Condividi tramite


IEZoneAnalyzer v3

Announcing a major update to the IE security zone analyzer!

IEZoneAnalyzer is a utility for viewing and comparing Internet Explorer security zone settings. It is particularly valuable on systems controlled through Group Policy, on which the standard security settings dialog does not allow viewing of settings. IEZoneAnalyzer version 3 represents a total rewrite, adding a tremendous amount of new functionality compared to earlier versions. Note that IEZoneAnalyzer does not require administrative rights. It also does not have an installer – just run the utility directly. IEZoneAnalyzer does require.NET Framework 3.5.

Key features of IEZoneAnalyzer:

  • View effective security zone settings for any security zone on the local computer or exported from a remote computer and identify whether each setting was established by policy.
  • Compare settings between two or more security zones or templates.
  • View and compare entire sets of settings captured on different computers or on a single computer over time (e.g., to determine whether a system has drifted from its baseline settings).
  • Export results to Excel or to a Comma Separated Values (CSV) text file.
  • Filter comparison results to show only differences or conflicts.
  • Sort, reorder and resize result columns.
  • Copy selected or all results to the clipboard.

The download includes the program, sample files captured from various fresh systems with default settings, and extensive documentation. [Update, 22 Sept 2011: an updated version of IEZoneAnalyzer can be found here.]

Click on the thumbnails below to see full resolution screenshots:

View effective settings for the Internet zone captured on a Windows 7 x64 system with IE8 and USGCB settings applied:

View effective settings for the Internet zone captured on a Windows 7 x64 system with IE8 and USGCB settings applied

Compare all IE security zone settings on a Windows Vista SP2 with IE7 to those from a Windows XP x64 with IE6:

View effective settings for the Internet zone captured on a Windows 7 x64 system with IE8 and USGCB settings applied

Compare the Medium High template on the local computer, effective settings for the Internet zone on the local computer, and effective settings for the Internet zone captured on a Win7/IE8 system with USGCB settings:

Compare multiple templates and zones against one another

Effective settings for the five security zones exported to Excel:

Effective settings for the five security zones exported to Excel

Comments

  • Anonymous
    January 01, 2003
    Just install Classic Shell. It will restore the zone to the status bar.

  • Anonymous
    April 14, 2011
    very cool application

  • Anonymous
    April 15, 2011
    The comment has been removed

  • Anonymous
    July 19, 2011
    Thanks a million - you just saved my team days of work with this tool [Aaron Margosis]  You're welcome -- that's what it's for!

  • Anonymous
    July 19, 2011
    Thanks..I have used previous version too, but this one is good with some useful enhancements. Good work..Keep it up.

  • Anonymous
    July 21, 2011
    Does the output indicate the Option set for each policy? For example, when I run the tool against the Internet Zone and look at the policy "Submit non-encrypted form data", the tool says the policy is "Enabled". When you look at the GPO itself, when you can Enable the policy you have to set one of three options: Prompt, Enable or Disable. I can't tell if the tool is telling me that both the Policy and Option are set to "Enabled" or if the just the policy itself is "Enabled". [Aaron Margosis]  Great question.  I just tested, and based on what I saw, disabling the policy and setting it to "not configured" have the same effect -- no registry value for that setting under Policies, and consequenly it reverts to whatever the preference setting is.  If IEZoneAnalyzer reports "Enabled", the policy is enabled and it is configured to "Enabled."   That's shown in some spreadsheets as "Enabled:Enabled".  If IEZoneAnalyzer reports "Disabled", consider it "Enabled:Disabled" - as in, the policy is turned on and it is set to "Disabled".  (Seriously, no one ever gets confused by how these GP settings work, do they? :)

  • Anonymous
    October 14, 2011
    Re. confusing group policy poticy settings -, does this hep? : blogs.msdn.com/.../10171462.aspx

  • Anonymous
    March 02, 2012
    Aaron, Thank you very much for providing this tool, it is incredibly useful for documentation and debugging purposes. Question: On our corporate build (Win7EnterpriseSP1/64, IE 8.0.7601.17514), the following entries appear as "Unknown" at the bottom of the list: 2708 (Machine Preferences, Enabled) 2709 (Machine Preferences, Enabled) I haven't been able to find useful information about what they might represent - can you help me with this? Thank you very much in advance!

  • Anonymous
    August 03, 2012
    Any plans to incorporate a way to apply the extracted settings to a test machine? My use case would be a customer having difficulty on our web page when using IE, I get the extraction of his settings and compare to a machine that does work and try to find the difference that causes the issue. If I could apply his settings it would help easily replicate the issue. [Aaron Margosis] Not at this time.  I like that use case, but it would probably be misused.  E.g., people would probably use it to apply policy settings, but policy settings should be set through the Group Policy interfaces rather than being written directly to the registry.  It should be possible to extract the machine/user policies from the output using a script and converting it to a form that can be consumed byApply_LGPO_Delta...  If I had more spare time - or a customer willing to pay for my time to make it happen...

  • Anonymous
    December 29, 2013
    I've enhanced the IE security zone comparison utility that I posted here a few weeks ago. The new

  • Anonymous
    December 29, 2013
    Pingback from Viewing and Comparing IE Security Zone Settings - enhanced - Microsoft U.S. Partner Team - Partner Community - Microsoft Dynamics Community