this policy setting, script interaction is prevented from occurring.
If you do not configure this policy setting, script interaction can occur automatically without user intervention.</string>
<string id="IZ_PolicyScriptActiveXNotMarkedSafe">Initialize and script ActiveX controls not marked as safe</string>
<string id="IZ_PolicyScriptActiveXNotMarkedSafe_ExplainDefaultDisable">This policy setting allows you to manage ActiveX controls not marked as safe.
If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.
If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.
If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.</string>
<string id="IZ_PolicyScriptActiveXNotMarkedSafe_ExplainDefaultPrompt">This policy setting allows you to manage ActiveX controls not marked as safe.
If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.
If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.
If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
If you do not configure this policy setting, users are queried whether to allow the control to be loaded with parameters or scripted.</string>
<string id="IZ_PolicyScriptingOfJavaApplets">Scripting of Java applets</string>
<string id="IZ_PolicyScriptingOfJavaApplets_ExplainDefaultDisable">This policy setting allows you to manage whether applets are exposed to scripts within the zone.
If you enable this policy setting, scripts can access applets automatically without user intervention.
If you select Prompt in the drop-down box, users are queried to choose whether to allow scripts to access applets.
If you disable this policy setting, scripts are prevented from accessing applets.
If you do not configure this policy setting, scripts are prevented from accessing applets.</string>
<string id="IZ_PolicyScriptingOfJavaApplets_ExplainDefaultEnable">This policy setting allows you to manage whether applets are exposed to scripts within the zone.
If you enable this policy setting, scripts can access applets automatically without user intervention.
If you select Prompt in the drop-down box, users are queried to choose whether to allow scripts to access applets.
If you disable this policy setting, scripts are prevented from accessing applets.
If you do not configure this policy setting, scripts can access applets automatically without user intervention.</string>
<string id="IZ_PolicySignedFrameworkComponentsURLaction">Run .NET Framework-reliant components signed with Authenticode</string>
<string id="IZ_PolicySignedFrameworkComponentsURLaction_ExplainDefaultDisable">This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
If you enable this policy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute signed managed components.
If you disable this policy setting, Internet Explorer will not execute signed managed components.
If you do not configure this policy setting, Internet Explorer will not execute signed managed components.</string>
<string id="IZ_PolicySignedFrameworkComponentsURLaction_ExplainDefaultEnable">This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
If you enable this policy setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute signed managed components.
If you disable this policy setting, Internet Explorer will not execute signed managed components.
If you do not configure this policy setting, Internet Explorer will execute signed managed components.</string>
<string id="IZ_PolicySoftwareChannelPermissions_ExplainDefaultHigh">This policy setting allows you to manage software channel permissions.
If you enable this policy setting, you can choose the following options from the drop-down box.
Low safety to allow users to be notified of software updates by e-mail, software packages to be automatically downloaded to users' computers, and software packages to be automatically installed on users' computers.
Medium safety to allow users to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' computers.
High safety to prevent users from being notified of software updates by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automatically installed on users' computers.
If you disable this policy setting, permissions are set to high safety.
If you do not configure this policy setting, permissions are set to High safety.</string>
<string id="IZ_PolicySoftwareChannelPermissions_ExplainDefaultLow">This policy setting allows you to manage software channel permissions.
If you enable this policy setting, you can choose the following options from the drop-down box.
Low safety to allow users to be notified of software updates by e-mail, software packages to be automatically downloaded to users' computers, and software packages to be automatically installed on users' computers.
Medium safety to allow users to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' computers.
High safety to prevent users from being notified of software updates by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automatically installed on users' computers.
If you disable this policy setting, permissions are set to high safety.
If you do not configure this policy setting, permissions are set to Low safety.</string>
<string id="IZ_PolicySoftwareChannelPermissions_ExplainDefaultMedium">This policy setting allows you to manage software channel permissions.
If you enable this policy setting, you can choose the following options from the drop-down box.
Low safety to allow users to be notified of software updates by e-mail, software packages to be automatically downloaded to users' computers, and software packages to be automatically installed on users' computers.
Medium safety to allow users to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' computers.
High safety to prevent users from being notified of software updates by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automatically installed on users' computers.
If you disable this policy setting, permissions are set to high safety.
If you do not configure this policy setting, permissions are set to Medium safety.</string>
<string id="IZ_PolicySubmitNonencryptedFormData">Submit non-encrypted form data</string>
<string id="IZ_PolicySubmitNonencryptedFormData_ExplainDefaultEnable">This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.
If you enable this policy setting, information using HTML forms on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow information using HTML forms on pages in this zone to be submitted.
If you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted.
If you do not configure this policy setting, information using HTML forms on pages in this zone can be submitted automatically.</string>
<string id="IZ_PolicySubmitNonencryptedFormData_ExplainDefaultPrompt">This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.
If you enable this policy setting, information using HTML forms on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to allow information using HTML forms on pages in this zone to be submitted.
If you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted.
If you do not configure this policy setting, users are queried to choose whether to allow information using HTML forms on pages in this zone to be submitted.</string>
<string id="IZ_PolicyTrustedSitesZoneLockdownTemplate">Locked-Down Trusted Sites Zone Template</string>
<string id="IZ_PolicyTrustedSitesZoneTemplate">Trusted Sites Zone Template</string>
<string id="IZ_PolicyUnsignedFrameworkComponentsURLaction">Run .NET Framework-reliant components not signed with Authenticode</string>
<string id="IZ_PolicyUnsignedFrameworkComponentsURLaction_ExplainDefaultDisable">This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.
If you disable this policy setting, Internet Explorer will not execute unsigned managed components.
If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.</string>
<string id="IZ_PolicyUnsignedFrameworkComponentsURLaction_ExplainDefaultEnable">This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.
If you disable this policy setting, Internet Explorer will not execute unsigned managed components.
If you do not configure this policy setting, Internet Explorer will execute unsigned managed components.</string>
<string id="IZ_PolicyUserdataPersistence_ExplainDefaultDisable">This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.
If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
If you do not configure this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.</string>
<string id="IZ_PolicyUserdataPersistence_ExplainDefaultEnable">This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.
If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.</string>
<string id="IZ_PolicyWindowsRestrictionsURLaction">Allow script-initiated windows without size or position constraints</string>
<string id="IZ_PolicyWindowsRestrictionsURLaction_ExplainDefaultDisable">This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.
If you enable this policy setting, Windows Restrictions security will not apply in this zone. The security zone runs without the added layer of security provided by this feature.
If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process.
If you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process.</string>
<string id="IZ_PolicyWindowsRestrictionsURLaction_ExplainDefaultEnable">This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.
If you enable this policy setting, Windows Restrictions security will not apply in this zone. The security zone runs without the added layer of security provided by this feature.
If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process.
If you do not configure this policy setting, Windows Restrictions security will not apply in this zone. The security zone runs without the added layer of security provided by this feature.</string>
<string id="IZ_PolicyZoneElevationURLaction">Web sites in less privileged Web content zones can navigate into this zone</string>
<string id="IZ_PolicyZoneElevationURLaction_ExplainDefaultDisable">This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.
If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.
If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.</string>
<string id="IZ_PolicyZoneElevationURLaction_ExplainDefaultEnable">This policy setting allows you to manage whether Web sites from less privileged zones, such as Restricted Sites, can navigate into this zone.
If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.
If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
If you do not configure this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone.</string>
<string id="IZ_PolicyZoneElevationURLaction_ExplainDefaultPrompt">This policy setting allows you to manage whether Web sites from less privileged zones, such as Restricted Sites, can navigate into this zone.
If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.
If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
If you do not configure this policy setting, a warning is issued to the user that potentially risky navigation is about to occur.</string>
<string id="IZ_ProxyByPass">Intranet Sites: Include all sites that bypass the proxy server</string>
<string id="IZ_RestrictedSitesZoneLockdown_Explain">The settings in this zone apply only if the Restricted Zone is in 'lockdown' mode, such as when the Network Protocol Lockdown security feature is in effect. If the zone is locked down, these URL action settings do not override the standard Restricted Zone settings, but are compared against them. If the settings for that URL action in the two zones are the same, then that setting is used. Otherwise, the relevant behavior is strictly blocked, preventing the zone from operating with the standard (non-lockdown) zone's setting.</string>
<string id="IZ_SecurityPageExplain">If you enable any policies for the security page, it is strongly recommended that you also configure policy to disable the security page from being presented in the UI to prevent users from believing that they can change their security settings.
You can disable the security page using the policy located at Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\.</string>
<string id="IZ_TrustedSitesZoneLockdown_Explain">The settings in this zone apply only if the Trusted Zone is in 'lockdown' mode, such as when the Network Protocol Lockdown security feature is in effect. If the zone is locked down, these URL action settings do not override the standard Trusted Zone settings, but are compared against them. If the settings for that URL action in the two zones are the same, then that setting is used. Otherwise, the user is presented with an Information Bar, and may allow the zone to operate with the standard (non-lockdown) zone's setting.</string>
<string id="IZ_UNCAsIntranet">Intranet Sites: Include all network paths (UNCs)</string>
<string id="IZ_Zonemaps">Site to Zone Assignment List</string>
<string id="LinkColor_Explain">This policy setting prevents users from changing the color of Web page links that they have not yet clicked. Appropriate color choices can make links easier to see for some users, especially those who use high-contrast color schemes.
If you enable this policy setting, a user cannot configure the color for links not yet clicked in Internet Explorer. You must specify the link color (for example: 192,192,192).
If you disable or do not configure this policy setting, users can choose the color for links not yet clicked.</string>
<string id="LinkcolorPol">Prevent users from configuring the color of links that have not yet been clicked</string>
<string id="LinkColors">Link Colors</string>
<string id="LinkColorVisited_Explain">This policy setting prevents users from changing the color of Web page links they have already clicked. Appropriate color choices can make links easier to see for some users, especially those who use high-contrast color schemes.
If you enable this policy setting, a user cannot configure the color for links already clicked in Internet Explorer. You must specify the link color (for example: 192,192,192).
If you disable or do not configure this policy setting, users can choose the color for links that have already been clicked.</string>
<string id="LinkColorVisitedPol">Prevent users from configuring the color of links that have already been clicked</string>
<string id="NoAddingSubscriptions">Disable adding schedules for offline pages</string>
<string id="NoAutomaticSignup">Turn on Automatic Signup</string>
<string id="NoAutomaticSignup_Explain">This policy setting allows Internet Explorer to be launched automatically to complete the signup process after the branding is complete for Internet service providers using Internet Explorer Administration Kit (IEAK).
If you enable this policy setting, Internet Explorer is launched automatically to complete the signup process after the branding is complete for ISPs (IEAK). The user cannot change this behavior.
If you disable this policy setting, Internet Explorer will not be launched automatically to complete the signup process after the branding is complete for ISPs (IEAK). The user cannot change this behavior.
If you do not configure this policy setting, the user will have the freedom to decide whether to launch Internet Explorer automatically to complete the signup process after the branding is complete for ISPs (IEAK).</string>
<string id="NoUpdateCheck">Disable Periodic Check for Internet Explorer software updates</string>
<string id="NoWindowReuse">Turn off configuration of window reuse</string>
<string id="OESettings">Configure Outlook Express</string>
<string id="PageTransitions">Turn off page transitions</string>
<string id="PageTransitions_Explain">This policy setting specifies if, as you move from one Web page to another, Internet Explorer fades out of the page you are leaving and fades into the page to which you are going.
If you enable this policy setting, page transitions will be turned off. The user cannot change this behavior.
If you disable this policy setting, page transitions will be turned on. The user cannot change this behavior.
If you do not configure this policy setting, the user can turn on or off page transitions.</string>
<string id="Printing_Explain">This policy setting specifies whether you want Internet Explorer to print background colors and images when you print a Web page. Selecting this check box might slow down the speed at which your page is printed and the quality of the print, depending on the capabilities of your printer.
If you enable this policy setting, Internet Explorer prints background colors and images when you print a Web page. The user cannot change this policy setting.
If you disable this policy setting, Internet Explorer will not print background colors and images when you print a Web page. The user cannot change this policy setting.
If you do not configure this policy setting, a user can turn on or off printing background colors and images.</string>
<string id="RestrictAutoImageResize">Turn off automatic image resizing</string>
<string id="RestrictAutoImageResize_Explain">This policy setting specifies that you want Internet Explorer to automatically resize large images so that they fit in the browser window.
If you enable this policy setting, automatic image resizing is turned off. The user cannot change this setting.
If you disable this policy setting, automatic image resizing is turned on. The user cannot change this setting.
If you do not configure this policy setting, the user can turn on or off automatic image resizing.</string>
<string id="RestrictCache">Disable changing Temporary Internet files settings</string>
<string id="RestrictCalendarContact">Disable changing Calendar and Contact settings</string>
<string id="RestrictResetWebSettings">Disable the Reset Web Settings feature</string>
<string id="RestrictSettings">Prevent the deletion of temporary Internet files and cookies</string>
<string id="RestrictWebAddressSuggest">Turn off the auto-complete feature for web addresses</string>
<string id="RSS_Feeds">RSS Feeds</string>
<string id="ScriptErrorCache">Turn on the display of a notification about every script error</string>
<string id="ScriptErrorCache_Explain">This policy setting specifies whether to display script errors when a page does not appear properly because of problems with its scripting. This feature is off by default, but is useful to developers when testing Web pages.
If you enable this policy setting, the user is shown the actual script errors when a page does not appear properly because of problems with its scripting. The user cannot change this policy setting.
If you disable this policy setting, the user is not shown the actual script errors when a page does not appear properly because of problems with its scripting. The user cannot change this policy setting.
If you do not configure this policy setting, the user can turn on or off the display of a notification about every script error.</string>
<string id="SecurityPage_AutoDetect">Turn on automatic detection of the intranet</string>
<string id="SecurityPage_WarnOnIntranet">Turn on Information bar notification for intranet content</string>
<string id="ShellNotifications">Disable software update shell notifications on program launch</string>
<string id="ShowPictures">Turn off picture display</string>
<string id="ShowPictures_Explain">This policy setting specifies whether graphical images should be included when pages are displayed.
Sometimes, pages that contain several graphical images are displayed very slowly. If you want to display pages more quickly, make sure this check box is cleared. When this check box is cleared, you can still display an individual image by right-clicking the icon that represents the image and then clicking Show Picture.
If you enable this policy setting, images are not shown. The user can still display an individual image by right-clicking the icon that represents the image and then clicking Show Picture. The user cannot change this setting. The "Show image download placeholders" option should be disabled.
If you disable this policy setting, pictures are shown. The user cannot change this setting.
If you do not configure this policy setting, the user will have the freedom to turn on or off displaying pictures</string>
<string id="ShowPlaceholders">Allow the display of image download placeholders</string>
<string id="ShowPlaceholders_Explain">This policy setting specifies whether placeholders should be shown for graphical images while they are downloading. This allows items in the page to be positioned where they would appear when the images are completely downloaded. This option is ignored if the Show Pictures check box is cleared.
If you enable this policy setting, placeholders will be drawn for graphical images while the images are downloading. The user cannot change this policy setting. The "Turn off picture display" policy setting must be disabled if this policy setting is enabled.
If you disable this policy setting, placeholders will not be drawn for graphical images while the images are downloading. The user cannot change this policy setting.
If you do not configure this policy setting, the user can allow or prevent the display of placeholders for graphical images while they are downloading.</string>
<string id="SmartImageDithering">Turn off smart image dithering</string>
<string id="SmartImageDithering_Explain">This policy setting specifies whether you want Internet Explorer to smooth images, so they appear less jagged when displayed.
If you enable this policy setting, images will not be smoothened for display. The user cannot change this policy setting.
If you disable this policy setting, images will be smoothened for display. The user cannot change this policy setting.
If you do not configure this policy setting, the user can turn on or off smart image dithering.</string>
<string id="SmoothScrolling">Turn off smooth scrolling</string>
<string id="SmoothScrolling_Explain">This policy setting specifies whether smooth scrolling is used to display content at a predefined speed.
If you enable this policy setting, smooth scrolling will be turned off. The user cannot change this behavior.
If you disable this policy setting, smooth scrolling will be turned on. The user cannot change this behavior.
If you do not configure this policy setting, the user can turn on or off smooth scrolling.</string>
<string id="SpecificSearchProvider">Restrict search providers to a specific list of providers</string>
<string id="SQM_DisableCEIP">Prevent participation in the Customer Experience Improvement Program</string>
<string id="SUPPORTED_IE4ONLY">Only Internet Explorer 4.0</string>
<string id="SUPPORTED_IE5">At least Internet Explorer 5.0</string>
<string id="SUPPORTED_IE5_6">Only Internet Explorer 5.0 and Internet Explorer 6.0</string>
<string id="SUPPORTED_IE5_NONVISTA">At least Internet Explorer 5.0. Not supported on Windows Vista</string>
<string id="SUPPORTED_IE6ONLY">Only Internet Explorer 6.0</string>
<string id="SUPPORTED_IE6SP2">At least Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1</string>
<string id="SUPPORTED_IE6SRVSP1">At least Internet Explorer 6.0 in Windows 2003 Service Pack 1</string>
<string id="SUPPORTED_IE6SRVSP1_NONVISTA">At least Internet Explorer 6.0 in Windows 2003 Service Pack 1. Not supported on Windows Vista</string>
<string id="SUPPORTED_IE6SRVSP1ONLY">Only Internet Explorer 6.0 in Windows 2003 Service Pack 1</string>
<string id="SUPPORTED_IE7">At least Internet Explorer 7.0</string>
<string id="SUPPORTED_IE7_NONVISTA">At least Internet Explorer 7.0. Not supported on Windows Vista</string>
<string id="SUPPORTED_IE7Vista">At least Internet Explorer 7.0 in Windows Vista</string>
<string id="Tools_Menu">Tools menu: Disable Internet Options... menu option</string>
<string id="UnderlineLinksPol">Turn off configuring underline links</string>
<string id="UnderlineLinksPol_Explain">This policy setting specifies how you want links on Web pages to be underlined. Select one of the following settings:
ΓÇó To underline all links, click Always.
ΓÇó To not underline links, click Never.
ΓÇó To underline links when your mouse pointer pauses on the link, click Hover.
If you enable this policy setting, a user cannot select when to underline links. You must specify when to underline links:
ΓÇó Always
ΓÇó Never
ΓÇó Hover (when your mouse pointer pauses on the link)
If you disable or do not configure this policy setting, the user can choose when to underline links.</string>
<string id="UpdateCheck">Periodic check for updates to Internet Explorer and Internet Tools</string>
<string id="UpdateIntervalPol">Turn off configuring the update check interval (in days)</string>
<string id="UpdateIntervalPol_Explain">This setting specifies the update check interval. The default value is 30 days.
If you enable this policy setting, the user will not be able to configure the update check interval. You have to specify the update check interval.
If you disable or do not configure this policy setting, the user will have the freedom to configure the update check interval.
</string>
<string id="UpdatePagePol">Turn off changing the URL to be displayed for checking updates to Internet Explorer and Internet Tools</string>
<string id="UpdatePagePol_Explain">This policy setting allows checking for updates for Internet Explorer from the specified URL, included by default in Internet Explorer.
If you enable this policy setting, users will not be able to change the URL to be displayed for checking updates to Internet Explorer and Internet Tools. You must specify the URL to be displayed for checking updates to Internet Explorer and Internet Tools.
If you disable or do not configure this policy setting, users will be able to change the URL to be displayed for checking updates to Internet Explorer and Internet Tools.</string>
<string id="URLFailsPol">Prevent configuration of search from the Address bar</string>
<string id="URLFailsPol_Explain">This policy setting specifies the action that will be performed when searching from the Address bar. There are two possible actions:
ΓÇó Do not search from the Address bar: Specifies to not use the Address bar for searches. You can still perform searches in the Search bar by clicking the Search button in the toolbar.
ΓÇó Just display the results in the main window: Specifies that, when you search from the Address bar, the list of search results be displayed in the main window.
If you enable this policy setting, you must specify what action should be performed when searching from the Address bar. The user cannot change it.
If you disable or not configure this policy setting, the user can specify what action should be performed when searching from the Address bar.</string>
<string id="UseHomePage">Go directly to home page</string>
<string id="UseHoverColor">Turn on the hover color option</string>
<string id="UseHoverColor_Explain">This policy setting is used to make hyperlinks change color when the mouse pointer pauses on them.
If you enable this policy setting, the hover color option will be turned on. The user cannot turn it off.
If you disable this policy setting, the hover color option will be turned off. The user cannot turn it on.
If you do not configure this policy setting, a user will have the freedom to turn on or off the hover color option.</string>
<string id="UserProxy">Make proxy settings per-machine (rather than per-user)</string>
<string id="UseWelcomeIEPage">Go directly to "Welcome To IE" page</string>
<string id="UseWindowsColors">Prevent the use of Windows colors</string>
<string id="UseWindowsColors_Explain">This policy setting prevents users from using Windows colors as a part of the display settings. By default, this functionality is turned on.
If you enable this policy setting, Windows colors will be turned off. The user cannot turn them on.
If you disable this policy setting, Windows colors will be turned on. The user cannot turn them on.
If you do not configure this policy setting, a user will have the freedom to turn on or off Windows colors for display.</string>
<string id="UTF8">Turn off sending URLs as UTF-8(requires restart)</string>
<string id="UTF8_Explain">This policy setting specifies whether to use UTF-8, a standard that defines characters so they are readable in any language. Using UTF-8 enables you to exchange Internet addresses (URLs) that contain characters from any language.
If you enable this policy setting, Internet Explorer does not allow sending URLs as UTF-8. The user cannot change this policy setting.
If you disable this policy setting, Internet Explorer allows sending URLs as UTF-8. The user cannot change this policy setting.
If you do not configure this policy setting, the user can allow or prevent the sending of URLs as UTF-8.</string>
<string id="View_NoTheaterMode">View menu: Disable Full Screen menu option</string>
<string id="View_NoViewSource">View menu: Disable Source menu option</string>
<dropdownList refId="IZ_Partname1A04" defaultItem="1">Do not prompt for client certificate selection when no certificates or only one certificate exists.</dropdownList>
<dropdownList refId="IZ_Partname1A04" defaultItem="1">Do not prompt for client certificate selection when no certificates or only one certificate exists.</dropdownList>
<dropdownList refId="IZ_Partname1A04" defaultItem="1">Do not prompt for client certificate selection when no certificates or only one certificate exists.</dropdownList>
<dropdownList refId="IZ_Partname1A04" defaultItem="1">Do not prompt for client certificate selection when no certificates or only one certificate exists.</dropdownList>
<dropdownList refId="IZ_Partname1A04" defaultItem="0">Do not prompt for client certificate selection when no certificates or only one certificate exists.</dropdownList>
<dropdownList refId="IZ_Partname1A04" defaultItem="1">Do not prompt for client certificate selection when no certificates or only one certificate exists.</dropdownList>
<dropdownList refId="IZ_Partname1A04" defaultItem="0">Do not prompt for client certificate selection when no certificates or only one certificate exists.</dropdownList>
<dropdownList refId="IZ_Partname1A04" defaultItem="1">Do not prompt for client certificate selection when no certificates or only one certificate exists.</dropdownList>
<dropdownList refId="IZ_Partname1A04" defaultItem="1">Do not prompt for client certificate selection when no certificates or only one certificate exists.</dropdownList>
<dropdownList refId="IZ_Partname1A04" defaultItem="1">Do not prompt for client certificate selection when no certificates or only one certificate exists.</dropdownList>
<dropdownList refId="IZ_Partname1A04" defaultItem="0">Do not prompt for client certificate selection when no certificates or only one certificate exists.</dropdownList>
<dropdownList refId="IZ_Partname1A04" defaultItem="1">Do not prompt for client certificate selection when no certificates or only one certificate exists.</dropdownList>
<dropdownList refId="IZ_Partname1A04" defaultItem="1">Do not prompt for client certificate selection when no certificates or only one certificate exists.</dropdownList>
<dropdownList refId="IZ_Partname1A04" defaultItem="0">Do not prompt for client certificate selection when no certificates or only one certificate exists.</dropdownList>
<dropdownList refId="IZ_Partname1A04" defaultItem="1">Do not prompt for client certificate selection when no certificates or only one certificate exists.</dropdownList>
<dropdownList refId="IZ_Partname1A04" defaultItem="0">Do not prompt for client certificate selection when no certificates or only one certificate exists.</dropdownList>
<dropdownList refId="IZ_Partname1A04" defaultItem="1">Do not prompt for client certificate selection when no certificates or only one certificate exists.</dropdownList>
<dropdownList refId="IZ_Partname1A04" defaultItem="1">Do not prompt for client certificate selection when no certificates or only one certificate exists.</dropdownList>
<dropdownList refId="IZ_Partname1A04" defaultItem="1">Do not prompt for client certificate selection when no certificates or only one certificate exists.</dropdownList>
<dropdownList refId="IZ_Partname1A04" defaultItem="0">Do not prompt for client certificate selection when no certificates or only one certificate exists.</dropdownList>
