Internet Explorer Security Options

With Internet Explorer security zones, you can specify security options for different zones of Web content. A zone is a collection of Web sites that you trust at the same level. You assign a Web site to a specific zone, then you set the appropriate security options for that zone.

You can adjust the Internet Explorer default settings to best match the security features of your system. For a secure intranet, for example, you can usually adjust the security setting to Low or an appropriate custom setting (after the Local intranet zone is configured to match the firewall).

The following paragraphs describe the Internet Explorer security options in detail to help you make the right security decisions for each option in each zone. All security options apply to the Internet Explorer browser; they are not system-wide. Other Internet programs may or may not respect these options. This list contains the Internet Explorer security options for 32-bit versions of the browser, although some options also apply to 16-bit and UNIX versions of the browser.

The following settings or sections do not apply:

• UNIX versions of the browser
  ActiveX controls and plugins
  Font download
  Software channel permissions
  Launching applications and files
  Installation of desktop items
• 16-bit versions of the browser
  User authentication
  Font download
  Software channel permissions
  Installation of desktop items
  Active scripting
  Launching applications and files from an IFrame

To set corporate security options, you must modify the settings by using the IEAK. The user views security options in the browser by clicking the Tools menu, clicking Internet Options, and then clicking the Security tab. To see custom settings, the user selects a security zone, and then clicks Custom Level.

ActiveX controls and plugins

These options control how ActiveX controls and plugins are administrator approved, downloaded, run, and scripted. For more information about managing and approving ActiveX controls, see Managing ActiveX Controls.

When a user downloads an ActiveX control from a site different than the site the control is used on, Internet Explorer uses the more restrictive of the two sites' zone settings. For example, if a user is viewing a Web page within a zone that is set to allow (Enable) a download, but the code is downloaded from another zone that is set to prompt the user first, then the prompt setting is used.

Script ActiveX controls marked safe for scripting
This option determines whether an ActiveX control marked safe for scripting can interact with a script. Note that safe-for-initialization controls loaded with PARAM tags are not affected by this option. This option is ignored when Initialize and script ActiveX controls not marked as safe is set to Enable because the setting bypasses all object safety. You cannot script unsafe controls while blocking the scripting of the safe ones.

Initialize and script ActiveX controls not marked as safe
ActiveX controls are classified as being either safe or unsafe. This option controls whether or not a script is allowed to interact with unsafe controls. Unsafe controls are not meant for use on Internet Web pages, but in some cases may be used with pages that can absolutely be trusted not to use the controls in a malicious way. Object safety should be enforced unless all ActiveX controls and scripts that might interact with pages in this zone can be trusted. The settings are as follows:

Run ActiveX controls and plugins
This option determines whether ActiveX controls and plugins can be run on pages from the specified zone. Disabling this option prevents running any ActiveX controls or plug-ins; therefore, the other ActiveX settings are ignored. Downloading, running, and scripting ActiveX controls are three distinct steps with options that apply to each separate step. Downloading options distinguish between signed and unsigned controls. Scripting options can be set for safe and unsafe controls separately. Whether a control is safe for scripting (or initialization) is determined by the control author and should not be confused with signing; signing and safety are independent. For more information, see the Microsoft Site Builder Network Workshop.

Download signed ActiveX controls
This option allows users to download signed ActiveX controls from pages in this zone. The settings are as follows:

• Enable lets users silently download any signed controls.
• Prompt displays a warning before users download controls signed by publishers that aren't trusted. This setting still enables users to download trusted publisher-signed code silently.
• Deny prevents users from downloading any signed controls.

Download unsigned ActiveX controls
This option allows users to download unsigned ActiveX controls from pages in this zone. This kind of code is potentially dangerous, especially when coming from an untrusted zone.

• Enable overrides object safety. ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.
• Prompt attempts to enforce object safety. However, if the ActiveX control cannot be made safe for untrusted data or scripts, then the user is given the option of allowing the control to be loaded with parameters or scripted.
• Disable enforces object safety for untrusted data or scripts. ActiveX controls that cannot be made safe are not loaded with parameters or scripted.

Java

Java permissions

You must have the Microsoft VM installed before the Java options are available.

These options control the downloading and running of Java within the zone. For Java downloads, if a control is downloaded from a different site than the page it is used on, the more restrictive setting of the two sites' zone settings is used. For example, if a user is accessing a Web page within a zone that is set to allow a download, but the code is downloaded from another zone that is set to prompt a user first, then the prompt setting is used.

The settings for most platforms are discussed below. For 16-bit versions of Windows operating systems, the available settings for Java permissions are Enable and Disable.

Each option setting determines the following:

• The maximum permission level silently granted to signed applets downloaded from the zone.
• The permissions granted to unsigned applets downloaded from the zone.
• The permissions granted to scripts on pages in the zone that call into applets.

The five options are:

• Custom controls permissions settings individually. In the Custom Permissions dialog box, the Unsigned tab specifies the permissions for both unsigned applets and for scripts calling Java. The Allowed Without Warning tab specifies the threshold up to which applets will silently be granted permissions.
• Low Safety enables applets to perform all operations unhindered.
• Medium Safety enables applets to run in their sandbox, an area in memory outside of which the program cannot make calls. It also enables capabilities like scratch space (a safe and secure storage area on the client computer) and user-controlled file Input/Output.
• High Safety enables applets to run in their sandbox.
• Disable Java does not allow any applets to run.

Scripting

Active scripting
This option determines whether script code on pages in this zone is run.

Scripting of Java applets
This option determines whether scripts within the zone are allowed to use objects that exist within Java applets, allowing the script on the page to interact with the Java applet.

Downloads

File Download
This option controls whether file downloads are permitted from within this zone. This option is determined by the zone of the page that contains the download link, not the zone from which the file is delivered.

Font download
This option determines whether users can download HTML fonts from pages within this zone.

User authentication

Logon

HTTP authentication honors the zone security policy for Logon credentials, which may have one of four values:

• Automatic logon only in Intranet zone: Prompts for user ID and password in other zones. After the user is prompted, this value can be used silently for the remainder of the session.
• Anonymous Logon: Disables HTTP authentication; uses guest account only for Common Internet File System (CIFS).
• Prompt for username and password: Prompts for user ID and password. After the user is prompted, this value may be used silently for the remainder of the session.
• Automatic logon with current username and password: The logon credential may be tried silently by Windows NT Challenge response (NTLM), an authentication protocol between an end-user client and application server, before prompting.

Miscellaneous

Access data sources across domains
This option specifies whether components that connect to data sources should be allowed to connect to a different server to obtain data. This applies only to data binding, such as active data objects. The settings are as follows:

• Enable allows database access to any source, even other domains.
• Prompt prompts users before allowing database access to any source in other domains.
• Disable allows database access only to the same domain as the page.

Submit non-encrypted form data
This option specifies whether HTML pages in the zone can submit forms to or accept forms from servers in the zone. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting affects only non-SSL form data submission.

Launching applications and files in an IFrame
This option controls whether users can launch applications and files from an IFRAME tag (containing a directory of a folder) in Web pages within this zone.

Installation of desktop items
This option controls whether users can install desktop items from Web pages within this zone.

Drag and drop or copy and paste files
This option controls whether users can drag or copy files from Web pages within this zone.

Software channel permissions
The settings are as follows:

• Low safety allows:
• E-mail notification
• Auto download
• Auto installation
• Medium safety allows:
• E-mail notification
• Auto download
• High safety allows:
• None of the software channel distribution features

Cookies

Allow per-session cookies (not stored)
Determines the settings for cookies, text files that store the user's preferences, that are used by a Web site while the user is visiting the site. For example, this setting would determine whether a "virtual shopping cart" could be created while a user is shopping online. Per-session cookies do not remain on the hard disk.

The settings are as follows:

• Enable means that cookies are automatically accepted.
• Prompt means that users receive a prompt before a cookie is created.
• Disable means that no cookies can be created. If you disable per-session cookies, some Web sites may not work properly.

Allow cookies that are stored on your computer
Determines the settings for cookies that are stored on the user's hard drive for future browsing sessions. For example, this setting would determine whether a list of preferences or a user's name was retained for the user's next visit.

The settings are as follows:

• Enable means that persistent cookies are automatically accepted.
• Prompt means that users receive a prompt before a persistent cookie is created.
• Disable means that no persistent cookies can be created. If you disable persistent cookies, some Web sites will not retain their settings when the user returns to the site.

Security options that cannot be configured

The following options are fixed and cannot be set by the user. High, Medium, Medium-low, and Low zone settings do not change the behavior of these options.

Launch From Webview
This option controls whether users can start programs and files from a folder viewed as a Web page. This setting applies to Windows 98 users and to users who upgraded from Internet Explorer 4 and are using the Windows Desktop Update. The zone of the customizing Web content, not the zone of the folder itself, determines the setting: