Export (0) Print
Expand All

About URL Security Zone Templates

Templates provide an easy way for users to set the level of security they want for a particular URL security zone. For more information on URL security zones, see About URL Security Zones.

The URL security zone templates provide different levels of security. The High template contains settings that provide the highest level of security by restricting Web sites from performing potentially damaging operations. The Low template contains settings that provide the lowest level of security, allowing Web sites more access to the user's system.

Security Zone Templates

When URL security zones were introduced in Microsoft Internet Explorer 4.0, there were three default templates (High, Medium, and Low). A fourth template, Medium-Low, was added in Microsoft Internet Explorer 5. A Medium-High template was introduced with Windows Internet Explorer 7.

Windows Internet Explorer provides the following five separate security zone templates.

High Template

The High template is used for URL security zones that contain Web sites that could cause damage to your computer or data. The settings used by this template will restrict sites from performing potentially damaging operations. By default, the Restricted sites zone uses this template.

Medium-High Template

The Medium-High template is new for Internet Explorer 7 for Windows XP Service Pack 2 (SP2) and Windows Vista. With this template, per-application override settings that disable Microsoft ActiveX warnings in certain situations are not allowed.

Medium Template

The Medium template is used for URL security zones that contain Web sites that are neither trusted nor untrusted. By default, the Internet zone uses this template.

Medium-Low Template

The Medium-Low template is used for URL security zones that contain Web sites that are unlikely to cause damage to your computer or data. By default, the Local intranet zone uses this template.

Low Template

The Low template is used for URL security zones that contain Web sites that are fully trusted by the user. By default, the Trusted sites zone uses this template.

Template-based Policy Values for URL Actions

The following table lists the URL actions and default URL policy settings for each of the five security zone templates, as of Internet Explorer 7. Descriptions for the URL Action Flag constants in the following tables can be found at URL Action Flags. Descriptions for the URL Policy Flag constants can be found at URL Policy Flags. Note: URL policy flag names have been shortened in the table below to enhance readability.

HighMedium-HighMediumMedium-LowLow
URLACTION_ACTIVEX_NO_WEBOC_SCRIPT
DISALLOW aDISALLOWDISALLOWALLOW aALLOW
URLACTION_ACTIVEX_OVERRIDE_OBJECT_SAFETY
DISALLOWDISALLOWDISALLOWDISALLOWQUERY a
URLACTION_ACTIVEX_OVERRIDE_OPTIN
DISALLOWDISALLOWALLOWALLOWALLOW
URLACTION_ACTIVEX_OVERRIDE_REPURPOSEDETECTION
DISALLOWDISALLOWALLOWALLOWALLOW
URLACTION_ACTIVEX_RUN
DISALLOWALLOWALLOWALLOWALLOW
URLACTION_ACTIVEX_SCRIPTLET_RUN
DISALLOWDISALLOWDISALLOWALLOWALLOW
URLACTION_ACTIVEX_DYNSRC_VIDEO_AND_ANIMATION
DISALLOWDISALLOWDISALLOWDISALLOWDISALLOW
URLACTION_ALLOW_APEVALUATION
ALLOWALLOWALLOWDISALLOWDISALLOW
URLACTION_ALLOW_RESTRICTEDPROTOCOLS
DISALLOWQUERYQUERYQUERYQUERY
URLACTION_AUTOMATIC_ACTIVEX_UI
DISALLOWDISALLOWDISALLOWALLOWALLOW
URLACTION_AUTOMATIC_DOWNLOAD_UI
DISALLOWDISALLOWDISALLOWALLOWALLOW
URLACTION_BEHAVIOR_RUN
DISALLOWALLOWALLOWALLOWALLOW
URLACTION_CHANNEL_SOFTDIST_PERMISSIONS
PROHIBITPRECACHEPRECACHEPRECACHEAUTOINSTALL
URLACTION_CLIENT_CERT_PROMPT
DISALLOWDISALLOWDISALLOWALLOWALLOW
URLACTION_COOKIES
DISALLOWALLOWALLOWALLOWALLOW
URLACTION_COOKIES_ENABLED
Not defined in any templates.
URLACTION_COOKIES_SESSION
DISALLOWALLOWALLOWALLOWALLOW
URLACTION_COOKIES_SESSION_THIRD_PARTY
DISALLOWALLOWALLOWALLOWALLOW
URLACTION_COOKIES_THIRD_PARTY
DISALLOWQUERYQUERYALLOWALLOW
URLACTION_CREDENTIALS_USE
MUST_PROMPT_USERCONDITIONAL_PROMPTCONDITIONAL_PROMPTCONDITIONAL_PROMPTSILENT_LOGON_OK
URLACTION_CROSS_DOMAIN_DATA
DISALLOWDISALLOWDISALLOWQUERYALLOW
URLACTION_DOTNET_USERCONTROLS
DISALLOW dDISALLOWALLOWALLOWALLOW
URLACTION_DOWNLOAD_SIGNED_ACTIVEX
DISALLOWQUERYQUERYQUERYALLOW
URLACTION_DOWNLOAD_UNSIGNED_ACTIVEX
DISALLOWDISALLOWDISALLOWDISALLOWQUERY
URLACTION_FEATURE_DATA_BINDING
DISALLOW dALLOWALLOWALLOWALLOW
URLACTION_FEATURE_FORCE_ADDR_AND_STATUS
DISALLOWDISALLOWDISALLOWALLOWALLOW
URLACTION_FEATURE_MIME_SNIFFING
DISALLOWALLOWALLOWALLOWALLOW
URLACTION_FEATURE_SCRIPT_STATUS_BAR
DISALLOWDISALLOWDISALLOWALLOWALLOW
URLACTION_FEATURE_WINDOW_RESTRICTIONS
DISALLOWDISALLOWDISALLOWALLOWALLOW
URLACTION_FEATURE_ZONE_ELEVATION
DISALLOWALLOWALLOWALLOWQUERY
URLACTION_HTML_FONT_DOWNLOAD
QUERYALLOWALLOWALLOWALLOW
URLACTION_HTML_INCLUDE_FILE_PATH
DISALLOWDISALLOWALLOWALLOWALLOW
URLACTION_HTML_JAVA_RUN
ALLOW bALLOWALLOWALLOWALLOW
URLACTION_HTML_META_REFRESH
DISALLOWALLOWALLOWALLOWALLOW
URLACTION_HTML_MIXED_CONTENT
QUERYQUERYQUERYQUERYQUERY
URLACTION_HTML_SUBFRAME_NAVIGATE
DISALLOWDISALLOWDISALLOWALLOWALLOW
URLACTION_HTML_SUBMIT_FORMS
QUERYALLOWALLOWALLOWALLOW
URLACTION_HTML_USERDATA_SAVE
DISALLOWALLOWALLOWALLOWALLOW
URLACTION_JAVA_PERMISSIONS
PROHIBITHIGHHIGHMEDIUMLOW
URLACTION_LOOSE_XAML
DISALLOWALLOWALLOWALLOWALLOW
URLACTION_LOWRIGHTS
ALLOW cALLOWALLOWDISALLOWDISALLOW
URLACTION_MANAGED_SIGNED
DISALLOW ALLOWALLOWALLOW
URLACTION_MANAGED_UNSIGNED
DISALLOW ALLOWALLOWALLOW
URLACTION_SCRIPT_JAVA_USE
DISALLOWALLOWALLOWALLOWALLOW
URLACTION_SCRIPT_PASTE
DISALLOWQUERYQUERYQUERYALLOW
URLACTION_SCRIPT_RUN
DISALLOWALLOWALLOWALLOWALLOW
URLACTION_SCRIPT_SAFE_ACTIVEX
DISALLOWALLOWALLOWALLOWALLOW
URLACTION_SHELL_ENHANCED_DRAGDROP_SECURITY
QUERY    
URLACTION_SHELL_EXECUTE_HIGHRISK
DISALLOWQUERYQUERYALLOWALLOW
URLACTION_SHELL_EXECUTE_LOWRISK
Not defined in any templates.
URLACTION_SHELL_EXECUTE_MODRISK
Not defined in any templates.
URLACTION_SHELL_FILE_DOWNLOAD
DISALLOWALLOWALLOWALLOWALLOW
URLACTION_SHELL_INSTALL_DTITEMS
DISALLOWQUERYQUERYQUERYALLOW
URLACTION_SHELL_MOVE_OR_COPY
QUERYALLOWALLOWALLOWALLOW
URLACTION_SHELL_POPUPMGR
ALLOWALLOWALLOWDISALLOWDISALLOW
URLACTION_SHELL_RTF_OBJECTS_LOAD
Not defined in any templates.
URLACTION_SHELL_VERB
DISALLOWQUERYQUERYQUERYALLOW
URLACTION_SHELL_WEBVIEW_VERB
Not defined in any templates.
URLACTION_WINDOWS_BROWSER_APPLICATIONS
DISALLOWALLOWALLOWALLOWALLOW
URLACTION_WINFX_SETUP
DISALLOWALLOWALLOWALLOWALLOW
URLACTION_XPS_DOCUMENTS
DISALLOWALLOWALLOWALLOWALLOW

 

a The URL policy flag names have been shortened to enhance readability.

b Although URLACTION_HTML_JAVA_RUN is not an aggregate URL action, its function is derived from the URL policy setting of URLACTION_JAVA_PERMISSIONS.

c URLACTION_LOWRIGHTS available on Windows Vista only.

d New for Windows Internet Explorer 8.

URL Policy Changes

This section describes modifications to the policy templates from prior versions of Internet Explorer.

Microsoft Internet Explorer 6 Policy Changes

The following table contains the URL actions whose URL policy was changed in Internet Explorer 7. Below each URL action is the URL policy assigned by the Microsoft Internet Explorer 6 version of the specified template.

HighMediumMedium-LowLow
URLACTION_COOKIES_ENABLED
DISALLOWQUERYALLOWALLOW
URLACTION_HTML_SUBFRAME_NAVIGATE
 ALLOW  
URLACTION_HTML_SUBMIT_FORMS
 QUERY  
URLACTION_FEATURE_ZONE_ELEVATION
   ALLOW
URLACTION_SCRIPT_PASTE
 ALLOWALLOW 
URLACTION_SHELL_EXECUTE_HIGHRISK
QUERY   
URLACTION_SHELL_EXECUTE_LOWRISK
ALLOWALLOWALLOWALLOW
URLACTION_SHELL_EXECUTE_MODRISK
QUERYQUERYALLOWALLOW
URLACTION_SHELL_RTF_OBJECTS_LOAD
DISALLOWALLOWALLOWALLOW
URLACTION_SHELL_WEBVIEW_VERB
QUERYQUERYALLOWALLOW

 

Internet Explorer 4.0 Policy Changes

The following table contains the URL actions whose URL policy was changed in Internet Explorer 5. Below each URL action is the URL policy assigned by the Internet Explorer 4.0 version of the specified template.

HighMediumMedium-LowLow
URLACTION_ACTIVEX_OVERRIDE_OBJECT_SAFETY
 QUERY  
URLACTION_HTML_SUBMIT_FORMS
DISALLOW   
URLACTION_SHELL_FILE_DOWNLOAD
 QUERY QUERY
URLACTION_SHELL_MOVE_OR_COPY
DISALLOWQUERY  
URLACTION_SHELL_VERB
   QUERY

 

Registry Keys

The registry stores the settings for each template in the following keys.

HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER
   Software
      Microsoft
         Windows
            CurrentVersion
               Internet Settings
                  TemplatePolicies
                     High
                     MedHigh
                     Medium
                     MedLow
                     Low

This information is for reference only. You should not directly manipulate the registry because information stored in the registry may not always be stored in the same location.

Security Warning:  Setting these registry keys incorrectly can compromise the security of your application. The values for these registry keys are safe by default. By adjusting these values you could put users at risk of an elevation of privilege attack. You should review Security Considerations: URL Security Zones API before continuing.

 

 

Show:
© 2014 Microsoft