Information about some new Group Policy settings for Internet Explorer Security Zones in Microsoft Windows XP SP2 and in Microsoft Windows Server 2003 SP1

This article describes some new Group Policy settings for Internet Explorer Security Zones in Microsoft Windows XP Service Pack 2 (SP2) and in Microsoft Windows Server 2003 Service Pack 1 (SP1).

The new Group Policy Settings for Internet Explorer Security Zones

Internet Explorer Maintenance changes the registry settings under the HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER registry hives. Here are two examples.

Under the HKEY_LOCAL_MACHINE registry hive

1. Start Group Policy Object Editor.
2. In the left pane, expand Computer Configuration, expand Administrative Templates, expand Windows Components, expand Internet Explorer, expand Internet Control Panel, expand Security Page, and then click Internet Zone.
3. In the right pane, double-click Initialize and script ActiveX controls not marked as safe.
4. Select Enabled, and then click OK.
5. In Registry Editor, locate the following subkey:
   HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
6. The value data of the 1201 Value name will be changed to 0.

Under the HKEY_CURRENT_USER registry hive

1. Start Group Policy Object Editor.
2. In the left pane, expand User Configuration, expand Administrative Templates, expand Windows Components, expand Internet Explorer, expand Internet Control Panel, expand Security Page, and then click Internet Zone.
3. In the right pane, double-click Initialize and script ActiveX controls not marked as safe.
4. Select Enabled, and then click OK.
5. In Registry Editor, locate the following subkey:
   HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
6. The value data of the 1201 Value name will be changed to 0.

In Windows Server 2003 Service Pack 1 and in Windows XP Service Pack 2, there is a new order in which Internet Explorer looks for policy settings. The original order is as follows:

1. HKEY_CURRENT_USER
2. HKEY_LOCAL_MACHINE

The new order is as follows:

1. HKEY_LOCAL_MACHINE\SOFTWARE\<policies>
2. HKEY_CURRENT_USER\SOFTWARE\<policies>
3. HKEY_CURRENT_USER\<preference hive>
4. HKEY_LOCAL_MACHINE\<preference hive>

Overview of the new Group Policy settings

To view the new Group Policy settings, follow these steps:

1. Start Group Policy Object Editor.
2. In the left pane, expand User Configuration, expand Administrative Templates, expand Windows Components, expand Internet Explorer, expand Internet Control Panel, and then click Security Page.
   
   The new Group Policy settings appear in the right pane.

The following is a list of the new Group Policy settings and their corresponding registry keys:

Site to Zone Assignment List
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains

Local Machine Zone Template
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
• HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0


• Locked-Down Local Machine Zone Template
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
  Note This applies only to Windows Server 2003 SP 1.
Intranet Zone Template
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
• HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1


• Locked-Down Intranet Zone Template
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
  Note This applies only to Windows Server 2003 SP 1.
Trusted Sites Zone Template
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
• HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2


• Locked-Down Trusted Sites Zone Template
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
  Note This applies only to Windows Server 2003 SP1.
Internet Zone Template
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
• HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3


• Locked-Down Internet Zone Template
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
  Note This applies only to Windows Server 2003 SP1.
Restricted Sites Zone Template
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
• HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4


• Locked-Down Restricted Sites Zone Template
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
  Note This applies only to Windows Server 2003 SP 1.