Condividi tramite


About URL Security Zone Templates

Templates provide an easy way for users to set the level of security they want for a particular URL security zone. For more information on URL security zones, see About URL Security Zones.

The URL security zone templates provide different levels of security. The High template contains settings that provide the highest level of security by restricting Web sites from performing potentially damaging operations. The Low template contains settings that provide the lowest level of security, allowing Web sites more access to the user's system.

  • Security Zone Templates
    • High Template
    • Medium-High Template
    • Medium Template
    • Medium-Low Template
    • Low Template
  • Template-based Policy Values for URL Actions
  • URL Policy Changes
    • Microsoft Internet Explorer 6 Policy Changes
    • Internet Explorer 4.0 Policy Changes
  • Registry Keys

Security Zone Templates

When URL security zones were introduced in Microsoft Internet Explorer 4.0, there were three default templates (High, Medium, and Low). A fourth template, Medium-Low, was added in Microsoft Internet Explorer 5. A Medium-High template was introduced with Windows Internet Explorer 7.

Windows Internet Explorer provides the following five separate security zone templates.

  • High Template
  • Medium-High Template
  • Medium Template
  • Medium-Low Template
  • Low Template

High Template

The High template is used for URL security zones that contain Web sites that could cause damage to your computer or data. The settings used by this template will restrict sites from performing potentially damaging operations. By default, the Restricted sites zone uses this template.

Medium-High Template

The Medium-High template is new for Internet Explorer 7 for Windows XP Service Pack 2 (SP2) and Windows Vista. With this template, per-application override settings that disable Microsoft ActiveX warnings in certain situations are not allowed.

Medium Template

The Medium template is used for URL security zones that contain Web sites that are neither trusted nor untrusted. By default, the Internet zone uses this template.

Medium-Low Template

The Medium-Low template is used for URL security zones that contain Web sites that are unlikely to cause damage to your computer or data. By default, the Local intranet zone uses this template.

Low Template

The Low template is used for URL security zones that contain Web sites that are fully trusted by the user. By default, the Trusted sites zone uses this template.

Template-based Policy Values for URL Actions

The following table lists the URL actions and default URL policy settings for each of the five security zone templates, as of Internet Explorer 7. Descriptions for the URL Action Flag constants in the following tables can be found at URL Action Flags. Descriptions for the URL Policy Flag constants can be found at URL Policy Flags. Note: URL policy flag names have been shortened in the table below to enhance readability.

High Medium-High Medium Medium-Low Low
URLACTION_ACTIVEX_NO_WEBOC_SCRIPT
DISALLOW a DISALLOW DISALLOW ALLOW a ALLOW
URLACTION_ACTIVEX_OVERRIDE_OBJECT_SAFETY
DISALLOW DISALLOW DISALLOW DISALLOW QUERY a
URLACTION_ACTIVEX_OVERRIDE_OPTIN
DISALLOW DISALLOW ALLOW ALLOW ALLOW
URLACTION_ACTIVEX_OVERRIDE_REPURPOSEDETECTION
DISALLOW DISALLOW ALLOW ALLOW ALLOW
URLACTION_ACTIVEX_RUN
DISALLOW ALLOW ALLOW ALLOW ALLOW
URLACTION_ACTIVEX_SCRIPTLET_RUN
DISALLOW DISALLOW DISALLOW ALLOW ALLOW
URLACTION_ACTIVEX_DYNSRC_VIDEO_AND_ANIMATION
DISALLOW DISALLOW DISALLOW DISALLOW DISALLOW
URLACTION_ALLOW_APEVALUATION
ALLOW ALLOW ALLOW DISALLOW DISALLOW
URLACTION_ALLOW_RESTRICTEDPROTOCOLS
DISALLOW QUERY QUERY QUERY QUERY
URLACTION_AUTOMATIC_ACTIVEX_UI
DISALLOW DISALLOW DISALLOW ALLOW ALLOW
URLACTION_AUTOMATIC_DOWNLOAD_UI
DISALLOW DISALLOW DISALLOW ALLOW ALLOW
URLACTION_BEHAVIOR_RUN
DISALLOW ALLOW ALLOW ALLOW ALLOW
URLACTION_CHANNEL_SOFTDIST_PERMISSIONS
PROHIBIT PRECACHE PRECACHE PRECACHE AUTOINSTALL
URLACTION_CLIENT_CERT_PROMPT
DISALLOW DISALLOW DISALLOW ALLOW ALLOW
URLACTION_COOKIES
DISALLOW ALLOW ALLOW ALLOW ALLOW
URLACTION_COOKIES_ENABLED
Not defined in any templates.
URLACTION_COOKIES_SESSION
DISALLOW ALLOW ALLOW ALLOW ALLOW
URLACTION_COOKIES_SESSION_THIRD_PARTY
DISALLOW ALLOW ALLOW ALLOW ALLOW
URLACTION_COOKIES_THIRD_PARTY
DISALLOW QUERY QUERY ALLOW ALLOW
URLACTION_CREDENTIALS_USE
MUST_PROMPT_USER CONDITIONAL_PROMPT CONDITIONAL_PROMPT CONDITIONAL_PROMPT SILENT_LOGON_OK
URLACTION_CROSS_DOMAIN_DATA
DISALLOW DISALLOW DISALLOW QUERY ALLOW
URLACTION_DOTNET_USERCONTROLS
DISALLOW d DISALLOW ALLOW ALLOW ALLOW
URLACTION_DOWNLOAD_SIGNED_ACTIVEX
DISALLOW QUERY QUERY QUERY ALLOW
URLACTION_DOWNLOAD_UNSIGNED_ACTIVEX
DISALLOW DISALLOW DISALLOW DISALLOW QUERY
URLACTION_FEATURE_DATA_BINDING
DISALLOW d ALLOW ALLOW ALLOW ALLOW
URLACTION_FEATURE_FORCE_ADDR_AND_STATUS
DISALLOW DISALLOW DISALLOW ALLOW ALLOW
URLACTION_FEATURE_MIME_SNIFFING
DISALLOW ALLOW ALLOW ALLOW ALLOW
URLACTION_FEATURE_SCRIPT_STATUS_BAR
DISALLOW DISALLOW DISALLOW ALLOW ALLOW
URLACTION_FEATURE_WINDOW_RESTRICTIONS
DISALLOW DISALLOW DISALLOW ALLOW ALLOW
URLACTION_FEATURE_ZONE_ELEVATION
DISALLOW ALLOW ALLOW ALLOW QUERY
URLACTION_HTML_FONT_DOWNLOAD
QUERY ALLOW ALLOW ALLOW ALLOW
URLACTION_HTML_INCLUDE_FILE_PATH
DISALLOW DISALLOW ALLOW ALLOW ALLOW
URLACTION_HTML_JAVA_RUN
ALLOW b ALLOW ALLOW ALLOW ALLOW
URLACTION_HTML_META_REFRESH
DISALLOW ALLOW ALLOW ALLOW ALLOW
URLACTION_HTML_MIXED_CONTENT
QUERY QUERY QUERY QUERY QUERY
URLACTION_HTML_SUBFRAME_NAVIGATE
DISALLOW DISALLOW DISALLOW ALLOW ALLOW
URLACTION_HTML_SUBMIT_FORMS
QUERY ALLOW ALLOW ALLOW ALLOW
URLACTION_HTML_USERDATA_SAVE
DISALLOW ALLOW ALLOW ALLOW ALLOW
URLACTION_JAVA_PERMISSIONS
PROHIBIT HIGH HIGH MEDIUM LOW
URLACTION_LOOSE_XAML
DISALLOW ALLOW ALLOW ALLOW ALLOW
URLACTION_LOWRIGHTS
ALLOW c ALLOW ALLOW DISALLOW DISALLOW
URLACTION_MANAGED_SIGNED
DISALLOW   ALLOW ALLOW ALLOW
URLACTION_MANAGED_UNSIGNED
DISALLOW   ALLOW ALLOW ALLOW
URLACTION_SCRIPT_JAVA_USE
DISALLOW ALLOW ALLOW ALLOW ALLOW
URLACTION_SCRIPT_PASTE
DISALLOW QUERY QUERY QUERY ALLOW
URLACTION_SCRIPT_RUN
DISALLOW ALLOW ALLOW ALLOW ALLOW
URLACTION_SCRIPT_SAFE_ACTIVEX
DISALLOW ALLOW ALLOW ALLOW ALLOW
URLACTION_SHELL_ENHANCED_DRAGDROP_SECURITY
QUERY        
URLACTION_SHELL_EXECUTE_HIGHRISK
DISALLOW QUERY QUERY ALLOW ALLOW
URLACTION_SHELL_EXECUTE_LOWRISK
Not defined in any templates.
URLACTION_SHELL_EXECUTE_MODRISK
Not defined in any templates.
URLACTION_SHELL_FILE_DOWNLOAD
DISALLOW ALLOW ALLOW ALLOW ALLOW
URLACTION_SHELL_INSTALL_DTITEMS
DISALLOW QUERY QUERY QUERY ALLOW
URLACTION_SHELL_MOVE_OR_COPY
QUERY ALLOW ALLOW ALLOW ALLOW
URLACTION_SHELL_POPUPMGR
ALLOW ALLOW ALLOW DISALLOW DISALLOW
URLACTION_SHELL_RTF_OBJECTS_LOAD
Not defined in any templates.
URLACTION_SHELL_VERB
DISALLOW QUERY QUERY QUERY ALLOW
URLACTION_SHELL_WEBVIEW_VERB
Not defined in any templates.
URLACTION_WINDOWS_BROWSER_APPLICATIONS
DISALLOW ALLOW ALLOW ALLOW ALLOW
URLACTION_WINFX_SETUP
DISALLOW ALLOW ALLOW ALLOW ALLOW
URLACTION_XPS_DOCUMENTS
DISALLOW ALLOW ALLOW ALLOW ALLOW

 

a The URL policy flag names have been shortened to enhance readability.

b Although URLACTION_HTML_JAVA_RUN is not an aggregate URL action, its function is derived from the URL policy setting of URLACTION_JAVA_PERMISSIONS.

URLACTION_LOWRIGHTS available on Windows Vista only.

d New for Windows Internet Explorer 8.

URL Policy Changes

This section describes modifications to the policy templates from prior versions of Internet Explorer.

Microsoft Internet Explorer 6 Policy Changes

The following table contains the URL actions whose URL policy was changed in Internet Explorer 7. Below each URL action is the URL policy assigned by the Microsoft Internet Explorer 6 version of the specified template.

High Medium Medium-Low Low
URLACTION_COOKIES_ENABLED
DISALLOW QUERY ALLOW ALLOW
URLACTION_HTML_SUBFRAME_NAVIGATE
  ALLOW    
URLACTION_HTML_SUBMIT_FORMS
  QUERY    
URLACTION_FEATURE_ZONE_ELEVATION
      ALLOW
URLACTION_SCRIPT_PASTE
  ALLOW ALLOW  
URLACTION_SHELL_EXECUTE_HIGHRISK
QUERY      
URLACTION_SHELL_EXECUTE_LOWRISK
ALLOW ALLOW ALLOW ALLOW
URLACTION_SHELL_EXECUTE_MODRISK
QUERY QUERY ALLOW ALLOW
URLACTION_SHELL_RTF_OBJECTS_LOAD
DISALLOW ALLOW ALLOW ALLOW
URLACTION_SHELL_WEBVIEW_VERB
QUERY QUERY ALLOW ALLOW

 

Internet Explorer 4.0 Policy Changes

The following table contains the URL actions whose URL policy was changed in Internet Explorer 5. Below each URL action is the URL policy assigned by the Internet Explorer 4.0 version of the specified template.

High Medium Medium-Low Low
URLACTION_ACTIVEX_OVERRIDE_OBJECT_SAFETY
  QUERY    
URLACTION_HTML_SUBMIT_FORMS
DISALLOW      
URLACTION_SHELL_FILE_DOWNLOAD
  QUERY   QUERY
URLACTION_SHELL_MOVE_OR_COPY
DISALLOW QUERY    
URLACTION_SHELL_VERB
      QUERY

 

Registry Keys

The registry stores the settings for each template in the following keys.

HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER
   Software
      Microsoft
         Windows
            CurrentVersion
               Internet Settings
                  TemplatePolicies
                     High
                     MedHigh
                     Medium
                     MedLow
                     Low

This information is for reference only. You should not directly manipulate the registry because information stored in the registry may not always be stored in the same location.

Security Warning: Setting these registry keys incorrectly can compromise the security of your application. The values for these registry keys are safe by default. By adjusting these values you could put users at risk of an elevation of privilege attack. You should review Security Considerations: URL Security Zones API before continuing.