Docstoc

Scm in Export Management - Excel

Document Sample
Scm in Export Management - Excel Powered By Docstoc
					                                                 CCE
  CCE ID        CCE Description
                                              Parameters



             /export/home should be
             configured on an
             appropriate filesystem
CCE-5847-9   logical volume                logical volume
             /var should be configured
             on an appropriate
CCE-5424-7   filesystem logical volume     logical volume
             /opt should be configured
             on an appropriate
CCE-5710-9   filesystem logical volume     logical volume
             The shell for the root
             account should be located
             on the appropriate
CCE-5662-2   filesystem                    filesystem

             Core dump size limits         Size (0 to disable
CCE-5317-3   should be set appropriately   core dumps)
             The read-only SNMP
             community string should be
CCE-5384-3   set appropriately.            string
             The read/write SNMP
             community string should be
CCE-5723-2   set appropriately.            string
             Password policy should
             ban or allow usernames or
             UIDs in passwords as
CCE-5634-1   appropriate                   ban/allow

             Password policy should
             ban or allow words found in
CCE-5352-0   a dictionary as appropriate. ban/allow

             Password policy should
             enforce the correct amount number of special
CCE-5848-7   of special characters      characters
             Password policy should
             enforce or not enforce the
             requirement to have mixed
             case passwords as
CCE-5443-7   appropriate.               enforce/not enforce
             The minimum password
             age should be set as
CCE-5664-8   appropriate                     number of days
             The minimum required
             password length should be       number of
CCE-5804-0   set as appropriate              characters
             Password history should be
             saved for an appropriate
             number of password              number of password
CCE-4858-7   changes                         changes
             The number of consecutive
             failed login attempts
             required to trigger a lockout   number of
             should be set as                consecutive failed
CCE-5775-2   appropriate                     login attempts
             Login access to accounts
             without passwords should
             be enabled or disabled as
CCE-5761-2   appropriate                     enabled/disabled
             New users should be
             required or not required to
             change their password on
CCE-5841-2   first login as appropriate      required/not required
             Access to single-user
             mode (maintainence mode)
             should require the root
             password or not as
CCE-5858-6   appropriate                     required/not required
             The delay between failed
             logins should be set as
CCE-5078-1   appropriate                     number of seconds

             All files should be owned       existing account
             by an existing account or       required / existing
CCE-5715-8   not as appropriate.             account not required
             All files should be owned       existing group
             by an existing group or not     required / existing
CCE-5684-6   as appropriate.                 group not required

             The console login banner
CCE-5244-9   should be set appropriately. banner text or null

             The SSH login banner
CCE-5402-3   should be set appropriately. banner text or null

             The telnet login banner
CCE-5622-6   should be set appropriately. banner text or null

             The ftp login banner should
CCE-5843-8   be set appropriately.       banner text or null
             The graphical login banner
CCE-5842-0   should be set appropriately.    banner text or null
             Accounts other than root
             should be allowed to have
             the UID 0 or not as
CCE-5560-8   appropriate                     allowed/not allowed
             Accounts other than root
             and locked system
             accounts should be
             allowed to have a GID of 0
CCE-4873-6   or not as appropriate           allowed/not allowed
             Each account should be
             assigned a unique UID or
CCE-5187-0   not as appropriate              unique/not unique
             The ftp account should
CCE-5765-3   exist or not as appropriate     exist/not exist
             Login accounts should
             include an appropriate
             GECOS identifier or no
CCE-4884-3   GECOS identifier                GECOS value, null
             The screen lock should
             activate after an
             appropriate period of
CCE-5381-9   inactivity                      number of minutes
             File permissions should be
             set appropriately for all
CCE-5645-7   shell executables.              permissions
             Remote (serial) consoles
             should be enabled or
CCE-5597-0   disabled as appropriate.        enabled/disabled
             Root logins should be
             restricted to the console or    restricted/not
CCE-5676-2   not as appropriate.             restricted
             .netrc files should exist or
             not as appropriate for all
CCE-5733-1   users.                          exist/not exist
             .rhosts files should exist or
             not as appropriate for all
CCE-5702-6   users.                          exist/not exist
             .shosts files should exist or
             not as appropriate for all
CCE-5076-5   users.                          exist/not exist
             The /etc/hosts.equiv file
             should exist or not as
CCE-5442-9   appropriate.                    exist/not exist
             The use of NIS special
             characters (+ or -) in the
             first field of the /etc/passwd
             file should be allowed or
CCE-5640-8   disallowed as appropriate. allowed/not allowed

             The use of NIS special
             characters (+ or -) in the
             first field of the /etc/shadow
             file should be allowed or
CCE-4893-4   disallowed as appropriate.       allowed/not allowed
             The use of NIS special
             characters (+ or -) in the
             first field of the /etc/group
             file should be allowed or
CCE-5024-5   disallowed as appropriate.       allowed/not allowed
             The /etc/shells file should
CCE-5742-2   exist or not as appropriate      exist/not exist
             Shells referenced in
             /etc/passwd should be
             included in /etc/shells or
CCE-5777-8   not as appropriate               included/not included
             Groups referenced in
             /etc/passwd should be
             included in /etc/group or
CCE-5605-1   not as appropriate.              included/not included
             The home directory for the
             root account should be set
CCE-5750-5   appropriately.                   path
             The home directory for
             each user account should
CCE-5199-5   be set appropriately.            path
             Home directories
             referenced in /etc/passwd
             should exist or not as
CCE-5310-8   appropriate                      exist/not exist
             All device files should be
             located inside an
CCE-5327-2   appropriate directory            path
             The ntpd service should be
             enabled or disabled as
CCE-4900-7   appropriate.                     enabled/disabled

             The Network Time Protocol
             (ntp) synchronization
             server should be set
CCE-5675-4   appropriately.            timeserver
             All logon attempts should
             be logged or not logged as
CCE-5147-4   appropriate                     logged/not logged
             All su (switch user) activity
             should be logged or not as
CCE-5724-0   appropriate                     logged/not logged
             Filesystem
             logging/journaling should
             be performed or not as          performed/not
CCE-5614-3   appropriate                     performed
             Automount should be
             enabled or disabled as
CCE-5834-7   appropriate                     enabled/disabled
             Source-routed packets
             should be accepted or
CCE-5745-5   rejected as appropriate.        accepted/rejected
             Response to ICMP
             timestamp requests should
             be enabled or disabled as
CCE-5587-1   appropriate                     enabled/disabled
             Response to ICMP
             timestamp broadcast
             requests should be
             enabled or disabled as
CCE-5525-1   appropriate                     enabled/disabled
             Response to ICMP echo
             (ping) requests should be
             enabled or disabled as
CCE-4930-4   appropriate                     enabled/disabled
             Executable stack should be
             enabled or disabled as
CCE-4901-5   appropriate                     enabled/disabled

             The default gateway should
CCE-5017-9   be set appropriately.           IP address/disabled
             The inetd service should be
             enabled or disabled as
CCE-5347-0   appropriate.                    enabled/disabled
             echo service should be
             enabled or disabled as
CCE-5193-8   appropriate                     enabled/disabled
             netstat service should be
             enabled or disabled as
CCE-5725-7   appropriate                     enabled/disabled
             rcp service should be
             enabled or disabled as
CCE-5801-6   appropriate                     enabled/disabled
             chargen service should be
             enabled or disabled as
CCE-5506-1   appropriate                     enabled/disabled
             finger service should be
             enabled or disabled as
CCE-5791-9   appropriate                 enabled/disabled
             tftpd service should be
             enabled or disabled as
CCE-5743-0   appropriate                 enabled/disabled
             walld service should be
             enabled or disabled as
CCE-5773-7   appropriate                 enabled/disabled
             rstatd service should be
             enabled or disabled as
CCE-5461-9   appropriate                 enabled/disabled
             sprayd service should be
             enabled or disabled as
CCE-4905-6   appropriate                 enabled/disabled
             rusersd service should be
             enabled or disabled as
CCE-5463-5   appropriate                 enabled/disabled
             rlogin service should be
             enabled or disabled as
CCE-5542-6   appropriate                 enabled/disabled
             rsh service should be
             enabled or disabled as
CCE-5431-2   appropriate                 enabled/disabled
             ftp service should be
             enabled or disabled as
CCE-5780-2   appropriate                 enabled/disabled
             telnet service should be
             enabled or disabled as
CCE-5872-7   appropriate                 enabled/disabled
CCE-4909-8   DEPRECATED.
             inn service should be
             enabled or disabled as
CCE-5343-9   appropriate                 enabled/disabled
             uucp service should be
             enabled or disabled as
CCE-5611-9   appropriate                 enabled/disabled
             rexec service should be
             enabled or disabled as
CCE-5598-8   appropriate                 enabled/disabled
             inetd logging should be
             enabled or disabled as
CCE-5550-9   appropriate                 enabled/disabled
             font-service should be
             enabled or disabled as
CCE-4911-4   appropriate                 enabled/disabled
             imap2 service should be
             enabled or disabled as
CCE-4926-2   appropriate                 enabled/disabled
             pop3 service should be
             enabled or disabled as
CCE-4913-0   appropriate                   enabled/disabled
             ident service should be
             enabled or disabled as
CCE-5681-2   appropriate                   enabled/disabled
             rexd service should be
             enabled or disabled as
CCE-5368-6   appropriate                   enabled/disabled
             daytime service should be
             enabled or disabled as
CCE-5549-1   appropriate                   enabled/disabled
             dtspc (cde-spc) service
             should be enabled or
CCE-5144-1   disabled as appropriate       enabled/disabled
             rquotad service should be
             enabled or disabled as
CCE-5223-3   appropriate                   enabled/disabled
             cmsd service should be
             enabled or disabled as
CCE-5738-0   appropriate                   enabled/disabled
             tooltalk service should be
             enabled or disabled as
CCE-5456-9   appropriate                   enabled/disabled
             xdmcp service should be
             enabled or disabled as
CCE-4918-9   appropriate                   enabled/disabled
             discard service should be
             enabled or disabled as
CCE-5798-4   appropriate                   enabled/disabled
CCE-4923-9   DEPRECATED.
             vino-server service should
             be enabled or disabled as
CCE-5917-0   appropriate                   enabled/disabled
             The bind service should be
             enabled or disabled as
CCE-4934-6   appropriate.                  enabled/disabled
             The version string reported
             by the bind service should
             be configured
CCE-5535-0   appropriately.                string
             SSH Protocol v1 should be
             enabled or disabled as
CCE-5117-7   appropriate                   enabled/disabled
             TCP_WRAPPERS should
             be enabled or disabled as
CCE-5690-3   appropriate                   enabled/disabled
             SNMP version 1 should be
             enabled or disabled as
CCE-5852-9   appropriate                   enabled/disabled
             The nfsd service should be
             enabled or disabled as
CCE-5068-2   appropriate                   enabled/disabled
             The mountd service should
             be enabled or disabled as
CCE-5569-9   appropriate                   enabled/disabled
             The statd service should be
             enabled or disabled as
CCE-5806-5   appropriate                   enabled/disabled
             The lockd service should
             be enabled or disabled as
CCE-5882-6   appropriate                   enabled/disabled
             NFS should be configured
             to respond or not as
             appropriate to client
             requests that do not
CCE-5414-8   include a user id .           respond/not respond
             NFS should be configured
             to respond or not as
             appropriate to client
             requests that do not
             originate from a privileged
CCE-5348-8   port.                         respond/not respond
             NFS server support for the
             AUTH_NONE
             authentication mechanism
             should be enabled or
CCE-5511-1   disabled as appropriate.      enabled/disabled
             NFS server support for the
             AUTH_UNIX authentication
             mechanism should be
             enabled or disabled as
CCE-5480-9   appropriate.                  enabled/disabled
             NFS server support for the
             AUTH_DES authentication
             mechanism should be
             enabled or disabled as
CCE-4957-7   appropriate.                  enabled/disabled
             NFS server support for the
             AUTH_KERB
             authentication mechanism
             should be enabled or
CCE-4958-5   disabled as appropriate.      enabled/disabled
             The read-only (ro) option
             should be enabled or
             disabled as appropriate for
CCE-5922-0   all NFS exports.              enabled/disabled
             The nosuid option should
             be enabled or disabled for
             all NFS mounts as
CCE-5790-1   appropriate                    enabled/disabled
             The nosgid option should
             be enabled or disabled for
             all NFS mounts as
CCE-5189-6   appropriate                    enabled/disabled
             Sendmail should be
             enabled or disabled as
CCE-5876-8   appropriate                    enabled/disabled

             The sendmail banner
CCE-4959-3   should be set appropriately.   string
             The decode sendmail alias
             should be enabled or
CCE-5115-1   disabled as appropriate.       enabled/disabled
             .forward files should be
             allowed or disallowed as
CCE-5445-2   appropriate for all users      allow/disallow
             Programs executed
             through the aliases file
             should be owned by an
CCE-4960-1   appropriate user               user
             Programs executed
             through the aliases file
             should reside a directory
             with an appropriate user
CCE-5802-4   owner                          user
             Sendmail vrfy command
             should be allowed or not as
CCE-5212-6   appropriate                    allow/disallow
             Sendmail expn command
             should be allowed or not as
CCE-5291-0   appropriate                    allow/disallow
             Sendmail should be
             configured with an
CCE-5741-4   appropriate logging level      logging level
             The sendmail help
             command should be
             allowed or not as
CCE-4967-6   appropriate                    allow/disallow
             NIS should be enabled or
CCE-5783-6   disabled as appropriate        enabled/disabled
             NIS+ server should operate
             at an appropriate security
CCE-4975-9   level                          security level
             X-Windows should be
             enabled or disabled as
CCE-5138-3   appropriate                    enabled/disabled
             Authorized X-clients should
             be listed or not in the
CCE-5711-7   X*.hosts file as appropriate   listed/not listed
             X-Windows should write
             .Xauthority files to users'
             home directories or not as
CCE-4984-1   appropriate                    write/not write
             X11 forwarding via SSH
             should be enabled or
CCE-5975-8   disabled as appropriate.       enabled/disabled
             Samba should be enabled
CCE-5931-1   or disabled as appropriate     enabled/disabled
             Samba 'hosts allow' option
             should be configured with
             an appropriate set of
CCE-4994-0   networks                       list of networks
             Samba 'security option'
             option should be set as
CCE-5923-8   appropriate
             Samba 'encrypt' passwords
             option should be set as
CCE-5939-4   appropriate                    yes/no
             Samba 'smb passwd file'
             option should be set to an
             appropriate password file
CCE-5891-7   or no password file            file/nothing
             IPv6 should be enabled or
CCE-5234-0   disabled as appropriate        enabled/disabled
             The "at" utility directory
             permissions should be set
CCE-5767-9   as appropriate                 permissions

             at.allow file permissions
CCE-5846-1   should be set appropriately permissions

             at.deny file permissions
CCE-5991-5   should be set appropriately permissions

             Cron directory permissions
CCE-5705-9   should be set appropriately permissions
             Crontab directory
             permissions should be set
CCE-5678-8   appropriately               permissions

             Cron log file permissions
CCE-5942-8   should be set appropriately permissions

             cron.allow file permissions
CCE-5770-3   should be set appropriately permissions
             cron.deny file permissions
CCE-5280-3   should be set appropriately permissions

             Crontab file permissions
CCE-5896-6   should be set appropriately permissions

             /dev/kmem file permissions
CCE-5474-2   should be set appropriately permissions

             /dev/mem file permissions
CCE-5363-7   should be set appropriately permissions

             /dev/null file permissions
CCE-5566-5   should be set appropriately permissions

             resolv.conf file permissions
CCE-5851-1   should be set appropriately    permissions
             /etc/named.conf file
             permissions should be set
CCE-5821-4   appropriately                  permissions
             File permissions should be
             set appropriately for all
CCE-5755-4   user home directories.         permissions
             /etc/exports file
             permissions should be set
CCE-5807-3   appropriately                  permissions

             /usr/bin/at file permissions
CCE-5759-6   should be set appropriately permissions
             /usr/bin/rdist file
             permissions should be set
CCE-5979-0   appropriately                permissions
             /usr/sbin/sync file
             permissions should be set
CCE-5228-2   appropriately                permissions

             Superuser account home
             directories' permissions
CCE-5951-9   should be set appropriately permissions
             /etc/samba/smb.conf file
             permissions should be set
CCE-5981-6   appropriately               permissions
             smbpassword executable
             permissions should be set
CCE-5668-9   appropriately               permissions

             Aliases file permissions
CCE-5010-4   should be set appropriately permissions
             File permissions should be
             set as appropriate for the
             log file configured to
             capture critical sendmail
CCE-5666-3   messages.                  permissions
             All files executed through
             /etc/aliases file entries
             should have file
             permissions set
CCE-5012-0   appropriately              permissions

             /bin/csh file permissions
CCE-5796-8   should be set appropriately permissions

             /bin/jsh file permissions
CCE-5747-1   should be set appropriately permissions

             /bin/ksh file permissions
CCE-5849-5   should be set appropriately permissions
             The /bin/rsh file should
CCE-5893-3   exist or not as appropriate exist/not exist

             /bin/sh file permissions
CCE-5734-9   should be set appropriately permissions

             /bin/bash file permissions
CCE-5862-8   should be set appropriately permissions

             /sbin/csh file permissions
CCE-5954-3   should be set appropriately permissions

             /sbin/jsh file permissions
CCE-5027-8   should be set appropriately permissions

             /sbin/ksh file permissions
CCE-5206-8   should be set appropriately permissions
             The /sbin/rsh file should
CCE-5907-1   exist or not as appropriate exist/not exist

             /sbin/sh file permissions
CCE-5040-1   should be set appropriately permissions

             /sbin/bash file permissions
CCE-5049-2   should be set appropriately permissions
             /usr/bin/csh file
             permissions should be set
CCE-5056-7   appropriately               permissions

             /usr/bin/jsh file permissions
CCE-6031-9   should be set appropriately permissions
             /usr/bin/ksh file
             permissions should be set
CCE-6004-6   appropriately                permissions
             The /usr/bin/rsh file should
CCE-5974-1   exist or not as appropriate exist/not exist

             /usr/bin/sh file permissions
CCE-5863-6   should be set appropriately permissions
             /usr/bin/bash file
             permissions should be set
CCE-5815-6   appropriately                permissions
             snmpd.conf file
             permissions should be set
CCE-5955-0   appropriately                permissions

             /tmp file permissions
CCE-6052-5   should be set appropriately permissions

             /usr/tmp file permissions
CCE-6021-0   should be set appropriately permissions
             traceroute executable file
             permissions should be set
CCE-5272-0   appropriately                permissions
             .Xauthority file permissions
             should be set appropriately
CCE-5884-2   for all users.               permissions

             /etc/aliases file permissions
CCE-6023-6   should be set appropriately permissions
             /etc/cron.d/at.allow file
             permissions should be set
CCE-5349-6   appropriately                 permissions
             /etc/cron.d/cron.allow file
             permissions should be set
CCE-6050-9   appropriately                 permissions

             /etc/csh file permissions
CCE-5833-9   should be set appropriately   permissions
             /etc/default/* file
             permissions should be set
CCE-5803-2   appropriately                 permissions
             /etc/default/login file
             permissions should be set
CCE-5820-6   appropriately                 permissions
             The /etc/ftpusers file
             should exist or not as
CCE-5397-5   appropriate                   exist/not exist
             /etc/host.lpd file
             permissions should be set
CCE-5226-6   appropriately                 permissions
             /etc/hostname* file
             permissions should be set
CCE-5903-0   appropriately                 permissions

             /etc/hosts file permissions
CCE-5970-9   should be set appropriately permissions
             /etc/inetd.conf file
             permissions should be set
CCE-5930-3   appropriately               permissions

             /etc/issue file permissions
CCE-5698-6   should be set appropriately permissions

             /etc/jsh file permissions
CCE-5641-6   should be set appropriately permissions

             /etc/ksh file permissions
CCE-5909-7   should be set appropriately permissions
             /etc/mail/aliases file
             permissions should be set
CCE-5985-7   appropriately               permissions

             /etc/motd file permissions
CCE-5350-4   should be set appropriately   permissions
             /etc/netconfig file
             permissions should be set
CCE-5988-1   appropriately                 permissions
             /etc/notrouter file
             permissions should be set
CCE-5817-2   appropriately                 permissions
             /etc/pam.conf file
             permissions should be set
CCE-5231-6   appropriately                 permissions
             /etc/passwd file
             permissions should be set
CCE-5323-1   appropriately                 permissions
             The /etc/rsh file should
CCE-5526-9   exist or not as appropriate   exist/not exist
             /etc/security file
             permissions should be set
CCE-5631-7   appropriately                 permissions
             /etc/services file
             permissions should be set
CCE-5728-1   appropriately                 permissions

             /etc/sh file permissions
CCE-5512-9   should be set appropriately permissions
             /etc/shadow file
             permissions should be set
CCE-5074-0   appropriately               permissions
             /etc/syslog.conf file
             permissions should be set
CCE-5808-1   appropriately                 permissions
CCE-5075-7   DEPRECATED.

             /etc/fstab file permissions
CCE-5932-9   should be set appropriately   permissions
CCE-5825-5   DEPRECATED.
             /var/adm/loginlog file
             permissions should be set
CCE-5279-5   appropriately                 permissions
             /var/adm/messages file
             permissions should be set
CCE-5984-0   appropriately                 permissions
             /var/adm/sulog file
             permissions should be set
CCE-5656-4   appropriately                 permissions
             /var/adm/utmp file
             permissions should be set
CCE-5736-4   appropriately                 permissions
             /var/adm/wtmp file
             permissions should be set
CCE-6062-4   appropriately                 permissions
             /var/adm/authlog file
             permissions should be set
CCE-5453-6   appropriately                 permissions
             /var/adm/syslog file
             permissions should be set
CCE-6048-3   appropriately                 permissions

             /var/mail file permissions
CCE-5832-1   should be set appropriately permissions

             /var/tmp file permissions
CCE-6017-8   should be set appropriately   permissions
             /usr/lib/pt_chmod file
             permissions should be set
CCE-5986-5   appropriately                 permissions
             /usr/lib/embedded_us file
             permissions should be set
CCE-5875-0   appropriately                 permissions
             /usr/lib/sendmail file
             permissions should be set
CCE-5977-4   appropriately                 permissions
             /usr/kerberos/bin/rsh file
             permissions should be set
CCE-5627-5   appropriately                 permissions
             /var/spool/mail file
             permissions should be set
CCE-5455-1   appropriately                 permissions
             smbpassword file
             permissions should be set
CCE-5077-3   appropriately                permissions
             At directory should be
             owned by an appropriate
CCE-5695-2   user                         list of users
             At directory should be
             owned by an appropriate
CCE-5646-5   group                        list of groups
             at.allow file should be
             owned by an appropriate
CCE-5161-5   user                         list of users
             at.allow file should be
             owned by an appropriate
CCE-5254-8   group                        list of groups
             at.deny file should be
             owned by an appropriate
CCE-5853-7   user                         list of users
             at.deny file should be
             owned by an appropriate
CCE-5632-5   group                        list of groups
             Cron directories should be
             owned by an appropriate
CCE-5319-9   user                         list of users
             Cron directories should be
             owned by an appropriate
CCE-5412-2   group                        list of groups
             Crontab directories should
             be owned by an
CCE-5082-3   appropriate user             list of users
             Crontab directories should
             be owned by an
CCE-5754-7   appropriate group            list of groups
             cron.allow file should be
             owned by an appropriate
CCE-6022-8   user                         list of users
             cron.allow file should be
             owned by an appropriate
CCE-5868-5   group                        list of groups

             cron.deny should be owned
CCE-5961-8   by an appropriate user       list of users
             cron.deny data should be
             owned by an appropriate
CCE-5837-0   group                        list of groups
             crontab files should be
             owned by an appropriate
CCE-5929-5   user                         list of users
             crontab files should be
             owned by an appropriate
CCE-5085-6   group                        list of groups
             /etc/resolv.conf file should
             be owned by an
CCE-5919-6   appropriate user               list of users
             /etc/resolv.conf file should
             be owned by an
CCE-5888-3   appropriate group              list of groups
             /etc/named.boot file should
             be owned by an
CCE-5941-0   appropriate user               list of users
             /etc/named.boot file should
             be owned by an
CCE-5910-5   appropriate group              list of groups
             /etc/named.conf file should
             be owned by an
CCE-5822-2   appropriate user               list of users
             /etc/named.conf file should
             be owned by an
CCE-5663-0   appropriate group              list of groups
             Each user home directory
             should be owned by an
CCE-5086-4   appropriate user.              user
             Each user home directory
             should be owned by an
CCE-6007-9   appropriate group.             group
             inetd.conf file should be
             owned by an appropriate
CCE-5088-0   user                           user
             inetd.conf file should be
             owned by an appropriate
CCE-5732-3   group                          group
             /etc/exports should be
             owned by an appropriate
CCE-5326-4   user                           list of users
             /etc/exports should be
             owned by an appropriate
CCE-5296-9   group                          list of groups
             Exported files and
             directories should be
             owned by an appropriate
CCE-5283-7   user                           list of users
             Exported files and
             directories should be
             owned by an appropriate
CCE-5428-8   group                          list of groups
             /etc/services file should be
             owned by an appropriate
CCE-5626-7   user                           list of users
             /etc/services file should be
             owned by an appropriate
CCE-5957-6   group                          list of groups
             /etc/notrouter file should be
             owned by an appropriate
CCE-5740-6   user                            list of users
             /etc/notrouter file should be
             owned by an appropriate
CCE-5090-6   group                           list of groups
             /etc/samba/smb.conf file
             should be owned by an
CCE-6086-3   appropriate user                list of users
             /etc/samba/smb.conf file
             should be owned by an
CCE-6055-8   appropriate group               list of groups
             smbpasswd executable
             should be owned by an
CCE-6024-4   appropriate user                list of users
             smbpasswd executable
             should be owned by an
CCE-5839-6   appropriate group               list of groups
             aliases file should be
             owned by an appropriate
CCE-5091-4   user                            list of users
             aliases file should be
             owned by an appropriate
CCE-5497-3   group                           list of groups
             The log file configured to
             capture critical sendmail
             messages should be
             owned by the appropriate
CCE-6029-3   user.                           list of users
             The log file configured to
             capture critical sendmail
             messages should be
             owned by the appropriate
CCE-5116-9   group.                          list of groups
             Programs executed
             through aliases file entries
             should be owned by an
CCE-5154-0   appropriate user                list of users
             Programs executed
             through aliases file entries
             should be owned by an
CCE-6013-7   appropriate group               list of groups

             Shell files should be owned
CCE-5999-8   by an appropriate user      list of users

             Shell files should be owned
CCE-6003-8   by an appropriate group     list of groups
             snmpd.conf file should be
             owned by an appropriate
CCE-6096-2   user                            list of users
             snmpd.conf file should be
             owned by an appropriate
CCE-6107-7   group                           list of groups
             /etc/syslog.conf file should
             be owned by an
CCE-5171-4   appropriate user                list of users
             /etc/syslog.conf file should
             be owned by an
CCE-5688-7   appropriate group               list of groups
             traceroute executable
             should be owned by an
CCE-5185-4   appropriate user                list of users
             traceroute executable
             should be owned by an
CCE-5671-3   appropriate group               list of groups
             /usr/lib/sendmail file should
             be owned by an
CCE-5706-7   appropriate user                list of users
             /usr/lib/sendmail file should
             be owned by an
CCE-6177-0   appropriate group               list of groups
             /etc/passwd file should be
             owned by an appropriate
CCE-5860-2   user                            list of users
             /etc/passwd file should be
             owned by an appropriate
CCE-6146-5   group                           list of groups
             /etc/shadow file should be
             owned by an appropriate
CCE-5992-3   user                            list of users
             /etc/shadow file should be
             owned by an appropriate
CCE-5615-0   group                           list of groups
             smbpasswd file should be
             owned by an appropriate
CCE-5580-6   user                            list of users
             smbpasswd file should be
             owned by an appropriate
CCE-5191-2   group                           list of groups
             Environmental variable
             PATH for superuser
             accounts should or should
             not contain world-writable
CCE-6088-9   files as appropriate            should/should not
             Environmental variable
             PATH for superuser
             accounts should not
             contain the current
             directory as the first or last
CCE-6044-2   entry                          should/should not
             The current working
             directory should or should
             not be added to the
             environmental variable
             PATH by global
             initialization files as
CCE-5195-3   appropriate                    should/should not
             The current working
             directory should or should
             not be added to the
             environmental variable
             PATH by local initialization
CCE-6012-9   files as appropriate           should/should not
CCE-5361-1   DEPRECATED.
             The current working
             directory should or should
             not be added to the
             environmental variable
             PATH by run control scripts
CCE-5204-3   as appropriate                 should/should not
             The system umask should
CCE-6087-1   be set appropriately           umask
             The user umask should be
CCE-6056-6   set appropriately              umask
             The cron.allow file should
             be configured with the set
             of users permitted to use
             the cron facility as
CCE-5816-4   appropriate.                   list of users
             The cron.deny file should
             be configured with the set
             of users not permitted to
             use the cron facility as
CCE-5785-1   appropriate.                   list of users
             Cron logging should be
             enabled or disabled as
CCE-5661-4   appropriate                    enabled/disabled
             The at.allow file should be
             configured with the set of
             users permitted to use the
CCE-5877-6   at facility as appropriate.    list of users
             The at.deny file should be
             configured with the set of
             users not permitted to use
             the at facility as
CCE-5600-2   appropriate.                   list of users
             /etc/security/audit/config
             file permissions should be
CCE-5489-0   set appropriately              permissions
             /etc/security/audit/events
             file permissions should be
CCE-6066-5   set appropriately              permissions
             /etc/security/audit/objects
             file permissions should be
CCE-6084-8   set appropriately              permissions
             /usr/lib/trcload file
             permissions should be set
CCE-5819-8   appropriately                  permissions
             /usr/lib/semutil file
             permissions should be set
CCE-5648-1   appropriately                  permissions
             /etc/security/audit/config
             file should be owned by an
CCE-5205-0   appropriate user               list of users
             /etc/security/audit/events
             file should be owned by an
CCE-5548-3   appropriate user               list of users
             /etc/security/audit/objects
             file should be owned by an
CCE-6085-5   appropriate user               list of users
             /usr/lib/trcload file should
             be owned by an
CCE-5926-1   appropriate user               list of users
             /usr/lib/semutil file should
             be owned by an
CCE-5224-1   appropriate user               list of users
             /etc/security/audit/config
             file should be owned by an
CCE-6037-6   appropriate group              list of groups
             /etc/security/audit/events
             file should be owned by an
CCE-6011-1   appropriate group              list of groups
             /etc/security/audit/objects
             file should be owned by an
CCE-5980-8   appropriate group              list of groups
             /usr/lib/trcload file should
             be owned by an
CCE-6103-6   appropriate group              list of groups
             /usr/lib/semutil file should
             be owned by an
CCE-5945-1   appropriate group              list of groups
             The authentication
             mechanism (SYSTEM
             attribute) should be set    authentication
CCE-6079-8   appropriately for each user system
             Trusted Computing Base
             should be installed or not
CCE-6158-0   as appropriate              installed/not installed

             Auditing should be enabled
             or disabled as appropriate
CCE-5484-1   in runcontrol scripts         enabled/disabled
             BIN mode auditing should
             be enabled or disabled as
CCE-5378-5   appropriate                   enabled/disabled
             Accounts should be
             present or absent from the
             audit config file as
CCE-5235-7   appropriate                   present/absent
             System logons should be
             audited or not as
CCE-5913-9   appropriate                   audited/not audited
             System logoffs should be
             audited or not as
CCE-5993-1   appropriate                   audited/not audited
             Password changes should
             be audited or not as
CCE-5693-7   appropriate                   audited/not audited

             su usage should be audited
CCE-6230-7   or not as appropriate      audited/not audited
             Creation/modification of
             superuser groups should
             be audited or not as
CCE-5697-8   appropriate                audited/not audited

             Startup/shutdown of audit
             functions should be audited
CCE-6197-8   or not as appropriate         audited/not audited
             Certificate revocation
             should be audited or not as
CCE-5889-1   appropriate                   audited/not audited
             Remote access from
             outside the corporate
             network should be audited
CCE-6109-3   or not as appropriate         audited/not audited
             Use of chown command
             should be audited or not as
CCE-5242-3   appropriate                   audited/not audited
             File permissions of the rcp
             binary should be set
CCE-6213-3   correctly                      permissions
             File permissions of the
             rlogin binary should be set
CCE-5680-4   correctly                      permissions
             File permissions of the
             rlogind binary should be set
CCE-5591-3   correctly                      permissions
             File permissions of the rsh
             binary should be set
CCE-5543-4   correctly                      permissions
             File permissions of the
             rshd binary should be set
CCE-5934-5   correctly                      permissions
             File permissions of the tftp
             binary should be set
CCE-6009-5   correctly                      permissions
             File permissions of the
             tftpd binary should be set
CCE-5996-4   correctly                      permissions
             Global initialization files
             should allow or deny write
             access to the terminal as
CCE-6135-8   appropriate                    allow/deny
             Netrc should be configured
             with an appropriate set of
CCE-5963-4   services                       list of services
             Change of file ownership
             should be audited or not as
CCE-6104-4   appropriate                    audited/not audited
             Use of chmod command
             should be audited or not as
CCE-5324-9   appropriate                    audited/not audited
             Certificate creation should
             be audited or not as
CCE-6170-5   appropriate                    audited/not audited
             Certificate deletion should
             be audited or not as
CCE-5243-1   appropriate                    audited/not audited
             Certificate retrieval should
             be audited or not as
CCE-6016-0   appropriate                    audited/not audited
             Startup or shutdown of the
             audit process should be
             audited or not as
CCE-6174-7   appropriate                    audited/not audited
             Use of chgrp should be
             audited or not as
CCE-5245-6   appropriate                    audited/not audited
             Use of mkgroup should be
             audited or not as
CCE-5253-0   appropriate              audited/not audited
             Use of rmgroup should be
             audited or not as
CCE-6189-5   appropriate              audited/not audited

             Use of change user
             functions should be audited
CCE-6035-0   or not as appropriate       audited/not audited
             Terminal logoffs should be
             audited or not as
CCE-6100-2   appropriate                 audited/not audited
             Exit function usage should
             be audited or not as
CCE-6157-2   appropriate                 audited/not audited

             Hard core dump size limits Size (0 to disable
CCE-6156-4   should be set appropriately core dumps)
             Remote root logins via
             SSH should be allowed or
CCE-5751-3   not as appropriate.         allowed/not allowed
                                         Internal Revenue Service Basic
                                         UNIX Security Requirements (IRS
              CCE Technical Mechanisms   BUSR)
                                         http://www.irs.gov/irm/part10/ch03
                                         s08.html




via fstab                                10.8.10.4.2.1 (5)


via fstab                                10.8.10.4.2.1 (5)


via fstab                                10.8.10.4.2.1 (5)




via /etc/passwd                          10.8.10.4.2.1 (6)

via /etc/security/limits
via ulimit                               10.8.10.4.4 (3)


via /etc/snmp.conf                       10.8.10.5.1 (1) c)


via /etc/snmp.conf                       10.8.10.5.1 (1) c)




via /etc/security/user                   10.8.10.5.1 (2) a)




via /etc/security/user                   10.8.10.5.1 (2) a)




via /etc/security/user                   10.8.10.5.1 (2) a)




via /etc/security/user                   10.8.10.5.1 (2) a)
via /etc/security/user        10.8.10.5.1 (2) b)


via /etc/security/user        10.8.10.5.1 (2) c)




via /etc/security/user        10.8.10.5.1 (2) d)




via /etc/security/user        10.8.10.5.1 (2) e)


via passwd
via /etc/shadow               10.8.10.5.1 (2) f)




via /etc/security/passwd      10.8.10.5.1 (2) g)




                              10.8.10.5.1 (3)


via /etc/security/user        10.8.10.5.1 (5)




via chown                     10.8.10.5.2 (3)

via chgrp
via chown                     10.8.10.5.2 (3)

via /etc/security/login.cfg
via /etc/motd                 10.8.10.5.2 (5) a)


via sshd.conf                 10.8.10.5.2 (5) b)


                              10.8.10.5.2 (5) c)


                              10.8.10.5.2 (5) d)
                     10.8.10.5.2 (5) e)


via passwd
via /etc/passwd      10.8.10.5.2.1 (2) a)




via passwd
via /etc/passwd      10.8.10.5.2.1 (2) b)


via /etc/passwd      10.8.10.5.2.4 (3)

via /etc/passwd      10.8.10.5.2.4 (9)




via /etc/passwd      10.8.10.5.2.4.1 (1)


via Xscreensaver
via dtsession        10.8.10.5.2.5 (1)


via chmod            10.8.10.5.2.6 (1)


via BIOS             10.8.10.5.2.6 (3)


/etc/default/login   10.8.10.5.2.6 (4)


filesystem           10.8.10.5.2.6 (6)


filesystem           10.8.10.5.2.6 (6)


filesystem           10.8.10.5.2.6 (6)


filesystem           10.8.10.5.2.6 (6)
Text editor      10.8.10.5.2.6 (7)




Text editor      10.8.10.5.2.6 (7)




Text editor      10.8.10.5.2.6 (10)

Text editor      10.8.10.5.2.6 (11)




/etc/shells      10.8.10.5.2.6 (12)




/etc/group       10.8.10.5.2.6 (15)


/etc/passwd      10.8.10.5.2.6 (16)


/etc/passwd      10.8.10.5.2.6 (17)




filesystem       10.8.10.5.2.6 (18)


filesystem       10.8.10.5.2.6 (24)


via RC scripts   10.8.10.5.3 (3)




ntpd.conf
Audit subsystem               10.8.10.5.3 (4)


Audit subsystem               10.8.10.5.3 (5)




Audit subsystem               10.8.10.5.3 (6)


                              10.8.10.5.4.1 (12)


                              10.8.10.5.4.1 (2) a)




                              10.8.10.5.4.1 (2) c)




                              10.8.10.5.4.1 (2) d)




                              10.8.10.5.4.1 (2) e)


                              10.8.10.5.4.1 (3)


via /etc/default/route.conf   10.8.10.5.4.1 (4)


via RC scripts                10.8.10.5.4.1 (5)

via inetd
via inetd.conf                10.8.10.5.4.1 (11) #1

via inetd
via inetd.conf                10.8.10.5.4.1 (11) #2

via inetd
via inetd.conf                10.8.10.5.4.1 (11) #3

via inetd
via inetd.conf                10.8.10.5.4.1 (11) #4
via inetd
via inetd.conf   10.8.10.5.4.1 (11) #5

via inetd
via inetd.conf   10.8.10.5.4.1 (11) #6

via inetd
via inetd.conf   10.8.10.5.4.1 (11) #7

via inetd
via inetd.conf   10.8.10.5.4.1 (11) #8

via inetd
via inetd.conf   10.8.10.5.4.1 (11) #9

via inetd
via inetd.conf   10.8.10.5.4.1 (11) #10

via inetd
via inetd.conf   10.8.10.5.4.1 (11) #11

via inetd
via inetd.conf   10.8.10.5.4.1 (11) #12

via inetd
via inetd.conf   10.8.10.5.4.1 (11) #13

via inetd
via inetd.conf   10.8.10.5.4.1 (11) #14


via inetd
via inetd.conf   10.8.10.5.4.1 (11) #16

via inetd
via inetd.conf   10.8.10.5.4.1 (11) #17

via inetd
via inetd.conf   10.8.10.5.4.1 (11) #18

via inetd
via inetd.conf   10.8.10.5.4.1 (11) #19

via inetd
via inetd.conf   10.8.10.5.4.1 (11) #20

via inetd
via inetd.conf   10.8.10.5.4.1 (11) #21
via inetd
via inetd.conf        10.8.10.5.4.1 (11) #22

via inetd
via inetd.conf        10.8.10.5.4.1 (11) #23

via inetd
via inetd.conf        10.8.10.5.4.1 (11) #24

via inetd
via inetd.conf        10.8.10.5.4.1 (11) #26

via inetd
via inetd.conf        10.8.10.5.4.1 (11) #27

via inetd
via inetd.conf        10.8.10.5.4.1 (11) #28

via inetd
via inetd.conf        10.8.10.5.4.1 (11) #29

via inetd
via inetd.conf        10.8.10.5.4.1 (11) #30

via inetd
via inetd.conf        10.8.10.5.4.1 (11) #31

via inetd
via inetd.conf        10.8.10.5.4.1 (11) #32


via inetd
via inetd.conf        10.8.10.5.4.1 (11) #34


via RC scripts        10.8.10.5.4.1.1 (2)




via /etc/named.conf   10.8.10.5.4.1.1 (5)


/etc/ssh/ssh_config   10.8.10.5.4.1.2 (2)


via inetd.conf        10.8.10.5.4.1.3 (1)


                      10.8.10.5.4.1.4 (1)
via RC scripts     10.8.10.5.4.1.5 (1)


via RC scripts     10.8.10.5.4.1.5 (1)


via RC scripts     10.8.10.5.4.1.5 (1)


via RC scripts     10.8.10.5.4.1.5 (1)




                   10.8.10.5.4.1.5 (1) a)




                   10.8.10.5.4.1.5 (1) a)




                   10.8.10.5.4.1.5 (1) f)




                   10.8.10.5.4.1.5 (1) f)




                   10.8.10.5.4.1.5 (1) f)




                   10.8.10.5.4.1.5 (1) f)




via /etc/exports   10.8.10.5.4.1.5 (1) g)
via /etc/fstab                   10.8.10.5.4.1.5 (1) i)




via /etc/fstab                   10.8.10.5.4.1.5 (1) i)


via RC scripts                   10.8.10.5.4.2.2 (1)


via /etc/mail/sendmail.cf        10.8.10.5.4.2.2 (3)

via /etc/aliases
via /usr/lib/aliases             10.8.10.5.4.2.2 (4) c)


via rm                           10.8.10.5.4.2.2 (4) e)




via chown                        10.8.10.5.4.2.2 (4) f)




via chown                        10.8.10.5.4.2.2 (4) f)


via /etc/mail/sendmail.cf        10.8.10.5.4.2.2 (4) g)


via /etc/mail/sendmail.cf        10.8.10.5.4.2.2 (4) h)


via /etc/mail/sendmail.cf        10.8.10.5.4.2.2 (4) i)




via /etc/mail/sendmail.cf        10.8.10.5.4.2.2 (4) k)

via RC scripts                   10.8.10.5.4.2.3 (1)

via NIS+
via RC scripts                   10.8.10.5.4.2.3 (1) b)

via Xwindows
via /etc/inittab vi RC scripts   10.8.10.5.4.2.4 (1)
via /etc/X*.hosts   10.8.10.5.4.2.4 (2) b)

via xdm
via gdm
via kdm             10.8.10.5.4.2.4 (2) d)


via sshd_config     10.8.10.5.4.2.4 (2) f)
via smbd
via RC scripts      10.8.10.5.4.2.6 (1)


via smbd
via smb.conf        10.8.10.5.4.2.6 (3) a)

via smbd
via smb.conf        10.8.10.5.4.2.6 (3) b)

via smbd
via smb.conf        10.8.10.5.4.2.6 (3) c)


via smbd
via smb.conf        10.8.10.5.4.2.6 (3) d)

via SMIT            10.8.10.5.4.3 (1)


via chmod           10.8.10-1 A.1 1) #1


via chmod           10.8.10-1 A.1 1) #2


via chmod           10.8.10-1 A.1 1) #2


via chmod           10.8.10-1 A.1 1) #5


via chmod           10.8.10-1 A.1 1) #5


via chmod           10.8.10-1 A.1 1) #6


via chmod           10.8.10-1 A.1 1) #7
via chmod   10.8.10-1 A.1 1) #7


via chmod   10.8.10-1 A.1 1) #8


via chmod   10.8.10-1 A.1 1) #9


via chmod   10.8.10-1 A.1 1) #10


via chmod   10.8.10-1 A.1 1) #11


via chmod   10.8.10-1 A.1 1) #13


via chmod   10.8.10-1 A.1 1) #14


via chmod   10.8.10-1 A.1 1) #21


via chmod   10.8.10-1 A.1 1) #23


via chmod   10.8.10-1 A.1 1) #25


via chmod   10.8.10-1 A.1 1) #26


via chmod   10.8.10-1 A.1 1) #27




via chmod   10.8.10-1 A.1 1) #29


via chmod   10.8.10-1 A.1 1) #31


via chmod   10.8.10-1 A.1 1) #32


via chmod   10.8.10-1 A.1 1) #34
via chmod        10.8.10-1 A.1 1) #35




via chmod        10.8.10-1 A.1 1) #36


via chmod        10.8.10-1 A.1 1) #37


via chmod        10.8.10-1 A.1 1) #38


via chmod        10.8.10-1 A.1 1) #39

via filesystem   10.8.10-1 A.1 1) #40


via chmod        10.8.10-1 A.1 1) #41


via chmod        10.8.10-1 A.1 1) #42


via chmod        10.8.10-1 A.1 1) #43


via chmod        10.8.10-1 A.1 1) #44


via chmod        10.8.10-1 A.1 1) #45

via filesystem   10.8.10-1 A.1 1) #46


via chmod        10.8.10-1 A.1 1) #47


via chmod        10.8.10-1 A.1 1) #48


via chmod        10.8.10-1 A.1 1) #49


via chmod        10.8.10-1 A.1 1) #50
via chmod        10.8.10-1 A.1 1) #51

via filesystem   10.8.10-1 A.1 1) #52


via chmod        10.8.10-1 A.1 1) #53


via chmod        10.8.10-1 A.1 1) #54


via chmod        10.8.10-1 A.1 1) #56


via chmod        10.8.10-1 A.1 1) #57


via chmod        10.8.10-1 A.1 1) #58


via chmod        10.8.10-1 A.1 1) #59


via chmod        10.8.10-1 A.1 1) #60


via chmod        10.8.10-1 A.1 1) #61


via chmod        10.8.10-1 A.1 1) #62


via chmod        10.8.10-1 A.1 1) #63


via chmod        10.8.10-1 A.1 1) #64


via chmod        10.8.10-1 A.1 1) #65


via chmod        10.8.10-1 A.1 1) #66


via filesystem   10.8.10-1 A.1 1) #69


via chmod        10.8.10-1 A.1 1) #70
via chmod        10.8.10-1 A.1 1) #71


via chmod        10.8.10-1 A.1 1) #72


via chmod        10.8.10-1 A.1 1) #73


via chmod        10.8.10-1 A.1 1) #75


via chmod        10.8.10-1 A.1 1) #76


via chmod        10.8.10-1 A.1 1) #77


via chmod        10.8.10-1 A.1 1) #78


via chmod        10.8.10-1 A.1 1) #79


via chmod        10.8.10-1 A.1 1) #80


via chmod        10.8.10-1 A.1 1) #81


via chmod        10.8.10-1 A.1 1) #82


via chmod        10.8.10-1 A.1 1) #83

via filesystem   10.8.10-1 A.1 1) #84


via chmod        10.8.10-1 A.1 1) #85


via chmod        10.8.10-1 A.1 1) #86


via chmod        10.8.10-1 A.1 1) #87


via chmod        10.8.10-1 A.1 1) #88
via chmod   10.8.10-1 A.1 1) #89




via chmod   10.8.10-1 A.1 1) #91




via chmod   10.8.10-1 A.1 1) #93


via chmod   10.8.10-1 A.1 1) #94


via chmod   10.8.10-1 A.1 1) #95


via chmod   10.8.10-1 A.1 1) #96


via chmod   10.8.10-1 A.1 1) #97


via chmod   10.8.10-1 A.1 1) #98


via chmod   10.8.10-1 A.1 1) #99


via chmod   10.8.10-1 A.1 1) #100


via chmod   10.8.10-1 A.1 1) #101


via chmod   10.8.10-1 A.1 1) #103


via chmod   10.8.10-1 A.1 1) #104


via chmod   10.8.10-1 A.1 1) #105


via chmod   10.8.10-1 A.1 1) #107


via chmod   10.8.10-1 A.1 1) #108
via chmod   10.8.10-1 A.1 1) #109


via chown   10.8.10-1 A.1 2) #1

via chgrp
via chown   10.8.10-1 A.1 2) #1


via chown   10.8.10-1 A.1 2) #2

via chgrp
via chown   10.8.10-1 A.1 2) #2


via chown   10.8.10-1 A.1 2) #2

via chgrp
via chown   10.8.10-1 A.1 2) #2


via chown   10.8.10-1 A.1 2) #4

via chgrp
via chown   10.8.10-1 A.1 2) #4


via chown   10.8.10-1 A.1 2) #4

via chgrp
via chown   10.8.10-1 A.1 2) #4


via chown   10.8.10-1 A.1 2) #5

via chgrp
via chown   10.8.10-1 A.1 2) #5


via chown   10.8.10-1 A.1 2) #5

via chgrp
via chown   10.8.10-1 A.1 2) #5


via chown   10.8.10-1 A.1 2) #6

via chgrp
via chown   10.8.10-1 A.1 2) #6
via chown   10.8.10-1 A.1 2) #7

via chgrp
via chown   10.8.10-1 A.1 2) #7


via chown   10.8.10-1 A.1 2) #7

via chgrp
via chown   10.8.10-1 A.1 2) #7


via chown   10.8.10-1 A.1 2) #7

via chgrp
via chown   10.8.10-1 A.1 2) #7


via chown   10.8.10-1 A.1 2) #11

via chgrp
via chown   10.8.10-1 A.1 2) #11


via chown   10.8.10-1 A.1 2) #12

via chgrp
via chown   10.8.10-1 A.1 2) #12


via chown   10.8.10-1 A.1 2) #13

via chgrp
via chown   10.8.10-1 A.1 2) #13




via chown   10.8.10-1 A.1 2) #14


via chgrp
via chown   10.8.10-1 A.1 2) #14


via chown   10.8.10-1 A.1 2) #16

via chgrp
via chown   10.8.10-1 A.1 2) #16
via chown   10.8.10-1 A.1 2) #18

via chgrp
via chown   10.8.10-1 A.1 2) #18


via chown   10.8.10-1 A.1 2) #21

via chgrp
via chown   10.8.10-1 A.1 2) #21


via chown   10.8.10-1 A.1 2) #22

via chgrp
via chown   10.8.10-1 A.1 2) #22


via chown   10.8.10-1 A.1 2) #24

via chgrp
via chown   10.8.10-1 A.1 2) #24




via chown   10.8.10-1 A.1 2) #25




via chgrp
via chown   10.8.10-1 A.1 2) #25




via chown   10.8.10-1 A.1 2) #26


via chgrp
via chown   10.8.10-1 A.1 2) #26


via chown   10.8.10-1 A.1 2) #27

via chgrp
via chown   10.8.10-1 A.1 2) #27
via chown     10.8.10-1 A.1 2) #29

via chgrp
via chown     10.8.10-1 A.1 2) #29


via chown     10.8.10-1 A.1 2) #30

via chgrp
via chown     10.8.10-1 A.1 2) #30


via chown     10.8.10-1 A.1 2) #31

via chgrp
via chown     10.8.10-1 A.1 2) #31


via chown     10.8.10-1 A.1 2) #32

via chgrp
via chown     10.8.10-1 A.1 2) #32


via chown     10.8.10-1 A.1 2) #35

via chgrp
via chown     10.8.10-1 A.1 2) #35


via chown     10.8.10-1 A.1 2) #36

via chgrp
via chown     10.8.10-1 A.1 2) #36


via chown     10.8.10-1 A.1 2) #37

via chgrp
via chown     10.8.10-1 A.1 2) #37




via chmod
via profile   10.8.10-1 A.2 1) #1
via local init files    10.8.10-1 A.2 1) #2




via local init files    10.8.10-1 A.2 1) #3




via local init files    10.8.10-1 A.2 1) #4




                        10.8.10-1 A.2 1) #7

via global init files   10.8.10-1 A.2 1) #8

via local init files    10.8.10-1 A.2 1) #8




Text editor




Text editor


                        10.8.10-1 A.3 4)




Text editor
Text editor


via chmod     10.8.10-5 E.1 1) #1


via chmod     10.8.10-5 E.1 1) #2


via chmod     10.8.10-5 E.1 1) #3


via chmod     10.8.10-5 E.1 1) #5


via chmod     10.8.10-5 E.1 1) #6


via chown     10.8.10-5 E.1 1) #1

via chgrp
via chown     10.8.10-5 E.1 1) #2


via chown     10.8.10-5 E.1 1) #3


via chown     10.8.10-5 E.1 1) #5


via chown     10.8.10-5 E.1 1) #6


via chown     10.8.10-5 E.1 1) #1

via chgrp
via chown     10.8.10-5 E.1 1) #2

via chgrp
via chown     10.8.10-5 E.1 1) #3

via chgrp
via chown     10.8.10-5 E.1 1) #5

via chgrp
via chown     10.8.10-5 E.1 1) #6
via /etc/security/user           10.8.10-5 E.1 2)


via /etc/security/user           10.8.10-5 E.2 1)


via /etc/inittab
via RC scripts                   10.8.10-5 E.3 1)


via /etc/security/audit/config   10.8.10-5 E.3 2)




via /etc/security/audit/config   10.8.10-5 E.3 3)


via /etc/security/audit/config   10.8.10-5 E.3 4) #1


via /etc/security/audit/config   10.8.10-5 E.3 4) #2


via /etc/security/audit/config   10.8.10-5 E.3 4) #3


via /etc/security/audit/config   10.8.10-5 E.3 4) #4




via /etc/security/audit/config   10.8.10-5 E.3 4) #5




via /etc/security/audit/config   10.8.10-5 E.3 4) #9


via /etc/security/audit/config   10.8.10-5 E.3 4) #10




via /etc/security/audit/config   10.8.10-5 E.3 4) #11


via /etc/security/audit/config   10.8.10-5 E.3 4) #13
via chmod                        10.8.10-5 E.4 1)


via chmod                        10.8.10-5 E.4 1)


via chmod                        10.8.10-5 E.4 1)


via chmod                        10.8.10-5 E.4 1)


via chmod                        10.8.10-5 E.4 1)


via chmod                        10.8.10-5 E.4 1)


via chmod                        10.8.10-5 E.4 1)




via global init files            10.8.10-5 E.5 1) #1


via /etc/security/sysck.cfg      10.8.10-5 E.4 1)


via /etc/security/audit/config   10.8.10-5 E.3 4) #13


via /etc/security/audit/config   10.8.10-5 E.3 4) #13


via /etc/security/audit/config   10.8.10-5 E.3 4) #10


via /etc/security/audit/config   10.8.10-5 E.3 4) #10


via /etc/security/audit/config   10.8.10-5 E.3 4) #10




via /etc/security/audit/config   10.8.10-5 E.3 4) #9


via /etc/security/audit/config   10.8.10-5 E.3 4) #5
via /etc/security/audit/config    10.8.10-5 E.3 4) #5


via /etc/security/audit/config    10.8.10-5 E.3 4) #5




via /etc/security/audit/config    10.8.10-5 E.3 4) #4


via /etc/security/audit/config    10.8.10-5 E.3 4) #2


via /etc/security/audit/config    10.8.10-5 E.3 4) #2


via /etc/security/limits ulimit   10.8.10.4.4 (3)


via /etc/ssh/sshd_config          10.8.10.5.2.6 (4)
                                                 CCE
  CCE ID        CCE Description
                                              Parameters



             /export/home should be
             configured on an
             appropriate filesystem
CCE-5435-3   logical volume                logical volume
             /var should be configured
             on an appropriate
CCE-6030-1   filesystem logical volume     logical volume
             /opt should be configured
             on an appropriate
CCE-5936-0   filesystem logical volume     logical volume
             The shell for the root
             account should be located
             on the appropriate
CCE-6122-6   filesystem                    filesystem

             Core dump size limits         Size (0 to disable
CCE-6091-3   should be set appropriately   core dumps)
             The read-only SNMP
             community string should be
CCE-6249-7   set appropriately.            string
             The read/write SNMP
             community string should be
CCE-6095-4   set appropriately.            string
             Password policy should
             ban or allow usernames or
             UIDs in passwords as
CCE-6108-5   appropriate                   ban/allow

             Password policy should
             ban or allow words found in
CCE-5812-3   a dictionary as appropriate. ban/allow

             Password policy should
             enforce the correct amount number of special
CCE-6161-4   of special characters      characters
             Password policy should
             enforce or not enforce the
             requirement to have mixed
             case passwords as
CCE-6172-1   appropriate.               enforce/not enforce
             The minimum password
             age should be set as
CCE-5639-0   appropriate                     number of days
             The minimum required
             password length should be       number of
CCE-6163-0   set as appropriate              characters
             Password history should be
             saved for an appropriate
             number of password              number of password
CCE-5982-4   changes                         changes
             The number of consecutive
             failed login attempts
             required to trigger a lockout   number of
             should be set as                consecutive failed
CCE-5956-8   appropriate                     login attempts
             Login access to accounts
             without passwords should
             be enabled or disabled as
CCE-6219-0   appropriate                     enabled/disabled
             New users should be
             required or not required to
             change their password on
CCE-5925-3   first login as appropriate      required/not required
             Access to single-user
             mode (maintainence mode)
             should require the root
             password or not as
CCE-6140-8   appropriate                     required/not required
             The delay between failed
             logins should be set as
CCE-6180-4   appropriate                     number of seconds

             All files should be owned       existing account
             by an existing account or       required / existing
CCE-6114-3   not as appropriate.             account not required
             All files should be owned       existing group
             by an existing group or not     required / existing
CCE-6120-0   as appropriate.                 group not required

             The console login banner
CCE-6094-7   should be set appropriately. banner text or null

             The SSH login banner
CCE-5561-6   should be set appropriately. banner text or null

             The telnet login banner
CCE-5583-0   should be set appropriately. banner text or null

             The ftp login banner should
CCE-5552-5   be set appropriately.       banner text or null
             The graphical login banner
CCE-5255-5   should be set appropriately.    banner text or null
             Accounts other than root
             should be allowed to have
             the UID 0 or not as
CCE-6043-4   appropriate                     allowed/not allowed
             Accounts other than root
             and locked system
             accounts should be
             allowed to have a GID of 0
CCE-6117-6   or not as appropriate           allowed/not allowed
             Each account should be
             assigned a unique UID or
CCE-5883-4   not as appropriate              unique/not unique
             The ftp account should
CCE-5261-3   exist or not as appropriate     exist/not exist
             Login accounts should
             include an appropriate
             GECOS identifier or no
CCE-5495-7   GECOS identifier                GECOS value, null
             The screen lock should
             activate after an
             appropriate period of
CCE-5949-3   inactivity                      number of minutes
             File permissions should be
             set appropriately for all
CCE-6147-3   shell executables.              permissions
             Remote (serial) consoles
             should be enabled or
CCE-6182-0   disabled as appropriate.        enabled/disabled
             Root logins should be
             restricted to the console or    restricted/not
CCE-5764-6   not as appropriate.             restricted
             .netrc files should exist or
             not as appropriate for all
CCE-6151-5   users.                          exist/not exist
             .rhosts files should exist or
             not as appropriate for all
CCE-5516-0   users.                          exist/not exist
             .shosts files should exist or
             not as appropriate for all
CCE-6089-7   users.                          exist/not exist
             The /etc/hosts.equiv file
             should exist or not as
CCE-5873-5   appropriate.                    exist/not exist
             The /etc/shells file should
CCE-6186-1   exist or not as appropriate     exist/not exist
             Shells referenced in
             /etc/passwd should be
             included in /etc/shells or
CCE-6191-1   not as appropriate               included/not included

             The use of NIS special
             characters (+ or -) in the
             first field of the /etc/passwd
             file should be allowed or
CCE-8640-5   disallowed as appropriate. allowed/not allowed

             The use of NIS special
             characters (+ or -) in the
             first field of the /etc/shadow
             file should be allowed or
CCE-8240-4   disallowed as appropriate.       allowed/not allowed
             The use of NIS special
             characters (+ or -) in the
             first field of the /etc/group
             file should be allowed or
CCE-8631-4   disallowed as appropriate.       allowed/not allowed
             Groups referenced in
             /etc/passwd should be
             included in /etc/group or
CCE-6208-3   not as appropriate.              included/not included
             The home directory for the
             root account should be set
CCE-5265-4   appropriately.                   path
             The home directory for
             each user account should
CCE-6133-3   be set appropriately.            path
             Home directories
             referenced in /etc/passwd
             should exist or not as
CCE-5797-6   appropriate                      exist/not exist
             All device files should be
             located inside an
CCE-5886-7   appropriate path                 path
             The ntpd service should be
             enabled or disabled as
CCE-5762-0   appropriate.                     enabled/disabled

             The Network Time Protocol
             (ntp) synchronization
             server should be set
CCE-5987-3   appropriately.            timeserver

             The default gateway should
CCE-5828-9   be set appropriately.      IP address/disabled
             The inetd service should be
             enabled or disabled as
CCE-5927-9   appropriate.                  enabled/disabled
             echo service should be
             enabled or disabled as
CCE-6143-2   appropriate                   enabled/disabled
             netstat service should be
             enabled or disabled as
CCE-6054-1   appropriate                   enabled/disabled
             rcp service should be
             enabled or disabled as
CCE-6010-3   appropriate                   enabled/disabled
             chargen service should be
             enabled or disabled as
CCE-5460-1   appropriate                   enabled/disabled
             finger service should be
             enabled or disabled as
CCE-5618-4   appropriate                   enabled/disabled
             tftpd service should be
             enabled or disabled as
CCE-5838-8   appropriate                   enabled/disabled
             walld service should be
             enabled or disabled as
CCE-5878-4   appropriate                   enabled/disabled
             rstatd service should be
             enabled or disabled as
CCE-5266-2   appropriate                   enabled/disabled
             sprayd service should be
             enabled or disabled as
CCE-6138-2   appropriate                   enabled/disabled
             rusersd service should be
             enabled or disabled as
CCE-6057-4   appropriate                   enabled/disabled
             rlogin service should be
             enabled or disabled as
CCE-5885-9   appropriate                   enabled/disabled
             rsh service should be
             enabled or disabled as
CCE-5978-2   appropriate                   enabled/disabled
             ftp service should be
             enabled or disabled as
CCE-5607-7   appropriate                   enabled/disabled
             telnet service should be
             enabled or disabled as
CCE-6075-6   appropriate                   enabled/disabled
CCE-6232-3   DEPRECATED.
             inn service should be
             enabled or disabled as
CCE-6171-3   appropriate                   enabled/disabled
             uucp service should be
             enabled or disabled as
CCE-5638-2   appropriate                  enabled/disabled
             rexec service should be
             enabled or disabled as
CCE-6175-4   appropriate                  enabled/disabled
             font-service should be
             enabled or disabled as
CCE-6144-0   appropriate                  enabled/disabled
             imap2 service should be
             enabled or disabled as
CCE-5763-8   appropriate                  enabled/disabled
             pop3 service should be
             enabled or disabled as
CCE-5856-0   appropriate                  enabled/disabled
             ident service should be
             enabled or disabled as
CCE-6081-4   appropriate                  enabled/disabled
             rexd service should be
             enabled or disabled as
CCE-6093-9   appropriate                  enabled/disabled
             daytime service should be
             enabled or disabled as
CCE-6173-9   appropriate                  enabled/disabled
             dtspc (cde-spc) service
             should be enabled or
CCE-5287-8   disabled as appropriate      enabled/disabled
             rquotad service should be
             enabled or disabled as
CCE-6070-7   appropriate                  enabled/disabled
             cmsd service should be
             enabled or disabled as
CCE-6026-9   appropriate                  enabled/disabled
             tooltalk service should be
             enabled or disabled as
CCE-6166-3   appropriate                  enabled/disabled
             xdmcp service should be
             enabled or disabled as
CCE-5867-7   appropriate                  enabled/disabled
             discard service should be
             enabled or disabled as
CCE-5810-7   appropriate                  enabled/disabled
CCE-5898-2   DEPRECATED.
             vino-server service should
             be enabled or disabled as
CCE-5713-3   appropriate                  enabled/disabled
             The bind service should be
             enabled or disabled as
CCE-5994-9   appropriate.                 enabled/disabled
             The version string reported
             by the bind service should
             be configured
CCE-6215-8   appropriately.                 string
             The nfsd service should be
             enabled or disabled as
CCE-5937-8   appropriate                    enabled/disabled
             The mountd service should
             be enabled or disabled as
CCE-5303-3   appropriate                    enabled/disabled
             The statd service should be
             enabled or disabled as
CCE-6223-2   appropriate                    enabled/disabled
             The lockd service should
             be enabled or disabled as
CCE-6069-9   appropriate                    enabled/disabled
             NFS should be configured
             with appropriate
CCE-5320-7   authentication methods         list of auth methods
             The read-only (ro) option
             should be enabled or
             disabled as appropriate for
CCE-5593-9   all NFS exports.               enabled/disabled
             The nosuid option should
             be enabled or disabled for
             all NFS mounts as
CCE-6256-2   appropriate                    enabled/disabled
             The nosgid option should
             be enabled or disabled for
             all NFS mounts as
CCE-5596-2   appropriate                    enabled/disabled
             Sendmail should be
             enabled or disabled as
CCE-6234-9   appropriate                    enabled/disabled

             The sendmail banner
CCE-6185-3   should be set appropriately.   string
             The decode sendmail alias
             should be enabled or
CCE-6000-4   disabled as appropriate.       enabled/disabled
             .forward files should be
             allowed or disallowed as
CCE-5551-7   appropriate for all users      allow/disallow
             Programs executed
             through the aliases file
             should be owned by an
CCE-6018-6   appropriate user               user
             Programs executed
             through the aliases file
             should reside a directory
             with an appropriate user
CCE-6141-6   owner                          user
             Sendmail vrfy command
             should be allowed or not as
CCE-6233-1   appropriate                    allow/disallow
             Sendmail expn command
             should be allowed or not as
CCE-5288-6   appropriate                    allow/disallow
             Sendmail should be
             configured with an
CCE-6113-5   appropriate logging level      logging level
             Sendmail help command
             should be allowed or not as
CCE-6047-5   appropriate                    allow/disallow
             NIS+ server should operate
             at an appropriate security
CCE-6214-1   level                          security level
             X-Windows should be
             enabled or disabled as
CCE-6051-7   appropriate                    enabled/disabled

             Authorized X-clients should
             be listed or not in the
CCE-5756-2   X*.hosts file as appropriate   listed/not listed
             X-Windows should write
             .Xauthority files to users'
             home directories or not as
CCE-5769-5   appropriate                    write/not write
             X11 forwarding via SSH
             should be enabled or
CCE-5976-6   disabled as appropriate.       enabled/disabled
             Samba should be enabled
CCE-5438-7   or disabled as appropriate     enabled/disabled
             Samba 'hosts allow' option
             should be configured with
             an appropriate set of
CCE-6227-3   networks                       list of networks
             Samba 'security option'
             option should be set as
CCE-5290-2   appropriate
             Samba 'encrypt' passwords
             option should be set as
CCE-6192-9   appropriate                    yes/no
             Samba 'smb passwd file'
             option should be set to an
             appropriate password file
CCE-6165-5   or no password file            file/nothing
             IPv6 should be enabled or
CCE-6262-0   disabled as appropriate     enabled/disabled

             /dev/kmem file permissions
CCE-6134-1   should be set appropriately permissions

             /dev/mem file permissions
CCE-5315-7   should be set appropriately permissions

             /dev/null file permissions
CCE-5912-1   should be set appropriately permissions

             resolv.conf file permissions
CCE-6128-3   should be set appropriately permissions
             /etc/named.conf file
             permissions should be set
CCE-5322-3   appropriately                permissions

             /usr/bin/at file permissions
CCE-6231-5   should be set appropriately permissions
             /usr/bin/rdist file
             permissions should be set
CCE-6082-2   appropriately                permissions
             /usr/sbin/sync file
             permissions should be set
CCE-6121-8   appropriately                permissions

             Superuser account home
             directories' permissions
CCE-5452-8   should be set appropriately permissions
             /etc/samba/smb.conf file
             permissions should be set
CCE-6280-2   appropriately               permissions
             smbpassword executable
             permissions should be set
CCE-5332-2   appropriately               permissions

             Aliases file permissions
CCE-5782-8   should be set appropriately permissions
             File permissions should be
             set as appropriate for the
             log file configured to
             capture critical sendmail
CCE-5861-0   messages.                   permissions
             All files executed through
             /etc/aliases file entries
             should have file
             permissions set
CCE-6248-9   appropriately               permissions
             /bin/csh file permissions
CCE-5592-1   should be set appropriately permissions

             /bin/jsh file permissions
CCE-5336-3   should be set appropriately permissions

             /bin/ksh file permissions
CCE-6205-9   should be set appropriately permissions
             The /bin/rsh file should
CCE-6298-4   exist or not as appropriate exist/not exist

             /bin/sh file permissions
CCE-6331-3   should be set appropriately permissions

             /bin/bash file permissions
CCE-6300-8   should be set appropriately permissions

             /sbin/csh file permissions
CCE-5938-6   should be set appropriately permissions

             /sbin/jsh file permissions
CCE-6027-7   should be set appropriately permissions

             /sbin/ksh file permissions
CCE-5864-4   should be set appropriately permissions
             The /sbin/rsh file should
CCE-5757-0   exist or not as appropriate exist/not exist

             /sbin/sh file permissions
CCE-6207-5   should be set appropriately permissions

             /sbin/bash file permissions
CCE-5973-3   should be set appropriately permissions
             /usr/bin/csh file
             permissions should be set
CCE-5341-3   appropriately               permissions

             /usr/bin/jsh file permissions
CCE-6291-9   should be set appropriately permissions
             /usr/bin/ksh file
             permissions should be set
CCE-6306-5   appropriately                 permissions
             The /usr/bin/rsh file should
CCE-5358-7   exist or not as appropriate exist/not exist

             /usr/bin/sh file permissions
CCE-6310-7   should be set appropriately permissions
             snmpd.conf file
             permissions should be set
CCE-5904-8   appropriately                 permissions

             /tmp file permissions
CCE-6217-4   should be set appropriately permissions

             /usr/tmp file permissions
CCE-5494-0   should be set appropriately permissions
             .Xauthority file permissions
             should be set appropriately
CCE-6221-6   for all users.               permissions

             /etc/aliases file permissions
CCE-6314-9   should be set appropriately permissions
             /etc/cron.d/at.allow file
             permissions should be set
CCE-6327-1   appropriately                 permissions
             /etc/cron.d/cron.allow file
             permissions should be set
CCE-6032-7   appropriately                 permissions

             /etc/csh file permissions
CCE-5915-4   should be set appropriately   permissions
             /etc/default/* file
             permissions should be set
CCE-5990-7   appropriately                 permissions
             /etc/default/login file
             permissions should be set
CCE-6320-6   appropriately                 permissions
             The /etc/ftpusers file
             should exist or not as
CCE-6236-4   appropriate                   exist/not exist
             /etc/host.lpd file
             permissions should be set
CCE-5950-1   appropriately                 permissions
             /etc/hostname* file
             permissions should be set
CCE-5362-9   appropriately                 permissions

             /etc/hosts file permissions
CCE-6068-1   should be set appropriately permissions
             /etc/inetd.conf file
             permissions should be set
CCE-6271-1   appropriately               permissions

             /etc/issue file permissions
CCE-6301-6   should be set appropriately permissions

             /etc/jsh file permissions
CCE-6275-2   should be set appropriately permissions
             /etc/ksh file permissions
CCE-6319-8   should be set appropriately permissions
             /etc/mail/aliases file
             permissions should be set
CCE-5649-9   appropriately               permissions

             /etc/motd file permissions
CCE-5870-1   should be set appropriately   permissions
             /etc/netconfig file
             permissions should be set
CCE-6274-5   appropriately                 permissions
             /etc/notrouter file
             permissions should be set
CCE-5372-8   appropriately                 permissions
             /etc/pam.conf file
             permissions should be set
CCE-5439-5   appropriately                 permissions
             /etc/passwd file
             permissions should be set
CCE-5601-0   appropriately                 permissions
             The /etc/rsh file should
CCE-6302-4   exist or not as appropriate   exist/not exist
             /etc/security file
             permissions should be set
CCE-5570-7   appropriately                 permissions
             /etc/services file
             permissions should be set
CCE-6020-2   appropriately                 permissions

             /etc/sh file permissions
CCE-5760-4   should be set appropriately permissions
             /etc/shadow file
             permissions should be set
CCE-5899-0   appropriately               permissions
             /etc/syslog.conf file
             permissions should be set
CCE-6225-7   appropriately               permissions
CCE-6242-2   DEPRECATED.

             /etc/fstab file permissions
CCE-6083-0   should be set appropriately permissions
CCE-5683-8   DEPRECATED.
             /var/adm/loginlog file
             permissions should be set
CCE-5933-7   appropriately               permissions
             /var/adm/messages file
             permissions should be set
CCE-6149-9   appropriately               permissions
             /var/adm/sulog file
             permissions should be set
CCE-6039-2   appropriately                 permissions
             /var/adm/utmp file
             permissions should be set
CCE-5655-6   appropriately                 permissions
             /var/adm/wtmp file
             permissions should be set
CCE-5854-5   appropriately                 permissions
             /var/adm/authlog file
             permissions should be set
CCE-6349-5   appropriately                 permissions
             /var/adm/syslog file
             permissions should be set
CCE-6067-3   appropriately                 permissions

             /var/mail file permissions
CCE-5388-4   should be set appropriately permissions

             /var/tmp file permissions
CCE-5691-1   should be set appropriately   permissions
             /usr/lib/pt_chmod file
             permissions should be set
CCE-5502-0   appropriately                 permissions
             /usr/lib/embedded_us file
             permissions should be set
CCE-5682-0   appropriately                 permissions
             /usr/lib/sendmail file
             permissions should be set
CCE-6259-6   appropriately                 permissions
             /usr/kerberos/bin/rsh file
             permissions should be set
CCE-6210-9   appropriately                 permissions
             /var/spool/mail file
             permissions should be set
CCE-5871-9   appropriately                 permissions
             smbpassword file
             permissions should be set
CCE-5840-4   appropriately                 permissions
             System files should be
             owned by an appropriate
CCE-6353-7   user                          list of users
             System files should be
             owned by an appropriate
CCE-5393-4   group                         list of groups
             Default/skeleton dot files
             should be owned by an
CCE-5399-1   appropriate user              list of users
             Default/skeleton dot files
             should be owned by an
CCE-6179-6   appropriate group             list of groups
             Global initialization files
             should be owned by an
CCE-6272-9   appropriate user                list of users
             Global initialization files
             should be owned by an
CCE-5403-1   appropriate group               list of groups
             Home directories should be
             owned by an appropriate
CCE-5746-3   user                            list of users
             Home directories should be
             owned by an appropriate
CCE-5465-0   group                           list of groups
             inetd.conf file should be
             owned by an appropriate
CCE-5729-9   user                            list of users
             inetd.conf file should be
             owned by an appropriate
CCE-5433-8   group                           list of groups
             /etc/services file should be
             owned by an appropriate
CCE-5879-2   user                            list of users
             /etc/services file should be
             owned by an appropriate
CCE-5447-8   group                           list of groups
             /etc/notrouter file should be
             owned by an appropriate
CCE-6046-7   user                            list of users
             /etc/notrouter file should be
             owned by an appropriate
CCE-5473-4   group                           list of groups
CCE-5404-9   DEPRECATED.
CCE-6254-7   DEPRECATED.
             /etc/passwd file should be
             owned by an appropriate
CCE-5425-4   user                            list of users
             /etc/passwd file should be
             owned by an appropriate
CCE-6372-7   group                           list of groups
             /etc/shadow file should be
             owned by an appropriate
CCE-6283-6   user                            list of users
             /etc/shadow file should be
             owned by an appropriate
CCE-6001-2   group                           list of groups
             Environmental variable
             PATH for superuser
             accounts should or should
             not contain world-writable
CCE-5451-0   files as appropriate            should/should not
             Environmental variable
             PATH for superuser
             accounts should not
             contain the current
             directory as the first or last
CCE-5467-6   entry                          should/should not

             The current directory
             should or should not be
             added to the environmental
             variable PATH by global
             initialization files as
CCE-6455-0   appropriate                      should/should not
             The current directory
             should or should not be
             added to the environmental
             variable PATH by local
             initialization files as
CCE-5486-6   appropriate                      should/should not
CCE-6337-0   DEPRECATED.
             The system umask should
CCE-6289-3   be set appropriately             umask
             The user umask should be
CCE-6451-9   set appropriately                umask
CCE-6042-6   DEPRECATED.
             /etc/rc.config.d/auditing file
             should be owned by an
CCE-5556-6   appropriate user                 list of users
CCE-5887-5   DEPRECATED.
             /etc/init.d file should be
             owned by an appropriate
CCE-5962-6   user                             list of users
             /etc/hosts.lpd file should be
             owned by an appropriate
CCE-6365-1   user                             list of users
CCE-6211-7   DEPRECATED.
             /etc/rc.config.d/auditing file
             should be owned by an
CCE-5491-6   appropriate group                list of groups
CCE-6313-1   DEPRECATED.
             /etc/init.d file should be
             owned by an appropriate
CCE-6159-8   group                            list of groups
             /etc/hosts.lpd file should be
             owned by an appropriate
CCE-6065-7   group                            list of groups
CCE-6251-3   DEPRECATED.
             /etc/rc.config.d/auditing file
             permissions should be set
CCE-6290-1   appropriately                    permissions
             DEPRECATED in favor of
             CCE-8638-9, CCE-8647-0,
CCE-6360-2   and CCE-8187-7.
             /etc/auto.master file should
             be owned by an
CCE-8638-9   appropriate user             list of users
             /etc/auto.misc file should
             be owned by an
CCE-8647-0   appropriate user             list of users
             /etc/auto.net file should be
             owned by an appropriate
CCE-8187-7   user                         list of users

             /etc/init.d file permissions
CCE-5504-6   should be set appropriately permissions
             /etc/hosts.lpd file
             permissions should be set
CCE-5517-8   appropriately                permissions
CCE-6076-4   DEPRECATED.

             Auditing should be enabled
             or disabled for user
CCE-6292-7   accounts as appropriate       enabled/disabled
             Auditing should be enabled
             or disabled at boot time as
CCE-6203-4   appropriate                   enabled/disabled
             System logons should be
             audited or not as
CCE-5794-3   appropriate                   audited/not audited
             System logoffs should be
             audited or not as
CCE-6168-9   appropriate                   audited/not audited
             Password changes should
             be audited or not as
CCE-6014-5   appropriate                   audited/not audited

             su usage should be audited
CCE-5983-2   or not as appropriate          audited/not audited
             Creation/modification of
             superuser groups should
             be audited or not as
CCE-5859-4   appropriate                    audited/not audited
             Clearing of the audit log file
             should be audited or not as
CCE-6326-3   appropriate                    audited/not audited

             Startup/shutdown of audit
             functions should be audited
CCE-5894-1   or not as appropriate       audited/not audited
             Use of
             identification/authorization
             mechanisms should be
             audited or not as
CCE-6110-1   appropriate                    audited/not audited
             Remote access from
             outside the corporate
             network should be audited
CCE-6423-8   or not as appropriate          audited/not audited
             Change of
             permissions/privileges
             should be audited or not as
CCE-6454-3   appropriate                    audited/not audited
             Global initialization files
             should allow or deny write
             access to the terminal as
CCE-6282-8   appropriate                    allow/deny
             PRI audit file should be
CCE-6317-2   specified appropriately        file and path
             SEC audit file should be
CCE-5660-6   specified appropriately        file and path

             FileSpaceSwitch should be percentage of free
CCE-6348-7   set to an appropriate value space

             Wakeup switchpoint
             frequency should be set to
CCE-5774-5   an appropriate time interval number of minutes
             Warning messages
             switchpoint distance should
             be set to an appropriate     switchpoint distance
CCE-5731-5   value                        integer

             Hard core dump size limits Size (0 to disable
CCE-6444-4   should be set appropriately core dumps)
             Root logins should be
             allowed or not as
             appropriate from SSH
CCE-5940-2   consoles                    allowed/not allowed
                                         Internal Revenue Service Basic
                                         UNIX Security Requirements (IRS
              CCE Technical Mechanisms   BUSR)
                                         http://www.irs.gov/irm/part10/ch03
                                         s08.html




via fstab                                10.8.10.4.2.1 (5)


via fstab                                10.8.10.4.2.1 (5)


via fstab                                10.8.10.4.2.1 (5)




via /etc/passwd                          10.8.10.4.2.1 (6)

via /etc/security/limits
via ulimit                               10.8.10.4.4 (3)


via /etc/snmp.conf                       10.8.10.5.1 (1) c)


via /etc/snmp.conf                       10.8.10.5.1 (1) c)




                                         10.8.10.5.1 a)




via /etc/security/user                   10.8.10.5.1 (2) a)




via /etc/security/user                   10.8.10.5.1 (2) a)




via /etc/security/user                   10.8.10.5.1 (2) a)
via /etc/security/user        10.8.10.5.1 (2) b)


via /etc/security/user        10.8.10.5.1 (2) c)




via /etc/security/user        10.8.10.5.1 (2) d)




via /etc/security/user        10.8.10.5.1 (2) e)


via passwd
via /etc/shadow               10.8.10.5.1 (2) f)




via /etc/security/passwd      10.8.10.5.1 (2) g)




                              10.8.10.5.1 (3)


                              10.8.10.5.1 (5)




via chown                     10.8.10.5.2 (3)

via chgrp
via chown                     10.8.10.5.2 (3)

via /etc/security/login.cfg
via /etc/motd                 10.8.10.5.2 (5) a)


via sshd.conf                 10.8.10.5.2 (5) b)


via telnetd                   10.8.10.5.2 (5) c)


                              10.8.10.5.2 (5) d)
via Xwindows       10.8.10.5.2 (5) e)


via passwd
via /etc/passwd    10.8.10.5.2.1 (2) a)




via passwd
via /etc/passwd    10.8.10.5.2.1 (2) b)


via /etc/passwd    10.8.10.5.2.4 (3)

via /etc/passwd    10.8.10.5.2.4 (9)




via /etc/passwd    10.8.10.5.2.4.1 (1)


via Xscreensaver
via dtsession      10.8.10.5.2.5 (1)


via chmod          10.8.10.5.2.6 (1)


via inittab        10.8.10.5.2.6 (3)


                   10.8.10.5.2.6 (4)


via filesystem     10.8.10.5.2.6 (6)


via filesystem     10.8.10.5.2.6 (6)


via filesystem     10.8.10.5.2.6 (6)


via filesystem     10.8.10.5.2.6 (6)

via /etc/shells    10.8.10.5.2.6 (11)
via /etc/shells               10.8.10.5.2.6 (12)




via Text editor               10.8.10.5.2.6 (7)




via Text editor               10.8.10.5.2.6 (7)




via Text editor               10.8.10.5.2.6 (7)




via /etc/group                10.8.10.5.2.6 (15)


via /etc/passwd               10.8.10.5.2.6 (16)
via /etc/passwd
via /usr/sbin/useradd
via /etc/default/useradd      10.8.10.5.2.6 (17)




via filesystem                10.8.10.5.2.6 (18)


via filesystem                10.8.10.5.2.6 (24)


via RC scripts                10.8.10.5.3 (3)




via ntpd.conf

via /etc/default/route.conf
via /etc/gated.conf           10.8.10.5.4.1 (4)
via RC scripts   10.8.10.5.4.1 (5)

via inetd
via inetd.conf   10.8.10.5.4.1 (11) #1

via inetd
via inetd.conf   10.8.10.5.4.1 (11) #2

via inetd
via inetd.conf   10.8.10.5.4.1 (11) #3

via inetd
via inetd.conf   10.8.10.5.4.1 (11) #4

via inetd
via inetd.conf   10.8.10.5.4.1 (11) #5

via inetd
via inetd.conf   10.8.10.5.4.1 (11) #6

via inetd
via inetd.conf   10.8.10.5.4.1 (11) #7

via inetd
via inetd.conf   10.8.10.5.4.1 (11) #8

via inetd
via inetd.conf   10.8.10.5.4.1 (11) #9

via inetd
via inetd.conf   10.8.10.5.4.1 (11) #10

via inetd
via inetd.conf   10.8.10.5.4.1 (11) #11

via inetd
via inetd.conf   10.8.10.5.4.1 (11) #12

via inetd
via inetd.conf   10.8.10.5.4.1 (11) #13

via inetd
via inetd.conf   10.8.10.5.4.1 (11) #14


via inetd
via inetd.conf   10.8.10.5.4.1 (11) #16
via inetd
via inetd.conf   10.8.10.5.4.1 (11) #17

via inetd
via inetd.conf   10.8.10.5.4.1 (11) #18

via inetd
via inetd.conf   10.8.10.5.4.1 (11) #20

via inetd
via inetd.conf   10.8.10.5.4.1 (11) #21

via inetd
via inetd.conf   10.8.10.5.4.1 (11) #22

via inetd
via inetd.conf   10.8.10.5.4.1 (11) #23

via inetd
via inetd.conf   10.8.10.5.4.1 (11) #24

via inetd
via inetd.conf   10.8.10.5.4.1 (11) #26

via inetd
via inetd.conf   10.8.10.5.4.1 (11) #27

via inetd
via inetd.conf   10.8.10.5.4.1 (11) #28

via inetd
via inetd.conf   10.8.10.5.4.1 (11) #29

via inetd
via inetd.conf   10.8.10.5.4.1 (11) #30

via inetd
via inetd.conf   10.8.10.5.4.1 (11) #31

via inetd
via inetd.conf   10.8.10.5.4.1 (11) #32


via inetd
via inetd.conf   10.8.10.5.4.1 (11) #34

via inetd
via inetd.conf   10.8.10.5.4.1.1 (2)
via /etc/named.conf         10.8.10.5.4.1.1 (5)


via RC scripts              10.8.10.5.4.1.5 (1)


via RC scripts              10.8.10.5.4.1.5 (1)


via RC scripts              10.8.10.5.4.1.5 (1)


via RC scripts              10.8.10.5.4.1.5 (1)

via NFSvia
via /etc/exports            10.8.10.5.4.1.5 (1) f)




via /etc/exports            10.8.10.5.4.1.5 (1) g)




via /etc/fstab              10.8.10.5.4.1.5 (1) i)




via /etc/fstab              10.8.10.5.4.1.5 (1) i)

via inetd
via RC scripts              10.8.10.5.4.2.2 (1)


via /etc/mail/sendmail.cf   10.8.10.5.4.2.2 (3)

via /etc/aliases
via /usr/lib/aliases        10.8.10.5.4.2.2 (4) c)


via rm                      10.8.10.5.4.2.2 (4) e)




via chown                   10.8.10.5.4.2.2 (4) f)
via chown                   10.8.10.5.4.2.2 (4) f)


via /etc/mail/sendmail.cf   10.8.10.5.4.2.2 (4) g)


via /etc/mail/sendmail.cf   10.8.10.5.4.2.2 (4) h)


via /etc/mail/sendmail.cf   10.8.10.5.4.2.2 (4) i)

via sendmail
via /etc/mail/sendmail.cf   10.8.10.5.4.2.2 (4) k)


via NIS+                    10.8.10.5.4.2.3 (1) b)


via Xwindows                10.8.10.5.4.2.4 (1)




via /etc/X*.hosts           10.8.10.5.4.2.4 (2) b)

via xdm
via gdm
via kdm                     10.8.10.5.4.2.4 (2) d)


via sshd_config             10.8.10.5.4.2.4 (2) f)
via smbd
via RC scripts              10.8.10.5.4.2.6 (1)


via smbd
via smb.conf                10.8.10.5.4.2.6 (3) a)

via smbd
via smb.conf                10.8.10.5.4.2.6 (3) b)

via smbd
via smb.conf                10.8.10.5.4.2.6 (3) c)


via smbd
via smb.conf                10.8.10.5.4.2.6 (3) d)
via ifconfig   10.8.10.5.4.3 (1)


via chmod      10.8.10-1 A.1 1) #9


via chmod      10.8.10-1 A.1 1) #10


via chmod      10.8.10-1 A.1 1) #11


via chmod      10.8.10-1 A.1 1) #13


via chmod      10.8.10-1 A.1 1) #14


via chmod      10.8.10-1 A.1 1) #25


via chmod      10.8.10-1 A.1 1) #26


via chmod      10.8.10-1 A.1 1) #27




via chmod      10.8.10-1 A.1 1) #29


via chmod      10.8.10-1 A.1 1) #31


via chmod      10.8.10-1 A.1 1) #32


via chmod      10.8.10-1 A.1 1) #34




via chmod      10.8.10-1 A.1 1) #35




via chmod      10.8.10-1 A.1 1) #36
via chmod        10.8.10-1 A.1 1) #37


via chmod        10.8.10-1 A.1 1) #38


via chmod        10.8.10-1 A.1 1) #39

via filesystem   10.8.10-1 A.1 1) #40


via chmod        10.8.10-1 A.1 1) #41


via chmod        10.8.10-1 A.1 1) #42


via chmod        10.8.10-1 A.1 1) #43


via chmod        10.8.10-1 A.1 1) #44


via chmod        10.8.10-1 A.1 1) #45

via filesystem   10.8.10-1 A.1 1) #46


via chmod        10.8.10-1 A.1 1) #47


via chmod        10.8.10-1 A.1 1) #48


via chmod        10.8.10-1 A.1 1) #49


via chmod        10.8.10-1 A.1 1) #50


via chmod        10.8.10-1 A.1 1) #51

via filesystem   10.8.10-1 A.1 1) #52


via chmod        10.8.10-1 A.1 1) #53
via chmod        10.8.10-1 A.1 1) #56


via chmod        10.8.10-1 A.1 1) #57


via chmod        10.8.10-1 A.1 1) #58


via chmod        10.8.10-1 A.1 1) #60


via chmod        10.8.10-1 A.1 1) #61


via chmod        10.8.10-1 A.1 1) #62


via chmod        10.8.10-1 A.1 1) #63


via chmod        10.8.10-1 A.1 1) #64


via chmod        10.8.10-1 A.1 1) #65


via chmod        10.8.10-1 A.1 1) #66


via filesystem   10.8.10-1 A.1 1) #69


via chmod        10.8.10-1 A.1 1) #70


via chmod        10.8.10-1 A.1 1) #71


via chmod        10.8.10-1 A.1 1) #72


via chmod        10.8.10-1 A.1 1) #73


via chmod        10.8.10-1 A.1 1) #75


via chmod        10.8.10-1 A.1 1) #76
via chmod        10.8.10-1 A.1 1) #77


via chmod        10.8.10-1 A.1 1) #78


via chmod        10.8.10-1 A.1 1) #79


via chmod        10.8.10-1 A.1 1) #80


via chmod        10.8.10-1 A.1 1) #81


via chmod        10.8.10-1 A.1 1) #82


via chmod        10.8.10-1 A.1 1) #83

via filesystem   10.8.10-1 A.1 1) #84


via chmod        10.8.10-1 A.1 1) #85


via chmod        10.8.10-1 A.1 1) #86


via chmod        10.8.10-1 A.1 1) #87


via chmod        10.8.10-1 A.1 1) #88


via chmod        10.8.10-1 A.1 1) #89




via chmod        10.8.10-1 A.1 1) #91




via chmod        10.8.10-1 A.1 1) #93


via chmod        10.8.10-1 A.1 1) #94
via chmod   10.8.10-1 A.1 1) #95


via chmod   10.8.10-1 A.1 1) #96


via chmod   10.8.10-1 A.1 1) #97


via chmod   10.8.10-1 A.1 1) #98


via chmod   10.8.10-1 A.1 1) #99


via chmod   10.8.10-1 A.1 1) #100


via chmod   10.8.10-1 A.1 1) #101


via chmod   10.8.10-1 A.1 1) #103


via chmod   10.8.10-1 A.1 1) #104


via chmod   10.8.10-1 A.1 1) #105


via chmod   10.8.10-1 A.1 1) #107


via chmod   10.8.10-1 A.1 1) #108


via chmod   10.8.10-1 A.1 1) #109


via chown   10.8.10-1 A.1 2) #8

via chgrp
via chown   10.8.10-1 A.1 2) #8


via chown   10.8.10-1 A.1 2) #9

via chgrp
via chown   10.8.10-1 A.1 2) #9
via chown     10.8.10-1 A.1 2) #10

via chgrp
via chown     10.8.10-1 A.1 2) #10


via chown     10.8.10-1 A.1 2) #11

via chgrp
via chown     10.8.10-1 A.1 2) #11


via chown     10.8.10-1 A.1 2) #12

via chgrp
via chown     10.8.10-1 A.1 2) #12


via chown     10.8.10-1 A.1 2) #16

via chgrp
via chown     10.8.10-1 A.1 2) #16


via chown     10.8.10-1 A.1 2) #18

via chgrp
via chown     10.8.10-1 A.1 2) #18




via chown     10.8.10-1 A.1 2) #35

via chgrp
via chown     10.8.10-1 A.1 2) #35


via chown     10.8.10-1 A.1 2) #36

via chgrp
via chown     10.8.10-1 A.1 2) #36




via chmod
via profile   10.8.10-1 A.2 1) #1
via local init files    10.8.10-1 A.2 1) #2




via local init files    10.8.10-1 A.2 1) #3




via local init files    10.8.10-1 A.2 1) #4


via global init files   10.8.10-1 A.2 1) #8

via local init files    10.8.10-1 A.2 1) #8




via chown               10.8.10-4 D.1 1) #2




via chown               10.8.10-4 D.1 1) #5


via chown               10.8.10-4 D.1 1) #6


via chgrp
via chown               10.8.10-4 D.1 1) #2


via chgrp
via chown               10.8.10-4 D.1 1) #5

via chgrp
via chown               10.8.10-4 D.1 1) #6




via chmod               10.8.10-4 D.1 1) #2
via chown                       10.8.10-3 C.1 1) #9


via chown                       10.8.10-3 C.1 1) #9


via chown                       10.8.10-3 C.1 1) #9


via chmod                       10.8.10-4 D.1 1) #5


via chmod                       10.8.10-4 D.1 1) #6




via /tcb/files/auth/*           10.8.10-4 D.3 1)


via /etc/rc.config.d/auditing   10.8.10-4 D.3 2)


via /etc/rc.config.d/auditing   10.8.10-4 D.3 3) #1


via /etc/rc.config.d/auditing   10.8.10-4 D.3 3) #2


via /etc/rc.config.d/auditing   10.8.10-4 D.3 3) #3


via /etc/rc.config.d/auditing   10.8.10-4 D.3 3) #4




via /etc/rc.config.d/auditing   10.8.10-4 D.3 3) #5


via /etc/rc.config.d/auditing   10.8.10-4 D.3 3) #8




via /etc/rc.config.d/auditing   10.8.10-4 D.3 3) #9
via /etc/rc.config.d/auditing   10.8.10-4 D.3 3) #10




via /etc/rc.config.d/auditing   10.8.10-4 D.3 3) #11




via /etc/rc.config.d/auditing   10.8.10-4 D.3 3) #13




via global init files           10.8.10-4 D.4 1) #1

via /etc/rc.config.d/auditing   10.8.10-4 D.3 2)

via /etc/rc.config.d/auditing   10.8.10-4 D.3 2)


via /etc/rc.config.d/auditing   10.8.10-4 D.3 2)




via /etc/rc.config.d/auditing   10.8.10-4 D.3 2)




via /etc/rc.config.d/auditing   10.8.10-4 D.3 2)

via /etc/security/limits
via ulimit                      10.8.10.4.4 (3)




                                10.8.10.5.2.6 (4)
                                             CCE
  CCE ID        CCE Description
                                          Parameters




             The "Security Zones: Use
             Only Machine Settings"
             setting should be
CCE-4017-0   configured correctly.       enabled/disabled




             Internet Explorer
             Processes (Restrict
CCE-3924-8   ActiveX Install)            enabled/disabled




             The "Security Zones: Do
             Not Allow Users to
             Add/Delete Sites" setting
             should be configured
CCE-3929-7   correctly.                  enabled/disabled
             The "Disable Periodic
             Check For Internet
             Explorer Software
             Updates" setting should be
CCE-3576-6   configured correctly.         enabled/disabled




             Internet Explorer
             Processes (Zone Elevation
CCE-4043-6   Protection)               enabled/disabled




             The "Internet Explorer
             Processes (Consistent
             MIME Handling)" setting
             should be configured
CCE-4047-7   correctly.                   enabled/disabled
             The "Allow Software to Run
             or Install Even if the
             Signature is Invalid" setting
             should be configured
CCE-3941-2   correctly.                    enabled/disabled




             The "Internet Explorer
             Processes (MK Protocol)"
             setting should be
CCE-3338-1   configured correctly.         enabled/disabled




             The "Disable Software
             Update Shell Notifications
             on Program Launch"
             setting should be
CCE-4118-6   configured correctly.         enabled/disabled
             The "Internet Explorer
             Processes (Restrict File
             Download)" setting should
CCE-4122-8   be configured correctly.       enabled/disabled




             The "Disable Automatic
             Install of Internet Explorer
             Components" setting
             should be configured
CCE-3518-8   correctly.                      enabled/disabled




             The "Make Proxy Settings
             Per-Machine (Rather Then
             Per-User)" setting should  number of proxy
CCE-3201-1   be configured correctly.  settings


             The "Do Not Allow Users to
             enable or Disable Add-
             Ons" setting should be
CCE-3744-0   configured correctly.      enabled/disabled
             The "Turn Off Crash
             Detection" setting should
CCE-3894-3   be configured correctly.      enabled/disabled




             The "Internet Explorer
             Processes (Scripted
             Window Security
             Restrictions)" setting
             should be configured
CCE-4162-4   correctly.                    enabled/disabled




             The "Security Zones: Do
             Not Allow Users to Change
             Policies" setting should be
CCE-3933-9   configured correctly.          enabled/disabled
             The "Internet Explorer
             Processes (MIME Sniffing)"
             setting should be
CCE-4149-1   configured correctly.      enabled/disabled



             The "Check for Signature
             on Downloaded Programs"
             setting should be
CCE-4026-1   configured correctly.    enabled/disabled



             The "Do Not Allow
             Resetting Internet Explorer
             Settings" setting should be
CCE-4171-5   configured correctly.       enabled/disabled

             The "Allow cut, copy, or
             paste operations from the
             clipboard via script" setting
             should be configured
             correctly for the Internet
CCE-4109-5   Zone.                         enabled/disabled



             The "Turn Off First- Run
             Opt-In" setting should be
             configured correctly for the
CCE-3378-7   Internet Zone.               enabled/disabled
             The "Web Browser
             Applications" setting should
             be configured correctly for
CCE-4131-9   the Internet Zone.           enabled/disabled

             The "Allow cut, copy, or
             paste operations from the
             clipboard via script" setting
             should be configured
             correctly for the Restricted
CCE-4013-9   Sites Zone.                   enabled/disabled



             The "Turn Off First- Run
             Opt-In" setting should be
             configured correctly for the
CCE-4153-3   Restricted Sites Zone.       enabled/disabled



             The "Web Browser
             Applications" setting should
             be configured correctly for
CCE-4052-7   the Restricted Sites Zone. enabled/disabled



             The "Intranet Sites: Include
             all network paths (UNCs)"
             setting should be
CCE-4175-6   configured correctly.        enabled/disabled




             The "Disable the Advanced
             Page" setting should be
CCE-3695-4   configured correctly.     enabled/disabled




             The "Disable the Privacy
             Page" setting should be
CCE-3777-0   configured correctly.       enabled/disabled
             The "Disable the Security
             Page" setting should be
CCE-3433-0   configured correctly.         enabled/disabled



             The "Prevent Ignoing
             Certificate Errors" setting
             should be configured
CCE-4199-6   correctly.                    enabled/disabled

             The "Turn Off changing the
             URL to be displayed for
             checking updates to
             Internet Explorer and
             Internet Tools" setting
             should be configured
CCE-3204-5   correctly.                 enabled/disabled




             The "Turn Off Configuring
             the Update Check Interval
             (In Days)" setting should be
CCE-4098-0   configured correctly.        enabled/disabled




             The "Add-on List" setting
             should be configured
CCE-3741-6   correctly.                    enabled/disabled


             The "Deny all add-ons
             unless specifically allowed
             in the Add-on List" setting
             should be configured
CCE-3997-4   correctly.                  enabled/disabled
             The "Disable "Configuring
             History"" setting should be
CCE-4001-4   configured correctly.       enabled/disabled


             The "Disable Changing
             Automatic Configuration
             Settings" setting should be
CCE-4147-5   configured correctly.       enabled/disabled




             The "Disable Changing
             Connection Settings"
             setting should be
CCE-4059-2   configured correctly.        enabled/disabled


             The "Disable Changing
             Proxy Settings" setting
             should be configured
CCE-3935-4   correctly.                   enabled/disabled


             The "Disable Showing the
             Splash Screen" setting
             should be configured
CCE-3706-9   correctly.                   enabled/disabled


             The "Prevent "Fix settings"
             Functionality" setting
             should be configured
CCE-3975-0   correctly.                  enabled/disabled

             The "Prevent participation
             in the Customer
             Experience Improvement
             Programs" setting should
CCE-3993-3   be configured correctly.     enabled/disabled
             The "Prevent performance
             of First Run Customize
             settings" setting should be
CCE-3207-8   configured correctly.       enabled/disabled


             The "Prevent the deletation
             of temporary internet files
             and cookies" setting should
CCE-4073-3   be configured correctly.    enabled/disabled


             The "Turn off "Delete
             Browsing History"
             functionality" setting should
CCE-3615-2   be configured correctly.      enabled/disabled


             The "Turn off Managing
             Phishing Filter" setting
             should be configured
CCE-3866-1   correctly.                   enabled/disabled


             The "Turn off the Security
             Settings Check feature"
             setting should be
CCE-3875-2   configured correctly.        enabled/disabled



             The "Allow Active Content
             from CD's to Run on User
             Machine" setting should be
CCE-4174-9   configured correctly.      enabled/disabled



             The "Enable third-party
             browser extensions" setting
             should be configured
CCE-4192-1   correctly.                  enabled/disabled



             The "Automatically Check
             for Internet Explorer
             Updates" setting should be
CCE-3584-0   configured correctly.      enabled/disabled
             The "Check for Server
             Certificate Revocation"
             setting should be
CCE-3976-8   configured correctly.       enabled/disabled


             The "Access data sources
             across domains" setting
             should be configured
             correctly for the Internet enabled/disabled/pro
CCE-3853-9   Zone.                      mpt


             The "Drag and drop or
             copy and paste files"
             setting should be
             configured correctly for the enabled/disabled/pro
CCE-3998-2   Internet Zone.               mpt



             The "Font download"
             setting should be
             configured correctly for the enabled/disabled/pro
CCE-3888-5   Internet Zone.               mpt



             The "Installation of desktop
             items" setting should be
             configured correctly for the enabled/disabled/pro
CCE-3906-5   Internet Zone.               mpt

             The "Allow script-initiated
             windows without size or
             position constraints" setting
             should be configured
             correctly for the Internet
CCE-4099-8   Zone.                         enabled/disabled



             The "Allow Scriptlets"
             setting should be
             configured correctly for the enabled/disabled/pro
CCE-3601-2   Internet Zone.               mpt
             The "Allow status bar
             updates via script" setting
             should be configured
             correctly for the Internet
CCE-3249-0   Zone.                         enabled/disabled


             The "Automatic prompting
             for file downloads" setting
             should be configured
             correctly for the Internet
CCE-4139-2   Zone.                         enabled/disabled


             The "Download signed
             ActiveX controls" setting
             should be configured
             correctly for the Internet    enabled/disabled/pro
CCE-3927-1   Zone.                         mpt


             The "Download unsigned
             ActiveX controls" setting
             should be configured
             correctly for the Internet    enabled/disabled/pro
CCE-3945-3   Zone.                         mpt

             The "Initialize and script
             ActiveX controls not
             marked as safe for
             scripting" setting should be
             configured correctly for the enabled/disabled/pro
CCE-4068-3   Internet Zone.               mpt




             The "Java permissions"
             setting should be            Custom/Disable
             configured correctly for the Java/High safety/Low
CCE-3963-6   Internet Zone.               safety/Medium safety


             The "Launching programs
             and files in an IFRAME"
             setting should be
             configured correctly for the enabled/disabled/pro
CCE-4104-6   Internet Zone.               mpt
                                         Anonymous
                                         logon/Automatic
                                         logon only in Intranet
                                         zone/Automatic
                                         logon with current
                                         user name and
             The "Logon" setting should password/Prompt for
             be configured correctly for user name and
CCE-3623-6   the Internet Zone.          password



             The "Loose XAML" setting
             should be configured
             correctly for the Internet enabled/disabled/pro
CCE-3751-5   Zone.                      mpt


             The "Navigate sub-frames
             across different domains"
             setting should be
             configured correctly for the enabled/disabled/pro
CCE-4143-4   Internet Zone.               mpt


             The "Open files based on
             content, not file extension"
             setting should be
             configured correctly for the
CCE-4161-6   Internet Zone.               enabled/disabled



             The "Software channel
             permissions" setting should
             be configured correctly for High safety/low
CCE-3553-5   the Internet Zone.          safety/medium safety



             The "Use Pop-up Blocker"
             setting should be
             configured correctly for the
CCE-3619-4   Internet Zone.               enabled/disabled



             The "Userdata persistence"
             setting should be
             configured correctly for the
CCE-3914-9   Internet Zone.               enabled/disabled
             The "Web sites in less
             privileged Web content
             zones can navigate into
             this zone" setting should be
             configured correctly for the enabled/disabled/pro
CCE-3570-9   Internet Zone.               mpt



             The "XPS documents"
             setting should be
             configured correctly for the enabled/disabled/pro
CCE-3843-0   Internet Zone.               mpt



             The "Display mixed
             content" setting should be
             configured correctly for the enabled/disabled/pro
CCE-3984-2   Internet Zone.               mpt



             The "Display mixed
             content" setting should be
             configured correctly for the enabled/disabled/pro
CCE-3989-1   Intranet Zone.               mpt


             The "Display mixed
             content" setting should be
             configured correctly for the
             Locked Down Intranet         enabled/disabled/pro
CCE-4121-0   Zone.                        mpt



             The "Display mixed
             content" setting should be
             configured correctly for the enabled/disabled/pro
CCE-4138-4   Local Machine Zone.          mpt


             The "Display mixed
             content" setting should be
             configured correctly for the
             Locked Down Local            enabled/disabled/pro
CCE-4028-7   Machine Zone.                mpt
             The "Access data sources
             across domains" setting
             should be configured
             correctly for the Restricted enabled/disabled/pro
CCE-3905-7   Sites Zone.                  mpt



             The "Active scripting"
             setting should be
             configured correctly for the enabled/disabled/pro
CCE-4050-1   Restricted Sites Zone.       mpt



             The "Binary and script
             behaviors" setting should     Administrator
             be configured correctly for   approved/enabled/di
CCE-4196-2   the Restricted Sites Zone.    sabled


             The "Drag and drop or
             copy and paste files"
             setting should be
             configured correctly for the enabled/disabled/pro
CCE-3337-3   Restricted Sites Zone.       mpt



             The "File download" setting
             should be configured
             correctly for the Restricted
CCE-4150-9   Sites Zone.                  enabled/disabled



             The "Font download"
             setting should be
             configured correctly for the enabled/disabled/pro
CCE-4062-6   Restricted Sites Zone.       mpt



             The "Installation of desktop
             items" setting should be
             configured correctly for the enabled/disabled/pro
CCE-4079-0   Restricted Sites Zone.       mpt
             The "Allow META
             REFRESH" setting should
             be configured correctly for
CCE-4084-0   the Restricted Sites Zone.    enabled/disabled

             The "Allow script-initiated
             windows without size or
             position constraints" setting
             should be configured
             correctly for the Restricted
CCE-4119-4   Sites Zone.                   enabled/disabled



             The "Allow Scriptlets"
             setting should be
             configured correctly for the enabled/disabled/pro
CCE-3639-2   Restricted Sites Zone.       mpt


             The "Allow status bar
             updates via script" setting
             should be configured
             correctly for the Restricted
CCE-4031-1   Sites Zone.                  enabled/disabled


             The "Automatic prompting
             for file downloads" setting
             should be configured
             correctly for the Restricted
CCE-4053-5   Sites Zone.                  enabled/disabled


             The "Download signed
             ActiveX controls" setting
             should be configured
             correctly for the Restricted enabled/disabled/pro
CCE-4057-6   Sites Zone.                  mpt


             The "Download unsigned
             ActiveX controls" setting
             should be configured
             correctly for the Restricted enabled/disabled/pro
CCE-3564-2   Sites Zone.                  mpt
             The "Initialize and script
             ActiveX controls not
             marked as safe for
             scripting" setting should be
             configured correctly for the enabled/disabled/pro
CCE-4101-2   Restricted Sites Zone.       mpt




             The "Java permissions"
             setting should be            Custom/Disable
             configured correctly for the Java/High safety/Low
CCE-3996-6   Restricted Sites Zone.       safety/Medium safety


             The "Launching programs
             and files in an IFRAME"
             setting should be
             configured correctly for the enabled/disabled/pro
CCE-4066-7   Restricted Sites Zone.       mpt

                                         Anonymous
                                         logon/Automatic
                                         logon only in Intranet
                                         zone/Automatic
                                         logon with current
                                         user name and
             The "Logon" setting should password/Prompt for
             be configured correctly for user name and
CCE-3696-2   the Restricted Sites Zone. password



             The "Loose XAML" setting
             should be configured
             correctly for the Restricted enabled/disabled/pro
CCE-3590-7   Sites Zone.                  mpt


             The "Navigate sub-frames
             across different domains"
             setting should be
             configured correctly for the enabled/disabled/pro
CCE-4110-3   Restricted Sites Zone.       mpt
             The "Open files based on
             content, not file extension"
             setting should be
             configured correctly for the
CCE-4132-7   Restricted Sites Zone.       enabled/disabled


             The "Run components not
             signed with Authenticode"
             setting should be
             configured correctly for the enabled/disabled/pro
CCE-3400-9   Restricted Sites Zone.       mpt


             The "Run components
             signed with Authenticode"
             setting should be
             configured correctly for the enabled/disabled/pro
CCE-4158-2   Restricted Sites Zone.       mpt



             The "Run ActiveX controls
             and plugins" setting should Administrator
             be configured correctly for approved/enabled/di
CCE-4163-2   the Restricted Sites Zone. sabled/prompt


             The "Script ActiveX
             controls marked safe for
             scripting" setting should be
             configured correctly for the enabled/disabled/pro
CCE-4202-8   Restricted Sites Zone.       mpt



             The "Scripting of Java
             applets" setting should be
             configured correctly for the enabled/disabled/pro
CCE-3216-9   Restricted Sites Zone.       mpt



             The "Software channel
             permissions" setting should
             be configured correctly for High safety/low
CCE-3855-4   the Restricted Sites Zone. safety/medium safety
             The "Use Pop-up Blocker"
             setting should be
             configured correctly for the
CCE-4018-8   Restricted Sites Zone.       enabled/disabled



             The "Userdata persistence"
             setting should be
             configured correctly for the
CCE-4040-2   Restricted Sites Zone.       enabled/disabled

             The "Web sites in less
             privileged Web content
             zones can navigate into
             this zone" setting should be
             configured correctly for the enabled/disabled/pro
CCE-4215-0   Restricted Sites Zone.       mpt



             The "XPS documents"
             setting should be
             configured correctly for the enabled/disabled/pro
CCE-3991-7   Restricted Sites Zone.       mpt



             The "Display mixed
             content" setting should be
             configured correctly for the enabled/disabled/pro
CCE-3264-9   Restricted Sites Zone.       mpt



             The "Display mixed
             content" setting should be
             configured correctly for the enabled/disabled/pro
CCE-4087-3   Trusted Sites Zone.          mpt


             The "Display mixed
             content" setting should be
             configured correctly for the
             Locked Down Trusted          enabled/disabled/pro
CCE-4232-5   Sites Zone.                  mpt
             The "Enable Native
             XMLHttp Support" setting
             should be configured
CCE-4259-8   correctly.                   enabled/disabled
             The "Turn on the auto-
             complete feature for user
             names and passwords on
             form" setting should be
CCE-3647-5   configured correctly.        enabled/disabled
             The "Allow Install On
             Demand (Internet
             Explorer)" setting should be
CCE-3677-2   configured correctly.        enabled/disabled

             The "Turn off page
             transitions" setting should
CCE-4056-8   be configured correctly.        enabled/disabled
             The "Disable
             AutoComplete for forms"
             setting should be
CCE-4246-5   configured correctly.           enabled/disabled
             The "Disable Save this
             program to disk option"
             setting should be
CCE-4214-3   configured correctly.           enabled/disabled
             The "Disable changing
             certificate settings" setting
             should be configured
CCE-3606-1   correctly.                      enabled/disabled
             The "Disable external
             branding of Internet
             Explorer" setting should be
CCE-4237-4   configured correctly.           enabled/disabled
             The "Configure Outlook
             Express" setting should be
CCE-3275-5   configured correctly            enabled/disabled
             The "Turn on the Internet
             Connection Wizard Auto
             Detect" setting should be
CCE-4036-0   configured correctly.           enabled/disabled
             The "Disable Internet
             Connection wizard" setting
             should be configured
CCE-3825-7   correctly.                      enabled/disabled
             The "Disable the Reset
             Web Settings feature"
             should be configured
CCE-4226-7   correctly.                      enabled/disabled
             The "Disable Downloading
             Of Site Subscription
             Content" setting should be
CCE-4120-2   configured correctly.        enabled/disabled
             The "Disable Adding
             Schedules For Offline
             Pages" setting should be
CCE-4248-1   configured correctly.        enabled/disabled
             The "Disable Adding
             Channels" setting should
CCE-3389-4   be configured correctly.     enabled/disabled
             The "Disable Editing And
             Creating Of Schedule
             Groups" setting should be
CCE-3645-9   configured correctly.        enabled/disabled
             The "Disable All Scheduled
             Offline Pages" setting
             should be configured
CCE-3940-4   correctly.                   enabled/disabled
             The "Disable Editing
             Schedules For Offline
             Pages" setting should be
CCE-3821-6   configured correctly.        enabled/disabled

             The "Disable Channel User
             Interface Completely"
             setting should be
CCE-3742-4   configured correctly.     enabled/disabled
             The "Disable Removing
             Channels" setting should
CCE-4261-4   be configured correctly.  enabled/disabled
             The "Disable Removing
             Schedules For Offline
             Pages" setting should be
CCE-4190-5   configured correctly.     enabled/disabled

             The "Disable Offline Page
             Hit Logging" setting should
CCE-4208-5   be configured correctly.    enabled/disabled




             The "Java permissions"
             setting should be
             configured correctly for the Custom/Disable
             Locked Down Intranet         Java/High safety/Low
CCE-3754-9   Zone.                        safety/Medium safety
             The "Java permissions"
             setting should be            Custom/Disable
             configured correctly for the Java/High safety/Low
CCE-3891-9   Local Machine Zone.          safety/Medium safety




             The "Java permissions"
             setting should be
             configured correctly for the Custom/Disable
             Locked Down Local            Java/High safety/Low
CCE-4160-8   Machine Zone.                safety/Medium safety


             Computer-wide, rather than
             per-user, assignment of
             sites to zones for Internet
             Explorer should be enabled enabled, disabled, or
CCE-4763-9   or disabled as appropriate. not configured
             The "Turn on Protected
             Mode" setting should be
             configured correctly for the
CCE-4643-3   Internet Zone.               enabled/disabled




             The "Java permissions"
             setting should be              Custom/Disable
             configured correctly for the   Java/High safety/Low
CCE-4652-4   Intranet Zone.                 safety/Medium safety
             The "Download signed
             ActiveX controls" setting
             should be configured
             correctly for the Locked-      enabled/disabled/pro
CCE-4793-6   Down Internet Zone.            mpt




             The "Java permissions"
             setting should be
             configured correctly for the Custom/Disable
             Locked Down Internet         Java/High safety/Low
CCE-4692-0   Zone.                        safety/Medium safety
             The "Java permissions"
             setting should be
             configured correctly for the   Custom/Disable
             Locked Down Restricted         Java/High safety/Low
CCE-3902-4   Sites Zone.                    safety/Medium safety
             The "Allow status bar
             updates via script" setting
             should be configured
             correctly for the Locked-
CCE-4546-8   Down Trusted Sites Zone.       enabled/disabled




             The "Java permissions"
             setting should be
             configured correctly for the Custom/Disable
             Locked Down Trusted          Java/High safety/Low
CCE-4564-1   Sites Zone.                  safety/Medium safety



             The "Turn on Protected
             Mode" setting should be
             configured correctly for the
CCE-3909-9   Restricted Sites Zone.       enabled/disabled




             The "Java permissions"
             setting should be            Custom/Disable
             configured correctly for the Java/High safety/Low
CCE-4845-4   Trusted Sites Zone.          safety/Medium safety
                                                              Old v4 CCE
            CCE Technical Mechanisms
                                                                   ID



HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Use_HKLM_only
Local Internet Options:
GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer
Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Security_HKLM_only                           CCE-5
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIV
EXINSTALL!(Reserved)
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIV
EXINSTALL!explorer.exe
 HKLM\Software\Policies\
Local Internet Options:
GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Features/Restrict ActiveX Install
Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIV
EXINSTALL\(Reserved)
 [HKLM | HKCU]\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIV
EXINSTALL\explorer.exe
[HKLM | HKCU]\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIV
EXINSTALL\iexplore.exe                                        CCE-119

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Security_Zones_Map_Edit
Local Internet Options:
GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer
Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Security_zones_map_edit                      CCE-146
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\InfoDelivery\Restrictions\NoUpdateCheck
Local Internet Options:
GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer
Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Internet
Explorer\Infodelivery\Restrictions\NoUpdateCheck               CCE-212
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION
!(Reserved)
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION
!explorer.exe
 HKLM\Software\Policies\Microsoft\Internet
Local Internet Options:
GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Features/Protection From Zone Elevation
Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION
\(Reserved)
[HKLM | HKCU]\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION
\explorer.exe
[HKLM | HKCU]\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION
\iexplore.exe                                                  CCE-347

HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!(
Reserved)
 HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!
explorer.exe
HKLM\Software\Policies\Microsoft\Internet E
Local Internet Options:
GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Features/Binary Behavior Security Restriction
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING\(
Reserved)
[HKLM | HKCU]\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING\
explorer.exe
 [HKLM | HKCU]\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING\i
explore.exe                                                    CCE-382
HKLM\Software\Policies\Microsoft\Internet
Explorer\Download!RunInvalidSignatures
Local Internet Options:
GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Advanced Page
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Internet
Explorer\Download\RunInvalidSignatures                      CCE-449
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PRO
TOCOL!(Reserved)
 HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PRO
TOCOL!explorer.exe
 HKLM\Software\Policies\Microsoft
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Features/MK Protocol Security Restriction
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PRO
TOCOL\(Reserved)
 [HKLM | HKCU]\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PRO
TOCOL\explorer.exe
 [HKLM | HKCU]\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PRO
TOCOL\iexplore.exe                                          CCE-591


HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curre
ntVersion\Policies\Explorer\NoMSAppLogo5ChannelNotify
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Features/Restrict File Download
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILED
OWNLOAD\(Reserved)
 [HKLM | HKCU]\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILED
OWNLOAD\explorer.exe
 [HKLM | HKCU]\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILED
OWNLOAD\iexplore.exe                                        CCE-622
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILED
OWNLOAD!(Reserved)
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILED
OWNLOAD!explorer.exe
Local Internet Options:
GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Features/Restrict File Download
Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILED
OWNLOAD\(Reserved)
[HKLM | HKCU]\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILED
OWNLOAD\explorer.exe
[HKLM | HKCU]\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILED
OWNLOAD\iexplore.exe                                           CCE-668

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\InfoDelivery\Restrictions\NoJITSetup
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Internet
Explorer\Infodelivery\Restrictions\NoJITSetup                  CCE-684



HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\ProxySettingsPerUser
Local Internet Options: GPO Settings:[Computer Configuration
| User Configuration]/Network/Internet Explorer
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\ProxySettingsPerUser                          CCE-693

Local Internet Options: GPO Settings:[Computer Configuration
| User Configuration]/Network/Internet Explorer
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Internet
Explorer\Restrictions\NoExtensionManagement                    CCE-708
HKLM\Software\Policies\Microsoft\Internet
Explorer\Restrictions!NoCrashDetection
Local Internet Options: GPO Settings:[Computer Configuration
| User Configuration]/Network/Internet Explorer
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Internet
Explorer\Restrictions\NoCrashDetection                         CCE-753
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRI
CTIONS!(Reserved)
 HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRI
CTIONS!explorer.exe
 Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Features/Scripted Window Security
Restrictions
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRI
CTIONS\(Reserved)
 [HKLM | HKCU]\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRI
CTIONS\explorer.exe
 [HKLM | HKCU]\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRI
CTIONS\iexplore.exe                                            CCE-827


HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Security_options_edit
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Security_options_edit                         CCE-833
HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!(
Reserved)
 HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!e
xplorer.exe
 Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Features/Mime Sniffing Safety Feature
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING\(
Reserved)
 [HKLM | HKCU]\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING\e
xplorer.exe
 [HKLM | HKCU]\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING\ie
xplore.exe                                                    CCE-985
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Advanced Page
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Internet
Explorer\Download\CheckExeSignatures                          CCE-1025
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Advanced Page
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Internet Explorer\Control
Panel\DisableRIED                                             CCE-42
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Internet Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Zones\3\1407                                 CCE-49
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Internet Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Zones\3\1208                                 CCE-863
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Internet Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Zones\3\2400                                 CCE-286
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Restricted Sites Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Zones\4\1407                                 CCE-1031
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Restricted Sites Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Zones\4\1208                                 CCE-200
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Restricted Sites Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Zones\4\2400                                 CCE-51
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\ZoneMap\UNCAsIntranet                        CCE-876
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Internet Explorer\Control
Panel\AdvancedTab                                             CCE-810
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Internet Explorer\Control
Panel\PrivacyTab                                              CCE-811
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Internet Explorer\Control
Panel\SecurityTab                                             CCE-595
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\PreventIgnoreCertErrors                      CCE-938
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Internet Settings/Component Updates/Periodic Check
for Updates to Internet Explorer and Internet Tools
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Internet
Explorer\Main\Update_Check_Page                               CCE-946
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Internet Settings/Component Updates/Periodic Check
for Updates to Internet Explorer and Internet Tools
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Internet
Explorer\Main\Update_Check_Interval                           CCE-237
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Features/Add-on Management
 Registry Keys:[HKLM |
HKCU]\Software\Microsoft\Windows\CurrentVersion\Policies\E
xt\ListBox_Support_CLSID                                      CCE-541
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Features/Add-on Management
 Registry Keys:[HKLM |
HKCU]\Software\Microsoft\Windows\CurrentVersion\Policies\E
xt\RestrictToList                                             CCE-911
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Internet Explorer\Control
Panel\History
 [HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Url History\DaysToKeep                       CCE-66
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Internet Explorer\Control
Panel\Autoconfig                                              CCE-471
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Internet Explorer\Control
Panel\Connection Settings
 [HKLM | HKCU]\Software\Policies\Microsoft\Internet
Explorer\Control Panel\Connwiz Admin Lock                     CCE-611
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Internet Explorer\Control
Panel\Proxy                                                   CCE-62
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Internet
Explorer\Infodelivery\Restrictions\NoSplash                   CCE-556
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Internet
Explorer\Security\DisableFixSecuritySettings                  CCE-948
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Internet
Explorer\SQM\DisableCustomerImprovementProgram                CCE-495
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Internet
Explorer\Main\DisableFirstRunCustomize                        CCE-1006
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Internet Explorer\Control
Panel\Settings                                                CCE-909
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Internet Explorer\Control
Panel\DisableDeleteBrowsingHistory                            CCE-1010
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Internet
Explorer\PhishingFilter\Enabled                               CCE-1032
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Internet
Explorer\Security\DisableSecuritySettingsCheck                CCE-1054
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Advanced Page
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_LOCAL                    CCE-964
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Advanced Page
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Internet
Explorer\Main\Enable Browser Extensions                       CCE-598
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Advanced Page
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Internet
Explorer\Main\NoUpdateCheck                                   CCE-1008
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Advanced Page
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\CertificateRevocation                       CCE-690
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Internet Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Zones\3\1406                                CCE-47
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Internet Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Zones\3\1802                                CCE-685
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Internet Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Zones\3\1604                                CCE-491
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Internet Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Zones\3\1800                                CCE-355
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Internet Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Zones\3\2102                                CCE-280
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Internet Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Zones\3\1209                                CCE-439
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Internet Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Zones\3\2103                                  CCE-914
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Internet Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Zones\3\2200                                  CCE-16
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Internet Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Zones\3\1001                                  CCE-1013
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Internet Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Zones\3\1004                                  CCE-176
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Internet Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Zones\3\1201                                  CCE-586
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Administrative Templates/Windows
Components/Internet Explorer/Internet Control Panel/Security
Page/Internet Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Zones\3\1C00                                  CCE-132
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Internet Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Zones\3\1804                                  CCE-689
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Internet Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Zones\3\1A00                                CCE-720
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Internet Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Zones\3\2402                                CCE-126
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Internet Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Zones\3\1607                                CCE-245
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Internet Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Zones\3\2100                                CCE-910
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Internet Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Zones\3\1E05                                CCE-359
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Internet Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Zones\3\1809                                CCE-1002
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Internet Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Zones\3\1606                                CCE-425
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Internet Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Zones\3\2101                                CCE-724
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Internet Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Zones\3\2401                                CCE-1015
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Locked-Down Internet Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Zones\3\1609                                CCE-878
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Intranet Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Zones\1\1609                                CCE-288
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Locked-Down Intranet Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Lockdown_Zones\1\1609                       CCE-552
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Local Machine Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Zones\0\1609                                CCE-473
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Locked-Down Local Machine Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Lockdown_Zones\0\1609                       CCE-239
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Restricted Sites Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Zones\4\1406                                CCE-636
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Restricted Sites Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Zones\4\1400                                CCE-292
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Restricted Sites Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Zones\4\2000                                CCE-178
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Restricted Sites Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Zones\4\1802                                CCE-41
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Restricted Sites Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Zones\4\1803                                CCE-970
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Restricted Sites Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Zones\4\1604                                CCE-882
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Restricted Sites Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Zones\4\1800                                CCE-763
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Restricted Sites Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Zones\4\1608                                CCE-680
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Restricted Sites Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Zones\4\2102                                CCE-208
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Restricted Sites Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Zones\4\1209                                CCE-838
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Restricted Sites Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Zones\4\1001                                CCE-129
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Restricted Sites Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Zones\4\2200                                CCE-175
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Restricted Sites Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Zones\4\1001                                CCE-52
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Restricted Sites Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Zones\4\1004                                CCE-1012
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Restricted Sites Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Zones\4\1201                                  CCE-26
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Administrative Templates/Windows
Components/Internet Explorer/Internet Control Panel/Security
Page/Restricted Sites Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Zones\4\1C00                                  CCE-925
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Restricted Sites Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Zones\4\1804                                  CCE-339



Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Restricted Sites Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Zones\4\1A00                                  CCE-128
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Restricted Sites Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Zones\4\2402                                  CCE-639
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Restricted Sites Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Zones\4\1607                                  CCE-995
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Restricted Sites Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Zones\4\2100                                CCE-409
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Restricted Sites Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Zones\4\2004                                CCE-678
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Restricted Sites Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Zones\4\2001                                CCE-563
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Restricted Sites Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Zones\4\1200                                CCE-841
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Restricted Sites Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Zones\4\1405                                CCE-973
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Restricted Sites Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Zones\4\1402                                CCE-1000
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Restricted Sites Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Zones\4\1E05                                CCE-520
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Restricted Sites Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Zones\4\1809                                CCE-660
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Restricted Sites Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Zones\4\1606                                CCE-28
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Restricted Sites Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Zones\4\2101                                CCE-698
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Restricted Sites Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Zones\4\2401                                CCE-460
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Locked-Down Restricted Sites Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Lockdown_Zones\4\1609                       CCE-30
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Trusted Sites Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Zones\2\1609                                CCE-31
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Locked-Down Trusted Sites Zone
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Lockdown_Zones\2\1609                       CCE-666
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Features
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Internet
Explorer\Main\XMLHTTP                                         CCE-528

HKCU\Software\Policies\Microsoft\Internet
Explorer\Main!FormSuggest Passwords
HKCU\Software\Policies\Microsoft\Internet Explorer\Control
Panel\FormSuggest Passwords                                   CCE-721


HKCU\Software\Policies\Microsoft\Internet
Explorer\Main!NoJITSetup                                      CCE-69


HKCU\Software\Policies\Microsoft\Internet
Explorer\Main!Page_Transitions                                CCE-71
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Use
FormSuggest
HKCU\Software\Policies\Microsoft\Internet Explorer\Control
Panel!FormSuggest                                             CCE-478


HKCU\Software\Policies\Microsoft\Internet
Explorer\Restrictions!NoSelectDownloadDir                     CCE-412


HKCU\Software\Policies\Microsoft\Internet Explorer\Control
Panel!Certificates                                            CCE-1037


HKCU\Software\Policies\Microsoft\Internet
Explorer\Restrictions!NoExternalBranding                      CCE-1051

HKCU\Software\Microsoft\Outlook
Express!BlockExeAttachments                                   CCE-963


HKCU\Software\Policies\Microsoft\Internet Connection
Wizard!DisableICW                                             CCE-258


HKCU\Software\Policies\Microsoft\Internet Explorer\Control
Panel!Connwiz Admin Lock                                      CCE-769


HKCU\Software\Policies\Microsoft\Internet Explorer\Control
Panel!ResetWebSettings                                        CCE-625
HKCU\Software\Policies\Microsoft\Internet
Explorer\Infodelivery\Restrictions\NoSubscriptionContent       CCE-74


HKCU\Software\Policies\Microsoft\Internet
Explorer\Infodelivery\Restrictions\NoAddingSubscriptions       CCE-122

HKCU\Software\Policies\Microsoft\Internet
Explorer\Infodelivery\Restrictions\NoAddingChannels            CCE-716


HKCU\Software\Policies\Microsoft\Internet
Explorer\Infodelivery\Restrictions\NoEditingScheduleGroups     CCE-610


HKCU\Software\Policies\Microsoft\Internet
Explorer\Infodelivery\Restrictions\NoScheduledUpdates          CCE-619


HKCU\Software\Policies\Microsoft\Internet
Explorer\Infodelivery\Restrictions\NoEditingSubscriptions      CCE-373



HKCU\Software\Policies\Microsoft\Internet
Explorer\Infodelivery\Restrictions\NoChannelUI                 CCE-298

HKCU\Software\Policies\Microsoft\Internet
Explorer\Infodelivery\Restrictions\NoRemovingChannels          CCE-1069


HKCU\Software\Policies\Microsoft\Internet
Explorer\Infodelivery\Restrictions\NoRemovingSubscriptions     CCE-615


HKCU\Software\Policies\Microsoft\Internet
Explorer\Infodelivery\Restrictions\NoChannelLogging            CCE-1003

Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Administrative Templates/Windows
Components/Internet Explorer/Internet Control Panel/Security
Page/Locked-Down Intranet Zone/Java permissions
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Lockdown_Zones\1\1C00                         CCE-320
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Administrative Templates/Windows
Components/Internet Explorer/Internet Control Panel/Security
Page/Local Machine Zone/Java permissions
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Zones\0\1C00                                  CCE-138

Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Administrative Templates/Windows
Components/Internet Explorer/Internet Control Panel/Security
Page/Locked-Down Local Machine Zone/Java permissions
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Lockdown_Zones\0\1C00                         CCE-1045




GPO Setting: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Site to Zone Assignment List       CCE-1005
GPO Setting: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Internet Zone\Turn on Protected
Mode                                                           CCE-281
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Administrative Templates/Windows
Components/Internet Explorer/Internet Control Panel/Security
Page/Intranet Zone/Java permissions
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Zones\1\1C00                                  CCE-218

GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Locked-Down Internet Zone\Download
signed ActiveX controls                                        CCE-308

Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Administrative Templates/Windows
Components/Internet Explorer/Internet Control Panel/Security
Page/Locked-Down Internet Zone/Java permissions
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Lockdown_Zones\3\1C00                         CCE-781
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Administrative Templates/Windows
Components/Internet Explorer/Internet Control Panel/Security
Page/Locked-Down Restricted Sites Zone/Java permissions
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Lockdown_Zones\4\1C00                         CCE-1088

GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Page/Locked-Down Trusted Sites Zone\Allow
status bar updates via script                                  CCE-1147

Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Administrative Templates/Windows
Components/Internet Explorer/Internet Control Panel/Security
Page/Locked-Down Trusted Sites Zone/Java permissions
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Lockdown_Zones\2\1C00                         CCE-140
GPO Setting: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Restricted Sites Zone\Turn on
Protected Mode
Registry
Keys:[HKLM|HKCU]\Software\Policies\Microsoft\Windows\Curr
entVersion\Internet Settings\Zones\4\2500                      CCE-1211
Local Internet Options:
 GPO Settings:[Computer Configuration | User
Configuration]/Administrative Templates/Windows
Components/Internet Explorer/Internet Control Panel/Security
Page/Trusted Sites Zone/Java permissions
 Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\I
nternet Settings\Zones\2\1C00                                  CCE-675
  NIST SCAP Microsoft Internet    NIST SCAP Microsoft Internet Explorer
Explorer Version 7.0 OVAL(SCAP- Version 7.0 XCCDF (SCAP-IE7-XCCDF-Beta-
     IE7-OVAL-Beta-v3.xml)                      v3.xml




oval:org.mitre.oval:def:1277,   UseOnlyMachineSettings-LocalComputer,
oval:org.mitre.oval:def:2050    UseOnlyMachineSettings-LocalComputer-Disabled




oval:org.mitre.oval:def:658     IEProcesses-RestrictActiveXInstall-LocalComputer




oval:org.mitre.oval:def:1400    DoNotAllowUsersAddDeleteSites-LocalComputer
                               DisablePeriodicCheckForIESoftwareUpdates-
oval:org.mitre.oval:def:1357   LocalComputer




oval:org.mitre.oval:def:620




oval:org.mitre.oval:def:884    IEProcesses-ConsistentMimeHandling-LocalComputer
                               AllowSoftwareRunInstallSignatureInvalid-
                               LocalComputer,
oval:org.mitre.oval:def:680,   AllowSoftwareToRununOrInstallEvenIfSignatureInvalid-
oval:org.mitre.oval:def:1392   LocalUser




                               IEProcesses-MKProtocolSecurityRestriction-
oval:org.mitre.oval:def:617    LocalComputer




                               DisableSoftwareUpdateShellNotifications-
oval:org.mitre.oval:def:1188   LocalComputer
oval:org.mitre.oval:def:320     IEProcesses-RestrictFileDownload-LocalComputer




                                DisableAutomaticInstallOfIEComponents-
oval:org.mitre.oval:def:1198    LocalComputer




oval:org.mitre.oval:def:1181    MakeProxySettingsPerMachine-LocalComputer



oval:org.mitre.oval:def:1380,   DoNotAllowUsersEnableDisableAddOns-
oval:org.mitre.oval:def:1358,   LocalComputer,
oval:org.mitre.oval:def:1694    DoNotAllowUsersEnableDisableAddOns-LocalUser
oval:org.mitre.oval:def:487    TurnOffCrashDetection-LocalComputer




                               IEProcesses-ScriptedWindowSecurityRestrictions-
oval:org.mitre.oval:def:465    LocalComputer




oval:org.mitre.oval:def:1404   DoNotAllowUsersChangePolicies-LocalComputer
                               IEProcesses-MimeSniffingSafetyFeature-
oval:org.mitre.oval:def:317    LocalComputer




oval:org.mitre.oval:def:395    CheckSignatureDownloadedPrograms-LocalComputer




oval:org.mitre.oval:def:583    DoNotAllowResettingIESettings-LocalComputer



                               AllowCutCopyPasteOperationsFromClipboardViaScript-
                               InternetZone-LocalComputer,
oval:org.mitre.oval:def:506,   AllowCutCopyPasteOperationsFromClipboardViaScript-
oval:org.mitre.oval:def:533    InternetZone-LocalUser




oval:org.mitre.oval:def:1119   TurnOffFirst-RunOpt-In-InternetZone-LocalComputer
oval:org.mitre.oval:def:242    WebBrowserApplications-InternetZone-LocalComputer



                               AllowCutCopyPasteOperationsFromClipboardViaScript-
                               RestrictedSitesZone-LocalComputer,
oval:org.mitre.oval:def:249,   AllowCutCopyPasteOperationsFromClipboardViaScript-
oval:org.mitre.oval:def:1393   RestrictedSitesZone-LocalUser




                               TurnOffFirst-RunOpt-In-RestrictedSitesZone-
oval:org.mitre.oval:def:621    LocalComputer




                               WebBrowserApplications-RestrictedSitesZone-
oval:org.mitre.oval:def:580    LocalComputer




oval:org.mitre.oval:def:559,   IncludeAllNetworkPaths-LocalComputer,
oval:org.mitre.oval:def:1370   IncludeAllNetworkPaths-LocalUser




oval:org.mitre.oval:def:934,   DisableTheAdvancedPage-LocalComputer,
oval:org.mitre.oval:def:660    DisableTheAdvancedPage-LocalUser




oval:org.mitre.oval:def:1111   DisableThePrivacyPage-LocalComputer
oval:org.mitre.oval:def:672,   DisableTheSecurityPage-LocalComputer,
oval:org.mitre.oval:def:601    DisableTheSecurityPage-LocalUser




oval:org.mitre.oval:def:655,   PreventIgnoingCertificateErrors-LocalComputer,
oval:org.mitre.oval:def:1129   PreventIgnoingCertificateErrors-LocalUser




oval:org.mitre.oval:def:715    TurnOffChangingURLDisplay-LocalComputer




                               TurnOffConfiguringUpdateCheckInterval-
oval:org.mitre.oval:def:1187   LocalComputer




oval:org.mitre.oval:def:626    AddOnList-LocalComputer




oval:org.mitre.oval:def:1278   DenyAllAddOns-LocalComputer
oval:org.mitre.oval:def:757,    DisableConfiguringHistory-LocalComputer,
oval:org.mitre.oval:def:1365    DisableConfiguringHistory-LocalUser


                                DisableChangingAutomaticConfigurationSettings-
                                LocalComputer,
oval:org.mitre.oval:def:1285,   DisableChangingAutomaticConfigurationSettings-
oval:org.mitre.oval:def:613     LocalUser




oval:org.mitre.oval:def:355,    DisableChangingConnectionSettings-LocalComputer,
oval:org.mitre.oval:def:1128    DisableChangingConnectionSettings-LocalUser




oval:org.mitre.oval:def:398,    DisableChangingProxySettings-LocalComputer,
oval:org.mitre.oval:def:635     DisableChangingProxySettings-LocalUser




oval:org.mitre.oval:def:1164    DisableShowingSplashScreen-LocalComputer




oval:org.mitre.oval:def:448,    PreventFixSettingsFunctionality-LocalComputer,
oval:org.mitre.oval:def:640     PreventFixSettingsFunctionality-LocalUser


                                PreventParticipationInCustomerExperienceImprovement
                                Programs-LocalComputer,
oval:org.mitre.oval:def:1171,   PreventParticipationInCustomerExperienceImprovement
oval:org.mitre.oval:def:1391    Programs-LocalUser
                                PreventPerformanceOfFirstRunCustomizeSettings-
oval:org.mitre.oval:def:1322    LocalComputer




oval:org.mitre.oval:def:1382,   PerventDeletationOfTempInternetFiles-LocalComputer,
oval:org.mitre.oval:def:703     PerventDeletationOfTempInternetFiles-LocalUser



                                TurnOffDeleteBrowsingHistoryFunctionality-
oval:org.mitre.oval:def:458,    LocalComputer,
oval:org.mitre.oval:def:1474    TurnOffDeleteBrowsingHistoryFunctionality-LocalUser




oval:org.mitre.oval:def:501     TurnOffManagingPhishingFilter-LocalComputer




oval:org.mitre.oval:def:916,    TurnOffSecuritySettingsCheckFeature-LocalComputer,
oval:org.mitre.oval:def:1034    TurnOffSecuritySettingsCheckFeature-LocalUser




oval:org.mitre.oval:def:400     AllowActiveContentFromCD-LocalComputer




oval:org.mitre.oval:def:110     AllowThird-PartyBrowserExtensions-LocalComputer




oval:org.mitre.oval:def:656,    AutomaticallyCheckIEUpdates-LocalComputer,
oval:org.mitre.oval:def:1360    AutomaticallyCheckForIEUpdates-LocalUser
oval:org.mitre.oval:def:172,    CheckServerCertificateRevocation-LocalComputer,
oval:org.mitre.oval:def:1502    CheckForServerCertificateRevocation-LocalUser




                                AccessDataSourcesAcrossDomains-InternetZone-
oval:org.mitre.oval:def:674,    LocalComputer, AccessDataSourcesAcrossDomains-
oval:org.mitre.oval:def:650     InternetZone-LocalUser




                                AllowDragDropOrCopyPasteFiles-InternetZone-
oval:org.mitre.oval:def:1083,   LocalComputer, AllowDragDropOrCopyPasteFiles-
oval:org.mitre.oval:def:547     InternetZone-LocalUser




oval:org.mitre.oval:def:524,    AllowFontDownloads-InternetZone-LocalComputer,
oval:org.mitre.oval:def:659     AllowFontDownloads-InternetZone-LocalUser




                                AllowInstallationOfDesktopItems-InternetZone-
oval:org.mitre.oval:def:223,    LocalComputer, AllowInstallationOfDesktopItems-
oval:org.mitre.oval:def:541     InternetZone-LocalUser



                                AllowScriptInitiatedWindowsWithoutSizeOrPositionCons
                                traints-InternetZone-LocalComputer,
oval:org.mitre.oval:def:589,    AllowScriptInitiatedWindowsWithoutSizeOrPositionCons
oval:org.mitre.oval:def:1476    traints-InternetZone-LocalUser




oval:org.mitre.oval:def:1043    AllowScriptlets-InternetZone-LocalComputer
                                AllowStatusBarUpdatesViaScript-InternetZone-
oval:org.mitre.oval:def:226,    LocalComputer, AllowStatusBarUpdatesViaScript-
oval:org.mitre.oval:def:1208    InternetZone-LocalUser




                                AutomaticPromptingFileDownloads-InternetZone-
oval:org.mitre.oval:def:1113,   LocalComputer, AutomaticPromptingFileDownloads-
oval:org.mitre.oval:def:562     InternetZone-LocalUser




                                DownloadSignedActiveXControls-InternetZone-
oval:org.mitre.oval:def:1199,   LocalComputer, DownloadSignedActiveXControls-
oval:org.mitre.oval:def:546     InternetZone-LocalUser




                                DownloadUnsignedActiveXControls-InternetZone-
oval:org.mitre.oval:def:391,    LocalComputer, DownloadUnsignedActiveXControls-
oval:org.mitre.oval:def:1200    InternetZone-LocalUser


                                InitializeScriptActiveXControlsNotMarkedAsSafe-
                                InternetZone-LocalComputer, JavaPermissions-
                                InternetZone-LocalComputer,
oval:org.mitre.oval:def:1040,   InitializeScriptActiveXControlsNotMarkedAsSafe-
oval:org.mitre.oval:def:739     InternetZone-LocalUser




oval:org.mitre.oval:def:1174,
oval:org.mitre.oval:def:725     JavaPermissions-InternetZone-LocalUser



                                LaunchingApplicationsAndFilesInIFRAME-InternetZone-
                                LocalComputer,
oval:org.mitre.oval:def:611,    LaunchingApplicationsAndFilesInIFRAME-InternetZone-
oval:org.mitre.oval:def:1487    LocalUser
oval:org.mitre.oval:def:691,    LogonOptions-InternetZone-LocalComputer,
oval:org.mitre.oval:def:1123    LogonOptions-InternetZone-LocalUser




oval:org.mitre.oval:def:240     LooseXAMLFiles-InternetZone-LocalComputer




                                NavigateSub-framesAcrossDifferentDomains-
oval:org.mitre.oval:def:612,    InternetZone-LocalComputer, NavigateSub-
oval:org.mitre.oval:def:1394    framesAcrossDifferentDomains-InternetZone-LocalUser




                                OpenFilesBasedOnContent-InternetZone-
oval:org.mitre.oval:def:953,    LocalComputer, OpenFilesBasedOnContent-
oval:org.mitre.oval:def:1300    InternetZone-LocalUser




                                SoftwareChannelPermissions-InternetZone-
oval:org.mitre.oval:def:302,    LocalComputer, SoftwareChannelPermissions-
oval:org.mitre.oval:def:1398    InternetZone-LocalUser




oval:org.mitre.oval:def:1179,   UsePop-upBlocker-InternetZone-LocalComputer,
oval:org.mitre.oval:def:558     UsePop-upBlocker-InternetZone-LocalUser




oval:org.mitre.oval:def:1108    UserdataPersistence-InternetZone-LocalComputer
                               WebSitesInLessPrivilegedWebContentZonesCanNaviga
                               teIntoThisZone-InternetZone-LocalComputer,
oval:org.mitre.oval:def:265,   WebSitesInLessPrivilegedWebContentZonesCanNaviga
oval:org.mitre.oval:def:1432   teIntoThisZone-InternetZone-LocalUser




oval:org.mitre.oval:def:628    XPSFiles-InternetZone-LocalComputer




                               DisplayMixedContent-LockedDownInternetZone-
oval:org.mitre.oval:def:245    LocalComputer




oval:org.mitre.oval:def:1166   DisplayMixedContent-IntranetZone-LocalComputer




                               DisplayMixedContent-LockedDownIntranetZone-
oval:org.mitre.oval:def:247    LocalComputer




                               DisplayMixedContent-LocalMachineZone-
oval:org.mitre.oval:def:383    LocalComputer




                               DisplayMixedContent-LockedDownLocalMachineZone-
oval:org.mitre.oval:def:418    LocalComputer
                                AccessDataSourcesAcrossDomains-
                                RestrictedSitesZone-LocalComputer,
oval:org.mitre.oval:def:652,    AccessDataSourcesAcrossDomains-
oval:org.mitre.oval:def:750     RestrictedSitesZone-LocalUser




                                AllowActiveScripting-RestrictedSitesZone-
oval:org.mitre.oval:def:293,    LocalComputer, AllowActiveScripting-
oval:org.mitre.oval:def:561     RestrictedSitesZone-LocalUser




                                AllowBinaryAndScriptBehaviors-RestrictedSitesZone-
oval:org.mitre.oval:def:365,    LocalComputer, AllowBinaryAndScriptBehaviors-
oval:org.mitre.oval:def:1314    RestrictedSitesZone-LocalUser




                                AllowDragDropOrCopyPasteFiles-RestrictedSitesZone-
oval:org.mitre.oval:def:498,    LocalComputer, AllowDragDropOrCopyPasteFiles-
oval:org.mitre.oval:def:1465    RestrictedSitesZone-LocalUser




                                AllowFileDownloads-RestrictedSitesZone-
oval:org.mitre.oval:def:1184,   LocalComputer, AllowFileDownloads-
oval:org.mitre.oval:def:1318    RestrictedSitesZone-LocalUser




                                AllowFontDownloads-RestrictedSitesZone-
oval:org.mitre.oval:def:1109,   LocalComputer, AllowFontDownloads-
oval:org.mitre.oval:def:1410    RestrictedSitesZone-LocalUser




                                AllowInstallationOfDesktopItems-RestrictedSitesZone-
oval:org.mitre.oval:def:251,    LocalComputer, AllowInstallationOfDesktopItems-
oval:org.mitre.oval:def:1257    RestrictedSitesZone-LocalUser
                                AllowMETAREFRESH-RestrictedSitesZone-
oval:org.mitre.oval:def:1218,   LocalComputer, AllowMETAREFRESH-
oval:org.mitre.oval:def:1270    RestrictedSitesZone-LocalUser



                                AllowScriptInitiatedWindowsWithoutSizeOrPositionCons
                                traints-RestrictedSitesZone-LocalComputer,
oval:org.mitre.oval:def:1234,   AllowScriptInitiatedWindowsWithoutSizeOrPositionCons
oval:org.mitre.oval:def:574     traints-RestrictedSitesZone-LocalUser




oval:org.mitre.oval:def:1217    AllowScriptlets-RestrictedSitesZone-LocalComputer




                                AllowStatusBarUpdatesViaScript-RestrictedSitesZone-
oval:org.mitre.oval:def:378,    LocalComputer, AllowStatusBarUpdatesViaScript-
oval:org.mitre.oval:def:1320    RestrictedSitesZone-LocalUser




                                AutomaticPromptingFileDownloads-RestrictedSitesZone-
oval:org.mitre.oval:def:252,    LocalComputer, AutomaticPromptingFileDownloads-
oval:org.mitre.oval:def:1312    RestrictedSitesZone-LocalUser




                                DownloadSignedActiveXControls-RestrictedSitesZone-
oval:org.mitre.oval:def:1019,   LocalComputer, DownloadSignedActiveXControls-
oval:org.mitre.oval:def:1389    RestrictedSitesZone-LocalUser



                                DownloadUnsignedActiveXControls-
                                RestrictedSitesZone-LocalComputer,
oval:org.mitre.oval:def:949,    DownloadUnsignedActiveXControls-
oval:org.mitre.oval:def:579     RestrictedSitesZone-LocalUser
                                InitializeScriptActiveXControlsNotMarkedAsSafe-
                                RestrictedSitesZone-LocalComputer,
oval:org.mitre.oval:def:273,    InitializeScriptActiveXControlsNotMarkedAsSafe-
oval:org.mitre.oval:def:1342    RestrictedSitesZone-LocalUser




oval:org.mitre.oval:def:824,    JavaPermissions-RestrictedSitesZone-LocalComputer,
oval:org.mitre.oval:def:732     JavaPermissions-RestrictedSitesZone-LocalUser



                                LaunchingApplicationsAndFilesInIFRAME-
                                RestrictedSitesZone-LocalComputer,
oval:org.mitre.oval:def:274,    LaunchingApplicationsAndFilesInIFRAME-
oval:org.mitre.oval:def:1223    RestrictedSitesZone-LocalUser




oval:org.mitre.oval:def:326,    LogonOptions-RestrictedSitesZone-LocalComputer,
oval:org.mitre.oval:def:1378    LogonOptions-RestrictedSitesZone-LocalUser




oval:org.mitre.oval:def:275     LooseXAMLFiles-RestrictedSitesZone-LocalComputer



                                NavigateSub-framesAcrossDifferentDomains-
                                RestrictedSitesZone-LocalComputer, NavigateSub-
oval:org.mitre.oval:def:1229,   framesAcrossDifferentDomains-RestrictedSitesZone-
oval:org.mitre.oval:def:1292    LocalUser
                               OpenFilesBasedOnContent-RestrictedSitesZone-
oval:org.mitre.oval:def:706,   LocalComputer, OpenFilesBasedOnContent-
oval:org.mitre.oval:def:1421   RestrictedSitesZone-LocalUser



                               RunNETFrameworkReliantComponentsNotSignedWith
                               Authenticode-RestrictedSitesZone-LocalComputer,
oval:org.mitre.oval:def:329,   RunNETFrameworkReliantComponentsNotSignedWith
oval:org.mitre.oval:def:599    Authenticode-RestrictedSitesZone-LocalUser



                               RunNETFrameworkReliantComponentsSignedWithAuth
                               enticode-RestrictedSitesZone-LocalComputer,
oval:org.mitre.oval:def:276,   RunNETFrameworkReliantComponentsSignedWithAuth
oval:org.mitre.oval:def:1428   enticode-RestrictedSitesZone-LocalUser




                               RunActiveXControlsAndPlugins-RestrictedSitesZone-
oval:org.mitre.oval:def:571,   LocalComputer, RunActiveXControlsAndPlugins-
oval:org.mitre.oval:def:1594   RestrictedSitesZone-LocalUser



                               ScriptActiveXControlsMarkedSafeForScripting-
                               RestrictedSitesZone-LocalComputer,
oval:org.mitre.oval:def:602,   ScriptActiveXControlsMarkedSafeForScripting-
oval:org.mitre.oval:def:1274   RestrictedSitesZone-LocalUser




                               ScriptingOfJavaApplets-RestrictedSitesZone-
oval:org.mitre.oval:def:280,   LocalComputer, ScriptingOfJavaApplets-
oval:org.mitre.oval:def:641    RestrictedSitesZone-LocalUser




                               SoftwareChannelPermissions-RestrictedSitesZone-
oval:org.mitre.oval:def:290,   LocalComputer, SoftwareChannelPermissions-
oval:org.mitre.oval:def:1214   RestrictedSitesZone-LocalUser
                                UsePop-upBlocker-RestrictedSitesZone-
oval:org.mitre.oval:def:1100,   LocalComputer, UsePop-upBlocker-
oval:org.mitre.oval:def:1286    RestrictedSitesZone-LocalUser




                                UserdataPersistence-RestrictedSitesZone-
oval:org.mitre.oval:def:300     LocalComputer



                                WebSitesInLessPrivilegedWebContentZonesCanNaviga
                                teIntoThisZone-RestrictedSitesZone-LocalComputer,
oval:org.mitre.oval:def:1219,   WebSitesInLessPrivilegedWebContentZonesCanNaviga
oval:org.mitre.oval:def:1243    teIntoThisZone-RestrictedSitesZone-LocalUser




oval:org.mitre.oval:def:1176    XPSFiles-RestrictedSitesZone-LocalComputer




                                DisplayMixedContent-LockedDownRestrictedSitesZone-
oval:org.mitre.oval:def:314     LocalComputer




oval:org.mitre.oval:def:1153    DisplayMixedContent-TrustedSitesZone-LocalComputer




                                DisplayMixedContent-LockedDownTrustedSitesZone-
oval:org.mitre.oval:def:1183    LocalComputer
oval:org.mitre.oval:def:338    EnableNativeXMLHttpSupport-LocalComputer




oval:org.mitre.oval:def:645    DisableSaveThisProgramToDiskOption-LocalUser



oval:org.mitre.oval:def:523    AllowInstallOnDemandIE-LocalUser



oval:org.mitre.oval:def:1206   TurnOffPageTransitions-LocalUser



oval:org.mitre.oval:def:1516   DisableAutoCompleteForForms-LocalUser



oval:org.mitre.oval:def:505    AllowInstallOnDemandIE-LocalUser



oval:org.mitre.oval:def:1362   DisableChangingCertificateSettings-LocalUser



oval:org.mitre.oval:def:1384   DisableExternalBrandingOfIE-LocalUser


oval:org.mitre.oval:def:1238   ConfigureOutlookExpress-LocalUser



oval:org.mitre.oval:def:604    InternetConnectionWizardSettings-LocalUser



oval:org.mitre.oval:def:1355   DisableInternetConnectionWizard-LocalUser



oval:org.mitre.oval:def:1437   DisableResetWebSettingsFeature-LocalUser
                               DisableDownloadingOfSiteSubscriptionContent-
oval:org.mitre.oval:def:1080   LocalUser



oval:org.mitre.oval:def:1293   DisableAddingSchedulesForOfflinePages-LocalUser


oval:org.mitre.oval:def:1383   DisableAddingChannels-LocalUser


                               DisableEditingAndCreatingOfScheduleGroups-
oval:org.mitre.oval:def:1397   LocalUser



oval:org.mitre.oval:def:1501   DisableAllScheduledOfflinePages-LocalUser



oval:org.mitre.oval:def:1565   DisableEditingSchedulesForOfflinePages-LocalUser




oval:org.mitre.oval:def:1782   DisableChannelUserInterfaceCompletely-LocalUser


oval:org.mitre.oval:def:1801   DisableRemovingChannels-LocalUser



oval:org.mitre.oval:def:1954   DisableRemovingSchedulesForOfflinePages-LocalUser



oval:org.mitre.oval:def:2026   DisableOfflinePageHitLogging-LocalUser




                               JavaPermissions-LockedDownIntranetZone-
oval:org.mitre.oval:def:2039   LocalComputer
oval:org.mitre.oval:def:1422   JavaPermissions-LocalMachineZone-LocalComputer




                               JavaPermissions-LockedDownLocalMachineZone-
oval:org.mitre.oval:def:1986   LocalComputer
   FDCC IE7 XCCDF (fdcc-
                                        FDCC IE7 OVAL (fdcc-
     accepted-content-
                                          accepted-content-
     20080110\fdcc-ie7-
                                      20080110\fdcc-ie7-oval.xml
        xccdf.xml)




use_only_machine_settings_local_co
mputer                             oval:gov.nist.fdcc.ie7:def:1277




IEProcesses_RestrictActiveXInstall_
LocalComputer                       oval:gov.nist.fdcc.ie7:def:658




DoNotAllowUsersAddDeleteSites_Lo
calComputer                      oval:gov.nist.fdcc.ie7:def:1400
DisablePeriodicCheckForIESoftware
Updates_LocalComputer             oval:gov.nist.fdcc.ie7:def:1357




IEProcesses_ProtectionFromZoneEl
evation_LocalComputer            oval:gov.nist.fdcc.ie7:def:620




IEProcesses_ConsistentMimeHandli
ng_LocalComputer                 oval:gov.nist.fdcc.ie7:def:884
AllowSoftwareRunInstallSignatureInv
alid_LocalComputer                  oval:gov.nist.fdcc.ie7:def:680




IEProcesses_MKProtocolSecurityRe
striction_LocalComputer          oval:gov.nist.fdcc.ie7:def:617




DisableSoftwareUpdateShellNotificati
ons_LocalComputer                    oval:gov.nist.fdcc.ie7:def:1188
IEProcesses_RestrictFileDownload_
LocalComputer                     oval:gov.nist.fdcc.ie7:def:320




DisableAutomaticInstallOfIECompon
ents_LocalComputer                oval:gov.nist.fdcc.ie7:def:1198




MakeProxySettingsPerMachine_Loca
lComputer                        oval:gov.nist.fdcc.ie7:def:1181




DoNotAllowUsersEnableDisableAdd
Ons_LocalComputer                   oval:gov.nist.fdcc.ie7:def:1694
TurnOffCrashDetection_LocalCompu
ter                              oval:gov.nist.fdcc.ie7:def:487




IEProcesses_ScriptedWindowSecurit
yRestrictions_LocalComputer       oval:gov.nist.fdcc.ie7:def:465




DoNotAllowUsersChangePolicies_Lo
calComputer                      oval:gov.nist.fdcc.ie7:def:1404
IEProcesses_MimeSniffingSafetyFea
ture_LocalComputer                oval:gov.nist.fdcc.ie7:def:317




CheckSignatureDownloadedProgram
s_LocalComputer                 oval:gov.nist.fdcc.ie7:def:395




DoNotAllowResettingIESettings_Loc
alComputer                        oval:gov.nist.fdcc.ie7:def:583




allow_cut_copy_paste_operations_fr
om_clipboard_via_script_internet_zo
ne_local_computer                   oval:gov.nist.fdcc.ie7:def:506




TurnOffFirstRunOptIn_InternetZone_
LocalComputer                      oval:gov.nist.fdcc.ie7:def:1119
WebBrowserApplications_InternetZo
ne_LocalComputer                  oval:gov.nist.fdcc.ie7:def:242




AllowCutCopyPasteOperationsFrom
ClipboardViaScript_RestrictedSitesZ
one_LocalComputer                   oval:gov.nist.fdcc.ie7:def:249




TurnOffFirstRunOptIn_RestrictedSite
sZone_LocalComputer                 oval:gov.nist.fdcc.ie7:def:621




WebBrowserApplications_Restricted
SitesZone_LocalComputer           oval:gov.nist.fdcc.ie7:def:580




include_all_network_paths_local_co
mputer                               oval:gov.nist.fdcc.ie7:def:559
prevent_ignoring_certificate_errors_l
ocal_computer                         oval:gov.nist.fdcc.ie7:def:655




TurnOffChangingURLDisplay_LocalC
omputer                          oval:gov.nist.fdcc.ie7:def:715




TurnOffConfiguringUpdateCheckInter
val_LocalComputer                  oval:gov.nist.fdcc.ie7:def:1187
DisableConfiguringHistory_LocalCom
puter                              oval:gov.nist.fdcc.ie7:def:757




DisableChangingAutomaticConfigurat
ionSettings_LocalComputer          oval:gov.nist.fdcc.ie7:def:1285




DisableShowingSplashScreen_Local
Computer                         oval:gov.nist.fdcc.ie7:def:1164




PreventParticipationInCustomerExpe
rienceImprovementPrograms_LocalC
omputer                            oval:gov.nist.fdcc.ie7:def:1171
PreventPerformanceOfFirstRunCusto
mizeSettings_LocalComputer        oval:gov.nist.fdcc.ie7:def:1322




TurnOffDeleteBrowsingHistoryFuncti
onality_LocalComputer              oval:gov.nist.fdcc.ie7:def:458




TurnOffManagingPhishingFilter_Loca
lComputer                          oval:gov.nist.fdcc.ie7:def:501




TurnOffSecuritySettingsCheckFeatur
e_LocalComputer                    oval:gov.nist.fdcc.ie7:def:916




AllowActiveContentFromCD_LocalCo
mputer                           oval:gov.nist.fdcc.ie7:def:400




AllowThird-
PartyBrowserExtensions_LocalComp
uter                             oval:gov.nist.fdcc.ie7:def:110




AutomaticallyCheckIEUpdates_Local
Computer                          oval:gov.nist.fdcc.ie7:def:656
CheckServerCertificateRevocation_L
ocalComputer                       oval:gov.nist.fdcc.ie7:def:172




access_data_sources_across_domai
ns_internet_zone_local_computer  oval:gov.nist.fdcc.ie7:def:674




AllowDragDropOrCopyPasteFiles_Int
ernetZone_LocalComputer           oval:gov.nist.fdcc.ie7:def:1083




AllowFontDownloads_InternetZone_L
ocalComputer                      oval:gov.nist.fdcc.ie7:def:524




AllowInstallationOfDesktopItems_Inte
rnetZone_LocalComputer               oval:gov.nist.fdcc.ie7:def:223




AllowScriptInitiatedWindowsWithoutS
izeOrPositionConstraints_InternetZon
e_LocalComputer                      oval:gov.nist.fdcc.ie7:def:589




allow_scriptlets_internet_zone_local_
computer                              oval:gov.nist.fdcc.ie7:def:1043
allow_status_bar_updates_via_script
_internet_zone_local_computer       oval:gov.nist.fdcc.ie7:def:226




AutomaticPromptingFileDownloads_I
nternetZone_LocalComputer         oval:gov.nist.fdcc.ie7:def:1113




download_signed_activex_controls_I
nternetZone_LocalComputer          oval:gov.nist.fdcc.ie7:def:1199




DownloadUnsignedActiveXControls_I
nternetZone_LocalComputer         oval:gov.nist.fdcc.ie7:def:391




InitializeScriptActiveXControlsNotMar
kedAsSafe_InternetZone_LocalCom
puter                                 oval:gov.nist.fdcc.ie7:def:1040




java_permissions_internet_zone_loc
al_computer                        oval:gov.nist.fdcc.ie7:def:1174




LaunchingApplicationsAndFilesInIFR
AME_InternetZone_LocalComputer oval:gov.nist.fdcc.ie7:def:611
LogonOptions_InternetZone_LocalCo
mputer                            oval:gov.nist.fdcc.ie7:def:691




LooseXAMLFiles_InternetZone_Loca
lComputer                        oval:gov.nist.fdcc.ie7:def:240




navigate_sub_frames_across_differe
nt_domains_Internet_zone_local_co
mputer                             oval:gov.nist.fdcc.ie7:def:612




OpenFilesBasedOnContent_Internet
Zone_LocalComputer               oval:gov.nist.fdcc.ie7:def:953




SoftwareChannelPermissions_Intern
etZone_LocalComputer              oval:gov.nist.fdcc.ie7:def:302




UsePop-
upBlocker_InternetZone_LocalComp
uter                             oval:gov.nist.fdcc.ie7:def:1179




UserdataPersistence_InternetZone_L
ocalComputer                       oval:gov.nist.fdcc.ie7:def:1108
WebSitesInLessPrivilegedWebConte
ntZonesCanNavigateIntoThisZone_In
ternetZone_LocalComputer          oval:gov.nist.fdcc.ie7:def:265




display_mixed_content_locked_down
_internet_zone_local_computer     oval:gov.nist.fdcc.ie7:def:245




display_mixed_content_intranet_zon
e_local_computer                   oval:gov.nist.fdcc.ie7:def:1166




display_mixed_content-
LockedDownintranet_zone_local_co
mputer                              oval:gov.nist.fdcc.ie7:def:247




display_mixed_content-
local_machine_zone_local_computer oval:gov.nist.fdcc.ie7:def:383




display_mixed_content-
LockedDownlocal_machine_zone_lo
cal_computer                    oval:gov.nist.fdcc.ie7:def:418
AccessDataSourcesAcrossDomains_
RestrictedSitesZone_LocalComputer oval:gov.nist.fdcc.ie7:def:652




AllowActiveScripting_RestrictedSites
Zone_LocalComputer                   oval:gov.nist.fdcc.ie7:def:293




AllowBinaryAndScriptBehaviors_Rest
rictedSitesZone_LocalComputer      oval:gov.nist.fdcc.ie7:def:365




AllowDragDropOrCopyPasteFiles_Re
strictedSitesZone_LocalComputer  oval:gov.nist.fdcc.ie7:def:498




AllowFileDownloads_RestrictedSites
Zone_LocalComputer                 oval:gov.nist.fdcc.ie7:def:1184




AllowFontDownloads_RestrictedSites
Zone_LocalComputer                 oval:gov.nist.fdcc.ie7:def:1109




AllowInstallationOfDesktopItems_Re
strictedSitesZone_LocalComputer    oval:gov.nist.fdcc.ie7:def:251
AllowMETAREFRESH_RestrictedSit
esZone_LocalComputer           oval:gov.nist.fdcc.ie7:def:1218




AllowScriptInitiatedWindowsWithoutS
izeOrPositionConstraints_Restricted
SitesZone_LocalComputer             oval:gov.nist.fdcc.ie7:def:1234




AllowStatusBarUpdatesViaScript_Re
strictedSitesZone_LocalComputer   oval:gov.nist.fdcc.ie7:def:378




AutomaticPromptingFileDownloads_
RestrictedSitesZone_LocalComputer oval:gov.nist.fdcc.ie7:def:252




download_signed_activex_controls_
RestrictedSitesZone_LocalComputer oval:gov.nist.fdcc.ie7:def:1019




DownloadUnsignedActiveXControls_
RestrictedSitesZone_LocalComputer oval:gov.nist.fdcc.ie7:def:949
InitializeScriptActiveXControlsNotMar
kedAsSafe_RestrictedSitesZone_Loc
alComputer                            oval:gov.nist.fdcc.ie7:def:273




java_permissions_RestrictedSitesZo
ne_LocalComputer                   oval:gov.nist.fdcc.ie7:def:824




LaunchingApplicationsAndFilesInIFR
AME_RestrictedSitesZone_LocalCo
mputer                             oval:gov.nist.fdcc.ie7:def:274




LogonOptions_RestrictedSitesZone_
LocalComputer                     oval:gov.nist.fdcc.ie7:def:326




LooseXAMLFiles_RestrictedSitesZon
e_LocalComputer                   oval:gov.nist.fdcc.ie7:def:275




NavigateSub-
framesAcrossDifferentDomains_Rest
rictedSitesZone_LocalComputer     oval:gov.nist.fdcc.ie7:def:1229
OpenFilesBasedOnContent_Restrict
edSitesZone_LocalComputer        oval:gov.nist.fdcc.ie7:def:706




RunNETFrameworkReliantCompone
ntsNotSignedWithAuthenticode_Rest
rictedSitesZone_LocalComputer     oval:gov.nist.fdcc.ie7:def:329




RunNETFrameworkReliantCompone
ntsSignedWithAuthenticode_Restrict
edSitesZone_LocalComputer          oval:gov.nist.fdcc.ie7:def:276




RunActiveXControlsAndPlugins_Rest
rictedSitesZone_LocalComputer     oval:gov.nist.fdcc.ie7:def:571




ScriptActiveXControlsMarkedSafeFor
Scripting_RestrictedSitesZone_Local
Computer                            oval:gov.nist.fdcc.ie7:def:602




ScriptingOfJavaApplets_RestrictedSit
esZone_LocalComputer                 oval:gov.nist.fdcc.ie7:def:280




SoftwareChannelPermissions_Restri
ctedSitesZone_LocalComputer       oval:gov.nist.fdcc.ie7:def:290
UsePop-
upBlocker_RestrictedSitesZone_Loc
alComputer                        oval:gov.nist.fdcc.ie7:def:1100




UserdataPersistence_RestrictedSites
Zone_LocalComputer                  oval:gov.nist.fdcc.ie7:def:300




WebSitesInLessPrivilegedWebConte
ntZonesCanNavigateIntoThisZone_R
estrictedSitesZone_LocalComputer oval:gov.nist.fdcc.ie7:def:1219




display_mixed_content-
LockedDownRestrictedSitesZone_Lo
calComputer                      oval:gov.nist.fdcc.ie7:def:314




display_mixed_content_trusted_sites
_zone_local_computer                oval:gov.nist.fdcc.ie7:def:1153




display_mixed_content_LockedDown
trusted_sites_zone_local_computer oval:gov.nist.fdcc.ie7:def:1183
EnableNativeXMLHttpSupport_Local
Computer                         oval:gov.nist.fdcc.ie7:def:338



TurnOnAutoCompleteFeatureForUse
rNamesAndPasswords_LocalUser    oval:gov.nist.fdcc.ie7:def:645


allow_install_on_demand_ie_local_c
omputer                            oval:gov.nist.fdcc.ie7:def:9999



TurnOffPageTransitions_LocalUser    oval:gov.nist.fdcc.ie7:def:1206


DisableAutoCompleteForForms_Loc
alUser                          oval:gov.nist.fdcc.ie7:def:1516




DisableExternalBrandingOfIE_LocalU
ser                                oval:gov.nist.fdcc.ie7:def:1384

configure_outlook_express_local_us
er                                 oval:gov.nist.fdcc.ie7:def:1238


TurnOnInternetConnectionWizardAut
oDetect_LocalUser                 oval:gov.nist.fdcc.ie7:def:604


DisableInternetConnectionWizard_Lo
calUser                            oval:gov.nist.fdcc.ie7:def:1355


DisableResetWebSettingsFeature_L
ocalUser                         oval:gov.nist.fdcc.ie7:def:1437
java_permissions_LockedDownintran
et_zone_local_computer            oval:gov.nist.fdcc.ie7:def:2039
java_permissions_local_machine_zo
ne_local_computer                 oval:gov.nist.fdcc.ie7:def:1422




java_permissions_LockedDownlocal
_machine_zone_local_computer     oval:gov.nist.fdcc.ie7:def:1986




site_to_zone_assignment_list_local_
computer                            oval:gov.nist.fdcc.ie7:def:9998


TurnOnProtectedMode_InternetZone
_LocalComputer                   oval:gov.nist.fdcc.ie7:def:111999




java_permissions_intranet_zone_loc
al_computer                        oval:gov.nist.fdcc.ie7:def:1883


download_signed_activex_controls_l
ocked_down_internet_zone_local_co
mputer                             oval:gov.nist.fdcc.ie7:def:24599




java_permissions_locked_down_inter
net_zone_local_computer            oval:gov.nist.fdcc.ie7:def:1419
java_permissions_LockedDownRestr
ictedSitesZone_LocalComputer     oval:gov.nist.fdcc.ie7:def:1753


AllowStatusBarUpdatesViaScript_Loc
kedDowntrusted_sites_zone_local_c
omputer                            oval:gov.nist.fdcc.ie7:def:118399




java_permissions_LockedDowntruste
d_sites_zone_local_computer       oval:gov.nist.fdcc.ie7:def:1699




TurnOnProtectedMode_RestrictedSit
esZone_LocalComputer              oval:gov.nist.fdcc.ie7:def:62199




java_permissions_trusted_sites_zon
e_local_computer                   oval:gov.nist.fdcc.ie7:def:1379
                                               CCE
  CCE ID         CCE Description
                                            Parameters




            The "Allow cut, copy or
            paste operations from the
            clipboard via script"
            machine setting should be
            configured correctly for the enabled/disabled/pro
CCE-10002-4 Internet Zone.               mpt


            The "Only allow approved
            domains to use ActiveX
            controls without prompt"
            machine setting should be
            configured correctly for the
            Locked-Down Restricted
CCE-10004-0 Sites Zone.                  enabled/disabled


            The "Allow drag and drop
            or copy and paste files"
            machine setting should be
            configured correctly for the enabled/disabled/pro
CCE-10033-9 Internet Zone.               mpt




            The "Security Zones: Do
            not allow users to change
            policies" machine setting
            should be configured
CCE-10037-0 correctly.                   enabled/disabled


            The "Allow software to run
            or install even if the
            signature is invalid"
            machine setting should be
CCE-10052-9 configured correctly.      enabled/disabled
            The "Use SmartScreen
            Filter" machine setting
            should be configured
            correctly for the Locked-
CCE-10065-1 Down Trusted Sites Zone.     enabled/disabled




            The "Check for server
            certificate revocation"
            machine setting should be
CCE-10074-3 configured correctly.     enabled/disabled


            The "Scripting of Java
            applets" machine setting
            should be configured
            correctly for the Restricted enabled/disabled/pro
CCE-10083-4 Sites Zone.                  mpt




            The "Use Pop-up Blocker"
            machine setting should be
            configured correctly for the
CCE-10094-1 Restricted Sites Zone.       enabled/disabled




            The "Security Zones: Use
            only machine settings"
            machine setting should be
CCE-10096-6 configured correctly.     enabled/disabled


            The "Open files based on
            content, not file extension"
            machine setting should be
            configured correctly for the
CCE-10107-1 Internet Zone.               enabled/disabled

            The "Consistent Mime
            Handling: Internet Explorer
            Processes" machine
            setting should be
CCE-10138-6 configured correctly.       enabled/disabled
            The "Use SmartScreen
            Filter" machine setting
            should be configured
            correctly for the Locked-
            Down Restricted Sites
CCE-10145-1 Zone.                        enabled/disabled




            The "Use SmartScreen
            Filter" machine setting
            should be configured
            correctly for the Locked-
CCE-10163-4 Down Intranet Zone.          enabled/disabled




            The "Java permissions"
            machine setting should be Custom/Disable
            configured correctly for the Java/High safety/Low
CCE-10182-4 Internet Zone.               safety/Medium safety


            The "Use SmartScreen
            Filter" machine setting
            should be configured
            correctly for the Local
CCE-10211-1 Machine Zone.                enabled/disabled


            The "Do not allow users to
            enable or disable add-ons"
            machine setting should be
CCE-10235-0 configured correctly.      enabled/disabled


            The "Prevent "Fix settings"
            functionality" machine
            setting should be
CCE-10253-3 configured correctly.       enabled/disabled




            The "MK Protocol Security
            Restriction: Internet
            Explorer Processes"
            machine setting should be
CCE-10265-7 configured correctly.     enabled/disabled
            The "Open files based on
            content, not file extension"
            machine setting should be
            configured correctly for the
CCE-10277-2 Restricted Sites Zone.       enabled/disabled

            The "Turn on the auto-
            complete feature for user
            names and passwords on
            forms" current user setting
            should be configured
CCE-10291-3 correctly.                  enabled/disabled


            The "Initialize and script
            ActiveX controls not
            marked as safe" machine
            setting should be
            configured correctly for the enabled/disabled/pro
CCE-10347-3 Restricted Sites Zone.       mpt

            The "Launching
            applications and files in an
            IFRAME" machine setting
            should be configured
            correctly for the Restricted enabled/disabled/pro
CCE-10360-6 Sites Zone.                  mpt


            The "Access data sources
            across domains" machine
            setting should be
            configured correctly for the enabled/disabled/pro
CCE-10380-4 Internet Zone.               mpt




            The "Disable "Configuring
            History"" machine setting
            should be configured
CCE-10387-9 correctly.                   enabled/disabled


            The "Disable
            AutoComplete for forms"
            current user setting should
CCE-10388-7 be configured correctly.    enabled/disabled
            The "Automatic prompting
            for file downloads" machine
            setting should be
            configured correctly for the
CCE-10389-5 Internet Zone.               enabled/disabled




            The "Allow active scripting"
            machine setting should be
            configured correctly for the enabled/disabled/pro
CCE-10393-7 Restricted Sites Zone.       mpt




            The "Security Zones: Do
            not allow users to
            add/delete sites" machine
            setting should be
CCE-10394-5 configured correctly.        enabled/disabled




            The "Disable the Advanced
            page" machine setting
            should be configured
CCE-10396-0 correctly.                enabled/disabled




            The "Allow font downloads"
            machine setting should be
            configured correctly for the enabled/disabled/pro
CCE-10403-4 Internet Zone.               mpt

            The "Restrict ActiveX
            Install: Internet Explorer
            Processes" machine
            setting should be
CCE-10405-9 configured correctly.        enabled/disabled




            The "Disable Save this
            program to disk option"
            current user setting should
CCE-10415-8 be configured correctly.    enabled/disabled
            The "Allow status bar
            updates via script" machine
            setting should be
            configured correctly for the
CCE-10431-5 Restricted Sites Zone.       enabled/disabled


            The "Download unsigned
            ActiveX controls" machine
            setting should be
            configured correctly for the enabled/disabled/pro
CCE-10433-1 Internet Zone.               mpt




            The "Prevent ignoring
            certificate errors" machine
            setting should be
CCE-10436-4 configured correctly.       enabled/disabled


            The "Download unsigned
            ActiveX controls" machine
            setting should be
            configured correctly for the enabled/disabled/pro
CCE-10461-2 Restricted Sites Zone.       mpt


            The "Disable changing
            proxy settings" machine
            setting should be
CCE-10464-6 configured correctly.        enabled/disabled




            The "Allow file downloads"
            machine setting should be
            configured correctly for the
CCE-10466-1 Restricted Sites Zone.       enabled/disabled


            The "Download signed
            ActiveX controls" machine
            setting should be
            configured correctly for the enabled/disabled/pro
CCE-10470-3 Restricted Sites Zone.       mpt
                                         Anonymous
                                         logon/Automatic
                                         logon only in Intranet
                                         zone/Automatic
                                         logon with current
            The "Logon options"          username and
            machine setting should be password/Prompt for
            configured correctly for the user name and
CCE-10472-9 Internet Zone.               password


            The "Allow installation of
            desktop items" machine
            setting should be
            configured correctly for the enabled/disabled/pro
CCE-10475-2 Restricted Sites Zone.       mpt




            The "Use Pop-up Blocker"
            machine setting should be
            configured correctly for the
CCE-10486-9 Internet Zone.               enabled/disabled


            The "Disable changing
            certificate settings" current
            user setting should be
CCE-10503-1 configured correctly.         enabled/disabled


            The "Access data sources
            across domains" machine
            setting should be
            configured correctly for the enabled/disabled/pro
CCE-10525-4 Restricted Sites Zone.       mpt


            The "Allow cut, copy or
            paste operations from the
            clipboard via script"
            machine setting should be
            configured correctly for the enabled/disabled/pro
CCE-10539-5 Restricted Sites Zone.       mpt


            The "Allow binary and
            script behaviors" machine
            setting should be
            configured correctly for the enabled/disabled/Ad
CCE-10547-8 Restricted Sites Zone.       ministrator approved
            The "Disable the Security
            page" machine setting
            should be configured
CCE-10550-2 correctly.                   enabled/disabled


            The "Script ActiveX
            controls marked safe for
            scripting" machine setting
            should be configured
            correctly for the Restricted enabled/disabled/pro
CCE-10554-4 Sites Zone.                  mpt


            The "Initialize and script
            ActiveX controls not
            marked as safe" machine
            setting should be
            configured correctly for the enabled/disabled/pro
CCE-10561-9 Internet Zone.               mpt

            The "Protection From Zone
            Elevation: Internet Explorer
            Processes" machine
            setting should be
CCE-10574-2 configured correctly.        enabled/disabled

            The "Restrict File
            Download: Internet
            Explorer Processes"
            machine setting should be
CCE-10578-3 configured correctly.     enabled/disabled


            The "Automatically check
            for Internet Explorer
            updates" machine setting
            should be configured
CCE-10581-7 correctly.                   enabled/disabled


            The "Turn off Crash
            Detection" machine setting
            should be configured
CCE-10594-0 correctly.                 enabled/disabled
            The "Scripted Window
            Security Restrictions:
            Internet Explorer
            Processes" machine
            setting should be
CCE-10604-7 configured correctly.      enabled/disabled
            The "Disable changing
            connection settings"
            machine setting should be
CCE-10605-4 configured correctly.     enabled/disabled


            The "Turn off the Security
            Settings Check feature"
            machine setting should be
CCE-10607-0 configured correctly.      enabled/disabled

            The "Web sites in less
            privileged Web content
            zones can navigate into
            this zone" machine setting
            should be configured
            correctly for the Restricted enabled/disabled/pro
CCE-10609-6 Sites Zone.                  mpt




            The "Java permissions"
            machine setting should be Custom/Disable
            configured correctly for the Java/High safety/Low
CCE-10620-3 Restricted Sites Zone.       safety/Medium safety

            The "Web sites in less
            privileged Web content
            zones can navigate into
            this zone" machine setting
            should be configured
            correctly for the Internet enabled/disabled/pro
CCE-10622-9 Zone.                      mpt

            The "Mime Sniffing Safety
            Feature: Internet Explorer
            Processes" machine
            setting should be
CCE-10635-1 configured correctly.        enabled/disabled


            The "Disable changing
            Automatic Configuration
            settings" machine setting
            should be configured
CCE-10638-5 correctly.                   enabled/disabled
            The "Navigate windows
            and frames across different
            domains" machine setting
            should be configured
            correctly for the Restricted enabled/disabled/pro
CCE-10642-7 Sites Zone.                  mpt

                                         Anonymous
                                         logon/Automatic
                                         logon only in Intranet
                                         zone/Automatic
                                         logon with current
            The "Logon options"          username and
            machine setting should be password/Prompt for
            configured correctly for the user name and
CCE-10651-8 Restricted Sites Zone.       password


            The "Allow META
            REFRESH" machine
            setting should be
            configured correctly for the
CCE-10664-1 Restricted Sites Zone.       enabled/disabled

               The "Only use the ActiveX
               Installer Service for
               installation of ActiveX
               Controls" machine setting
               should be configured
CCE-9230-4     correctly.                  enabled/disabled

               The "Prevent Bypassing
               SmartScreen Filter
               Warnings" machine setting
               should be configured
CCE-9233-8     correctly.                enabled/disabled


               The "Prevent Deleting
               Cookies" machine setting
               should be configured
CCE-9238-7     correctly.                  enabled/disabled




               The "Use SmartScreen
               Filter" machine setting
               should be configured
               correctly for the Locked-
CCE-9489-6     Down Internet Zone.         enabled/disabled
             The "Disable Per-User
             Installation of ActiveX
             Controls" machine setting
             should be configured
CCE-9504-2   correctly.                  enabled/disabled


             The "Turn off ActiveX opt-
             in prompt" machine setting
             should be configured
CCE-9580-2   correctly.                 enabled/disabled


             The "Only allow approved
             domains to use ActiveX
             controls without prompt"
             machine setting should be
             configured correctly for the
             Locked-Down Internet
CCE-9599-2   Zone.                        enabled/disabled




             The "Turn off Encryption
             Support" machine setting
             should be configured
CCE-9652-9   correctly.                  enabled/disabled




             The "Intranet Sites: Include
             all network paths (UNCs)"
             machine setting should be
CCE-9660-2   configured correctly.        enabled/disabled


             The "Allow drag and drop
             or copy and paste files"
             machine setting should be
             configured correctly for the enabled/disabled/pro
CCE-9667-7   Restricted Sites Zone.       mpt


             The "Software channel
             permissions" machine
             setting should be
             configured correctly for the Low safety/Medium
CCE-9669-3   Restricted Sites Zone.       safety/High safety
             The "Run .NET Framework-
             reliant components signed
             with Authenticode"
             machine setting should be
             configured correctly for the enabled/disabled/pro
CCE-9673-5   Restricted Sites Zone.       mpt


             The "Allow status bar
             updates via script" machine
             setting should be
             configured correctly for the
CCE-9750-1   Internet Zone.               enabled/disabled


             The "Turn off "Delete
             Browsing History"
             functionality" machine
             setting should be
CCE-9775-8   configured correctly.       enabled/disabled


             The "Allow installation of
             desktop items" machine
             setting should be
             configured correctly for the enabled/disabled/pro
CCE-9790-7   Internet Zone.               mpt


             The "Run ActiveX controls
             and plugins" machine
             setting should be
             configured correctly for the enabled/disabled/pro
CCE-9792-3   Restricted Sites Zone.       mpt


             The "Only allow approved
             domains to use ActiveX
             controls without prompt"
             machine setting should be
             configured correctly for the
CCE-9793-1   Internet Zone.               enabled/disabled


             The "Allow script-initiated
             windows without size or
             position constraints"
             machine setting should be
             configured correctly for the
CCE-9814-5   Restricted Sites Zone.       enabled/disabled
             The "Launching
             applications and files in an
             IFRAME" machine setting
             should be configured
             correctly for the Internet   enabled/disabled/pro
CCE-9821-0   Zone.                        mpt


             The "Only allow approved
             domains to use ActiveX
             controls without prompt"
             machine setting should be
             configured correctly for the
CCE-9832-7   Restricted Sites Zone.       enabled/disabled


             The "Navigate windows
             and frames across different
             domains" machine setting
             should be configured
             correctly for the Internet  enabled/disabled/pro
CCE-9865-7   Zone.                       mpt




             The "Use SmartScreen
             Filter" machine setting
             should be configured
             correctly for the Locked-
CCE-9867-3   Down Local Machine Zone. enabled/disabled




             The 'Software channel
             permissions' setting should
             be configured correctly for Low safety/Medium
CCE-9869-9   the Internet Zone.          safety/High safety


             The "Allow script-initiated
             windows without size or
             position constraints"
             machine setting should be
             configured correctly for the
CCE-9882-2   Internet Zone.               enabled/disabled




             The "Prevent Deleting
             Temporary Internet Files"
             machine setting should be
CCE-9889-7   configured correctly.     enabled/disabled
              The "Run .NET Framework-
              reliant components not
              signed with Authenticode"
              machine setting should be
              configured correctly for the enabled/disabled/pro
CCE-9898-8    Restricted Sites Zone.       mpt


              The "Download signed
              ActiveX controls" machine
              setting should be
              configured correctly for the enabled/disabled/pro
CCE-9917-6    Internet Zone.               mpt


              The "Automatic prompting
              for file downloads" machine
              setting should be
              configured correctly for the
CCE-9959-8    Restricted Sites Zone.       enabled/disabled




              The "Allow font downloads"
              machine setting should be
              configured correctly for the enabled/disabled/pro
CCE-9982-0    Restricted Sites Zone.       mpt




            The "Allow active content
            from CDs to run on user
            machines" machine setting
            should be configured
CCE-10293-9 correctly.                enabled/disabled


              The "Allow scripting of
              Internet Explorer web
              browser control" current
              user setting should be
              configured correctly for the
CCE-9779-0    Internet Zone.               enabled/disabled


            The "Allow scripting of
            Internet Explorer web
            browser control" current
            user setting should be
            configured correctly for the
CCE-10725-0 Restricted Sites Zone.       enabled/disabled
            The "Allow Scriptlets"
            machine setting should be
            configured correctly for the enabled/disabled/pro
CCE-10685-6 Internet Zone.               mpt




            The "Allow Scriptlets"
            machine setting should be
            configured correctly for the
CCE-10630-2 Restricted Sites Zone.       enabled/disabled




            The "Check for signatures
            on downloaded programs"
            machine setting should be
CCE-10055-2 configured correctly.     enabled/disabled




            The "Configure Delete
            Browsing History on exit"
            current user setting should
CCE-10590-8 be configured correctly.    enabled/disabled


              The "Disable Automatic
              Install of Internet Explorer
              components" setting
              should be configured
CCE-9987-9    correctly.                     enabled/disabled


            The "Disable Periodic
            Check For Internet
            Explorer Software
            Updates" setting should be
CCE-10634-4 configured correctly.      enabled/disabled


            The "Disable showing the
            splash screen" setting
            should be configured
CCE-10632-8 correctly.                       enabled/disabled
            The "Download signed
            ActiveX controls" machine
            setting should be
            configured correctly for the
            Locked-Down Internet         enabled/disabled/pro
CCE-10095-8 Zone.                        mpt




              The "Allow third-party
              browser extensions"
              machine setting should be
CCE-9905-1    configured correctly.     enabled/disabled


            The "Include local directory
            path when uploading files
            to a server" machine
            setting should be
            configured correctly for the
CCE-10646-8 Internet Zone.               enabled/disabled


              The "Include local directory
              path when uploading files
              to a server" machine
              setting should be
              configured correctly for the
CCE-9781-6    Restricted Sites Zone.       enabled/disabled




            The "Include updated Web
            site lists from Microsoft"
            machine setting should be
CCE-10603-9 configured correctly.      enabled/disabled




            The "Java permissions"
            machine setting should be Custom/Disable
            configured correctly for the Java/High safety/Low
CCE-10566-8 Intranet Zone.               safety/Medium safety




            The "Java permissions"
            machine setting should be Custom/Disable
            configured correctly for the Java/High safety/Low
CCE-10319-2 Local Machine Zone.          safety/Medium safety
            The "Java permissions"
            machine setting should be
            configured correctly for the Custom/Disable
            Locked-Down Internet         Java/High safety/Low
CCE-10597-3 Zone.                        safety/Medium safety


            The "Java permissions"
            machine setting should be
            configured correctly for the Custom/Disable
            Locked-Down Intranet         Java/High safety/Low
CCE-10342-4 Zone.                        safety/Medium safety


            The "Java permissions"
            machine setting should be
            configured correctly for the Custom/Disable
            Locked-Down Local            Java/High safety/Low
CCE-10535-3 Machine Zone.                safety/Medium safety


            The "Java permissions"
            machine setting should be
            configured correctly for the Custom/Disable
            Locked-Down Restricted       Java/High safety/Low
CCE-10275-6 Sites Zone.                  safety/Medium safety


            The "Java permissions"
            machine setting should be
            configured correctly for the Custom/Disable
            Locked-Down Trusted          Java/High safety/Low
CCE-10654-2 Sites Zone.                  safety/Medium safety




            The "Java permissions"
            machine setting should be Custom/Disable
            configured correctly for the Java/High safety/Low
CCE-10696-3 Trusted Sites Zone.          safety/Medium safety


            The "Launching programs
            and unsafe files" machine
            setting should be
            configured correctly for the
CCE-10650-0 Internet Zone.               enabled/disabled
            The "Launching programs
            and unsafe files" machine
            setting should be
            configured correctly for the
CCE-10744-1 Restricted Sites Zone.       enabled/disabled




            The "Loose XAML files"
            machine setting should be
            configured correctly for the enabled/disabled/pro
CCE-10672-4 Internet Zone.               mpt




            The "Loose XAML files"
            machine setting should be
            configured correctly for the enabled/disabled/pro
CCE-10178-2 Restricted Sites Zone.       mpt

              The "Make proxy settings
              per-machine (rather than
              per-user)" machine setting
              should be configured
CCE-9870-7    correctly.                 enabled/disabled


            The "Prevent Deleting Web
            sites that the User has
            Visited" machine setting
            should be configured
CCE-10110-5 correctly.                enabled/disabled

            The "Prevent participation
            in the Customer
            Experience Improvement
            Program" machine setting
            should be configured
CCE-10522-1 correctly.                   enabled/disabled


            The "Prevent performance
            of First Run Customize
            settings" machine setting
            should be configured
CCE-10641-9 correctly.                enabled/disabled
            The "Run .NET Framework-
            reliant components signed
            with Authenticode"
            machine setting should be
            configured correctly for the
CCE-10515-5 Internet Zone.               enabled/disabled


            The "Run .NET Framework-
            reliant components not
            signed with Authenticode"
            machine setting should be
            configured correctly for the
CCE-10625-2 Internet Zone.               enabled/disabled


            The "Software channel
            permissions" machine
            setting should be
            configured correctly for the High safety/low
CCE-10425-7 Internet Zone.               safety/medium safety


            The "Turn off changing the
            URL to be displayed for
            checking updates to
            Internet Explorer and
            Internet Tools" machine
            setting should be
CCE-10595-7 configured correctly.      enabled/disabled




              The "Turn off configuring
              the update check interval
              (in days)" machine setting
              should be configured
CCE-9776-6    correctly.                   enabled/disabled




            The "Update Check
            Interval" should be set to
            the appropriate number of
CCE-14910-4 days.                          number of days
            The "Turn Off First-Run
            Opt-In" machine setting
            should be configured
            correctly for the Internet
CCE-10434-9 Zone.                        enabled/disabled


            The "Turn Off First-Run
            Opt-In" machine setting
            should be configured
            correctly for the Restricted
CCE-10420-8 Sites Zone.                  enabled/disabled


               The "Turn off InPrivate
               Browsing" machine setting
               should be configured
CCE-9885-5     correctly.                enabled/disabled


            The "Turn off Managing
            Phishing Filter" setting
            should be configured
CCE-10540-3 correctly.                   enabled/disabled


               The "Turn off Managing
               SmartScreen Filter"
               machine setting should be (1) enabled/disabled
CCE-9973-9     configured correctly.     (2) on/off


            The "Turn on Cross-Site
            Scripting (XSS) Filter"
            machine setting should be
            configured correctly for the
CCE-10276-4 Internet Zone.               enabled/disabled


            The "Turn on Cross-Site
            Scripting (XSS) Filter"
            machine setting should be
            configured correctly for the
CCE-10105-5 Restricted Sites Zone.       enabled/disabled


            The "Turn on Protected
            Mode" machine setting
            should be configured
            correctly for the Internet
CCE-10676-5 Zone.                        enabled/disabled
              The "Turn on Protected
              Mode" machine setting
              should be configured
              correctly for the Restricted
CCE-9945-7    Sites Zone.                  enabled/disabled




            The "Userdata persistence"
            machine setting should be
            configured correctly for the
CCE-10200-4 Internet Zone.               enabled/disabled




              The "Userdata persistence"
              machine setting should be
              configured correctly for the
CCE-9760-0    Restricted Sites Zone.       enabled/disabled

            The "Disable external
            branding of Internet
            Explorer" current user
            setting should be
CCE-10829-0 configured correctly.


            The "Turn off page
            transitions" current user
            setting should be
CCE-10701-1 configured correctly.

            DEPRECATED.
            Previously: The "Turn on
            the Internet Connection
            Wizard Auto Detect" setting
            should be configured
            correctly. Note: According
            to Microsoft, does not apply
CCE-10816-7 to IE 8.


            The "Download signed
            ActiveX controls" machine
            setting should be
            configured correctly for the enabled/disabled/pro
CCE-10820-9 Intranet Zone.               mpt
            The "Customize User
            Agent String" current user
            setting should be
CCE-16818-7 configured correctly.        enabled/disabled


            The "Do not allow users to
            enable or disable add-ons"
            current user setting should
CCE-17008-4 be configured correctly.    enabled/disabled


            The "Enforce Full Screen
            Mode" current user setting
            should be configured
CCE-17025-8 correctly.                 enabled/disabled


            The "Disable changing
            ratings settings" current
            user setting should be
CCE-16073-9 configured correctly.        enabled/disabled


            The "Turn off Crash
            Detection" current user
            setting should be
CCE-16360-0 configured correctly.        enabled/disabled

            The "Prevent Internet
            Explorer Search box from
            displaying" current user
            setting should be
CCE-17043-1 configured correctly.        enabled/disabled

            The "Disable changing
            Temporary Internet files
            settings" current user
            setting should be
CCE-16917-7 configured correctly.        enabled/disabled

            The "Turn off configuration
            of default behavior of new
            tab creation" current user
            setting should be
CCE-17082-9 configured correctly.       enabled/disabled

            The "Disable Per-User
            Installation of ActiveX
            Controls" current user
            setting should be
CCE-17007-6 configured correctly.        enabled/disabled
            The "Turn off tabbed
            browsing" current user
            setting should be
CCE-16902-9 configured correctly.        enabled/disabled


            The "Restrict changing the
            default search provider"
            current user setting should
CCE-16218-0 be configured correctly.    enabled/disabled


            The "Disable changing
            color settings" current user
            setting should be
CCE-17086-0 configured correctly.        enabled/disabled


            The "Disable changing
            language settings" current
            user setting should be
CCE-16950-8 configured correctly.        enabled/disabled
            The "Prevent participation
            in the Customer
            Experience Improvement
            Program" current user
            setting should be
CCE-17053-0 configured correctly.        enabled/disabled
            The "Only use the ActiveX
            Installer Service for
            installation of ActiveX
            Controls" current user
            setting should be
CCE-16511-8 configured correctly.        enabled/disabled


            The "Turn off page
            zooming functionality"
            current user setting should
CCE-16893-0 be configured correctly.    enabled/disabled


            The "Disable changing
            default browser check"
            current user setting should
CCE-16478-0 be configured correctly.    enabled/disabled


            The "Disable changing
            Messaging settings"
            current user setting should
CCE-16813-8 be configured correctly.    enabled/disabled
            The "Disable changing
            Advanced page settings"
            current user setting should
CCE-16919-3 be configured correctly.    enabled/disabled


            The "Turn off the activation
            of the quick pick menu"
            current user setting should
CCE-16831-0 be configured correctly.     enabled/disabled


            The "Turn off Automatic
            Crash Recovery Prompt"
            current user setting should
CCE-16236-2 be configured correctly.    enabled/disabled

            The "Disable changing
            Calendar and Contact
            settings" current user
            setting should be
CCE-16906-0 configured correctly.         enabled/disabled

            The "Turn off displaying the
            Internet Explorer Help
            Menu" current user setting
            should be configured
CCE-16752-8 correctly.                   enabled/disabled


            The "Disable changing
            proxy settings" current user
            setting should be
CCE-16474-9 configured correctly.        enabled/disabled


            The "Turn off Quick Tabs
            functionality" current user
            setting should be
CCE-16113-3 configured correctly.         enabled/disabled


            The "Disable caching of
            Auto-Proxy scripts" current
            user setting should be
CCE-16626-4 configured correctly.       enabled/disabled


            The "Turn off ActiveX opt-
            in prompt" current user
            setting should be
CCE-16090-3 configured correctly.         enabled/disabled
            The "Turn off the auto-
            complete feature for web
            addresses" current user
            setting should be
CCE-16767-6 configured correctly.          enabled/disabled


            The "Turn off Reopen Last
            Browsing Session" current
            user setting should be
CCE-16756-9 configured correctly.     enabled/disabled


            The "Turn off managing
            Pop-up filter level" current
            user setting should be
CCE-16351-9 configured correctly.          enabled/disabled


            The "Disable changing
            home page settings"
            current user setting should
CCE-16999-5 be configured correctly.    enabled/disabled


            The "Turn on menu bar by
            default" current user setting
            should be configured
CCE-17003-5 correctly.                    enabled/disabled


            The "Disable changing link
            color settings" current user
            setting should be
CCE-16356-8 configured correctly.        enabled/disabled


            The "Turn off configuration
            of window reuse" current
            user setting should be
CCE-16285-9 configured correctly.       enabled/disabled


            The "Turn off Tab
            Grouping" current user
            setting should be
CCE-16977-1 configured correctly.          enabled/disabled


            The "Set tab process
            growth" current user setting
            should be configured
CCE-17020-9 correctly.                   enabled/disabled
            The "Disable Internet
            Connection wizard" current
            user setting should be
CCE-16267-7 configured correctly.      enabled/disabled

            The "Prevent performance
            of First Run Customize
            settings" current user
            setting should be
CCE-16364-2 configured correctly.    enabled/disabled


            The "Turn off Managing
            Pop-up Allow list" current
            user setting should be
CCE-16232-1 configured correctly.          enabled/disabled


            The "Configure new tab
            page default behavior"
            current user setting should
CCE-16093-7 be configured correctly.    enabled/disabled


            The "Turn off pop-up
            management" current user
            setting should be
CCE-17018-3 configured correctly.    enabled/disabled

            The "Disable changing
            secondary home page
            settings" current user
            setting should be
CCE-16088-7 configured correctly.          enabled/disabled

            The "Prevent Bypassing
            SmartScreen Filter
            Warnings" current user
            setting should be
CCE-16915-1 configured correctly.          enabled/disabled


            The "Prevent "Fix settings"
            functionality" current user
            setting should be
CCE-16897-1 configured correctly.       enabled/disabled

            The "Restrict search
            providers to a specific list
            of providers" current user
            setting should be
CCE-16699-1 configured correctly.          enabled/disabled
            The "Disable changing
            Automatic Configuration
            settings" current user
            setting should be
CCE-16263-6 configured correctly.         enabled/disabled


            The "Disable changing
            accessibility settings"
            current user setting should
CCE-16079-6 be configured correctly.    enabled/disabled




            The "Pop-up allow list"
            current user setting should
CCE-16620-7 be configured correctly.    enabled/disabled

            The "Turn off configuration
            of tabbed browsing pop-up
            behavior" current user
            setting should be
CCE-16749-4 configured correctly.       enabled/disabled

            The "Display error
            message on proxy script
            download failure" current
            user setting should be
CCE-16406-1 configured correctly.         enabled/disabled


            The "Turn off Managing
            SmartScreen Filter" current
            user setting should be
CCE-17035-7 configured correctly.       enabled/disabled


            The "Turn on Suggested
            Sites" current user setting
            should be configured
CCE-16663-7 correctly.                    enabled/disabled


            The "Disable changing font
            settings" current user
            setting should be
CCE-17012-6 configured correctly.      enabled/disabled


            The "Turn off Favorites
            bar" current user setting
            should be configured
CCE-16794-0 correctly.                    enabled/disabled
            The "Turn off suggestions
            for all user-installed
            providers" current user
            setting should be
CCE-16994-6 configured correctly.        enabled/disabled


            The "Turn off the Security
            Settings Check feature"
            current user setting should
CCE-16227-1 be configured correctly.    enabled/disabled

            The "Use Automatic
            Detection for dial-up
            connections" current user
            setting should be
CCE-17031-6 configured correctly.        enabled/disabled


            The "Disable changing
            connection settings"
            current user setting should
CCE-16295-8 be configured correctly.    enabled/disabled




            The "Turn on Compatibility
            Logging" current user
            setting should be
CCE-16091-1 configured correctly.      enabled/disabled


            The "Moving the menu bar
            above the navigation bar"
            current user setting should
CCE-17030-8 be configured correctly.    enabled/disabled

            The "Add a specific list of
            search providers to the
            user's search provider list"
            current user setting should
CCE-16487-1 be configured correctly.     enabled/disabled


            The "Disable Import/Export
            Settings wizard" current
            user setting should be
CCE-16840-1 configured correctly.      enabled/disabled
            The "Turn off Accelerators"
            machine setting should be
CCE-16033-3 configured correctly.       enabled/disabled


            The "Deploy default
            Accelerators" machine
            setting should be
CCE-16395-6 configured correctly.        enabled/disabled


            The "Deploy non-default
            Accelerators" machine
            setting should be
CCE-16527-4 configured correctly.        enabled/disabled


            The "Use Policy
            Accelerators" machine
            setting should be
CCE-16276-8 configured correctly.        enabled/disabled


            The "Deploy non-default
            Accelerators" current user
            setting should be
CCE-16852-6 configured correctly.        enabled/disabled


            The "Deploy default
            Accelerators" current user
            setting should be
CCE-16874-0 configured correctly.        enabled/disabled


            The "Use Policy
            Accelerators" current user
            setting should be
CCE-16848-4 configured correctly.        enabled/disabled




            The "Turn off Accelerators"
            current user setting should
CCE-16879-9 be configured correctly.    enabled/disabled
            The "Allow scripting of
            Internet Explorer web
            browser control" machine
            setting should be
            configured correctly for the
CCE-15702-4 Restricted Sites Zone.       enabled/disabled

            The "Automatic prompting
            for ActiveX controls"
            machine setting should be
            configured correctly for the
CCE-16370-9 Restricted Sites Zone.       enabled/disabled

            The "Allow active content
            over restricted protocols to
            access my computer"
            machine setting should be
            configured correctly for the
CCE-15641-4 Restricted Sites Zone.       enabled/disabled

            The "Allow websites to
            open windows without
            address or status bars"
            machine setting should be
            configured correctly for the
CCE-16299-0 Restricted Sites Zone.       enabled/disabled

            The "Allow websites to
            prompt for information
            using scripted windows"
            machine setting should be
            configured correctly for the
CCE-16363-4 Restricted Sites Zone.       enabled/disabled

            The "Disable .NET
            Framework Setup"
            machine setting should be
            configured correctly for the
CCE-15546-5 Restricted Sites Zone.       enabled/disabled

            The "Do not prompt for
            client certificate selection
            when no certificates or only
            one certificate exists."
            machine setting should be
            configured correctly for the
CCE-16391-5 Restricted Sites Zone.       enabled/disabled

            The "XAML browser
            applications" machine
            setting should be
            configured correctly for the
CCE-16268-5 Restricted Sites Zone.       enabled/disabled
            The "XPS documents"
            machine setting should be
            configured correctly for the
CCE-16537-3 Restricted Sites Zone.       enabled/disabled

            The "Display mixed
            content" machine setting
            should be configured
            correctly for the Restricted
CCE-16294-1 Sites Zone.                  enabled/disabled

            The "Submit non-encrypted
            form data" machine setting
            should be configured
            correctly for the Restricted
CCE-15647-1 Sites Zone.                  enabled/disabled
            The "Allow video and
            animation on a Web page
            that uses a legacy media
            player" machine setting
            should be configured
            correctly for the Restricted
CCE-15569-7 Sites Zone.                  enabled/disabled

            The "Use SmartScreen
            Filter" machine setting
            should be configured
            correctly for the Restricted
CCE-15760-2 Sites Zone.                  enabled/disabled

            The "Allow the printing of
            background colors and
            images" current user
            setting should be
CCE-15727-1 configured correctly.        enabled/disabled


            The "Restrict ActiveX
            Install: Process List"
            machine setting should be
CCE-16480-6 configured correctly.     enabled/disabled




            The "Restrict ActiveX
            Install: All Processes"
            machine setting should be
CCE-16718-9 configured correctly.     enabled/disabled
            The "Prevent Deleting
            Favorites Site Data"
            machine setting should be
CCE-15480-7 configured correctly.     enabled/disabled


            The "Prevent Deleting
            Passwords" machine
            setting should be
CCE-15022-7 configured correctly.        enabled/disabled


            The "Prevent Deleting
            InPrivate Filtering data"
            machine setting should be
CCE-16001-0 configured correctly.     enabled/disabled


            The "Configure Delete
            Browsing History on exit"
            machine setting should be
CCE-15494-8 configured correctly.     enabled/disabled


            The "Prevent Deleting
            Form Data" machine
            setting should be
CCE-15242-1 configured correctly.        enabled/disabled

            The "Download unsigned
            ActiveX controls" current
            user setting should be
            configured correctly for the
CCE-16149-7 Internet Zone.               enabled/disabled

            The "Allow binary and
            script behaviors" current
            user setting should be
            configured correctly for the
CCE-16173-7 Internet Zone.               enabled/disabled

            The "Submit non-encrypted
            form data" current user
            setting should be
            configured correctly for the
CCE-16197-6 Internet Zone.               enabled/disabled

            The "Download signed
            ActiveX controls" current
            user setting should be
            configured correctly for the
CCE-15201-7 Internet Zone.               enabled/disabled
            The "Allow video and
            animation on a Web page
            that uses a legacy media
            player" current user setting
            should be configured
            correctly for the Internet
CCE-16136-4 Zone.                        enabled/disabled


            The "Use Pop-up Blocker"
            current user setting should
            be configured correctly for
CCE-15986-3 the Internet Zone.          enabled/disabled

            The "Open files based on
            content, not file extension"
            current user setting should
            be configured correctly for
CCE-15871-7 the Internet Zone.           enabled/disabled

            The "Run ActiveX controls
            and plugins" current user
            setting should be
            configured correctly for the
CCE-15686-9 Internet Zone.               enabled/disabled
            The "Launching
            applications and files in an
            IFRAME" current user
            setting should be
            configured correctly for the
CCE-16050-7 Internet Zone.               enabled/disabled

            The "Display mixed
            content" current user
            setting should be
            configured correctly for the
CCE-15438-5 Internet Zone.               enabled/disabled

            The "Scripting of Java
            applets" current user
            setting should be
            configured correctly for the
CCE-15280-1 Internet Zone.               enabled/disabled

            The "Access data sources
            across domains" current
            user setting should be
            configured correctly for the
CCE-15220-7 Internet Zone.               enabled/disabled
            The "Initialize and script
            ActiveX controls not
            marked as safe" current
            user setting should be
            configured correctly for the
CCE-15825-3 Internet Zone.               enabled/disabled

            The "Turn Off First-Run
            Opt-In" current user setting
            should be configured
            correctly for the Internet
CCE-16078-8 Zone.                        enabled/disabled

            The "Allow active content
            over restricted protocols to
            access my computer"
            current user setting should
            be configured correctly for
CCE-15515-0 the Internet Zone.           enabled/disabled

            The "Use SmartScreen
            Filter" current user setting
            should be configured
            correctly for the Internet
CCE-16182-8 Zone.                          enabled/disabled

            The "Disable .NET
            Framework Setup" current
            user setting should be
            configured correctly for the
CCE-15968-1 Internet Zone.               enabled/disabled

            The "Include local directory
            path when uploading files
            to a server" current user
            setting should be
            configured correctly for the
CCE-15305-6 Internet Zone.               enabled/disabled


            The "XPS documents"
            current user setting should
            be configured correctly for
CCE-16169-5 the Internet Zone.          enabled/disabled


            The "Userdata persistence"
            current user setting should
            be configured correctly for
CCE-15990-5 the Internet Zone.          enabled/disabled
            The "Allow META
            REFRESH" current user
            setting should be
            configured correctly for the
CCE-15922-8 Internet Zone.               enabled/disabled


            The "Allow Scriptlets"
            current user setting should
            be configured correctly for
CCE-15505-1 the Internet Zone.          enabled/disabled

            The "Run .NET Framework-
            reliant components signed
            with Authenticode" current
            user setting should be
            configured correctly for the
CCE-15347-8 Internet Zone.               enabled/disabled


            The "Logon options"
            current user setting should
            be configured correctly for
CCE-16083-8 the Internet Zone.          enabled/disabled

            The "Only allow approved
            domains to use ActiveX
            controls without prompt"
            current user setting should
            be configured correctly for
CCE-15652-1 the Internet Zone.           enabled/disabled
            The "Navigate windows
            and frames across different
            domains" current user
            setting should be
            configured correctly for the
CCE-16028-3 Internet Zone.               enabled/disabled
            The "Web sites in less
            privileged Web content
            zones can navigate into
            this zone" current user
            setting should be
            configured correctly for the
CCE-15809-7 Internet Zone.               enabled/disabled

            The "Do not prompt for
            client certificate selection
            when no certificates or only
            one certificate exists."
            current user setting should
            be configured correctly for
CCE-15202-5 the Internet Zone.           enabled/disabled
            The "Allow script-initiated
            windows without size or
            position constraints"
            current user setting should
            be configured correctly for
CCE-15667-9 the Internet Zone.          enabled/disabled

            The "Allow cut, copy or
            paste operations from the
            clipboard via script" current
            user setting should be
            configured correctly for the
CCE-16201-6 Internet Zone.                enabled/disabled

            The "Launching programs
            and unsafe files" current
            user setting should be
            configured correctly for the
CCE-15783-4 Internet Zone.               enabled/disabled

            The "XAML browser
            applications" current user
            setting should be
            configured correctly for the
CCE-15931-9 Internet Zone.               enabled/disabled

            The "Turn on Cross-Site
            Scripting (XSS) Filter"
            current user setting should
            be configured correctly for
CCE-15675-2 the Internet Zone.          enabled/disabled


            The "Loose XAML files"
            current user setting should
            be configured correctly for
CCE-15404-7 the Internet Zone.          enabled/disabled

            The "Automatic prompting
            for file downloads" current
            user setting should be
            configured correctly for the
CCE-15730-5 Internet Zone.               enabled/disabled

            The "Allow installation of
            desktop items" current user
            setting should be
            configured correctly for the
CCE-15356-9 Internet Zone.               enabled/disabled
            The "Allow font downloads"
            current user setting should
            be configured correctly for
CCE-16017-6 the Internet Zone.          enabled/disabled


            The "Allow file downloads"
            current user setting should
            be configured correctly for
CCE-16127-3 the Internet Zone.          enabled/disabled


            The "Java permissions"
            current user setting should
            be configured correctly for
CCE-15211-6 the Internet Zone.          enabled/disabled

            The "Automatic prompting
            for ActiveX controls"
            current user setting should
            be configured correctly for
CCE-16131-5 the Internet Zone.          enabled/disabled

            The "Software channel
            permissions" current user
            setting should be
            configured correctly for the
CCE-15510-1 Internet Zone.               enabled/disabled

            The "Allow websites to
            prompt for information
            using scripted windows"
            current user setting should
            be configured correctly for
CCE-15223-1 the Internet Zone.          enabled/disabled


            The "Allow active scripting"
            current user setting should
            be configured correctly for
CCE-15199-3 the Internet Zone.           enabled/disabled

            The "Turn on Protected
            Mode" current user setting
            should be configured
            correctly for the Internet
CCE-15279-3 Zone.                      enabled/disabled
            The "Allow status bar
            updates via script" current
            user setting should be
            configured correctly for the
CCE-15518-4 Internet Zone.               enabled/disabled


            The "Run .NET Framework-
            reliant components not
            signed with Authenticode"
            current user setting should
            be configured correctly for
CCE-16210-7 the Internet Zone.          enabled/disabled

            The "Allow websites to
            open windows without
            address or status bars"
            current user setting should
            be configured correctly for
CCE-15263-7 the Internet Zone.          enabled/disabled

            The "Allow drag and drop
            or copy and paste files"
            current user setting should
            be configured correctly for
CCE-15254-6 the Internet Zone.           enabled/disabled
            The "Script ActiveX
            controls marked safe for
            scripting" current user
            setting should be
            configured correctly for the
CCE-15598-6 Internet Zone.               enabled/disabled




            The "Restrict File
            Download: All Processes"
            machine setting should be
CCE-15881-6 configured correctly.     enabled/disabled


            The "Restrict File
            Download: Process List"
            machine setting should be
CCE-16775-9 configured correctly.     enabled/disabled

            The "Allow Scriptlets"
            current user setting should
            be configured correctly for
            the Locked-Down
CCE-15578-8 Restricted Sites Zone.      enabled/disabled
            The "Allow script-initiated
            windows without size or
            position constraints"
            current user setting should
            be configured correctly for
            the Locked-Down
CCE-15649-7 Restricted Sites Zone.      enabled/disabled

              The "Include local directory
              path when uploading files
              to a server" current user
              setting should be
              configured correctly for the
              Locked-Down Intranet
CCE-16338-6   Zone.                          enabled/disabled
              The "Disable .NET
              Framework Setup" current
              user setting should be
              configured correctly for the
              Locked-Down Intranet
CCE-16602-5   Zone.                          enabled/disabled
              The "Software channel
              permissions" current user
              setting should be
              configured correctly for the
              Locked-Down Local
CCE-16408-7   Machine Zone.                  enabled/disabled
              The "Allow installation of
              desktop items" current user
              setting should be
              configured correctly for the
              Locked-Down Internet
CCE-15339-5   Zone.                          enabled/disabled
              The "Scripting of Java
              applets" current user
              setting should be
              configured correctly for the
              Locked-Down Restricted
CCE-15317-1   Sites Zone.                    enabled/disabled

            The "Java permissions"
            current user setting should
            be configured correctly for
            the Locked-Down Local
CCE-15532-5 Machine Zone.                enabled/disabled
            The "Allow binary and
            script behaviors" current
            user setting should be
            configured correctly for the
            Locked-Down Restricted
CCE-15724-8 Sites Zone.                  enabled/disabled
            The "Do not prompt for
            client certificate selection
            when no certificates or only
            one certificate exists."
            current user setting should
            be configured correctly for
            the Locked-Down
CCE-15979-8 Restricted Sites Zone.       enabled/disabled
            The "Display mixed
            content" current user
            setting should be
            configured correctly for the
            Locked-Down Restricted
CCE-15838-6 Sites Zone.                  enabled/disabled

            The "Userdata persistence"
            current user setting should
            be configured correctly for
            the Locked-Down Intranet
CCE-15712-3 Zone.                       enabled/disabled

            The "Include local directory
            path when uploading files
            to a server" current user
            setting should be
            configured correctly for the
            Locked-Down Internet
CCE-16168-7 Zone.                        enabled/disabled

            The "Allow font downloads"
            current user setting should
            be configured correctly for
            the Locked-Down Intranet
CCE-15734-7 Zone.                       enabled/disabled

            The "Run .NET Framework-
            reliant components not
            signed with Authenticode"
            current user setting should
            be configured correctly for
            the Locked-Down Trusted
CCE-17028-2 Sites Zone.                 enabled/disabled

            The "Allow font downloads"
            current user setting should
            be configured correctly for
            the Locked-Down Internet
CCE-15999-6 Zone.                       enabled/disabled
            The "Allow video and
            animation on a Web page
            that uses a legacy media
            player" current user setting
            should be configured
            correctly for the Locked-
CCE-15690-1 Down Local Machine Zone. enabled/disabled
            The "Download unsigned
            ActiveX controls" current
            user setting should be
            configured correctly for the
            Locked-Down Internet
CCE-16063-0 Zone.                        enabled/disabled

            The "Turn on Protected
            Mode" current user setting
            should be configured
            correctly for the Locked-
CCE-16014-3 Down Internet Zone.        enabled/disabled

            The "Do not prompt for
            client certificate selection
            when no certificates or only
            one certificate exists."
            current user setting should
            be configured correctly for
            the Locked-Down Internet
CCE-15320-5 Zone.                        enabled/disabled
            The "Launching programs
            and unsafe files" current
            user setting should be
            configured correctly for the
            Locked-Down Trusted
CCE-16187-7 Sites Zone.                  enabled/disabled

            The "Loose XAML files"
            current user setting should
            be configured correctly for
            the Locked-Down Trusted
CCE-16844-3 Sites Zone.                  enabled/disabled
            The "Allow installation of
            desktop items" current user
            setting should be
            configured correctly for the
            Locked-Down Intranet
CCE-16441-8 Zone.                        enabled/disabled
            The "Web sites in less
            privileged Web content
            zones can navigate into
            this zone" current user
            setting should be
            configured correctly for the
            Locked-Down Intranet
CCE-15622-4 Zone.                        enabled/disabled
            The "Initialize and script
            ActiveX controls not
            marked as safe" current
            user setting should be
            configured correctly for the
            Locked-Down Local
CCE-15512-7 Machine Zone.                enabled/disabled

            The "Allow Scriptlets"
            current user setting should
            be configured correctly for
            the Locked-Down Local
CCE-16204-0 Machine Zone.               enabled/disabled

            The "Use Pop-up Blocker"
            current user setting should
            be configured correctly for
            the Locked-Down Trusted
CCE-16983-9 Sites Zone.                  enabled/disabled
            The "Navigate windows
            and frames across different
            domains" current user
            setting should be
            configured correctly for the
            Locked-Down Internet
CCE-16177-8 Zone.                        enabled/disabled

            The "Only allow approved
            domains to use ActiveX
            controls without prompt"
            current user setting should
            be configured correctly for
            the Locked-Down Local
CCE-16174-5 Machine Zone.                enabled/disabled
            The "Initialize and script
            ActiveX controls not
            marked as safe" current
            user setting should be
            configured correctly for the
            Locked-Down Restricted
CCE-16015-0 Sites Zone.                  enabled/disabled
            The "Use SmartScreen
            Filter" current user setting
            should be configured
            correctly for the Locked-
            Down Restricted Sites
CCE-15102-7 Zone.                        enabled/disabled
            The "Display mixed
            content" current user
            setting should be
            configured correctly for the
            Locked-Down Intranet
CCE-16429-3 Zone.                        enabled/disabled

            The "Automatic prompting
            for file downloads" current
            user setting should be
            configured correctly for the
            Locked-Down Internet
CCE-16067-1 Zone.                        enabled/disabled

            The "Submit non-encrypted
            form data" current user
            setting should be
            configured correctly for the
            Locked-Down Restricted
CCE-15067-2 Sites Zone.                  enabled/disabled

            The "Logon options"
            current user setting should
            be configured correctly for
            the Locked-Down Trusted
CCE-16809-6 Sites Zone.                  enabled/disabled
            The "Scripting of Java
            applets" current user
            setting should be
            configured correctly for the
            Locked-Down Local
CCE-16444-2 Machine Zone.                enabled/disabled

            The "Allow active scripting"
            current user setting should
            be configured correctly for
            the Locked-Down Intranet
CCE-16505-0 Zone.                        enabled/disabled
            The "Allow binary and
            script behaviors" current
            user setting should be
            configured correctly for the
            Locked-Down Intranet
CCE-15963-2 Zone.                        enabled/disabled
            The "Allow drag and drop
            or copy and paste files"
            current user setting should
            be configured correctly for
            the Locked-Down Internet
CCE-15976-4 Zone.                        enabled/disabled
            The "Initialize and script
            ActiveX controls not
            marked as safe" current
            user setting should be
            configured correctly for the
            Locked-Down Trusted
CCE-16215-6 Sites Zone.                  enabled/disabled

            The "Logon options"
            current user setting should
            be configured correctly for
            the Locked-Down Internet
CCE-16117-4 Zone.                       enabled/disabled
            The "Allow websites to
            open windows without
            address or status bars"
            current user setting should
            be configured correctly for
            the Locked-Down Intranet
CCE-15747-9 Zone.                       enabled/disabled

            The "Open files based on
            content, not file extension"
            current user setting should
            be configured correctly for
            the Locked-Down Local
CCE-16430-1 Machine Zone.                enabled/disabled

            The "Turn on Cross-Site
            Scripting (XSS) Filter"
            current user setting should
            be configured correctly for
            the Locked-Down
CCE-15327-0 Restricted Sites Zone.      enabled/disabled
            The "Only allow approved
            domains to use ActiveX
            controls without prompt"
            current user setting should
            be configured correctly for
            the Locked-Down Internet
CCE-16219-8 Zone.                       enabled/disabled
            The "Allow video and
            animation on a Web page
            that uses a legacy media
            player" current user setting
            should be configured
            correctly for the Locked-
CCE-16561-3 Down Intranet Zone.          enabled/disabled
            The "Web sites in less
            privileged Web content
            zones can navigate into
            this zone" current user
            setting should be
            configured correctly for the
            Locked-Down Restricted
CCE-15323-9 Sites Zone.                  enabled/disabled

            The "Disable .NET
            Framework Setup" current
            user setting should be
            configured correctly for the
            Locked-Down Restricted
CCE-15882-4 Sites Zone.                  enabled/disabled
            The "Download unsigned
            ActiveX controls" current
            user setting should be
            configured correctly for the
            Locked-Down Restricted
CCE-15636-4 Sites Zone.                  enabled/disabled


            The "Run .NET Framework-
            reliant components not
            signed with Authenticode"
            current user setting should
            be configured correctly for
            the Locked-Down
CCE-15873-3 Restricted Sites Zone.       enabled/disabled
            The "Launching programs
            and unsafe files" current
            user setting should be
            configured correctly for the
            Locked-Down Restricted
CCE-15351-0 Sites Zone.                  enabled/disabled

            The "Allow Scriptlets"
            current user setting should
            be configured correctly for
            the Locked-Down Trusted
CCE-16642-1 Sites Zone.                 enabled/disabled
            The "Allow cut, copy or
            paste operations from the
            clipboard via script" current
            user setting should be
            configured correctly for the
            Locked-Down Local
CCE-16457-4 Machine Zone.                 enabled/disabled
            The "Allow scripting of
            Internet Explorer web
            browser control" current
            user setting should be
            configured correctly for the
            Locked-Down Trusted
CCE-16898-9 Sites Zone.                   enabled/disabled

            The "Turn Off First-Run
            Opt-In" current user setting
            should be configured
            correctly for the Locked-
CCE-15773-5 Down Intranet Zone.          enabled/disabled

            The "Disable .NET
            Framework Setup" current
            user setting should be
            configured correctly for the
            Locked-Down Local
CCE-15538-2 Machine Zone.                enabled/disabled
            The "Download signed
            ActiveX controls" current
            user setting should be
            configured correctly for the
            Locked-Down Internet
CCE-16036-6 Zone.                        enabled/disabled

            The "Do not prompt for
            client certificate selection
            when no certificates or only
            one certificate exists."
            current user setting should
            be configured correctly for
            the Locked-Down Intranet
CCE-16522-5 Zone.                        enabled/disabled

            The "Open files based on
            content, not file extension"
            current user setting should
            be configured correctly for
            the Locked-Down Internet
CCE-16314-7 Zone.                        enabled/disabled
            The "Java permissions"
            current user setting should
            be configured correctly for
            the Locked-Down Trusted
CCE-16184-4 Sites Zone.                 enabled/disabled

            The "Access data sources
            across domains" current
            user setting should be
            configured correctly for the
            Locked-Down Local
CCE-15500-2 Machine Zone.                enabled/disabled
            The "Allow binary and
            script behaviors" current
            user setting should be
            configured correctly for the
            Locked-Down Internet
CCE-16129-9 Zone.                        enabled/disabled

            The "Turn on Protected
            Mode" current user setting
            should be configured
            correctly for the Locked-
CCE-16407-9 Down Intranet Zone.          enabled/disabled
            The "Submit non-encrypted
            form data" current user
            setting should be
            configured correctly for the
            Locked-Down Internet
CCE-16270-1 Zone.                        enabled/disabled

            The "Java permissions"
            current user setting should
            be configured correctly for
            the Locked-Down Intranet
CCE-15692-7 Zone.                       enabled/disabled

            The "Loose XAML files"
            current user setting should
            be configured correctly for
            the Locked-Down
CCE-15096-1 Restricted Sites Zone.      enabled/disabled

            The "Only allow approved
            domains to use ActiveX
            controls without prompt"
            current user setting should
            be configured correctly for
            the Locked-Down
CCE-15091-2 Restricted Sites Zone.      enabled/disabled
            The "Allow active scripting"
            current user setting should
            be configured correctly for
            the Locked-Down Local
CCE-16335-2 Machine Zone.                enabled/disabled

              The "Automatic prompting
              for file downloads" current
              user setting should be
              configured correctly for the
              Locked-Down Intranet
CCE-16562-1   Zone.                          enabled/disabled
              The "Download signed
              ActiveX controls" current
              user setting should be
              configured correctly for the
              Locked-Down Restricted
CCE-15105-0   Sites Zone.                    enabled/disabled
              The "Submit non-encrypted
              form data" current user
              setting should be
              configured correctly for the
              Locked-Down Intranet
CCE-15599-4   Zone.                          enabled/disabled
              The "Launching
              applications and files in an
              IFRAME" current user
              setting should be
              configured correctly for the
              Locked-Down Restricted
CCE-15066-4   Sites Zone.                    enabled/disabled
              The "XAML browser
              applications" current user
              setting should be
              configured correctly for the
              Locked-Down Restricted
CCE-15200-9   Sites Zone.                    enabled/disabled

            The "Allow script-initiated
            windows without size or
            position constraints"
            current user setting should
            be configured correctly for
            the Locked-Down Local
CCE-16459-0 Machine Zone.               enabled/disabled
            The "Turn on Cross-Site
            Scripting (XSS) Filter"
            current user setting should
            be configured correctly for
            the Locked-Down Internet
CCE-16181-0 Zone.                       enabled/disabled
            The "Allow websites to
            open windows without
            address or status bars"
            current user setting should
            be configured correctly for
            the Locked-Down Internet
CCE-15926-9 Zone.                       enabled/disabled

            The "Logon options"
            current user setting should
            be configured correctly for
            the Locked-Down Intranet
CCE-15601-8 Zone.                        enabled/disabled
            The "Launching programs
            and unsafe files" current
            user setting should be
            configured correctly for the
            Locked-Down Internet
CCE-16040-8 Zone.                        enabled/disabled
            The "Allow script-initiated
            windows without size or
            position constraints"
            current user setting should
            be configured correctly for
            the Locked-Down Internet
CCE-15693-5 Zone.                        enabled/disabled

              The "Allow status bar
              updates via script" current
              user setting should be
              configured correctly for the
              Locked-Down Local
CCE-16434-3   Machine Zone.                  enabled/disabled
              The "Run ActiveX controls
              and plugins" current user
              setting should be
              configured correctly for the
              Locked-Down Trusted
CCE-16234-7   Sites Zone.                    enabled/disabled
              The "Scripting of Java
              applets" current user
              setting should be
              configured correctly for the
              Locked-Down Intranet
CCE-16281-8   Zone.                          enabled/disabled
              The "Download unsigned
              ActiveX controls" current
              user setting should be
              configured correctly for the
              Locked-Down Intranet
CCE-16479-8   Zone.                          enabled/disabled
            The "Turn on Cross-Site
            Scripting (XSS) Filter"
            current user setting should
            be configured correctly for
            the Locked-Down Trusted
CCE-16374-1 Sites Zone.                 enabled/disabled
            The "Allow script-initiated
            windows without size or
            position constraints"
            current user setting should
            be configured correctly for
            the Locked-Down Trusted
CCE-16226-3 Sites Zone.                 enabled/disabled

            The "Allow Scriptlets"
            current user setting should
            be configured correctly for
            the Locked-Down Internet
CCE-16206-5 Zone.                       enabled/disabled

            The "XPS documents"
            current user setting should
            be configured correctly for
            the Locked-Down Trusted
CCE-16466-5 Sites Zone.                 enabled/disabled

            The "Allow font downloads"
            current user setting should
            be configured correctly for
            the Locked-Down Trusted
CCE-17227-0 Sites Zone.                  enabled/disabled
            The "Web sites in less
            privileged Web content
            zones can navigate into
            this zone" current user
            setting should be
            configured correctly for the
            Locked-Down Internet
CCE-16176-0 Zone.                        enabled/disabled

            The "Open files based on
            content, not file extension"
            current user setting should
            be configured correctly for
            the Locked-Down Trusted
CCE-16361-8 Sites Zone.                  enabled/disabled
            The "Disable .NET
            Framework Setup" current
            user setting should be
            configured correctly for the
            Locked-Down Trusted
CCE-16816-1 Sites Zone.                  enabled/disabled
            The "Allow META
            REFRESH" current user
            setting should be
            configured correctly for the
            Locked-Down Internet
CCE-15876-6 Zone.                        enabled/disabled

            The "Run .NET Framework-
            reliant components signed
            with Authenticode" current
            user setting should be
            configured correctly for the
            Locked-Down Local
CCE-15832-9 Machine Zone.                enabled/disabled
            The "Software channel
            permissions" current user
            setting should be
            configured correctly for the
            Locked-Down Internet
CCE-16296-6 Zone.                        enabled/disabled
            The "Script ActiveX
            controls marked safe for
            scripting" current user
            setting should be
            configured correctly for the
            Locked-Down Local
CCE-16426-9 Machine Zone.                enabled/disabled

            The "Allow websites to
            open windows without
            address or status bars"
            current user setting should
            be configured correctly for
            the Locked-Down Local
CCE-16449-1 Machine Zone.               enabled/disabled

            The "Allow websites to
            prompt for information
            using scripted windows"
            current user setting should
            be configured correctly for
            the Locked-Down
CCE-15076-3 Restricted Sites Zone.      enabled/disabled

            The "Allow file downloads"
            current user setting should
            be configured correctly for
            the Locked-Down Trusted
CCE-16220-6 Sites Zone.                 enabled/disabled
            The "Turn Off First-Run
            Opt-In" current user setting
            should be configured
            correctly for the Locked-
            Down Restricted Sites
CCE-15044-1 Zone.                        enabled/disabled
            The "Display mixed
            content" current user
            setting should be
            configured correctly for the
            Locked-Down Trusted
CCE-16211-5 Sites Zone.                  enabled/disabled

              The "Run .NET Framework-
              reliant components not
              signed with Authenticode"
              current user setting should
              be configured correctly for
              the Locked-Down Intranet
CCE-15862-6   Zone.                        enabled/disabled
              The "Allow status bar
              updates via script" current
              user setting should be
              configured correctly for the
              Locked-Down Internet
CCE-16180-2   Zone.                        enabled/disabled
              The "XAML browser
              applications" current user
              setting should be
              configured correctly for the
              Locked-Down Intranet
CCE-16359-2   Zone.                        enabled/disabled
              The "Script ActiveX
              controls marked safe for
              scripting" current user
              setting should be
              configured correctly for the
              Locked-Down Internet
CCE-15558-0   Zone.                        enabled/disabled

            The "Automatic prompting
            for file downloads" current
            user setting should be
            configured correctly for the
            Locked-Down Local
CCE-16452-5 Machine Zone.                enabled/disabled
            The "Software channel
            permissions" current user
            setting should be
            configured correctly for the
            Locked-Down Intranet
CCE-15620-8 Zone.                        enabled/disabled
              The "Allow websites to
              prompt for information
              using scripted windows"
              current user setting should
              be configured correctly for
              the Locked-Down Intranet
CCE-16381-6   Zone.                          enabled/disabled
              The "Allow META
              REFRESH" current user
              setting should be
              configured correctly for the
              Locked-Down Restricted
CCE-16024-2   Sites Zone.                    enabled/disabled
              The "Allow websites to
              open windows without
              address or status bars"
              current user setting should
              be configured correctly for
              the Locked-Down Trusted
CCE-17238-7   Sites Zone.                    enabled/disabled
              The "Initialize and script
              ActiveX controls not
              marked as safe" current
              user setting should be
              configured correctly for the
              Locked-Down Intranet
CCE-16492-1   Zone.                          enabled/disabled
              The "Allow binary and
              script behaviors" current
              user setting should be
              configured correctly for the
              Locked-Down Local
CCE-16344-4   Machine Zone.                  enabled/disabled
              The "Launching programs
              and unsafe files" current
              user setting should be
              configured correctly for the
              Locked-Down Intranet
CCE-16071-3   Zone.                          enabled/disabled

            The "Do not prompt for
            client certificate selection
            when no certificates or only
            one certificate exists."
            current user setting should
            be configured correctly for
            the Locked-Down Local
CCE-16476-4 Machine Zone.                enabled/disabled
            The "Run .NET Framework-
            reliant components signed
            with Authenticode" current
            user setting should be
            configured correctly for the
            Locked-Down Trusted
CCE-16280-0 Sites Zone.                  enabled/disabled
            The "Script ActiveX
            controls marked safe for
            scripting" current user
            setting should be
            configured correctly for the
            Locked-Down Intranet
CCE-16190-1 Zone.                        enabled/disabled
            The "Allow status bar
            updates via script" current
            user setting should be
            configured correctly for the
            Locked-Down Intranet
CCE-16095-2 Zone.                        enabled/disabled

            The "Userdata persistence"
            current user setting should
            be configured correctly for
            the Locked-Down Trusted
CCE-17252-8 Sites Zone.                  enabled/disabled
            The "Software channel
            permissions" current user
            setting should be
            configured correctly for the
            Locked-Down Restricted
CCE-15212-4 Sites Zone.                  enabled/disabled

            The "Java permissions"
            current user setting should
            be configured correctly for
            the Locked-Down Internet
CCE-16155-4 Zone.                       enabled/disabled

            The "Allow websites to
            open windows without
            address or status bars"
            current user setting should
            be configured correctly for
            the Locked-Down
CCE-15204-1 Restricted Sites Zone.       enabled/disabled
            The "Launching
            applications and files in an
            IFRAME" current user
            setting should be
            configured correctly for the
            Locked-Down Internet
CCE-15567-1 Zone.                        enabled/disabled
            The "Allow installation of
            desktop items" current user
            setting should be
            configured correctly for the
            Locked-Down Local
CCE-16325-3 Machine Zone.                enabled/disabled

            The "Access data sources
            across domains" current
            user setting should be
            configured correctly for the
            Locked-Down Restricted
CCE-15966-5 Sites Zone.                  enabled/disabled
            The "Initialize and script
            ActiveX controls not
            marked as safe" current
            user setting should be
            configured correctly for the
            Locked-Down Internet
CCE-16291-7 Zone.                        enabled/disabled

            The "Use Pop-up Blocker"
            current user setting should
            be configured correctly for
            the Locked-Down
CCE-15975-6 Restricted Sites Zone.      enabled/disabled

            The "Userdata persistence"
            current user setting should
            be configured correctly for
            the Locked-Down
CCE-15678-6 Restricted Sites Zone.      enabled/disabled

            The "Java permissions"
            current user setting should
            be configured correctly for
            the Locked-Down
CCE-15243-9 Restricted Sites Zone.      enabled/disabled

            The "Allow file downloads"
            current user setting should
            be configured correctly for
            the Locked-Down Internet
CCE-16080-4 Zone.                       enabled/disabled

            The "Loose XAML files"
            current user setting should
            be configured correctly for
            the Locked-Down Internet
CCE-15935-0 Zone.                       enabled/disabled
            The "Run .NET Framework-
            reliant components signed
            with Authenticode" current
            user setting should be
            configured correctly for the
            Locked-Down Restricted
CCE-15992-1 Sites Zone.                  enabled/disabled
            The "Run ActiveX controls
            and plugins" current user
            setting should be
            configured correctly for the
            Locked-Down Internet
CCE-16331-1 Zone.                        enabled/disabled

            The "Allow websites to
            prompt for information
            using scripted windows"
            current user setting should
            be configured correctly for
            the Locked-Down Local
CCE-16075-4 Machine Zone.               enabled/disabled

            The "Allow Scriptlets"
            current user setting should
            be configured correctly for
            the Locked-Down Intranet
CCE-16311-3 Zone.                        enabled/disabled
            The "Download unsigned
            ActiveX controls" current
            user setting should be
            configured correctly for the
            Locked-Down Trusted
CCE-17231-2 Sites Zone.                  enabled/disabled

            The "Include local directory
            path when uploading files
            to a server" current user
            setting should be
            configured correctly for the
            Locked-Down Restricted
CCE-15722-2 Sites Zone.                  enabled/disabled

            The "Run .NET Framework-
            reliant components signed
            with Authenticode" current
            user setting should be
            configured correctly for the
            Locked-Down Intranet
CCE-15742-0 Zone.                        enabled/disabled
            The "XPS documents"
            current user setting should
            be configured correctly for
            the Locked-Down Local
CCE-16448-3 Machine Zone.               enabled/disabled

            The "Allow status bar
            updates via script" current
            user setting should be
            configured correctly for the
            Locked-Down Restricted
CCE-15984-8 Sites Zone.                  enabled/disabled

            The "Userdata persistence"
            current user setting should
            be configured correctly for
            the Locked-Down Internet
CCE-16134-9 Zone.                         enabled/disabled
            The "Allow cut, copy or
            paste operations from the
            clipboard via script" current
            user setting should be
            configured correctly for the
            Locked-Down Trusted
CCE-16926-8 Sites Zone.                   enabled/disabled
            The "Allow binary and
            script behaviors" current
            user setting should be
            configured correctly for the
            Locked-Down Trusted
CCE-16272-7 Sites Zone.                   enabled/disabled

            The "Include local directory
            path when uploading files
            to a server" current user
            setting should be
            configured correctly for the
            Locked-Down Local
CCE-16473-1 Machine Zone.                enabled/disabled

            The "Allow active scripting"
            current user setting should
            be configured correctly for
            the Locked-Down Trusted
CCE-16450-9 Sites Zone.                  enabled/disabled

            The "Turn Off First-Run
            Opt-In" current user setting
            should be configured
            correctly for the Locked-
CCE-17062-1 Down Trusted Sites Zone. enabled/disabled
              The "Allow drag and drop
              or copy and paste files"
              current user setting should
              be configured correctly for
              the Locked-Down
CCE-15812-1   Restricted Sites Zone.         enabled/disabled
              The "XAML browser
              applications" current user
              setting should be
              configured correctly for the
              Locked-Down Internet
CCE-16265-1   Zone.                          enabled/disabled
              The "Script ActiveX
              controls marked safe for
              scripting" current user
              setting should be
              configured correctly for the
              Locked-Down Trusted
CCE-16200-8   Sites Zone.                    enabled/disabled
              The "Launching programs
              and unsafe files" current
              user setting should be
              configured correctly for the
              Locked-Down Local
CCE-15912-9   Machine Zone.                  enabled/disabled
              The "Navigate windows
              and frames across different
              domains" current user
              setting should be
              configured correctly for the
              Locked-Down Intranet
CCE-16065-5   Zone.                          enabled/disabled

            The "Automatic prompting
            for ActiveX controls"
            current user setting should
            be configured correctly for
            the Locked-Down
CCE-15816-2 Restricted Sites Zone.      enabled/disabled
            The "Only allow approved
            domains to use ActiveX
            controls without prompt"
            current user setting should
            be configured correctly for
            the Locked-Down Intranet
CCE-16346-9 Zone.                       enabled/disabled

            The "Allow active scripting"
            current user setting should
            be configured correctly for
            the Locked-Down Internet
CCE-16062-2 Zone.                        enabled/disabled
            The "Submit non-encrypted
            form data" current user
            setting should be
            configured correctly for the
            Locked-Down Trusted
CCE-17077-9 Sites Zone.                  enabled/disabled
            The "Allow META
            REFRESH" current user
            setting should be
            configured correctly for the
            Locked-Down Intranet
CCE-15638-0 Zone.                        enabled/disabled
            The "Allow installation of
            desktop items" current user
            setting should be
            configured correctly for the
            Locked-Down Trusted
CCE-17243-7 Sites Zone.                  enabled/disabled

            The "Allow drag and drop
            or copy and paste files"
            current user setting should
            be configured correctly for
            the Locked-Down Local
CCE-16486-3 Machine Zone.               enabled/disabled

            The "Turn on Cross-Site
            Scripting (XSS) Filter"
            current user setting should
            be configured correctly for
            the Locked-Down Local
CCE-16417-8 Machine Zone.               enabled/disabled

            The "Logon options"
            current user setting should
            be configured correctly for
            the Locked-Down
CCE-15463-3 Restricted Sites Zone.      enabled/disabled

            The "Allow active scripting"
            current user setting should
            be configured correctly for
            the Locked-Down
CCE-16035-8 Restricted Sites Zone.       enabled/disabled
            The "Turn on Cross-Site
            Scripting (XSS) Filter"
            current user setting should
            be configured correctly for
            the Locked-Down Intranet
CCE-16055-6 Zone.                        enabled/disabled
            The "Allow drag and drop
            or copy and paste files"
            current user setting should
            be configured correctly for
            the Locked-Down Trusted
CCE-16732-0 Sites Zone.                 enabled/disabled

            The "Loose XAML files"
            current user setting should
            be configured correctly for
            the Locked-Down Intranet
CCE-16501-9 Zone.                       enabled/disabled

            The "Use SmartScreen
            Filter" current user setting
            should be configured
            correctly for the Locked-
CCE-16307-1 Down Trusted Sites Zone. enabled/disabled
            The "Run ActiveX controls
            and plugins" current user
            setting should be
            configured correctly for the
            Locked-Down Intranet
CCE-16580-3 Zone.                        enabled/disabled

            The "Use Pop-up Blocker"
            current user setting should
            be configured correctly for
            the Locked-Down Internet
CCE-15703-2 Zone.                       enabled/disabled

            The "Turn Off First-Run
            Opt-In" current user setting
            should be configured
            correctly for the Locked-
CCE-16481-4 Down Local Machine Zone. enabled/disabled
            The "Download signed
            ActiveX controls" current
            user setting should be
            configured correctly for the
            Locked-Down Trusted
CCE-17247-8 Sites Zone.                   enabled/disabled
            The "Allow cut, copy or
            paste operations from the
            clipboard via script" current
            user setting should be
            configured correctly for the
            Locked-Down Intranet
CCE-16556-3 Zone.                         enabled/disabled
            The "Allow installation of
            desktop items" current user
            setting should be
            configured correctly for the
            Locked-Down Restricted
CCE-15036-7 Sites Zone.                  enabled/disabled
            The "XAML browser
            applications" current user
            setting should be
            configured correctly for the
            Locked-Down Trusted
CCE-16482-2 Sites Zone.                  enabled/disabled
            The "Allow drag and drop
            or copy and paste files"
            current user setting should
            be configured correctly for
            the Locked-Down Intranet
CCE-16442-6 Zone.                        enabled/disabled

            The "Run .NET Framework-
            reliant components signed
            with Authenticode" current
            user setting should be
            configured correctly for the
            Locked-Down Internet
CCE-15981-4 Zone.                        enabled/disabled
            The "Scripting of Java
            applets" current user
            setting should be
            configured correctly for the
            Locked-Down Trusted
CCE-17146-2 Sites Zone.                  enabled/disabled

            The "Include local directory
            path when uploading files
            to a server" current user
            setting should be
            configured correctly for the
            Locked-Down Trusted
CCE-16949-0 Sites Zone.                  enabled/disabled
            The "Allow websites to
            prompt for information
            using scripted windows"
            current user setting should
            be configured correctly for
            the Locked-Down Internet
CCE-15525-9 Zone.                        enabled/disabled
            The "Only allow approved
            domains to use ActiveX
            controls without prompt"
            current user setting should
            be configured correctly for
            the Locked-Down Trusted
CCE-17021-7 Sites Zone.                  enabled/disabled
            The "Scripting of Java
            applets" current user
            setting should be
            configured correctly for the
            Locked-Down Internet
CCE-15755-2 Zone.                        enabled/disabled
            The "Web sites in less
            privileged Web content
            zones can navigate into
            this zone" current user
            setting should be
            configured correctly for the
            Locked-Down Trusted
CCE-17177-7 Sites Zone.                  enabled/disabled
            The "Allow scripting of
            Internet Explorer web
            browser control" current
            user setting should be
            configured correctly for the
            Locked-Down Local
CCE-15754-5 Machine Zone.                enabled/disabled

            The "Allow font downloads"
            current user setting should
            be configured correctly for
            the Locked-Down Local
CCE-16213-1 Machine Zone.                enabled/disabled
            The "XAML browser
            applications" current user
            setting should be
            configured correctly for the
            Locked-Down Local
CCE-16352-7 Machine Zone.                enabled/disabled

            The "Submit non-encrypted
            form data" current user
            setting should be
            configured correctly for the
            Locked-Down Local
CCE-15778-4 Machine Zone.                enabled/disabled
            The "Allow websites to
            prompt for information
            using scripted windows"
            current user setting should
            be configured correctly for
            the Locked-Down Trusted
CCE-16970-6 Sites Zone.                  enabled/disabled
            The "Disable .NET
            Framework Setup" current
            user setting should be
            configured correctly for the
            Locked-Down Internet
CCE-15324-7 Zone.                        enabled/disabled
            The "XPS documents"
            current user setting should
            be configured correctly for
            the Locked-Down
CCE-15942-6 Restricted Sites Zone.      enabled/disabled

            The "Use Pop-up Blocker"
            current user setting should
            be configured correctly for
            the Locked-Down Local
CCE-16217-2 Machine Zone.                enabled/disabled
            The "Run ActiveX controls
            and plugins" current user
            setting should be
            configured correctly for the
            Locked-Down Restricted
CCE-15574-7 Sites Zone.                  enabled/disabled
            The "Download signed
            ActiveX controls" current
            user setting should be
            configured correctly for the
            Locked-Down Intranet
CCE-16333-7 Zone.                        enabled/disabled

            The "Open files based on
            content, not file extension"
            current user setting should
            be configured correctly for
            the Locked-Down
CCE-15432-8 Restricted Sites Zone.       enabled/disabled
            The "Launching
            applications and files in an
            IFRAME" current user
            setting should be
            configured correctly for the
            Locked-Down Intranet
CCE-16446-7 Zone.                        enabled/disabled

            The "Automatic prompting
            for ActiveX controls"
            current user setting should
            be configured correctly for
            the Locked-Down Internet
CCE-16045-7 Zone.                       enabled/disabled

            The "Allow video and
            animation on a Web page
            that uses a legacy media
            player" current user setting
            should be configured
            correctly for the Locked-
CCE-17066-2 Down Trusted Sites Zone. enabled/disabled
            The "Automatic prompting
            for file downloads" current
            user setting should be
            configured correctly for the
            Locked-Down Restricted
CCE-15233-0 Sites Zone.                  enabled/disabled
            The "Access data sources
            across domains" current
            user setting should be
            configured correctly for the
            Locked-Down Trusted
CCE-16222-2 Sites Zone.                  enabled/disabled

            The "Allow file downloads"
            current user setting should
            be configured correctly for
            the Locked-Down
CCE-15997-0 Restricted Sites Zone.      enabled/disabled

            The "Loose XAML files"
            current user setting should
            be configured correctly for
            the Locked-Down Local
CCE-15941-8 Machine Zone.               enabled/disabled

            The "Allow file downloads"
            current user setting should
            be configured correctly for
            the Locked-Down Intranet
CCE-15634-9 Zone.                        enabled/disabled
            The "Allow video and
            animation on a Web page
            that uses a legacy media
            player" current user setting
            should be configured
            correctly for the Locked-
            Down Restricted Sites
CCE-15228-0 Zone.                        enabled/disabled
            The "Navigate windows
            and frames across different
            domains" current user
            setting should be
            configured correctly for the
            Locked-Down Restricted
CCE-15301-5 Sites Zone.                  enabled/disabled

            The "Automatic prompting
            for ActiveX controls"
            current user setting should
            be configured correctly for
            the Locked-Down Intranet
CCE-15679-4 Zone.                       enabled/disabled
            The "Navigate windows
            and frames across different
            domains" current user
            setting should be
            configured correctly for the
            Locked-Down Trusted
CCE-16221-4 Sites Zone.                  enabled/disabled

            The "XPS documents"
            current user setting should
            be configured correctly for
            the Locked-Down Internet
CCE-15939-2 Zone.                       enabled/disabled

            The "Allow file downloads"
            current user setting should
            be configured correctly for
            the Locked-Down Local
CCE-16390-7 Machine Zone.                enabled/disabled
            The "Launching
            applications and files in an
            IFRAME" current user
            setting should be
            configured correctly for the
            Locked-Down Trusted
CCE-17225-4 Sites Zone.                  enabled/disabled
            The "Navigate windows
            and frames across different
            domains" current user
            setting should be
            configured correctly for the
            Locked-Down Local
CCE-16339-4 Machine Zone.                enabled/disabled

            The "Allow video and
            animation on a Web page
            that uses a legacy media
            player" current user setting
            should be configured
            correctly for the Locked-
CCE-16305-5 Down Internet Zone.          enabled/disabled
            The "Download signed
            ActiveX controls" current
            user setting should be
            configured correctly for the
            Locked-Down Local
CCE-16321-2 Machine Zone.                enabled/disabled

            The "Userdata persistence"
            current user setting should
            be configured correctly for
            the Locked-Down Local
CCE-15551-5 Machine Zone.               enabled/disabled
            The "Run ActiveX controls
            and plugins" current user
            setting should be
            configured correctly for the
            Locked-Down Local
CCE-16453-3 Machine Zone.                enabled/disabled
            The "Allow status bar
            updates via script" current
            user setting should be
            configured correctly for the
            Locked-Down Trusted
CCE-16258-6 Sites Zone.                  enabled/disabled

            The "Use SmartScreen
            Filter" current user setting
            should be configured
            correctly for the Locked-
CCE-15322-1 Down Internet Zone.            enabled/disabled

            The "Turn on Protected
            Mode" current user setting
            should be configured
            correctly for the Locked-
CCE-16386-5 Down Local Machine Zone. enabled/disabled
            The "Allow script-initiated
            windows without size or
            position constraints"
            current user setting should
            be configured correctly for
            the Locked-Down Intranet
CCE-16495-4 Zone.                       enabled/disabled

            The "Automatic prompting
            for ActiveX controls"
            current user setting should
            be configured correctly for
            the Locked-Down Trusted
CCE-17118-1 Sites Zone.                 enabled/disabled

            The "XPS documents"
            current user setting should
            be configured correctly for
            the Locked-Down Intranet
CCE-16415-2 Zone.                       enabled/disabled

            The "Do not prompt for
            client certificate selection
            when no certificates or only
            one certificate exists."
            current user setting should
            be configured correctly for
            the Locked-Down Trusted
CCE-17180-1 Sites Zone.                  enabled/disabled
            The "Automatic prompting
            for ActiveX controls"
            current user setting should
            be configured correctly for
            the Locked-Down Local
CCE-16366-7 Machine Zone.               enabled/disabled

            The "Turn Off First-Run
            Opt-In" current user setting
            should be configured
            correctly for the Locked-
CCE-16223-0 Down Internet Zone.          enabled/disabled
            The "Download unsigned
            ActiveX controls" current
            user setting should be
            configured correctly for the
            Locked-Down Local
CCE-15506-9 Machine Zone.                enabled/disabled
            The "Access data sources
            across domains" current
            user setting should be
            configured correctly for the
            Locked-Down Intranet
CCE-15626-5 Zone.                        enabled/disabled

            The "Open files based on
            content, not file extension"
            current user setting should
            be configured correctly for
            the Locked-Down Intranet
CCE-16560-5 Zone.                        enabled/disabled
            The "Allow META
            REFRESH" current user
            setting should be
            configured correctly for the
            Locked-Down Trusted
CCE-17141-3 Sites Zone.                  enabled/disabled


            The "Run .NET Framework-
            reliant components not
            signed with Authenticode"
            current user setting should
            be configured correctly for
            the Locked-Down Local
CCE-16399-8 Machine Zone.                enabled/disabled
            The "Display mixed
            content" current user
            setting should be
            configured correctly for the
            Locked-Down Local
CCE-16326-1 Machine Zone.                enabled/disabled
            The "Allow scripting of
            Internet Explorer web
            browser control" current
            user setting should be
            configured correctly for the
            Locked-Down Restricted
CCE-15100-1 Sites Zone.                   enabled/disabled
            The "Allow cut, copy or
            paste operations from the
            clipboard via script" current
            user setting should be
            configured correctly for the
            Locked-Down Internet
CCE-15318-9 Zone.                         enabled/disabled

            The "Turn on Protected
            Mode" current user setting
            should be configured
            correctly for the Locked-
CCE-17032-4 Down Trusted Sites Zone. enabled/disabled
            The "Allow META
            REFRESH" current user
            setting should be
            configured correctly for the
            Locked-Down Local
CCE-16198-4 Machine Zone.                enabled/disabled

            The "Allow cut, copy or
            paste operations from the
            clipboard via script" current
            user setting should be
            configured correctly for the
            Locked-Down Restricted
CCE-15255-3 Sites Zone.                   enabled/disabled
            The "Software channel
            permissions" current user
            setting should be
            configured correctly for the
            Locked-Down Trusted
CCE-17078-7 Sites Zone.                   enabled/disabled
            The "Web sites in less
            privileged Web content
            zones can navigate into
            this zone" current user
            setting should be
            configured correctly for the
            Locked-Down Local
CCE-15513-5 Machine Zone.                 enabled/disabled

            The "Use SmartScreen
            Filter" current user setting
            should be configured
            correctly for the Locked-
CCE-16455-8 Down Local Machine Zone. enabled/disabled
            The "Run .NET Framework-
            reliant components not
            signed with Authenticode"
            current user setting should
            be configured correctly for
            the Locked-Down Internet
CCE-15539-0 Zone.                       enabled/disabled
            The "Turn on Protected
            Mode" current user setting
            should be configured
            correctly for the Locked-
            Down Restricted Sites
CCE-15603-4 Zone.                       enabled/disabled

              The "Use SmartScreen
              Filter" current user setting
              should be configured
              correctly for the Locked-
CCE-16576-1   Down Intranet Zone.            enabled/disabled
              The "Display mixed
              content" current user
              setting should be
              configured correctly for the
              Locked-Down Internet
CCE-15328-8   Zone.                          enabled/disabled
              The "Launching
              applications and files in an
              IFRAME" current user
              setting should be
              configured correctly for the
              Locked-Down Local
CCE-16412-9   Machine Zone.                  enabled/disabled
              The "Allow scripting of
              Internet Explorer web
              browser control" current
              user setting should be
              configured correctly for the
              Locked-Down Intranet
CCE-16420-2   Zone.                          enabled/disabled

            The "Automatic prompting
            for file downloads" current
            user setting should be
            configured correctly for the
            Locked-Down Trusted
CCE-16761-9 Sites Zone.                  enabled/disabled
            The "Access data sources
            across domains" current
            user setting should be
            configured correctly for the
            Locked-Down Internet
CCE-16041-6 Zone.                        enabled/disabled
            The "Logon options"
            current user setting should
            be configured correctly for
            the Locked-Down Local
CCE-15646-3 Machine Zone.                enabled/disabled
            The "Script ActiveX
            controls marked safe for
            scripting" current user
            setting should be
            configured correctly for the
            Locked-Down Restricted
CCE-16011-9 Sites Zone.                  enabled/disabled

            The "Use Pop-up Blocker"
            current user setting should
            be configured correctly for
            the Locked-Down Intranet
CCE-15632-3 Zone.                       enabled/disabled

            The "Allow font downloads"
            current user setting should
            be configured correctly for
            the Locked-Down
CCE-15589-5 Restricted Sites Zone.       enabled/disabled
            The "Allow scripting of
            Internet Explorer web
            browser control" current
            user setting should be
            configured correctly for the
            Locked-Down Internet
CCE-16082-0 Zone.                        enabled/disabled


            The "Restrict ActiveX
            Install: Internet Explorer
            Processes" current user
            setting should be
CCE-16645-4 configured correctly.        enabled/disabled




            The "Restrict ActiveX
            Install: All Processes"
            current user setting should
CCE-15869-1 be configured correctly.    enabled/disabled


            The "Restrict ActiveX
            Install: Process List"
            current user setting should
CCE-16491-3 be configured correctly.    enabled/disabled
            The "Enable cut, copy or
            paste operations from the
            clipboard if
            URLACTION_SCRIPT_PA
            STE is set to Prompt:
            Internet Explorer
            Processes" machine
            setting should be
CCE-16032-5 configured correctly.     enabled/disabled


            The "Enable cut, copy or
            paste operations from the
            clipboard if
            URLACTION_SCRIPT_PA
            STE is set to Prompt: All
            Processes" machine
            setting should be
CCE-15508-5 configured correctly.     enabled/disabled
            The "Enable cut, copy or
            paste operations from the
            clipboard if
            URLACTION_SCRIPT_PA
            STE is set to Prompt:
            Process List" machine
            setting should be
CCE-15781-8 configured correctly.     enabled/disabled


            The "Object Caching
            Protection: Process List"
            machine setting should be
CCE-15482-3 configured correctly.     enabled/disabled




            The "Object Caching
            Protection: Internet
            Explorer Processes"
            machine setting should be
CCE-15483-1 configured correctly.     enabled/disabled




            The "Object Caching
            Protection: All Processes"
            machine setting should be
CCE-15487-2 configured correctly.      enabled/disabled
            The "Prevent setting of the
            code download path for
            each machine" machine
            setting should be
CCE-16683-5 configured correctly.        enabled/disabled
            The "Navigate windows
            and frames across different
            domains" current user
            setting should be
            configured correctly for the
CCE-16121-6 Local Machine Zone.          enabled/disabled

            The "Turn Off First-Run
            Opt-In" current user setting
            should be configured
            correctly for the Local
CCE-15177-9 Machine Zone.                enabled/disabled

            The "Automatic prompting
            for ActiveX controls"
            current user setting should
            be configured correctly for
CCE-16081-2 the Local Machine Zone.      enabled/disabled
            The "Allow video and
            animation on a Web page
            that uses a legacy media
            player" current user setting
            should be configured
            correctly for the Local
CCE-16085-3 Machine Zone.                enabled/disabled

            The "Software channel
            permissions" current user
            setting should be
            configured correctly for the
CCE-15787-5 Local Machine Zone.          enabled/disabled

            The "Allow binary and
            script behaviors" current
            user setting should be
            configured correctly for the
CCE-15961-6 Local Machine Zone.          enabled/disabled

            The "Only allow approved
            domains to use ActiveX
            controls without prompt"
            current user setting should
            be configured correctly for
CCE-15989-7 the Local Machine Zone.     enabled/disabled
            The "Allow Scriptlets"
            current user setting should
            be configured correctly for
CCE-15215-7 the Local Machine Zone.     enabled/disabled


            The "Java permissions"
            current user setting should
            be configured correctly for
CCE-15446-8 the Local Machine Zone.     enabled/disabled

            The "Download signed
            ActiveX controls" current
            user setting should be
            configured correctly for the
CCE-15748-7 Local Machine Zone.          enabled/disabled

            The "Allow installation of
            desktop items" current user
            setting should be
            configured correctly for the
CCE-15479-9 Local Machine Zone.          enabled/disabled

            The "Disable .NET
            Framework Setup" current
            user setting should be
            configured correctly for the
CCE-15162-1 Local Machine Zone.          enabled/disabled

            The "Allow META
            REFRESH" current user
            setting should be
            configured correctly for the
CCE-15385-8 Local Machine Zone.          enabled/disabled

            The "Launching programs
            and unsafe files" current
            user setting should be
            configured correctly for the
CCE-15171-2 Local Machine Zone.          enabled/disabled

            The "Allow cut, copy or
            paste operations from the
            clipboard via script" current
            user setting should be
            configured correctly for the
CCE-16044-0 Local Machine Zone.           enabled/disabled
            The "Turn on Protected
            Mode" current user setting
            should be configured
            correctly for the Local
CCE-15988-9 Machine Zone.              enabled/disabled

            The "Open files based on
            content, not file extension"
            current user setting should
            be configured correctly for
CCE-15858-4 the Local Machine Zone.      enabled/disabled


            The "Userdata persistence"
            current user setting should
            be configured correctly for
CCE-15195-1 the Local Machine Zone.     enabled/disabled


            The "Allow file downloads"
            current user setting should
            be configured correctly for
CCE-16122-4 the Local Machine Zone.     enabled/disabled

            The "Run ActiveX controls
            and plugins" current user
            setting should be
            configured correctly for the
CCE-15153-0 Local Machine Zone.          enabled/disabled

            The "Allow active content
            over restricted protocols to
            access my computer"
            current user setting should
            be configured correctly for
CCE-15157-1 the Local Machine Zone.      enabled/disabled
            The "Script ActiveX
            controls marked safe for
            scripting" current user
            setting should be
            configured correctly for the
CCE-16116-6 Local Machine Zone.          enabled/disabled

            The "Allow drag and drop
            or copy and paste files"
            current user setting should
            be configured correctly for
CCE-15800-6 the Local Machine Zone.     enabled/disabled
            The "Allow scripting of
            Internet Explorer web
            browser control" current
            user setting should be
            configured correctly for the
CCE-16108-3 Local Machine Zone.          enabled/disabled

            The "Include local directory
            path when uploading files
            to a server" current user
            setting should be
            configured correctly for the
CCE-15902-0 Local Machine Zone.          enabled/disabled

            The "Run .NET Framework-
            reliant components signed
            with Authenticode" current
            user setting should be
            configured correctly for the
CCE-16025-9 Local Machine Zone.          enabled/disabled

            The "Turn on Cross-Site
            Scripting (XSS) Filter"
            current user setting should
            be configured correctly for
CCE-15761-0 the Local Machine Zone.     enabled/disabled


            The "Allow font downloads"
            current user setting should
            be configured correctly for
CCE-15668-7 the Local Machine Zone.     enabled/disabled


            The "XPS documents"
            current user setting should
            be configured correctly for
CCE-16064-8 the Local Machine Zone.     enabled/disabled


            The "Allow active scripting"
            current user setting should
            be configured correctly for
CCE-15196-9 the Local Machine Zone.      enabled/disabled

            The "Do not prompt for
            client certificate selection
            when no certificates or only
            one certificate exists."
            current user setting should
            be configured correctly for
CCE-16054-9 the Local Machine Zone.      enabled/disabled
            The "Allow websites to
            prompt for information
            using scripted windows"
            current user setting should
            be configured correctly for
CCE-15193-6 the Local Machine Zone.     enabled/disabled

            The "Access data sources
            across domains" current
            user setting should be
            configured correctly for the
CCE-15757-8 Local Machine Zone.          enabled/disabled

            The "Display mixed
            content" current user
            setting should be
            configured correctly for the
CCE-16144-8 Local Machine Zone.          enabled/disabled

            The "XAML browser
            applications" current user
            setting should be
            configured correctly for the
CCE-15241-3 Local Machine Zone.          enabled/disabled

            The "Use SmartScreen
            Filter" current user setting
            should be configured
            correctly for the Local
CCE-16076-2 Machine Zone.                  enabled/disabled

            The "Allow script-initiated
            windows without size or
            position constraints"
            current user setting should
            be configured correctly for
CCE-16003-6 the Local Machine Zone.     enabled/disabled

            The "Scripting of Java
            applets" current user
            setting should be
            configured correctly for the
CCE-15602-6 Local Machine Zone.          enabled/disabled


            The "Logon options"
            current user setting should
            be configured correctly for
CCE-16031-7 the Local Machine Zone.     enabled/disabled
            The "Allow status bar
            updates via script" current
            user setting should be
            configured correctly for the
CCE-16126-5 Local Machine Zone.          enabled/disabled


            The "Run .NET Framework-
            reliant components not
            signed with Authenticode"
            current user setting should
            be configured correctly for
CCE-16140-6 the Local Machine Zone.     enabled/disabled

            The "Submit non-encrypted
            form data" current user
            setting should be
            configured correctly for the
CCE-16100-0 Local Machine Zone.          enabled/disabled
            The "Launching
            applications and files in an
            IFRAME" current user
            setting should be
            configured correctly for the
CCE-15185-2 Local Machine Zone.          enabled/disabled


            The "Loose XAML files"
            current user setting should
            be configured correctly for
CCE-16099-4 the Local Machine Zone.      enabled/disabled
            The "Web sites in less
            privileged Web content
            zones can navigate into
            this zone" current user
            setting should be
            configured correctly for the
CCE-15880-8 Local Machine Zone.          enabled/disabled

            The "Download unsigned
            ActiveX controls" current
            user setting should be
            configured correctly for the
CCE-16059-8 Local Machine Zone.          enabled/disabled


            The "Use Pop-up Blocker"
            current user setting should
            be configured correctly for
CCE-15565-5 the Local Machine Zone.     enabled/disabled
            The "Automatic prompting
            for file downloads" current
            user setting should be
            configured correctly for the
CCE-15752-9 Local Machine Zone.          enabled/disabled
            The "Initialize and script
            ActiveX controls not
            marked as safe" current
            user setting should be
            configured correctly for the
CCE-15237-1 Local Machine Zone.          enabled/disabled

            The "Allow websites to
            open windows without
            address or status bars"
            current user setting should
            be configured correctly for
CCE-15959-0 the Local Machine Zone.     enabled/disabled


            The "Network Protocol
            Lockdown: Internet
            Explorer Processes"
            current user setting should
CCE-16692-6 be configured correctly.    enabled/disabled




            The "Network Protocol
            Lockdown: All Processes"
            current user setting should
CCE-16696-7 be configured correctly.    enabled/disabled


            The "Network Protocol
            Lockdown: Process List"
            current user setting should
CCE-16670-2 be configured correctly.    enabled/disabled




            The "Consistent Mime
            Handling: All Processes"
            machine setting should be
CCE-16648-8 configured correctly.     enabled/disabled


            The "Consistent Mime
            Handling: Process List"
            machine setting should be
CCE-16653-8 configured correctly.     enabled/disabled
            The "Automatic prompting
            for ActiveX controls"
            current user setting should
            be configured correctly for
CCE-17095-1 the Restricted Sites Zone. enabled/disabled

            The "Submit non-encrypted
            form data" current user
            setting should be
            configured correctly for the
CCE-17092-8 Restricted Sites Zone.       enabled/disabled


            The "Automatic prompting
            for file downloads" current
            user setting should be
            configured correctly for the
CCE-16988-8 Restricted Sites Zone.       enabled/disabled

            The "Allow websites to
            open windows without
            address or status bars"
            current user setting should
            be configured correctly for
CCE-17014-2 the Restricted Sites Zone. enabled/disabled

            The "Display mixed
            content" current user
            setting should be
            configured correctly for the
CCE-17054-8 Restricted Sites Zone.       enabled/disabled


            The "Include local directory
            path when uploading files
            to a server" current user
            setting should be
            configured correctly for the
CCE-17076-1 Restricted Sites Zone.       enabled/disabled


            The "Use Pop-up Blocker"
            current user setting should
            be configured correctly for
CCE-17023-3 the Restricted Sites Zone. enabled/disabled
            The "Run .NET Framework-
            reliant components signed
            with Authenticode" current
            user setting should be
            configured correctly for the
CCE-17006-8 Restricted Sites Zone.       enabled/disabled


            The "XPS documents"
            current user setting should
            be configured correctly for
CCE-16611-6 the Restricted Sites Zone. enabled/disabled


            The "Allow file downloads"
            current user setting should
            be configured correctly for
CCE-16734-6 the Restricted Sites Zone. enabled/disabled


            The "Logon options"
            current user setting should
            be configured correctly for
CCE-16196-8 the Restricted Sites Zone. enabled/disabled

            The "Allow script-initiated
            windows without size or
            position constraints"
            current user setting should
            be configured correctly for
CCE-17107-4 the Restricted Sites Zone. enabled/disabled

            The "Allow websites to
            prompt for information
            using scripted windows"
            current user setting should
            be configured correctly for
CCE-16817-9 the Restricted Sites Zone. enabled/disabled


            The "Java permissions"
            current user setting should
            be configured correctly for
CCE-16159-6 the Restricted Sites Zone. enabled/disabled


            The "Open files based on
            content, not file extension"
            current user setting should
            be configured correctly for
CCE-16494-7 the Restricted Sites Zone. enabled/disabled
            The "Allow binary and
            script behaviors" current
            user setting should be
            configured correctly for the
CCE-16118-2 Restricted Sites Zone.       enabled/disabled


            The "Userdata persistence"
            current user setting should
            be configured correctly for
CCE-16905-2 the Restricted Sites Zone. enabled/disabled

            The "Access data sources
            across domains" current
            user setting should be
            configured correctly for the
CCE-17073-8 Restricted Sites Zone.       enabled/disabled

            The "Allow video and
            animation on a Web page
            that uses a legacy media
            player" current user setting
            should be configured
            correctly for the Restricted
CCE-16974-8 Sites Zone.                  enabled/disabled

            The "Use SmartScreen
            Filter" current user setting
            should be configured
            correctly for the Restricted
CCE-17063-9 Sites Zone.                  enabled/disabled

            The "Allow drag and drop
            or copy and paste files"
            current user setting should
            be configured correctly for
CCE-16154-7 the Restricted Sites Zone. enabled/disabled


            The "Allow active scripting"
            current user setting should
            be configured correctly for
CCE-17010-0 the Restricted Sites Zone. enabled/disabled

            The "Turn on Cross-Site
            Scripting (XSS) Filter"
            current user setting should
            be configured correctly for
CCE-16878-1 the Restricted Sites Zone. enabled/disabled
            The "Navigate windows
            and frames across different
            domains" current user
            setting should be
            configured correctly for the
CCE-16156-2 Restricted Sites Zone.       enabled/disabled

            The "Allow cut, copy or
            paste operations from the
            clipboard via script" current
            user setting should be
            configured correctly for the
CCE-16496-2 Restricted Sites Zone.        enabled/disabled

            The "Download signed
            ActiveX controls" current
            user setting should be
            configured correctly for the
CCE-16240-4 Restricted Sites Zone.       enabled/disabled


            The "Run .NET Framework-
            reliant components not
            signed with Authenticode"
            current user setting should
            be configured correctly for
CCE-16209-9 the Restricted Sites Zone. enabled/disabled


            The "Do not prompt for
            client certificate selection
            when no certificates or only
            one certificate exists."
            current user setting should
            be configured correctly for
CCE-17079-5 the Restricted Sites Zone. enabled/disabled

            The "Software channel
            permissions" current user
            setting should be
            configured correctly for the
CCE-16135-6 Restricted Sites Zone.       enabled/disabled

            The "Allow active content
            over restricted protocols to
            access my computer"
            current user setting should
            be configured correctly for
CCE-16738-7 the Restricted Sites Zone. enabled/disabled
            The "Disable .NET
            Framework Setup" current
            user setting should be
            configured correctly for the
CCE-16855-9 Restricted Sites Zone.       enabled/disabled


            The "Loose XAML files"
            current user setting should
            be configured correctly for
CCE-16139-8 the Restricted Sites Zone. enabled/disabled

            The "Allow META
            REFRESH" current user
            setting should be
            configured correctly for the
CCE-17124-9 Restricted Sites Zone.       enabled/disabled

            The "Launching
            applications and files in an
            IFRAME" current user
            setting should be
            configured correctly for the
CCE-17085-2 Restricted Sites Zone.       enabled/disabled

            The "Allow installation of
            desktop items" current user
            setting should be
            configured correctly for the
CCE-16107-5 Restricted Sites Zone.       enabled/disabled

            The "Turn on Protected
            Mode" current user setting
            should be configured
            correctly for the Restricted
CCE-17088-6 Sites Zone.                  enabled/disabled

            The "Allow status bar
            updates via script" current
            user setting should be
            configured correctly for the
CCE-16109-1 Restricted Sites Zone.       enabled/disabled

            The "Initialize and script
            ActiveX controls not
            marked as safe" current
            user setting should be
            configured correctly for the
CCE-16709-8 Restricted Sites Zone.       enabled/disabled
            The "Launching programs
            and unsafe files" current
            user setting should be
            configured correctly for the
CCE-16860-9 Restricted Sites Zone.       enabled/disabled

            The "Only allow approved
            domains to use ActiveX
            controls without prompt"
            current user setting should
            be configured correctly for
CCE-16153-9 the Restricted Sites Zone. enabled/disabled


            The "Allow font downloads"
            current user setting should
            be configured correctly for
CCE-16832-8 the Restricted Sites Zone. enabled/disabled

            The "Scripting of Java
            applets" current user
            setting should be
            configured correctly for the
CCE-16130-7 Restricted Sites Zone.       enabled/disabled

            The "Download unsigned
            ActiveX controls" current
            user setting should be
            configured correctly for the
CCE-17050-6 Restricted Sites Zone.       enabled/disabled

            The "Run ActiveX controls
            and plugins" current user
            setting should be
            configured correctly for the
CCE-16152-1 Restricted Sites Zone.       enabled/disabled

            The "Web sites in less
            privileged Web content
            zones can navigate into
            this zone" current user
            setting should be
            configured correctly for the
CCE-17117-3 Restricted Sites Zone.       enabled/disabled

            The "XAML browser
            applications" current user
            setting should be
            configured correctly for the
CCE-17059-7 Restricted Sites Zone.       enabled/disabled
            The "Turn Off First-Run
            Opt-In" current user setting
            should be configured
            correctly for the Restricted
CCE-16503-5 Sites Zone.                  enabled/disabled


            The "Allow Scriptlets"
            current user setting should
            be configured correctly for
CCE-16507-6 the Restricted Sites Zone. enabled/disabled

            The "Script ActiveX
            controls marked safe for
            scripting" current user
            setting should be
            configured correctly for the
CCE-17099-3 Restricted Sites Zone.       enabled/disabled

            The "Prevent configuration
            of search from the Address
            bar" current user setting
            should be configured
CCE-16336-0 correctly.                 enabled/disabled

            The "Turn on the Internet
            Connection Wizard Auto
            Detect" current user setting
            should be configured
CCE-15739-6 correctly.                   enabled/disabled

            The "Turn off sending
            URLs as UTF-8 (requires
            restart)" current user
            setting should be
CCE-16925-0 configured correctly.        enabled/disabled




            The "Add-on List" current
            user setting should be
CCE-16089-5 configured correctly.        enabled/disabled

            The "Deny all add-ons
            unless specifically allowed
            in the Add-on List" current
            user setting should be
CCE-16711-4 configured correctly.       enabled/disabled
            The "Add-on Management:
            All Processes" current user
            setting should be
CCE-16847-6 configured correctly.       enabled/disabled


            The "Add-on Management:
            Process List" current user
            setting should be
CCE-16341-0 configured correctly.      enabled/disabled


            The "Mime Sniffing Safety
            Feature: Process List"
            current user setting should
CCE-16125-7 be configured correctly.    enabled/disabled


            The "Mime Sniffing Safety
            Feature: Internet Explorer
            Processes" current user
            setting should be
CCE-16367-5 configured correctly.        enabled/disabled




            The "Mime Sniffing Safety
            Feature: All Processes"
            current user setting should
CCE-16239-6 be configured correctly.    enabled/disabled


            The "Allow binary and
            script behaviors" machine
            setting should be
            configured correctly for the
            Locked-Down Local
CCE-15947-5 Machine Zone.                enabled/disabled


            The "Launching
            applications and files in an
            IFRAME" machine setting
            should be configured
            correctly for the Locked-
CCE-16904-5 Down Internet Zone.          enabled/disabled
            The "Allow cut, copy or
            paste operations from the
            clipboard via script"
            machine setting should be
            configured correctly for the
            Locked-Down Internet
CCE-16659-5 Zone.                        enabled/disabled

            The "Turn on Protected
            Mode" machine setting
            should be configured
            correctly for the Locked-
            Down Restricted Sites
CCE-16251-1 Zone.                        enabled/disabled

            The "Web sites in less
            privileged Web content
            zones can navigate into
            this zone" machine setting
            should be configured
            correctly for the Locked-
CCE-16026-7 Down Internet Zone.        enabled/disabled


            The "Userdata persistence"
            machine setting should be
            configured correctly for the
            Locked-Down Internet
CCE-16864-1 Zone.                        enabled/disabled


            The "Allow font downloads"
            machine setting should be
            configured correctly for the
            Locked-Down Trusted
CCE-16046-5 Sites Zone.                  enabled/disabled


            The "Loose XAML files"
            machine setting should be
            configured correctly for the
            Locked-Down Restricted
CCE-16826-0 Sites Zone.                  enabled/disabled


            The "Allow file downloads"
            machine setting should be
            configured correctly for the
            Locked-Down Local
CCE-15190-2 Machine Zone.                enabled/disabled
            The "Download unsigned
            ActiveX controls" machine
            setting should be
            configured correctly for the
            Locked-Down Internet
CCE-16243-8 Zone.                        enabled/disabled


            The "Turn on Cross-Site
            Scripting (XSS) Filter"
            machine setting should be
            configured correctly for the
            Locked-Down Trusted
CCE-16230-5 Sites Zone.                  enabled/disabled


            The "Allow Scriptlets"
            machine setting should be
            configured correctly for the
            Locked-Down Internet
CCE-16637-1 Zone.                        enabled/disabled


            The "Loose XAML files"
            machine setting should be
            configured correctly for the
            Locked-Down Internet
CCE-16347-7 Zone.                        enabled/disabled


            The "Script ActiveX
            controls marked safe for
            scripting" machine setting
            should be configured
            correctly for the Locked-
CCE-15719-8 Down Local Machine Zone. enabled/disabled

            The "Navigate windows
            and frames across different
            domains" machine setting
            should be configured
            correctly for the Locked-
            Down Restricted Sites
CCE-16565-4 Zone.                       enabled/disabled

            The "Software channel
            permissions" machine
            setting should be
            configured correctly for the
            Locked-Down Intranet
CCE-16719-7 Zone.                        enabled/disabled
            The "Turn on Cross-Site
            Scripting (XSS) Filter"
            machine setting should be
            configured correctly for the
            Locked-Down Intranet
CCE-16178-6 Zone.                        enabled/disabled

            The "Web sites in less
            privileged Web content
            zones can navigate into
            this zone" machine setting
            should be configured
            correctly for the Locked-
CCE-16667-8 Down Trusted Sites Zone. enabled/disabled


            The "Use Pop-up Blocker"
            machine setting should be
            configured correctly for the
            Locked-Down Intranet
CCE-16650-4 Zone.                        enabled/disabled

            The "Allow cut, copy or
            paste operations from the
            clipboard via script"
            machine setting should be
            configured correctly for the
            Locked-Down Local
CCE-15807-1 Machine Zone.                enabled/disabled

            The "Allow cut, copy or
            paste operations from the
            clipboard via script"
            machine setting should be
            configured correctly for the
            Locked-Down Intranet
CCE-16425-1 Zone.                        enabled/disabled


            The "Allow status bar
            updates via script" machine
            setting should be
            configured correctly for the
            Locked-Down Trusted
CCE-16539-9 Sites Zone.                  enabled/disabled
            The "Allow binary and
            script behaviors" machine
            setting should be
            configured correctly for the
            Locked-Down Restricted
CCE-16857-5 Sites Zone.                  enabled/disabled


            The "Logon options"
            machine setting should be
            configured correctly for the
            Locked-Down Internet
CCE-16807-0 Zone.                        enabled/disabled


            The "Turn on Cross-Site
            Scripting (XSS) Filter"
            machine setting should be
            configured correctly for the
            Locked-Down Restricted
CCE-16233-9 Sites Zone.                  enabled/disabled


            The "Turn Off First-Run
            Opt-In" machine setting
            should be configured
            correctly for the Locked-
CCE-15949-1 Down Local Machine Zone. enabled/disabled


            The "Logon options"
            machine setting should be
            configured correctly for the
            Locked-Down Local
CCE-14981-5 Machine Zone.                enabled/disabled

            The "Allow binary and
            script behaviors" machine
            setting should be
            configured correctly for the
            Locked-Down Trusted
CCE-16160-4 Sites Zone.                  enabled/disabled


            The "Script ActiveX
            controls marked safe for
            scripting" machine setting
            should be configured
            correctly for the Locked-
CCE-16039-0 Down Internet Zone.          enabled/disabled
            The "Userdata persistence"
            machine setting should be
            configured correctly for the
            Locked-Down Local
CCE-15710-7 Machine Zone.                enabled/disabled

            The "Disable .NET
            Framework Setup"
            machine setting should be
            configured correctly for the
            Locked-Down Intranet
CCE-16668-6 Zone.                        enabled/disabled

            The "Allow scripting of
            Internet Explorer web
            browser control" machine
            setting should be
            configured correctly for the
            Locked-Down Restricted
CCE-16581-1 Sites Zone.                  enabled/disabled


            The "Download signed
            ActiveX controls" machine
            setting should be
            configured correctly for the
            Locked-Down Trusted
CCE-15682-8 Sites Zone.                  enabled/disabled


            The "Allow installation of
            desktop items" machine
            setting should be
            configured correctly for the
            Locked-Down Trusted
CCE-16614-0 Sites Zone.                  enabled/disabled

            The "Automatic prompting
            for file downloads" machine
            setting should be
            configured correctly for the
            Locked-Down Internet
CCE-16543-1 Zone.                        enabled/disabled

            The "Allow websites to
            prompt for information
            using scripted windows"
            machine setting should be
            configured correctly for the
            Locked-Down Intranet
CCE-16959-9 Zone.                        enabled/disabled
            The "Open files based on
            content, not file extension"
            machine setting should be
            configured correctly for the
            Locked-Down Intranet
CCE-16086-1 Zone.                        enabled/disabled


            The "Download signed
            ActiveX controls" machine
            setting should be
            configured correctly for the
            Locked-Down Local
CCE-15798-2 Machine Zone.                enabled/disabled


            The "Loose XAML files"
            machine setting should be
            configured correctly for the
            Locked-Down Trusted
CCE-16601-7 Sites Zone.                  enabled/disabled

            The "Software channel
            permissions" machine
            setting should be
            configured correctly for the
            Locked-Down Internet
CCE-16803-9 Zone.                        enabled/disabled


            The "Turn on Protected
            Mode" machine setting
            should be configured
            correctly for the Locked-
CCE-15811-3 Down Local Machine Zone. enabled/disabled


            The "Submit non-encrypted
            form data" machine setting
            should be configured
            correctly for the Locked-
CCE-16468-1 Down Internet Zone.        enabled/disabled

            The "Software channel
            permissions" machine
            setting should be
            configured correctly for the
            Locked-Down Trusted
CCE-16616-5 Sites Zone.                  enabled/disabled
            The "XAML browser
            applications" machine
            setting should be
            configured correctly for the
            Locked-Down Restricted
CCE-15897-2 Sites Zone.                  enabled/disabled

            The "Allow websites to
            prompt for information
            using scripted windows"
            machine setting should be
            configured correctly for the
            Locked-Down Restricted
CCE-16454-1 Sites Zone.                  enabled/disabled

            The "Initialize and script
            ActiveX controls not
            marked as safe" machine
            setting should be
            configured correctly for the
            Locked-Down Internet
CCE-16445-9 Zone.                        enabled/disabled


            The "Automatic prompting
            for ActiveX controls"
            machine setting should be
            configured correctly for the
            Locked-Down Trusted
CCE-16548-0 Sites Zone.                  enabled/disabled


            The "Display mixed
            content" machine setting
            should be configured
            correctly for the Locked-
CCE-15080-5 Down Local Machine Zone. enabled/disabled


            The "Launching
            applications and files in an
            IFRAME" machine setting
            should be configured
            correctly for the Locked-
CCE-15644-8 Down Local Machine Zone. enabled/disabled


            The "Allow active scripting"
            machine setting should be
            configured correctly for the
            Locked-Down Internet
CCE-16029-1 Zone.                        enabled/disabled
            The "Allow font downloads"
            machine setting should be
            configured correctly for the
            Locked-Down Restricted
CCE-16733-8 Sites Zone.                  enabled/disabled

            The "Disable .NET
            Framework Setup"
            machine setting should be
            configured correctly for the
            Locked-Down Local
CCE-15728-9 Machine Zone.                enabled/disabled

            The "Initialize and script
            ActiveX controls not
            marked as safe" machine
            setting should be
            configured correctly for the
            Locked-Down Local
CCE-15304-9 Machine Zone.                enabled/disabled


            The "Allow active scripting"
            machine setting should be
            configured correctly for the
            Locked-Down Trusted
CCE-16535-7 Sites Zone.                  enabled/disabled

            The "Allow websites to
            open windows without
            address or status bars"
            machine setting should be
            configured correctly for the
            Locked-Down Trusted
CCE-16519-1 Sites Zone.                  enabled/disabled


            The "Allow drag and drop
            or copy and paste files"
            machine setting should be
            configured correctly for the
            Locked-Down Trusted
CCE-15653-9 Sites Zone.                  enabled/disabled

            The "Web sites in less
            privileged Web content
            zones can navigate into
            this zone" machine setting
            should be configured
            correctly for the Locked-
CCE-15842-8 Down Local Machine Zone. enabled/disabled
            The "Do not prompt for
            client certificate selection
            when no certificates or only
            one certificate exists."
            machine setting should be
            configured correctly for the
            Locked-Down Intranet
CCE-16947-4 Zone.                        enabled/disabled


            The "Disable .NET
            Framework Setup"
            machine setting should be
            configured correctly for the
            Locked-Down Restricted
CCE-15906-1 Sites Zone.                  enabled/disabled


            The "Logon options"
            machine setting should be
            configured correctly for the
            Locked-Down Intranet
CCE-16954-0 Zone.                        enabled/disabled


            The "XPS documents"
            machine setting should be
            configured correctly for the
            Locked-Down Internet
CCE-16876-5 Zone.                        enabled/disabled


            The "Launching programs
            and unsafe files" machine
            setting should be
            configured correctly for the
            Locked-Down Local
CCE-15970-7 Machine Zone.                enabled/disabled

            The "Allow binary and
            script behaviors" machine
            setting should be
            configured correctly for the
            Locked-Down Internet
CCE-16793-2 Zone.                        enabled/disabled

            The "Scripting of Java
            applets" machine setting
            should be configured
            correctly for the Locked-
            Down Restricted Sites
CCE-16471-5 Zone.                        enabled/disabled
            The "Allow META
            REFRESH" machine
            setting should be
            configured correctly for the
            Locked-Down Internet
CCE-16499-6 Zone.                        enabled/disabled

            The "Only allow approved
            domains to use ActiveX
            controls without prompt"
            machine setting should be
            configured correctly for the
            Locked-Down Local
CCE-15864-2 Machine Zone.                enabled/disabled


            The "Allow active scripting"
            machine setting should be
            configured correctly for the
            Locked-Down Local
CCE-15847-7 Machine Zone.                enabled/disabled

            The "Disable .NET
            Framework Setup"
            machine setting should be
            configured correctly for the
            Locked-Down Internet
CCE-16841-9 Zone.                        enabled/disabled

            The "Download unsigned
            ActiveX controls" machine
            setting should be
            configured correctly for the
            Locked-Down Intranet
CCE-16077-0 Zone.                        enabled/disabled


            The "Allow status bar
            updates via script" machine
            setting should be
            configured correctly for the
            Locked-Down Local
CCE-15012-8 Machine Zone.                enabled/disabled


            The "Allow Scriptlets"
            machine setting should be
            configured correctly for the
            Locked-Down Local
CCE-15666-1 Machine Zone.                enabled/disabled
            The "Include local directory
            path when uploading files
            to a server" machine
            setting should be
            configured correctly for the
            Locked-Down Intranet
CCE-16104-2 Zone.                        enabled/disabled


            The "Download unsigned
            ActiveX controls" machine
            setting should be
            configured correctly for the
            Locked-Down Local
CCE-15960-8 Machine Zone.                enabled/disabled


            The "Automatic prompting
            for ActiveX controls"
            machine setting should be
            configured correctly for the
            Locked-Down Intranet
CCE-16009-3 Zone.                        enabled/disabled


            The "Open files based on
            content, not file extension"
            machine setting should be
            configured correctly for the
            Locked-Down Internet
CCE-16895-5 Zone.                        enabled/disabled


            The "Turn on Protected
            Mode" machine setting
            should be configured
            correctly for the Locked-
CCE-16225-5 Down Trusted Sites Zone.     enabled/disabled


            The "Allow file downloads"
            machine setting should be
            configured correctly for the
            Locked-Down Intranet
CCE-16205-7 Zone.                        enabled/disabled


            The "Launching
            applications and files in an
            IFRAME" machine setting
            should be configured
            correctly for the Locked-
CCE-16546-4 Down Intranet Zone.          enabled/disabled
            The "Submit non-encrypted
            form data" machine setting
            should be configured
            correctly for the Locked-
CCE-16932-6 Down Intranet Zone.        enabled/disabled


            The "Turn Off First-Run
            Opt-In" machine setting
            should be configured
            correctly for the Locked-
CCE-16891-4 Down Internet Zone.          enabled/disabled


            The "Turn on Cross-Site
            Scripting (XSS) Filter"
            machine setting should be
            configured correctly for the
            Locked-Down Internet
CCE-16886-4 Zone.                        enabled/disabled

            The "Script ActiveX
            controls marked safe for
            scripting" machine setting
            should be configured
            correctly for the Locked-
            Down Restricted Sites
CCE-16179-4 Zone.                        enabled/disabled

            The "Disable .NET
            Framework Setup"
            machine setting should be
            configured correctly for the
            Locked-Down Trusted
CCE-16246-1 Sites Zone.                  enabled/disabled


            The "Userdata persistence"
            machine setting should be
            configured correctly for the
            Locked-Down Trusted
CCE-16567-0 Sites Zone.                  enabled/disabled


            The "Launching programs
            and unsafe files" machine
            setting should be
            configured correctly for the
            Locked-Down Trusted
CCE-15813-9 Sites Zone.                  enabled/disabled
            The "Script ActiveX
            controls marked safe for
            scripting" machine setting
            should be configured
            correctly for the Locked-
CCE-15987-1 Down Intranet Zone.          enabled/disabled


            The "Navigate windows
            and frames across different
            domains" machine setting
            should be configured
            correctly for the Locked-
CCE-16533-2 Down Intranet Zone.         enabled/disabled


            The "Allow file downloads"
            machine setting should be
            configured correctly for the
            Locked-Down Restricted
CCE-16069-7 Sites Zone.                  enabled/disabled

            The "Allow video and
            animation on a Web page
            that uses a legacy media
            player" machine setting
            should be configured
            correctly for the Locked-
CCE-15934-3 Down Local Machine Zone. enabled/disabled


            The "Open files based on
            content, not file extension"
            machine setting should be
            configured correctly for the
            Locked-Down Local
CCE-15393-2 Machine Zone.                enabled/disabled

            The "Do not prompt for
            client certificate selection
            when no certificates or only
            one certificate exists."
            machine setting should be
            configured correctly for the
            Locked-Down Internet
CCE-16859-1 Zone.                        enabled/disabled
            The "Initialize and script
            ActiveX controls not
            marked as safe" machine
            setting should be
            configured correctly for the
            Locked-Down Restricted
CCE-16643-9 Sites Zone.                  enabled/disabled

            The "XAML browser
            applications" machine
            setting should be
            configured correctly for the
            Locked-Down Local
CCE-15208-2 Machine Zone.                enabled/disabled


            The "Download signed
            ActiveX controls" machine
            setting should be
            configured correctly for the
            Locked-Down Restricted
CCE-16737-9 Sites Zone.                  enabled/disabled


            The "Navigate windows
            and frames across different
            domains" machine setting
            should be configured
            correctly for the Locked-
CCE-15596-0 Down Local Machine Zone. enabled/disabled

            The "Allow cut, copy or
            paste operations from the
            clipboard via script"
            machine setting should be
            configured correctly for the
            Locked-Down Restricted
CCE-15909-5 Sites Zone.                  enabled/disabled


            The "XPS documents"
            machine setting should be
            configured correctly for the
            Locked-Down Restricted
CCE-16195-0 Sites Zone.                  enabled/disabled

            The "Allow websites to
            open windows without
            address or status bars"
            machine setting should be
            configured correctly for the
            Locked-Down Local
CCE-15362-7 Machine Zone.                enabled/disabled
            The "XAML browser
            applications" machine
            setting should be
            configured correctly for the
            Locked-Down Trusted
CCE-15766-9 Sites Zone.                  enabled/disabled


            The "Allow installation of
            desktop items" machine
            setting should be
            configured correctly for the
            Locked-Down Local
CCE-15983-0 Machine Zone.                enabled/disabled

            The "Allow installation of
            desktop items" machine
            setting should be
            configured correctly for the
            Locked-Down Intranet
CCE-16447-5 Zone.                        enabled/disabled

            The "Allow video and
            animation on a Web page
            that uses a legacy media
            player" machine setting
            should be configured
            correctly for the Locked-
CCE-15694-3 Down Trusted Sites Zone.     enabled/disabled

            The "Access data sources
            across domains" machine
            setting should be
            configured correctly for the
            Locked-Down Intranet
CCE-16617-3 Zone.                        enabled/disabled

            The "Allow video and
            animation on a Web page
            that uses a legacy media
            player" machine setting
            should be configured
            correctly for the Locked-
CCE-16730-4 Down Internet Zone.          enabled/disabled


            The "Loose XAML files"
            machine setting should be
            configured correctly for the
            Locked-Down Local
CCE-15017-7 Machine Zone.                enabled/disabled
            The "Allow installation of
            desktop items" machine
            setting should be
            configured correctly for the
            Locked-Down Restricted
CCE-16229-7 Sites Zone.                  enabled/disabled


            The "Userdata persistence"
            machine setting should be
            configured correctly for the
            Locked-Down Restricted
CCE-16784-1 Sites Zone.                  enabled/disabled


            The "Navigate windows
            and frames across different
            domains" machine setting
            should be configured
            correctly for the Locked-
CCE-16043-2 Down Internet Zone.         enabled/disabled

            The "Allow META
            REFRESH" machine
            setting should be
            configured correctly for the
            Locked-Down Restricted
CCE-16729-6 Sites Zone.                  enabled/disabled

            The "Run .NET Framework-
            reliant components not
            signed with Authenticode"
            machine setting should be
            configured correctly for the
            Locked-Down Intranet
CCE-16318-8 Zone.                        enabled/disabled


            The "Automatic prompting
            for ActiveX controls"
            machine setting should be
            configured correctly for the
            Locked-Down Restricted
CCE-15915-2 Sites Zone.                  enabled/disabled


            The "Display mixed
            content" machine setting
            should be configured
            correctly for the Locked-
CCE-16189-3 Down Internet Zone.          enabled/disabled
            The "Include local directory
            path when uploading files
            to a server" machine
            setting should be
            configured correctly for the
            Locked-Down Local
CCE-15600-0 Machine Zone.                enabled/disabled


            The "Allow Scriptlets"
            machine setting should be
            configured correctly for the
            Locked-Down Intranet
CCE-16373-3 Zone.                        enabled/disabled


            The "Use Pop-up Blocker"
            machine setting should be
            configured correctly for the
            Locked-Down Local
CCE-15957-4 Machine Zone.                enabled/disabled

            The "Allow installation of
            desktop items" machine
            setting should be
            configured correctly for the
            Locked-Down Internet
CCE-16854-2 Zone.                        enabled/disabled

            The "Allow scripting of
            Internet Explorer web
            browser control" machine
            setting should be
            configured correctly for the
            Locked-Down Local
CCE-15952-5 Machine Zone.                enabled/disabled


            The "Open files based on
            content, not file extension"
            machine setting should be
            configured correctly for the
            Locked-Down Trusted
CCE-16553-0 Sites Zone.                  enabled/disabled

            The "Allow status bar
            updates via script" machine
            setting should be
            configured correctly for the
            Locked-Down Intranet
CCE-16922-7 Zone.                        enabled/disabled
            The "Launching
            applications and files in an
            IFRAME" machine setting
            should be configured
            correctly for the Locked-
            Down Restricted Sites
CCE-16577-9 Zone.                        enabled/disabled


            The "Download unsigned
            ActiveX controls" machine
            setting should be
            configured correctly for the
            Locked-Down Trusted
CCE-15639-8 Sites Zone.                  enabled/disabled


            The "Access data sources
            across domains" machine
            setting should be
            configured correctly for the
            Locked-Down Local
CCE-15971-5 Machine Zone.                enabled/disabled

            The "Run ActiveX controls
            and plugins" machine
            setting should be
            configured correctly for the
            Locked-Down Internet
CCE-17009-2 Zone.                        enabled/disabled


            The "Allow Scriptlets"
            machine setting should be
            configured correctly for the
            Locked-Down Trusted
CCE-16517-5 Sites Zone.                  enabled/disabled

            The "Download signed
            ActiveX controls" machine
            setting should be
            configured correctly for the
            Locked-Down Intranet
CCE-16943-3 Zone.                        enabled/disabled


            The "Display mixed
            content" machine setting
            should be configured
            correctly for the Locked-
CCE-16224-8 Down Trusted Sites Zone.     enabled/disabled
            The "Allow video and
            animation on a Web page
            that uses a legacy media
            player" machine setting
            should be configured
            correctly for the Locked-
            Down Restricted Sites
CCE-16004-4 Zone.                        enabled/disabled


            The "Use Pop-up Blocker"
            machine setting should be
            configured correctly for the
            Locked-Down Restricted
CCE-16724-7 Sites Zone.                  enabled/disabled


            The "Logon options"
            machine setting should be
            configured correctly for the
            Locked-Down Restricted
CCE-16092-9 Sites Zone.                  enabled/disabled


            The "Userdata persistence"
            machine setting should be
            configured correctly for the
            Locked-Down Intranet
CCE-16595-1 Zone.                        enabled/disabled


            The "Automatic prompting
            for ActiveX controls"
            machine setting should be
            configured correctly for the
            Locked-Down Internet
CCE-16274-3 Zone.                        enabled/disabled

            The "Allow websites to
            open windows without
            address or status bars"
            machine setting should be
            configured correctly for the
            Locked-Down Intranet
CCE-16824-5 Zone.                        enabled/disabled


            The "Allow font downloads"
            machine setting should be
            configured correctly for the
            Locked-Down Internet
CCE-16607-4 Zone.                        enabled/disabled
            The "XPS documents"
            machine setting should be
            configured correctly for the
            Locked-Down Trusted
CCE-16571-2 Sites Zone.                  enabled/disabled

            The "Allow video and
            animation on a Web page
            that uses a legacy media
            player" machine setting
            should be configured
            correctly for the Locked-
CCE-16963-1 Down Intranet Zone.          enabled/disabled

            The "Run .NET Framework-
            reliant components signed
            with Authenticode"
            machine setting should be
            configured correctly for the
            Locked-Down Intranet
CCE-16188-5 Zone.                        enabled/disabled


            The "Turn Off First-Run
            Opt-In" machine setting
            should be configured
            correctly for the Locked-
CCE-16105-9 Down Trusted Sites Zone.     enabled/disabled


            The "Scripting of Java
            applets" machine setting
            should be configured
            correctly for the Locked-
CCE-15948-3 Down Local Machine Zone. enabled/disabled


            The "Allow active scripting"
            machine setting should be
            configured correctly for the
            Locked-Down Intranet
CCE-16985-4 Zone.                        enabled/disabled

            The "Allow status bar
            updates via script" machine
            setting should be
            configured correctly for the
            Locked-Down Internet
CCE-16096-0 Zone.                        enabled/disabled
            The "Allow status bar
            updates via script" machine
            setting should be
            configured correctly for the
            Locked-Down Restricted
CCE-16830-2 Sites Zone.                  enabled/disabled


            The "Launching programs
            and unsafe files" machine
            setting should be
            configured correctly for the
            Locked-Down Restricted
CCE-16110-9 Sites Zone.                  enabled/disabled


            The "Display mixed
            content" machine setting
            should be configured
            correctly for the Locked-
CCE-16957-3 Down Intranet Zone.          enabled/disabled

            The "Allow websites to
            prompt for information
            using scripted windows"
            machine setting should be
            configured correctly for the
            Locked-Down Local
CCE-15851-9 Machine Zone.                enabled/disabled


            The "Script ActiveX
            controls marked safe for
            scripting" machine setting
            should be configured
            correctly for the Locked-
CCE-16490-5 Down Trusted Sites Zone.     enabled/disabled

            The "XAML browser
            applications" machine
            setting should be
            configured correctly for the
            Locked-Down Intranet
CCE-16935-9 Zone.                        enabled/disabled


            The "Allow file downloads"
            machine setting should be
            configured correctly for the
            Locked-Down Trusted
CCE-15642-2 Sites Zone.                  enabled/disabled
            The "Allow active scripting"
            machine setting should be
            configured correctly for the
            Locked-Down Restricted
CCE-15892-3 Sites Zone.                  enabled/disabled


            The "Download unsigned
            ActiveX controls" machine
            setting should be
            configured correctly for the
            Locked-Down Restricted
CCE-16320-4 Sites Zone.                  enabled/disabled

            The "Run .NET Framework-
            reliant components not
            signed with Authenticode"
            machine setting should be
            configured correctly for the
            Locked-Down Trusted
CCE-16635-5 Sites Zone.                  enabled/disabled


            The "Turn on Cross-Site
            Scripting (XSS) Filter"
            machine setting should be
            configured correctly for the
            Locked-Down Local
CCE-15732-1 Machine Zone.                enabled/disabled

            The "Display mixed
            content" machine setting
            should be configured
            correctly for the Locked-
            Down Restricted Sites
CCE-16392-3 Zone.                        enabled/disabled

            The "Software channel
            permissions" machine
            setting should be
            configured correctly for the
            Locked-Down Local
CCE-15956-6 Machine Zone.                enabled/disabled

            The "Allow binary and
            script behaviors" machine
            setting should be
            configured correctly for the
            Locked-Down Intranet
CCE-16972-2 Zone.                        enabled/disabled
            The "Allow META
            REFRESH" machine
            setting should be
            configured correctly for the
            Locked-Down Trusted
CCE-15954-1 Sites Zone.                  enabled/disabled

            The "Initialize and script
            ActiveX controls not
            marked as safe" machine
            setting should be
            configured correctly for the
            Locked-Down Trusted
CCE-16631-4 Sites Zone.                  enabled/disabled


            The "Use Pop-up Blocker"
            machine setting should be
            configured correctly for the
            Locked-Down Trusted
CCE-16228-9 Sites Zone.                  enabled/disabled


            The "XPS documents"
            machine setting should be
            configured correctly for the
            Locked-Down Local
CCE-15891-5 Machine Zone.                enabled/disabled

            The "Allow META
            REFRESH" machine
            setting should be
            configured correctly for the
            Locked-Down Intranet
CCE-16782-5 Zone.                        enabled/disabled


            The "Scripting of Java
            applets" machine setting
            should be configured
            correctly for the Locked-
CCE-16371-7 Down Trusted Sites Zone.     enabled/disabled


            The "Scripting of Java
            applets" machine setting
            should be configured
            correctly for the Locked-
CCE-16828-6 Down Intranet Zone.          enabled/disabled
            The "Run ActiveX controls
            and plugins" machine
            setting should be
            configured correctly for the
            Locked-Down Local
CCE-15944-2 Machine Zone.                enabled/disabled

            The "Allow script-initiated
            windows without size or
            position constraints"
            machine setting should be
            configured correctly for the
            Locked-Down Internet
CCE-16600-9 Zone.                        enabled/disabled

            The "Do not prompt for
            client certificate selection
            when no certificates or only
            one certificate exists."
            machine setting should be
            configured correctly for the
            Locked-Down Restricted
CCE-15901-2 Sites Zone.                  enabled/disabled

            The "Include local directory
            path when uploading files
            to a server" machine
            setting should be
            configured correctly for the
            Locked-Down Restricted
CCE-16789-0 Sites Zone.                  enabled/disabled


            The "Access data sources
            across domains" machine
            setting should be
            configured correctly for the
            Locked-Down Restricted
CCE-16714-8 Sites Zone.                  enabled/disabled


            The "Allow font downloads"
            machine setting should be
            configured correctly for the
            Locked-Down Intranet
CCE-16851-8 Zone.                        enabled/disabled
            The "XAML browser
            applications" machine
            setting should be
            configured correctly for the
            Locked-Down Internet
CCE-16547-2 Zone.                        enabled/disabled


            The "Allow drag and drop
            or copy and paste files"
            machine setting should be
            configured correctly for the
            Locked-Down Restricted
CCE-16094-5 Sites Zone.                  enabled/disabled

            The "Launching programs
            and unsafe files" machine
            setting should be
            configured correctly for the
            Locked-Down Intranet
CCE-16624-9 Zone.                        enabled/disabled


            The "Allow drag and drop
            or copy and paste files"
            machine setting should be
            configured correctly for the
            Locked-Down Local
CCE-15198-5 Machine Zone.                enabled/disabled

            The "Allow script-initiated
            windows without size or
            position constraints"
            machine setting should be
            configured correctly for the
            Locked-Down Local
CCE-15016-9 Machine Zone.                enabled/disabled


            The "Automatic prompting
            for file downloads" machine
            setting should be
            configured correctly for the
            Locked-Down Restricted
CCE-16460-8 Sites Zone.                  enabled/disabled

            The "Include local directory
            path when uploading files
            to a server" machine
            setting should be
            configured correctly for the
            Locked-Down Trusted
CCE-16575-3 Sites Zone.                  enabled/disabled
            The "Initialize and script
            ActiveX controls not
            marked as safe" machine
            setting should be
            configured correctly for the
            Locked-Down Intranet
CCE-16953-2 Zone.                        enabled/disabled


            The "XPS documents"
            machine setting should be
            configured correctly for the
            Locked-Down Intranet
CCE-16465-7 Zone.                        enabled/disabled


            The "Submit non-encrypted
            form data" machine setting
            should be configured
            correctly for the Locked-
            Down Restricted Sites
CCE-15920-2 Zone.                      enabled/disabled

            The "Run .NET Framework-
            reliant components signed
            with Authenticode"
            machine setting should be
            configured correctly for the
            Locked-Down Restricted
CCE-16861-7 Sites Zone.                  enabled/disabled
            The "Web sites in less
            privileged Web content
            zones can navigate into
            this zone" machine setting
            should be configured
            correctly for the Locked-
            Down Restricted Sites
CCE-16872-4 Zone.                        enabled/disabled


            The "Use Pop-up Blocker"
            machine setting should be
            configured correctly for the
            Locked-Down Internet
CCE-16362-6 Zone.                        enabled/disabled

            The "Run .NET Framework-
            reliant components signed
            with Authenticode"
            machine setting should be
            configured correctly for the
            Locked-Down Internet
CCE-16880-7 Zone.                        enabled/disabled
            The "Allow META
            REFRESH" machine
            setting should be
            configured correctly for the
            Locked-Down Local
CCE-15794-1 Machine Zone.                enabled/disabled


            The "Allow Scriptlets"
            machine setting should be
            configured correctly for the
            Locked-Down Restricted
CCE-16552-2 Sites Zone.                  enabled/disabled


            The "Turn on Protected
            Mode" machine setting
            should be configured
            correctly for the Locked-
CCE-16987-0 Down Internet Zone.          enabled/disabled


            The "Automatic prompting
            for ActiveX controls"
            machine setting should be
            configured correctly for the
            Locked-Down Local
CCE-15900-4 Machine Zone.                enabled/disabled

            The "Do not prompt for
            client certificate selection
            when no certificates or only
            one certificate exists."
            machine setting should be
            configured correctly for the
            Locked-Down Local
CCE-15594-5 Machine Zone.                enabled/disabled

            The "Allow websites to
            prompt for information
            using scripted windows"
            machine setting should be
            configured correctly for the
            Locked-Down Trusted
CCE-16549-8 Sites Zone.                  enabled/disabled

            The "Allow websites to
            open windows without
            address or status bars"
            machine setting should be
            configured correctly for the
            Locked-Down Internet
CCE-16020-0 Zone.                        enabled/disabled
            The "Run .NET Framework-
            reliant components not
            signed with Authenticode"
            machine setting should be
            configured correctly for the
            Locked-Down Local
CCE-15021-9 Machine Zone.                enabled/disabled

            The "Run .NET Framework-
            reliant components not
            signed with Authenticode"
            machine setting should be
            configured correctly for the
            Locked-Down Internet
CCE-16375-8 Zone.                        enabled/disabled

            The "Software channel
            permissions" machine
            setting should be
            configured correctly for the
            Locked-Down Restricted
CCE-16238-8 Sites Zone.                  enabled/disabled

            The "Allow websites to
            prompt for information
            using scripted windows"
            machine setting should be
            configured correctly for the
            Locked-Down Internet
CCE-16613-2 Zone.                        enabled/disabled

            The "Allow script-initiated
            windows without size or
            position constraints"
            machine setting should be
            configured correctly for the
            Locked-Down Trusted
CCE-15689-3 Sites Zone.                  enabled/disabled

            The "Automatic prompting
            for file downloads" machine
            setting should be
            configured correctly for the
            Locked-Down Intranet
CCE-16298-2 Zone.                        enabled/disabled


            The "Allow font downloads"
            machine setting should be
            configured correctly for the
            Locked-Down Local
CCE-15850-1 Machine Zone.                enabled/disabled
            The "Allow scripting of
            Internet Explorer web
            browser control" machine
            setting should be
            configured correctly for the
            Locked-Down Trusted
CCE-16382-4 Sites Zone.                  enabled/disabled

            The "Run .NET Framework-
            reliant components signed
            with Authenticode"
            machine setting should be
            configured correctly for the
            Locked-Down Local
CCE-15904-6 Machine Zone.                enabled/disabled


            The "Allow drag and drop
            or copy and paste files"
            machine setting should be
            configured correctly for the
            Locked-Down Internet
CCE-16030-9 Zone.                        enabled/disabled

            The "Allow websites to
            open windows without
            address or status bars"
            machine setting should be
            configured correctly for the
            Locked-Down Restricted
CCE-16839-3 Sites Zone.                  enabled/disabled

            The "Run .NET Framework-
            reliant components not
            signed with Authenticode"
            machine setting should be
            configured correctly for the
            Locked-Down Restricted
CCE-16242-0 Sites Zone.                  enabled/disabled


            The "Turn on Protected
            Mode" machine setting
            should be configured
            correctly for the Locked-
CCE-16976-3 Down Intranet Zone.          enabled/disabled

            The "Turn Off First-Run
            Opt-In" machine setting
            should be configured
            correctly for the Locked-
            Down Restricted Sites
CCE-16212-3 Zone.                        enabled/disabled
            The "Submit non-encrypted
            form data" machine setting
            should be configured
            correctly for the Locked-
CCE-15697-6 Down Local Machine Zone. enabled/disabled


            The "Automatic prompting
            for file downloads" machine
            setting should be
            configured correctly for the
            Locked-Down Local
CCE-14982-3 Machine Zone.                enabled/disabled

            The "Include local directory
            path when uploading files
            to a server" machine
            setting should be
            configured correctly for the
            Locked-Down Internet
CCE-16867-4 Zone.                        enabled/disabled


            The "Allow drag and drop
            or copy and paste files"
            machine setting should be
            configured correctly for the
            Locked-Down Intranet
CCE-16965-6 Zone.                        enabled/disabled


            The "Scripting of Java
            applets" machine setting
            should be configured
            correctly for the Locked-
CCE-16193-5 Down Internet Zone.          enabled/disabled


            The "Submit non-encrypted
            form data" machine setting
            should be configured
            correctly for the Locked-
CCE-16416-0 Down Trusted Sites Zone. enabled/disabled


            The "Run ActiveX controls
            and plugins" machine
            setting should be
            configured correctly for the
            Locked-Down Restricted
CCE-15980-6 Sites Zone.                  enabled/disabled
            The "Launching programs
            and unsafe files" machine
            setting should be
            configured correctly for the
            Locked-Down Internet
CCE-16013-5 Zone.                        enabled/disabled


            The "Access data sources
            across domains" machine
            setting should be
            configured correctly for the
            Locked-Down Trusted
CCE-15681-0 Sites Zone.                  enabled/disabled

            The "Allow cut, copy or
            paste operations from the
            clipboard via script"
            machine setting should be
            configured correctly for the
            Locked-Down Trusted
CCE-16498-8 Sites Zone.                  enabled/disabled

            The "Allow scripting of
            Internet Explorer web
            browser control" machine
            setting should be
            configured correctly for the
            Locked-Down Internet
CCE-16811-2 Zone.                        enabled/disabled


            The "Navigate windows
            and frames across different
            domains" machine setting
            should be configured
            correctly for the Locked-
CCE-16387-3 Down Trusted Sites Zone. enabled/disabled


            The "Logon options"
            machine setting should be
            configured correctly for the
            Locked-Down Trusted
CCE-16622-3 Sites Zone.                  enabled/disabled

            The "Only allow approved
            domains to use ActiveX
            controls without prompt"
            machine setting should be
            configured correctly for the
            Locked-Down Trusted
CCE-16605-8 Sites Zone.                  enabled/disabled
            The "Access data sources
            across domains" machine
            setting should be
            configured correctly for the
            Locked-Down Internet
CCE-17036-5 Zone.                        enabled/disabled

            The "Allow script-initiated
            windows without size or
            position constraints"
            machine setting should be
            configured correctly for the
            Locked-Down Intranet
CCE-16948-2 Zone.                        enabled/disabled


            The "Open files based on
            content, not file extension"
            machine setting should be
            configured correctly for the
            Locked-Down Restricted
CCE-16798-1 Sites Zone.                  enabled/disabled


            The "Allow file downloads"
            machine setting should be
            configured correctly for the
            Locked-Down Internet
CCE-16951-6 Zone.                        enabled/disabled

            The "Only allow approved
            domains to use ActiveX
            controls without prompt"
            machine setting should be
            configured correctly for the
            Locked-Down Intranet
CCE-16540-7 Zone.                        enabled/disabled

            The "Run ActiveX controls
            and plugins" machine
            setting should be
            configured correctly for the
            Locked-Down Trusted
CCE-15674-5 Sites Zone.                  enabled/disabled

            The "Run .NET Framework-
            reliant components signed
            with Authenticode"
            machine setting should be
            configured correctly for the
            Locked-Down Trusted
CCE-16504-3 Sites Zone.                  enabled/disabled
            The "Allow script-initiated
            windows without size or
            position constraints"
            machine setting should be
            configured correctly for the
            Locked-Down Restricted
CCE-16885-6 Sites Zone.                  enabled/disabled


            The "Launching
            applications and files in an
            IFRAME" machine setting
            should be configured
            correctly for the Locked-
CCE-16627-2 Down Trusted Sites Zone. enabled/disabled

            The "Do not prompt for
            client certificate selection
            when no certificates or only
            one certificate exists."
            machine setting should be
            configured correctly for the
            Locked-Down Trusted
CCE-16380-8 Sites Zone.                  enabled/disabled


            The "Turn Off First-Run
            Opt-In" machine setting
            should be configured
            correctly for the Locked-
CCE-16288-3 Down Intranet Zone.          enabled/disabled

            The "Allow scripting of
            Internet Explorer web
            browser control" machine
            setting should be
            configured correctly for the
            Locked-Down Intranet
CCE-16342-8 Zone.                        enabled/disabled

            The "Run ActiveX controls
            and plugins" machine
            setting should be
            configured correctly for the
            Locked-Down Intranet
CCE-15985-5 Zone.                        enabled/disabled
            The "Automatic prompting
            for file downloads" machine
            setting should be
            configured correctly for the
            Locked-Down Trusted
CCE-16513-4 Sites Zone.                  enabled/disabled


            The "Loose XAML files"
            machine setting should be
            configured correctly for the
            Locked-Down Intranet
CCE-16183-6 Zone.                        enabled/disabled

            The "Web sites in less
            privileged Web content
            zones can navigate into
            this zone" machine setting
            should be configured
            correctly for the Locked-
CCE-16010-1 Down Intranet Zone.        enabled/disabled


            The "File size limits for
            Local Machine zone"
            current user setting should
CCE-16524-1 be configured correctly.    enabled/disabled


            The "File size limits for
            Intranet zone" current user
            setting should be
CCE-15903-8 configured correctly.       enabled/disabled


            The "File size limits for
            Internet zone" current user
            setting should be
CCE-16555-5 configured correctly.       enabled/disabled


            The "File size limits for
            Restricted Sites zone"
            current user setting should
CCE-16317-0 be configured correctly.    enabled/disabled


            The "File size limits for
            Trusted Sites zone" current
            user setting should be
CCE-15776-8 configured correctly.       enabled/disabled
            The "Allow websites to
            prompt for information
            using scripted windows"
            machine setting should be
            configured correctly for the
CCE-15841-0 Intranet Zone.               enabled/disabled

            The "Run ActiveX controls
            and plugins" machine
            setting should be
            configured correctly for the
CCE-15360-1 Intranet Zone.               enabled/disabled

            The "XAML browser
            applications" machine
            setting should be
            configured correctly for the
CCE-15705-7 Intranet Zone.               enabled/disabled

            The "Use SmartScreen
            Filter" machine setting
            should be configured
            correctly for the Intranet
CCE-15619-0 Zone.                        enabled/disabled

            The "Allow cut, copy or
            paste operations from the
            clipboard via script"
            machine setting should be
            configured correctly for the
CCE-15295-9 Intranet Zone.               enabled/disabled

            The "Allow active content
            over restricted protocols to
            access my computer"
            machine setting should be
            configured correctly for the
CCE-14928-6 Intranet Zone.               enabled/disabled

            The "Turn on Cross-Site
            Scripting (XSS) Filter"
            machine setting should be
            configured correctly for the
CCE-15818-8 Intranet Zone.               enabled/disabled

            The "Allow binary and
            script behaviors" machine
            setting should be
            configured correctly for the
CCE-15802-2 Intranet Zone.               enabled/disabled
            The "Turn Off First-Run
            Opt-In" machine setting
            should be configured
            correctly for the Intranet
CCE-15762-8 Zone.                        enabled/disabled

            The "Download unsigned
            ActiveX controls" machine
            setting should be
            configured correctly for the
CCE-15168-8 Intranet Zone.               enabled/disabled

            The "Run .NET Framework-
            reliant components signed
            with Authenticode"
            machine setting should be
            configured correctly for the
CCE-14930-2 Intranet Zone.               enabled/disabled

            The "Include local directory
            path when uploading files
            to a server" machine
            setting should be
            configured correctly for the
CCE-15775-0 Intranet Zone.               enabled/disabled

            The "Turn on Protected
            Mode" machine setting
            should be configured
            correctly for the Intranet
CCE-15082-1 Zone.                        enabled/disabled

            The "Allow scripting of
            Internet Explorer web
            browser control" machine
            setting should be
            configured correctly for the
CCE-15534-1 Intranet Zone.               enabled/disabled

            The "Scripting of Java
            applets" machine setting
            should be configured
            correctly for the Intranet
CCE-15771-9 Zone.                        enabled/disabled
            The "Launching
            applications and files in an
            IFRAME" machine setting
            should be configured
            correctly for the Intranet
CCE-15714-9 Zone.                        enabled/disabled
            The "Access data sources
            across domains" machine
            setting should be
            configured correctly for the
CCE-15219-9 Intranet Zone.               enabled/disabled

            The "Display mixed
            content" machine setting
            should be configured
            correctly for the Intranet
CCE-15866-7 Zone.                        enabled/disabled


            The "Allow active scripting"
            machine setting should be
            configured correctly for the
CCE-15908-7 Intranet Zone.               enabled/disabled

            The "Do not prompt for
            client certificate selection
            when no certificates or only
            one certificate exists."
            machine setting should be
            configured correctly for the
CCE-15846-9 Intranet Zone.               enabled/disabled

            The "Software channel
            permissions" machine
            setting should be
            configured correctly for the
CCE-15300-7 Intranet Zone.               enabled/disabled

            The "Allow META
            REFRESH" machine
            setting should be
            configured correctly for the
CCE-15580-4 Intranet Zone.               enabled/disabled


            The "Allow Scriptlets"
            machine setting should be
            configured correctly for the
CCE-15899-8 Intranet Zone.               enabled/disabled
            The "Script ActiveX
            controls marked safe for
            scripting" machine setting
            should be configured
            correctly for the Intranet
CCE-15753-7 Zone.                        enabled/disabled
            The "Allow font downloads"
            machine setting should be
            configured correctly for the
CCE-15489-8 Intranet Zone.               enabled/disabled

            The "Submit non-encrypted
            form data" machine setting
            should be configured
            correctly for the Intranet
CCE-15234-8 Zone.                      enabled/disabled
            The "Web sites in less
            privileged Web content
            zones can navigate into
            this zone" machine setting
            should be configured
            correctly for the Intranet
CCE-14934-4 Zone.                      enabled/disabled

            The "Automatic prompting
            for file downloads" machine
            setting should be
            configured correctly for the
CCE-14926-0 Intranet Zone.               enabled/disabled


            The "Userdata persistence"
            machine setting should be
            configured correctly for the
CCE-15057-3 Intranet Zone.               enabled/disabled
            The "Allow video and
            animation on a Web page
            that uses a legacy media
            player" machine setting
            should be configured
            correctly for the Intranet
CCE-14959-1 Zone.                        enabled/disabled


            The "Allow file downloads"
            machine setting should be
            configured correctly for the
CCE-15894-9 Intranet Zone.               enabled/disabled

            The "Allow installation of
            desktop items" machine
            setting should be
            configured correctly for the
CCE-15621-6 Intranet Zone.               enabled/disabled
            The "Allow drag and drop
            or copy and paste files"
            machine setting should be
            configured correctly for the
CCE-15286-8 Intranet Zone.               enabled/disabled


            The "Loose XAML files"
            machine setting should be
            configured correctly for the
CCE-15840-2 Intranet Zone.               enabled/disabled

            The "Allow websites to
            open windows without
            address or status bars"
            machine setting should be
            configured correctly for the
CCE-15476-5 Intranet Zone.               enabled/disabled

            The "Run .NET Framework-
            reliant components not
            signed with Authenticode"
            machine setting should be
            configured correctly for the
CCE-15612-5 Intranet Zone.               enabled/disabled

            The "Only allow approved
            domains to use ActiveX
            controls without prompt"
            machine setting should be
            configured correctly for the
CCE-15758-6 Intranet Zone.               enabled/disabled

            The "Launching programs
            and unsafe files" machine
            setting should be
            configured correctly for the
CCE-15780-0 Intranet Zone.               enabled/disabled


            The "Logon options"
            machine setting should be
            configured correctly for the
CCE-15084-7 Intranet Zone.               enabled/disabled

            The "Initialize and script
            ActiveX controls not
            marked as safe" machine
            setting should be
            configured correctly for the
CCE-15784-2 Intranet Zone.               enabled/disabled
            The "Use Pop-up Blocker"
            machine setting should be
            configured correctly for the
CCE-15767-7 Intranet Zone.               enabled/disabled

            The "Open files based on
            content, not file extension"
            machine setting should be
            configured correctly for the
CCE-15736-2 Intranet Zone.               enabled/disabled

            The "Navigate windows
            and frames across different
            domains" machine setting
            should be configured
            correctly for the Intranet
CCE-15814-7 Zone.                       enabled/disabled

            The "Disable .NET
            Framework Setup"
            machine setting should be
            configured correctly for the
CCE-14943-5 Intranet Zone.               enabled/disabled

            The "Allow script-initiated
            windows without size or
            position constraints"
            machine setting should be
            configured correctly for the
CCE-15824-6 Intranet Zone.               enabled/disabled


            The "XPS documents"
            machine setting should be
            configured correctly for the
CCE-15793-3 Intranet Zone.               enabled/disabled

            The "Allow status bar
            updates via script" machine
            setting should be
            configured correctly for the
CCE-15930-1 Intranet Zone.               enabled/disabled

            The "Automatic prompting
            for ActiveX controls"
            machine setting should be
            configured correctly for the
CCE-15819-6 Intranet Zone.               enabled/disabled
            The "Add-on Management:
            Process List" machine
            setting should be
CCE-16551-4 configured correctly.   enabled/disabled




            The "Add-on List" machine
            setting should be
CCE-16269-3 configured correctly.     enabled/disabled

            The "Deny all add-ons
            unless specifically allowed
            in the Add-on List" machine
            setting should be
CCE-15982-2 configured correctly.       enabled/disabled




            The "Add-on Management:
            All Processes" machine
            setting should be
CCE-16921-9 configured correctly.   enabled/disabled

            The "Scripted Window
            Security Restrictions:
            Process List" current user
            setting should be
CCE-15886-5 configured correctly.        enabled/disabled

            The "Scripted Window
            Security Restrictions:
            Internet Explorer
            Processes" current user
            setting should be
CCE-16462-4 configured correctly.        enabled/disabled


            The "Scripted Window
            Security Restrictions: All
            Processes" current user
            setting should be
CCE-16467-3 configured correctly.        enabled/disabled


            The "Use Policy List of
            Internet Explorer 7 sites"
            machine setting should be
CCE-15804-8 configured correctly.      enabled/disabled
            The "Turn off Compatibility
            View button" machine
            setting should be
CCE-15822-0 configured correctly.       enabled/disabled

            The "Turn on Internet
            Explorer 7 Standards
            Mode" machine setting
            should be configured
CCE-14932-8 correctly.                   enabled/disabled

            The "Turn on Internet
            Explorer Standards Mode
            for Local Intranet" machine
            setting should be
CCE-15575-4 configured correctly.       enabled/disabled


            The "Turn off Compatibility
            View" machine setting
            should be configured
CCE-15707-3 correctly.                  enabled/disabled


            The "Turn off Data
            Execution Prevention"
            machine setting should be
CCE-16656-1 configured correctly.     enabled/disabled


            The "Turn off Data URI
            Support" machine setting
            should be configured
CCE-16661-1 correctly.                   enabled/disabled


            The "Turn off Windows
            Search AutoComplete"
            machine setting should be
CCE-15896-4 configured correctly.     enabled/disabled

            The "Launching programs
            and unsafe files" current
            user setting should be
            configured correctly for the
CCE-15859-2 Intranet Zone.               enabled/disabled

            The "Download unsigned
            ActiveX controls" current
            user setting should be
            configured correctly for the
CCE-16385-7 Intranet Zone.               enabled/disabled
            The "Run .NET Framework-
            reliant components signed
            with Authenticode" current
            user setting should be
            configured correctly for the
CCE-16053-1 Intranet Zone.               enabled/disabled

            The "Automatic prompting
            for file downloads" current
            user setting should be
            configured correctly for the
CCE-15450-0 Intranet Zone.               enabled/disabled

            The "Allow script-initiated
            windows without size or
            position constraints"
            current user setting should
            be configured correctly for
CCE-16437-6 the Intranet Zone.          enabled/disabled

            The "Run ActiveX controls
            and plugins" current user
            setting should be
            configured correctly for the
CCE-15735-4 Intranet Zone.               enabled/disabled

            The "Use SmartScreen
            Filter" current user setting
            should be configured
            correctly for the Intranet
CCE-16433-5 Zone.                          enabled/disabled

            The "Software channel
            permissions" current user
            setting should be
            configured correctly for the
CCE-16424-4 Intranet Zone.               enabled/disabled

            The "Download signed
            ActiveX controls" current
            user setting should be
            configured correctly for the
CCE-16428-5 Intranet Zone.               enabled/disabled

            The "Allow active content
            over restricted protocols to
            access my computer"
            current user setting should
            be configured correctly for
CCE-15460-9 the Intranet Zone.           enabled/disabled
            The "Loose XAML files"
            current user setting should
            be configured correctly for
CCE-16057-2 the Intranet Zone.          enabled/disabled

            The "Allow META
            REFRESH" current user
            setting should be
            configured correctly for the
CCE-16398-0 Intranet Zone.               enabled/disabled
            The "Navigate windows
            and frames across different
            domains" current user
            setting should be
            configured correctly for the
CCE-16328-7 Intranet Zone.               enabled/disabled

            The "Allow websites to
            open windows without
            address or status bars"
            current user setting should
            be configured correctly for
CCE-15673-7 the Intranet Zone.          enabled/disabled


            The "Java permissions"
            current user setting should
            be configured correctly for
CCE-16435-0 the Intranet Zone.          enabled/disabled

            The "Automatic prompting
            for ActiveX controls"
            current user setting should
            be configured correctly for
CCE-16397-2 the Intranet Zone.          enabled/disabled

            The "Turn on Cross-Site
            Scripting (XSS) Filter"
            current user setting should
            be configured correctly for
CCE-15913-7 the Intranet Zone.           enabled/disabled
            The "Web sites in less
            privileged Web content
            zones can navigate into
            this zone" current user
            setting should be
            configured correctly for the
CCE-15696-8 Intranet Zone.               enabled/disabled
            The "Allow drag and drop
            or copy and paste files"
            current user setting should
            be configured correctly for
CCE-16248-7 the Intranet Zone.          enabled/disabled


            The "Use Pop-up Blocker"
            current user setting should
            be configured correctly for
CCE-16114-1 the Intranet Zone.          enabled/disabled

            The "Display mixed
            content" current user
            setting should be
            configured correctly for the
CCE-16115-8 Intranet Zone.               enabled/disabled


            The "Allow Scriptlets"
            current user setting should
            be configured correctly for
CCE-16202-4 the Intranet Zone.           enabled/disabled
            The "Initialize and script
            ActiveX controls not
            marked as safe" current
            user setting should be
            configured correctly for the
CCE-15421-1 Intranet Zone.               enabled/disabled
            The "Launching
            applications and files in an
            IFRAME" current user
            setting should be
            configured correctly for the
CCE-16330-3 Intranet Zone.               enabled/disabled

            The "Scripting of Java
            applets" current user
            setting should be
            configured correctly for the
CCE-16411-1 Intranet Zone.               enabled/disabled

            The "Allow status bar
            updates via script" current
            user setting should be
            configured correctly for the
CCE-15854-3 Intranet Zone.               enabled/disabled

            The "Turn on Protected
            Mode" current user setting
            should be configured
            correctly for the Intranet
CCE-15464-1 Zone.                      enabled/disabled
            The "Userdata persistence"
            current user setting should
            be configured correctly for
CCE-16358-4 the Intranet Zone.           enabled/disabled
            The "Script ActiveX
            controls marked safe for
            scripting" current user
            setting should be
            configured correctly for the
CCE-15443-5 Intranet Zone.               enabled/disabled

            The "Include local directory
            path when uploading files
            to a server" current user
            setting should be
            configured correctly for the
CCE-16216-4 Intranet Zone.               enabled/disabled
            The "Allow video and
            animation on a Web page
            that uses a legacy media
            player" current user setting
            should be configured
            correctly for the Intranet
CCE-16103-4 Zone.                        enabled/disabled


            The "Run .NET Framework-
            reliant components not
            signed with Authenticode"
            current user setting should
            be configured correctly for
CCE-15640-6 the Intranet Zone.          enabled/disabled

            The "Open files based on
            content, not file extension"
            current user setting should
            be configured correctly for
CCE-15827-9 the Intranet Zone.           enabled/disabled


            The "Allow font downloads"
            current user setting should
            be configured correctly for
CCE-16119-0 the Intranet Zone.          enabled/disabled


            The "Allow file downloads"
            current user setting should
            be configured correctly for
CCE-15456-7 the Intranet Zone.          enabled/disabled
            The "Submit non-encrypted
            form data" current user
            setting should be
            configured correctly for the
CCE-15868-3 Intranet Zone.               enabled/disabled


            The "XPS documents"
            current user setting should
            be configured correctly for
CCE-15823-8 the Intranet Zone.          enabled/disabled

            The "Allow binary and
            script behaviors" current
            user setting should be
            configured correctly for the
CCE-15995-4 Intranet Zone.               enabled/disabled

            The "Allow websites to
            prompt for information
            using scripted windows"
            current user setting should
            be configured correctly for
CCE-16102-6 the Intranet Zone.          enabled/disabled


            The "Allow active scripting"
            current user setting should
            be configured correctly for
CCE-16422-8 the Intranet Zone.           enabled/disabled

            The "Access data sources
            across domains" current
            user setting should be
            configured correctly for the
CCE-16431-9 Intranet Zone.               enabled/disabled

            The "Only allow approved
            domains to use ActiveX
            controls without prompt"
            current user setting should
            be configured correctly for
CCE-15447-6 the Intranet Zone.          enabled/disabled

            The "XAML browser
            applications" current user
            setting should be
            configured correctly for the
CCE-16261-0 Intranet Zone.               enabled/disabled
            The "Turn Off First-Run
            Opt-In" current user setting
            should be configured
            correctly for the Intranet
CCE-16066-3 Zone.                        enabled/disabled

            The "Allow installation of
            desktop items" current user
            setting should be
            configured correctly for the
CCE-15974-9 Intranet Zone.               enabled/disabled

            The "Do not prompt for
            client certificate selection
            when no certificates or only
            one certificate exists."
            current user setting should
            be configured correctly for
CCE-16357-6 the Intranet Zone.           enabled/disabled


            The "Logon options"
            current user setting should
            be configured correctly for
CCE-16379-0 the Intranet Zone.           enabled/disabled
            The "Allow scripting of
            Internet Explorer web
            browser control" current
            user setting should be
            configured correctly for the
CCE-16132-3 Intranet Zone.               enabled/disabled

            The "Disable .NET
            Framework Setup" current
            user setting should be
            configured correctly for the
CCE-16264-4 Intranet Zone.               enabled/disabled

            The "Allow cut, copy or
            paste operations from the
            clipboard via script" current
            user setting should be
            configured correctly for the
CCE-15591-1 Intranet Zone.                enabled/disabled


            The "Protection From Zone
            Elevation: Process List"
            current user setting should
CCE-16440-0 be configured correctly.    enabled/disabled
            The "Protection From Zone
            Elevation: All Processes"
            current user setting should
CCE-16541-5 be configured correctly.    enabled/disabled




            The "Protection From Zone
            Elevation: Internet Explorer
            Processes" current user
            setting should be
CCE-16568-8 configured correctly.        enabled/disabled

            The "Prevent users from
            configuring background
            color" current user setting
            should be configured
CCE-15434-4 correctly.                    enabled/disabled


            The "Prevent the use of
            Windows colors" current
            user setting should be
CCE-15685-1 configured correctly.         enabled/disabled


            The "Prevent users from
            configuring text color"
            current user setting should
CCE-15417-9 be configured correctly.    enabled/disabled




            The "Local Machine Zone
            Restricted Protocols"
            current user setting should
CCE-16931-8 be configured correctly.    enabled/disabled




            The "Intranet Zone
            Restricted Protocols"
            current user setting should
CCE-17080-3 be configured correctly.    enabled/disabled




            The "Internet Zone
            Restricted Protocols"
            current user setting should
CCE-16944-1 be configured correctly.    enabled/disabled
            The "Restricted Sites Zone
            Restricted Protocols"
            current user setting should
CCE-16662-9 be configured correctly.    enabled/disabled




            The "Trusted Sites Zone
            Restricted Protocols"
            current user setting should
CCE-16097-8 be configured correctly.    enabled/disabled


            The "Mime Sniffing Safety
            Feature: Process List"
            machine setting should be
CCE-16327-9 configured correctly.     enabled/disabled




            The "Mime Sniffing Safety
            Feature: All Processes"
            machine setting should be
CCE-16322-0 configured correctly.     enabled/disabled


            The "Turn on script
            debugging" current user
            setting should be
CCE-15785-9 configured correctly.         enabled/disabled


            The "Turn off friendly http
            error messages" current
            user setting should be
CCE-15996-2 configured correctly.         enabled/disabled

            The "Turn on the display of
            a notification about every
            script error" current user
            setting should be
CCE-16754-4 configured correctly.       enabled/disabled


            The "Turn off configuring
            underline links" current
            user setting should be
CCE-16758-5 configured correctly.         enabled/disabled
            The "Turn off smooth
            scrolling" current user
            setting should be
CCE-15779-2 configured correctly.        enabled/disabled




            The "Information Bar: All
            Processes" machine
            setting should be
CCE-16302-2 configured correctly.        enabled/disabled




            The "Information Bar:
            Internet Explorer
            Processes" machine
            setting should be
CCE-16324-6 configured correctly.        enabled/disabled


            The "Information Bar:
            Process List" machine
            setting should be
CCE-16421-0 configured correctly.        enabled/disabled

            The "Allow active content
            over restricted protocols to
            access my computer"
            machine setting should be
            configured correctly for the
CCE-15507-7 Internet Zone.               enabled/disabled

            The "Allow websites to
            open windows without
            address or status bars"
            machine setting should be
            configured correctly for the
CCE-15751-1 Internet Zone.               enabled/disabled

            The "Allow websites to
            prompt for information
            using scripted windows"
            machine setting should be
            configured correctly for the
CCE-16145-5 Internet Zone.               enabled/disabled

            The "Use SmartScreen
            Filter" machine setting
            should be configured
            correctly for the Internet
CCE-15520-0 Zone.                        enabled/disabled
            The "Disable .NET
            Framework Setup"
            machine setting should be
            configured correctly for the
CCE-15314-8 Internet Zone.               enabled/disabled

            The "Allow META
            REFRESH" machine
            setting should be
            configured correctly for the
CCE-16151-3 Internet Zone.               enabled/disabled

            The "XAML browser
            applications" machine
            setting should be
            configured correctly for the
CCE-16138-0 Internet Zone.               enabled/disabled

            The "Scripting of Java
            applets" machine setting
            should be configured
            correctly for the Internet
CCE-16150-5 Zone.                        enabled/disabled
            The "Allow video and
            animation on a Web page
            that uses a legacy media
            player" machine setting
            should be configured
            correctly for the Internet
CCE-16006-9 Zone.                        enabled/disabled

            The "Do not prompt for
            client certificate selection
            when no certificates or only
            one certificate exists."
            machine setting should be
            configured correctly for the
CCE-15277-7 Internet Zone.               enabled/disabled

            The "Run ActiveX controls
            and plugins" machine
            setting should be
            configured correctly for the
CCE-15292-6 Internet Zone.               enabled/disabled


            The "Allow file downloads"
            machine setting should be
            configured correctly for the
CCE-16141-4 Internet Zone.               enabled/disabled
            The "Allow binary and
            script behaviors" machine
            setting should be
            configured correctly for the
CCE-15309-8 Internet Zone.               enabled/disabled
            The "Script ActiveX
            controls marked safe for
            scripting" machine setting
            should be configured
            correctly for the Internet
CCE-15311-4 Zone.                        enabled/disabled

            The "Display mixed
            content" machine setting
            should be configured
            correctly for the Internet
CCE-15268-6 Zone.                        enabled/disabled

            The "Allow scripting of
            Internet Explorer web
            browser control" machine
            setting should be
            configured correctly for the
CCE-15643-0 Internet Zone.               enabled/disabled


            The "Allow active scripting"
            machine setting should be
            configured correctly for the
CCE-15993-9 Internet Zone.               enabled/disabled

            The "Submit non-encrypted
            form data" machine setting
            should be configured
            correctly for the Internet
CCE-16143-0 Zone.                      enabled/disabled

            The "Automatic prompting
            for ActiveX controls"
            machine setting should be
            configured correctly for the
CCE-16123-2 Internet Zone.               enabled/disabled


            The "XPS documents"
            machine setting should be
            configured correctly for the
CCE-15629-9 Internet Zone.               enabled/disabled
            The "Turn off Data URI
            Support" current user
            setting should be
CCE-16260-2 configured correctly.         enabled/disabled

            The "Turn on Internet
            Explorer Standards Mode
            for Local Intranet" current
            user setting should be
CCE-16785-8 configured correctly.         enabled/disabled


            The "Turn off Compatibility
            View" current user setting
            should be configured
CCE-16666-0 correctly.                  enabled/disabled


            The "Use Policy List of
            Internet Explorer 7 sites"
            current user setting should
CCE-16652-0 be configured correctly.    enabled/disabled


            The "Turn off Compatibility
            View button" current user
            setting should be
CCE-16679-3 configured correctly.       enabled/disabled

            The "Turn on Internet
            Explorer 7 Standards
            Mode" current user setting
            should be configured
CCE-16674-4 correctly.                 enabled/disabled


            The "Include updated Web
            site lists from Microsoft"
            current user setting should
CCE-16022-6 be configured correctly.    enabled/disabled


            The "Use UTF-8 for mailto
            links" current user setting
            should be configured
CCE-15946-7 correctly.                  enabled/disabled


            The "Disable the Advanced
            page" current user setting
            should be configured
CCE-16690-0 correctly.                 enabled/disabled
            The "Send internationalized
            domain names" current
            user setting should be
CCE-15805-5 configured correctly.       enabled/disabled


            The "Prevent ignoring
            certificate errors" current
            user setting should be
CCE-15803-0 configured correctly.         enabled/disabled


            The "Disable the Content
            page" current user setting
            should be configured
CCE-16703-1 correctly.                    enabled/disabled


            The "Disable the General
            page" current user setting
            should be configured
CCE-16604-1 correctly.                    enabled/disabled


            The "Disable the Privacy
            page" current user setting
            should be configured
CCE-16554-8 correctly.                    enabled/disabled


            The "Disable the
            Connections page" current
            user setting should be
CCE-16694-2 configured correctly.     enabled/disabled


            The "Disable the Programs
            page" current user setting
            should be configured
CCE-16599-3 correctly.                 enabled/disabled


            The "Disable the Security
            page" current user setting
            should be configured
CCE-16461-6 correctly.                    enabled/disabled
            The "Only allow approved
            domains to use ActiveX
            controls without prompt"
            machine setting should be
            configured correctly for the
CCE-16034-1 Local Machine Zone.          enabled/disabled

            The "Allow drag and drop
            or copy and paste files"
            machine setting should be
            configured correctly for the
CCE-16147-1 Local Machine Zone.          enabled/disabled

            The "Script ActiveX
            controls marked safe for
            scripting" machine setting
            should be configured
            correctly for the Local
CCE-15857-6 Machine Zone.                enabled/disabled

            The "Disable .NET
            Framework Setup"
            machine setting should be
            configured correctly for the
CCE-15733-9 Local Machine Zone.          enabled/disabled
            The "Allow video and
            animation on a Web page
            that uses a legacy media
            player" machine setting
            should be configured
            correctly for the Local
CCE-15729-7 Machine Zone.                enabled/disabled


            The "XPS documents"
            machine setting should be
            configured correctly for the
CCE-16597-7 Local Machine Zone.          enabled/disabled

            The "Allow script-initiated
            windows without size or
            position constraints"
            machine setting should be
            configured correctly for the
CCE-16681-9 Local Machine Zone.          enabled/disabled

            The "XAML browser
            applications" machine
            setting should be
            configured correctly for the
CCE-16016-8 Local Machine Zone.          enabled/disabled
            The "Allow websites to
            prompt for information
            using scripted windows"
            machine setting should be
            configured correctly for the
CCE-16629-8 Local Machine Zone.          enabled/disabled

            The "Initialize and script
            ActiveX controls not
            marked as safe" machine
            setting should be
            configured correctly for the
CCE-16707-2 Local Machine Zone.          enabled/disabled

            The "Download signed
            ActiveX controls" machine
            setting should be
            configured correctly for the
CCE-16702-3 Local Machine Zone.          enabled/disabled

            The "Allow installation of
            desktop items" machine
            setting should be
            configured correctly for the
CCE-16508-4 Local Machine Zone.          enabled/disabled

            The "Software channel
            permissions" machine
            setting should be
            configured correctly for the
CCE-16583-7 Local Machine Zone.          enabled/disabled

            The "Allow META
            REFRESH" machine
            setting should be
            configured correctly for the
CCE-16423-6 Local Machine Zone.          enabled/disabled

            The "Allow status bar
            updates via script" machine
            setting should be
            configured correctly for the
CCE-15893-1 Local Machine Zone.          enabled/disabled

            The "Download unsigned
            ActiveX controls" machine
            setting should be
            configured correctly for the
CCE-16559-7 Local Machine Zone.          enabled/disabled
            The "Launching
            applications and files in an
            IFRAME" machine setting
            should be configured
            correctly for the Local
CCE-16658-7 Machine Zone.                enabled/disabled


            The "Userdata persistence"
            machine setting should be
            configured correctly for the
CCE-15770-1 Local Machine Zone.          enabled/disabled


            The "Allow file downloads"
            machine setting should be
            configured correctly for the
CCE-15709-9 Local Machine Zone.          enabled/disabled

            The "Do not prompt for
            client certificate selection
            when no certificates or only
            one certificate exists."
            machine setting should be
            configured correctly for the
CCE-15699-2 Local Machine Zone.          enabled/disabled


            The "Loose XAML files"
            machine setting should be
            configured correctly for the
CCE-15713-1 Local Machine Zone.          enabled/disabled

            The "Turn on Protected
            Mode" machine setting
            should be configured
            correctly for the Local
CCE-16319-6 Machine Zone.                enabled/disabled

            The "Turn Off First-Run
            Opt-In" machine setting
            should be configured
            correctly for the Local
CCE-15953-3 Machine Zone.                enabled/disabled

            The "Submit non-encrypted
            form data" machine setting
            should be configured
            correctly for the Local
CCE-15706-5 Machine Zone.              enabled/disabled
            The "Allow binary and
            script behaviors" machine
            setting should be
            configured correctly for the
CCE-16544-9 Local Machine Zone.          enabled/disabled


            The "Allow font downloads"
            machine setting should be
            configured correctly for the
CCE-16165-3 Local Machine Zone.          enabled/disabled

            The "Allow active content
            over restricted protocols to
            access my computer"
            machine setting should be
            configured correctly for the
CCE-15967-3 Local Machine Zone.          enabled/disabled

            The "Automatic prompting
            for file downloads" machine
            setting should be
            configured correctly for the
CCE-16640-5 Local Machine Zone.          enabled/disabled

            The "Allow websites to
            open windows without
            address or status bars"
            machine setting should be
            configured correctly for the
CCE-15708-1 Local Machine Zone.          enabled/disabled


            The "Use Pop-up Blocker"
            machine setting should be
            configured correctly for the
CCE-15716-4 Local Machine Zone.          enabled/disabled

            The "Display mixed
            content" machine setting
            should be configured
            correctly for the Local
CCE-16633-0 Machine Zone.                enabled/disabled


            The "Allow Scriptlets"
            machine setting should be
            configured correctly for the
CCE-15721-4 Local Machine Zone.          enabled/disabled
            The "Web sites in less
            privileged Web content
            zones can navigate into
            this zone" machine setting
            should be configured
            correctly for the Local
CCE-16628-0 Machine Zone.              enabled/disabled

            The "Run .NET Framework-
            reliant components signed
            with Authenticode"
            machine setting should be
            configured correctly for the
CCE-16262-8 Local Machine Zone.          enabled/disabled


            The "Allow active scripting"
            machine setting should be
            configured correctly for the
CCE-16012-7 Local Machine Zone.          enabled/disabled

            The "Automatic prompting
            for ActiveX controls"
            machine setting should be
            configured correctly for the
CCE-16451-7 Local Machine Zone.          enabled/disabled

            The "Scripting of Java
            applets" machine setting
            should be configured
            correctly for the Local
CCE-16257-8 Machine Zone.                enabled/disabled

            The "Include local directory
            path when uploading files
            to a server" machine
            setting should be
            configured correctly for the
CCE-16579-5 Local Machine Zone.          enabled/disabled

            The "Turn on Cross-Site
            Scripting (XSS) Filter"
            machine setting should be
            configured correctly for the
CCE-16163-8 Local Machine Zone.          enabled/disabled

            The "Launching programs
            and unsafe files" machine
            setting should be
            configured correctly for the
CCE-16514-2 Local Machine Zone.          enabled/disabled
            The "Allow scripting of
            Internet Explorer web
            browser control" machine
            setting should be
            configured correctly for the
CCE-16578-7 Local Machine Zone.          enabled/disabled


            The "Logon options"
            machine setting should be
            configured correctly for the
CCE-16266-9 Local Machine Zone.          enabled/disabled

            The "Allow cut, copy or
            paste operations from the
            clipboard via script"
            machine setting should be
            configured correctly for the
CCE-16680-1 Local Machine Zone.          enabled/disabled

            The "Run .NET Framework-
            reliant components not
            signed with Authenticode"
            machine setting should be
            configured correctly for the
CCE-16623-1 Local Machine Zone.          enabled/disabled

            The "Navigate windows
            and frames across different
            domains" machine setting
            should be configured
            correctly for the Local
CCE-16526-6 Machine Zone.               enabled/disabled

            The "Access data sources
            across domains" machine
            setting should be
            configured correctly for the
CCE-16403-8 Local Machine Zone.          enabled/disabled


            The "Open files based on
            content, not file extension"
            machine setting should be
            configured correctly for the
CCE-16619-9 Local Machine Zone.          enabled/disabled

            The "Run ActiveX controls
            and plugins" machine
            setting should be
            configured correctly for the
CCE-16404-6 Local Machine Zone.          enabled/disabled
            The "Binary Behavior
            Security Restriction: All
            Processes" current user
            setting should be
CCE-15795-8 configured correctly.        enabled/disabled

            The "Binary Behavior
            Security Restriction:
            Process List" current user
            setting should be
CCE-15914-5 configured correctly.        enabled/disabled


            The "Admin-approved
            behaviors" current user
            setting should be
CCE-16443-4 configured correctly.        enabled/disabled
            The "Binary Behavior
            Security Restriction:
            Internet Explorer
            Processes" current user
            setting should be
CCE-16192-7 configured correctly.        enabled/disabled

            The "Turn Off First-Run
            Opt-In" machine setting
            should be configured
            correctly for the Trusted
CCE-16256-0 Sites Zone.                  enabled/disabled

            The "Allow installation of
            desktop items" machine
            setting should be
            configured correctly for the
CCE-15428-6 Trusted Sites Zone.          enabled/disabled

            The "XAML browser
            applications" machine
            setting should be
            configured correctly for the
CCE-15688-5 Trusted Sites Zone.          enabled/disabled

            The "Run .NET Framework-
            reliant components not
            signed with Authenticode"
            machine setting should be
            configured correctly for the
CCE-16058-0 Trusted Sites Zone.          enabled/disabled
            The "Allow font downloads"
            machine setting should be
            configured correctly for the
CCE-16023-4 Trusted Sites Zone.          enabled/disabled

            The "Allow script-initiated
            windows without size or
            position constraints"
            machine setting should be
            configured correctly for the
CCE-16231-3 Trusted Sites Zone.          enabled/disabled

            The "Script ActiveX
            controls marked safe for
            scripting" machine setting
            should be configured
            correctly for the Trusted
CCE-15962-4 Sites Zone.                  enabled/disabled

            The "Initialize and script
            ActiveX controls not
            marked as safe" machine
            setting should be
            configured correctly for the
CCE-16137-2 Trusted Sites Zone.          enabled/disabled

            The "Only allow approved
            domains to use ActiveX
            controls without prompt"
            machine setting should be
            configured correctly for the
CCE-15943-4 Trusted Sites Zone.          enabled/disabled

            The "Navigate windows
            and frames across different
            domains" machine setting
            should be configured
            correctly for the Trusted
CCE-16185-1 Sites Zone.                 enabled/disabled


            The "XPS documents"
            machine setting should be
            configured correctly for the
CCE-16235-4 Trusted Sites Zone.          enabled/disabled

            The "Turn on Cross-Site
            Scripting (XSS) Filter"
            machine setting should be
            configured correctly for the
CCE-15344-5 Trusted Sites Zone.          enabled/disabled
            The "Allow drag and drop
            or copy and paste files"
            machine setting should be
            configured correctly for the
CCE-15372-6 Trusted Sites Zone.          enabled/disabled

            The "Automatic prompting
            for file downloads" machine
            setting should be
            configured correctly for the
CCE-15958-2 Trusted Sites Zone.          enabled/disabled
            The "Web sites in less
            privileged Web content
            zones can navigate into
            this zone" machine setting
            should be configured
            correctly for the Trusted
CCE-15371-8 Sites Zone.                  enabled/disabled


            The "Loose XAML files"
            machine setting should be
            configured correctly for the
CCE-16002-8 Trusted Sites Zone.          enabled/disabled


            The "Userdata persistence"
            machine setting should be
            configured correctly for the
CCE-16186-9 Trusted Sites Zone.          enabled/disabled

            The "Allow active content
            over restricted protocols to
            access my computer"
            machine setting should be
            configured correctly for the
CCE-15573-9 Trusted Sites Zone.          enabled/disabled


            The "Allow active scripting"
            machine setting should be
            configured correctly for the
CCE-15661-2 Trusted Sites Zone.          enabled/disabled
            The "Allow video and
            animation on a Web page
            that uses a legacy media
            player" machine setting
            should be configured
            correctly for the Trusted
CCE-16282-6 Sites Zone.                  enabled/disabled
            The "Download unsigned
            ActiveX controls" machine
            setting should be
            configured correctly for the
CCE-16133-1 Trusted Sites Zone.          enabled/disabled

            The "Include local directory
            path when uploading files
            to a server" machine
            setting should be
            configured correctly for the
CCE-16194-3 Trusted Sites Zone.          enabled/disabled

            The "Disable .NET
            Framework Setup"
            machine setting should be
            configured correctly for the
CCE-15369-2 Trusted Sites Zone.          enabled/disabled

            The "Allow websites to
            prompt for information
            using scripted windows"
            machine setting should be
            configured correctly for the
CCE-16354-3 Trusted Sites Zone.          enabled/disabled

            The "Allow websites to
            open windows without
            address or status bars"
            machine setting should be
            configured correctly for the
CCE-16007-7 Trusted Sites Zone.          enabled/disabled

            The "Access data sources
            across domains" machine
            setting should be
            configured correctly for the
CCE-15370-0 Trusted Sites Zone.          enabled/disabled


            The "Use Pop-up Blocker"
            machine setting should be
            configured correctly for the
CCE-15921-0 Trusted Sites Zone.          enabled/disabled


            The "Logon options"
            machine setting should be
            configured correctly for the
CCE-15628-1 Trusted Sites Zone.          enabled/disabled
            The "Automatic prompting
            for ActiveX controls"
            machine setting should be
            configured correctly for the
CCE-15564-8 Trusted Sites Zone.          enabled/disabled

            The "Submit non-encrypted
            form data" machine setting
            should be configured
            correctly for the Trusted
CCE-15998-8 Sites Zone.                enabled/disabled

            The "Software channel
            permissions" machine
            setting should be
            configured correctly for the
CCE-16300-6 Trusted Sites Zone.          enabled/disabled

            The "Allow META
            REFRESH" machine
            setting should be
            configured correctly for the
CCE-15542-4 Trusted Sites Zone.          enabled/disabled

            The "Allow binary and
            script behaviors" machine
            setting should be
            configured correctly for the
CCE-16146-3 Trusted Sites Zone.          enabled/disabled

            The "Run ActiveX controls
            and plugins" machine
            setting should be
            configured correctly for the
CCE-16365-9 Trusted Sites Zone.          enabled/disabled


            The "Allow Scriptlets"
            machine setting should be
            configured correctly for the
CCE-16345-1 Trusted Sites Zone.          enabled/disabled

            The "Turn on Protected
            Mode" machine setting
            should be configured
            correctly for the Trusted
CCE-15820-4 Sites Zone.                  enabled/disabled

            The "Display mixed
            content" machine setting
            should be configured
            correctly for the Trusted
CCE-15635-6 Sites Zone.                  enabled/disabled
            The "Use SmartScreen
            Filter" machine setting
            should be configured
            correctly for the Trusted
CCE-15348-6 Sites Zone.                  enabled/disabled


            The "Allow file downloads"
            machine setting should be
            configured correctly for the
CCE-16278-4 Trusted Sites Zone.          enabled/disabled
            The "Launching
            applications and files in an
            IFRAME" machine setting
            should be configured
            correctly for the Trusted
CCE-16098-6 Sites Zone.                  enabled/disabled

            The "Allow status bar
            updates via script" machine
            setting should be
            configured correctly for the
CCE-16348-5 Trusted Sites Zone.          enabled/disabled

            The "Download signed
            ActiveX controls" machine
            setting should be
            configured correctly for the
CCE-16304-8 Trusted Sites Zone.          enabled/disabled

            The "Run .NET Framework-
            reliant components signed
            with Authenticode"
            machine setting should be
            configured correctly for the
CCE-16199-2 Trusted Sites Zone.          enabled/disabled

            The "Scripting of Java
            applets" machine setting
            should be configured
            correctly for the Trusted
CCE-15648-9 Sites Zone.                  enabled/disabled

            The "Launching programs
            and unsafe files" machine
            setting should be
            configured correctly for the
CCE-16018-4 Trusted Sites Zone.          enabled/disabled
            The "Open files based on
            content, not file extension"
            machine setting should be
            configured correctly for the
CCE-16208-1 Trusted Sites Zone.          enabled/disabled

            The "Do not prompt for
            client certificate selection
            when no certificates or only
            one certificate exists."
            machine setting should be
            configured correctly for the
CCE-15441-9 Trusted Sites Zone.          enabled/disabled

            The "Allow scripting of
            Internet Explorer web
            browser control" machine
            setting should be
            configured correctly for the
CCE-15994-7 Trusted Sites Zone.          enabled/disabled

            The "Allow cut, copy or
            paste operations from the
            clipboard via script"
            machine setting should be
            configured correctly for the
CCE-16245-3 Trusted Sites Zone.          enabled/disabled




            The "Use HTTP 1.1"
            machine setting should be
CCE-16072-1 configured correctly.     enabled/disabled


            The "Do not save
            encrypted pages to disk"
            machine setting should be
CCE-16254-5 configured correctly.     enabled/disabled


            The "Do not allow resetting
            Internet Explorer settings"
            machine setting should be
CCE-16142-2 configured correctly.       enabled/disabled

            The "Empty Temporary
            Internet Files folder when
            browser is closed" machine
            setting should be
CCE-15878-2 configured correctly.      enabled/disabled
            The "Turn off ClearType"
            machine setting should be
CCE-16827-8 configured correctly.     enabled/disabled


            The "Play animations in
            web pages" machine
            setting should be
CCE-15872-5 configured correctly.      enabled/disabled


            The "Use HTTP 1.1
            through proxy connections"
            machine setting should be
CCE-15877-4 configured correctly.      enabled/disabled


            The "Turn on Caret
            Browsing support" machine
            setting should be
CCE-16241-2 configured correctly.     enabled/disabled


            The "Play sounds in web
            pages" machine setting
            should be configured
CCE-15863-4 correctly.                 enabled/disabled


            The "Intranet Zone
            Template" machine setting
            should be configured
CCE-16027-5 correctly.                enabled/disabled




            The "Local Machine Zone
            Template" machine setting
            should be configured
CCE-16805-4 correctly.                enabled/disabled




            The "Locked-Down Internet
            Zone Template" machine
            setting should be
CCE-15885-7 configured correctly.     enabled/disabled
            The "Turn on automatic
            detection of the intranet"
            machine setting should be
CCE-15828-7 configured correctly.      enabled/disabled




            The "Trusted Sites Zone
            Template" machine setting
            should be configured
CCE-16439-2 correctly.                enabled/disabled




            The "Locked-Down Intranet
            Zone Template" machine
            setting should be
CCE-16644-7 configured correctly.     enabled/disabled




            The "Restricted Sites Zone
            Template" machine setting
            should be configured
CCE-16657-9 correctly.                 enabled/disabled


            The "Locked-Down
            Restricted Sites Zone
            Template" machine setting
            should be configured
CCE-16800-5 correctly.                enabled/disabled




            The "Locked-Down Local
            Machine Zone Template"
            machine setting should be
CCE-16255-2 configured correctly.     enabled/disabled




            The "Locked-Down Trusted
            Sites Zone Template"
            machine setting should be
CCE-16458-2 configured correctly.     enabled/disabled

            The "Intranet Sites: Include
            all sites that bypass the
            proxy server" machine
            setting should be
CCE-16630-6 configured correctly.        enabled/disabled
            The "Site to Zone
            Assignment List" machine
            setting should be
CCE-15815-4 configured correctly.           enabled/disabled


            The "Intranet Sites: Include
            all local (intranet) sites not
            listed in other zones"
            machine setting should be
CCE-16158-8 configured correctly.          enabled/disabled

            The "Turn on Information
            bar notification for intranet
            content" machine setting
            should be configured
CCE-15829-5 correctly.                      enabled/disabled

            The "Turn on Warn about
            Certificate Address
            Mismatch" machine setting
            should be configured
CCE-16780-9 correctly.                enabled/disabled


            The "Internet Zone
            Template" machine setting
            should be configured
CCE-16384-0 correctly.                enabled/disabled




            The "Pop-up allow list"
            machine setting should be
CCE-15660-4 configured correctly.     enabled/disabled

            The "Turn off configuration
            of tabbed browsing pop-up
            behavior" machine setting
            should be configured
CCE-16166-1 correctly.                  enabled/disabled


            The "Configure new tab
            page default behavior"
            machine setting should be
CCE-15789-1 configured correctly.     enabled/disabled
            The "Turn off the auto-
            complete feature for web
            addresses" machine
            setting should be
CCE-16005-1 configured correctly.        enabled/disabled


            The "Turn off tabbed
            browsing" machine setting
            should be configured
CCE-16106-7 correctly.                enabled/disabled




            The "Turn on Compatibility
            Logging" machine setting
            should be configured
CCE-16349-3 correctly.                 enabled/disabled

            The "Turn off configuration
            of default behavior of new
            tab creation" machine
            setting should be
CCE-15563-0 configured correctly.       enabled/disabled


            The "Set tab process
            growth" machine setting
            should be configured
CCE-15749-5 correctly.                   enabled/disabled

            The "Turn off displaying the
            Internet Explorer Help
            Menu" machine setting
            should be configured
CCE-16353-5 correctly.                   enabled/disabled


            The "Restrict changing the
            default search provider"
            machine setting should be
CCE-16388-1 configured correctly.      enabled/disabled


            The "Turn on menu bar by
            default" machine setting
            should be configured
CCE-15397-3 correctly.               enabled/disabled
            The "Turn off suggestions
            for all user-installed
            providers" machine setting
            should be configured
CCE-16290-9 correctly.                 enabled/disabled


            The "Turn off Favorites
            bar" machine setting
            should be configured
CCE-15704-0 correctly.                     enabled/disabled


            The "Turn off the activation
            of the quick pick menu"
            machine setting should be
CCE-15545-7 configured correctly.        enabled/disabled


            The "Turn off Automatic
            Crash Recovery Prompt"
            machine setting should be
CCE-15414-6 configured correctly.     enabled/disabled


            The "Turn off configuration
            of window reuse" machine
            setting should be
CCE-16191-9 configured correctly.       enabled/disabled


            The "Turn off Quick Tabs
            functionality" machine
            setting should be
CCE-15419-5 configured correctly.          enabled/disabled


            The "Turn off Managing
            Pop-up Allow list" machine
            setting should be
CCE-16271-9 configured correctly.      enabled/disabled

            The "Add a specific list of
            search providers to the
            user's search provider list"
            machine setting should be
CCE-15655-4 configured correctly.        enabled/disabled

            The "Restrict search
            providers to a specific list
            of providers" machine
            setting should be
CCE-15917-8 configured correctly.          enabled/disabled
            The "Turn off page
            zooming functionality"
            machine setting should be
CCE-16393-1 configured correctly.     enabled/disabled


            The "Enforce Full Screen
            Mode" machine setting
            should be configured
CCE-16249-5 correctly.                   enabled/disabled


            The "Customize User
            Agent String" machine
            setting should be
CCE-15403-9 configured correctly.        enabled/disabled

            The "Prevent Internet
            Explorer Search box from
            displaying" machine setting
            should be configured
CCE-15613-3 correctly.                  enabled/disabled


            The "Turn off managing
            Pop-up filter level" machine
            setting should be
CCE-16378-2 configured correctly.        enabled/disabled


            The "Turn off Reopen Last
            Browsing Session"
            machine setting should be
CCE-16060-6 configured correctly.     enabled/disabled


            The "Turn off pop-up
            management" machine
            setting should be
CCE-16148-9 configured correctly.        enabled/disabled


            The "Turn off picture
            display" current user
            setting should be
CCE-16309-7 configured correctly.        enabled/disabled


            The "Turn off automatic
            image resizing" current
            user setting should be
CCE-16573-8 configured correctly.        enabled/disabled
            The "Allow the display of
            image download
            placeholders" current user
            setting should be
CCE-16569-6 configured correctly.      enabled/disabled


            The "Turn off smart image
            dithering" current user
            setting should be
CCE-16688-4 configured correctly.     enabled/disabled


            The "Turn off InPrivate
            Browsing" current user
            setting should be
CCE-14923-7 configured correctly.        enabled/disabled


            The "InPrivate Filtering
            Threshold" current user
            setting should be
CCE-15465-8 configured correctly.        enabled/disabled


            The "Do not collect
            InPrivate Filtering data"
            current user setting should
CCE-15725-5 be configured correctly.    enabled/disabled

            The "Disable toolbars and
            extensions when InPrivate
            Browsing starts" current
            user setting should be
CCE-15855-0 configured correctly.     enabled/disabled


            The "Turn off InPrivate
            Filtering" current user
            setting should be
CCE-15337-9 configured correctly.        enabled/disabled


            The "Turn off InPrivate
            Filtering" machine setting
            should be configured
CCE-16928-4 correctly.                   enabled/disabled

            The "Disable toolbars and
            extensions when InPrivate
            Browsing starts" machine
            setting should be
CCE-16810-4 configured correctly.     enabled/disabled
            The "Do not collect
            InPrivate Filtering data"
            machine setting should be
CCE-16171-1 configured correctly.     enabled/disabled


            The "InPrivate Filtering
            Threshold" machine setting
            should be configured
CCE-16164-6 correctly.                 enabled/disabled


            The "Prevent users from
            choosing default text size"
            current user setting should
CCE-15910-3 be configured correctly.    enabled/disabled

            The "Download unsigned
            ActiveX controls" current
            user setting should be
            configured correctly for the
CCE-16286-7 Trusted Sites Zone.          enabled/disabled


            The "Allow Scriptlets"
            current user setting should
            be configured correctly for
CCE-16693-4 the Trusted Sites Zone.     enabled/disabled

            The "Allow websites to
            prompt for information
            using scripted windows"
            current user setting should
            be configured correctly for
CCE-16802-1 the Trusted Sites Zone.     enabled/disabled

            The "Allow binary and
            script behaviors" current
            user setting should be
            configured correctly for the
CCE-16701-5 Trusted Sites Zone.          enabled/disabled

            The "Turn on Protected
            Mode" current user setting
            should be configured
            correctly for the Trusted
CCE-16493-9 Sites Zone.                enabled/disabled
            The "Logon options"
            current user setting should
            be configured correctly for
CCE-16815-3 the Trusted Sites Zone.     enabled/disabled

            The "Disable .NET
            Framework Setup" current
            user setting should be
            configured correctly for the
CCE-16723-9 Trusted Sites Zone.          enabled/disabled


            The "Use Pop-up Blocker"
            current user setting should
            be configured correctly for
CCE-16520-9 the Trusted Sites Zone.     enabled/disabled

            The "Do not prompt for
            client certificate selection
            when no certificates or only
            one certificate exists."
            current user setting should
            be configured correctly for
CCE-16313-9 the Trusted Sites Zone.      enabled/disabled

            The "Automatic prompting
            for file downloads" current
            user setting should be
            configured correctly for the
CCE-16621-5 Trusted Sites Zone.          enabled/disabled

            The "Allow drag and drop
            or copy and paste files"
            current user setting should
            be configured correctly for
CCE-16586-0 the Trusted Sites Zone.     enabled/disabled

            The "Allow installation of
            desktop items" current user
            setting should be
            configured correctly for the
CCE-16308-9 Trusted Sites Zone.          enabled/disabled


            The "XPS documents"
            current user setting should
            be configured correctly for
CCE-16731-2 the Trusted Sites Zone.     enabled/disabled
            The "Download signed
            ActiveX controls" current
            user setting should be
            configured correctly for the
CCE-16157-0 Trusted Sites Zone.          enabled/disabled

            The "Allow websites to
            open windows without
            address or status bars"
            current user setting should
            be configured correctly for
CCE-16506-8 the Trusted Sites Zone.     enabled/disabled


            The "Loose XAML files"
            current user setting should
            be configured correctly for
CCE-15852-7 the Trusted Sites Zone.     enabled/disabled

            The "Turn on Cross-Site
            Scripting (XSS) Filter"
            current user setting should
            be configured correctly for
CCE-16647-0 the Trusted Sites Zone.     enabled/disabled

            The "Allow META
            REFRESH" current user
            setting should be
            configured correctly for the
CCE-16368-3 Trusted Sites Zone.          enabled/disabled

            The "Submit non-encrypted
            form data" current user
            setting should be
            configured correctly for the
CCE-16048-1 Trusted Sites Zone.          enabled/disabled

            The "Run ActiveX controls
            and plugins" current user
            setting should be
            configured correctly for the
CCE-15833-7 Trusted Sites Zone.          enabled/disabled

            The "Run .NET Framework-
            reliant components signed
            with Authenticode" current
            user setting should be
            configured correctly for the
CCE-16207-3 Trusted Sites Zone.          enabled/disabled
            The "Userdata persistence"
            current user setting should
            be configured correctly for
CCE-16634-8 the Trusted Sites Zone.     enabled/disabled

            The "XAML browser
            applications" current user
            setting should be
            configured correctly for the
CCE-16509-2 Trusted Sites Zone.          enabled/disabled

            The "Automatic prompting
            for ActiveX controls"
            current user setting should
            be configured correctly for
CCE-16747-8 the Trusted Sites Zone.      enabled/disabled
            The "Web sites in less
            privileged Web content
            zones can navigate into
            this zone" current user
            setting should be
            configured correctly for the
CCE-15845-1 Trusted Sites Zone.          enabled/disabled


            The "Allow font downloads"
            current user setting should
            be configured correctly for
CCE-15837-8 the Trusted Sites Zone.     enabled/disabled


            The "Allow file downloads"
            current user setting should
            be configured correctly for
CCE-16289-1 the Trusted Sites Zone.     enabled/disabled

            The "Access data sources
            across domains" current
            user setting should be
            configured correctly for the
CCE-16008-5 Trusted Sites Zone.          enabled/disabled

            The "Allow script-initiated
            windows without size or
            position constraints"
            current user setting should
            be configured correctly for
CCE-16639-7 the Trusted Sites Zone.     enabled/disabled
            The "Turn Off First-Run
            Opt-In" current user setting
            should be configured
            correctly for the Trusted
CCE-16355-0 Sites Zone.                  enabled/disabled
            The "Initialize and script
            ActiveX controls not
            marked as safe" current
            user setting should be
            configured correctly for the
CCE-16766-8 Trusted Sites Zone.          enabled/disabled

            The "Software channel
            permissions" current user
            setting should be
            configured correctly for the
CCE-16564-7 Trusted Sites Zone.          enabled/disabled
            The "Allow video and
            animation on a Web page
            that uses a legacy media
            player" current user setting
            should be configured
            correctly for the Trusted
CCE-16791-6 Sites Zone.                  enabled/disabled
            The "Navigate windows
            and frames across different
            domains" current user
            setting should be
            configured correctly for the
CCE-16771-8 Trusted Sites Zone.          enabled/disabled

            The "Allow cut, copy or
            paste operations from the
            clipboard via script" current
            user setting should be
            configured correctly for the
CCE-16084-6 Trusted Sites Zone.           enabled/disabled

            The "Scripting of Java
            applets" current user
            setting should be
            configured correctly for the
CCE-15835-2 Trusted Sites Zone.          enabled/disabled

            The "Only allow approved
            domains to use ActiveX
            controls without prompt"
            current user setting should
            be configured correctly for
CCE-16686-8 the Trusted Sites Zone.     enabled/disabled
            The "Open files based on
            content, not file extension"
            current user setting should
            be configured correctly for
CCE-16021-8 the Trusted Sites Zone.      enabled/disabled

            The "Allow status bar
            updates via script" current
            user setting should be
            configured correctly for the
CCE-16806-2 Trusted Sites Zone.          enabled/disabled
            The "Launching
            applications and files in an
            IFRAME" current user
            setting should be
            configured correctly for the
CCE-16170-3 Trusted Sites Zone.          enabled/disabled

            The "Use SmartScreen
            Filter" current user setting
            should be configured
            correctly for the Trusted
CCE-16612-4 Sites Zone.                    enabled/disabled


            The "Run .NET Framework-
            reliant components not
            signed with Authenticode"
            current user setting should
            be configured correctly for
CCE-16038-2 the Trusted Sites Zone.     enabled/disabled

            The "Allow active content
            over restricted protocols to
            access my computer"
            current user setting should
            be configured correctly for
CCE-15848-5 the Trusted Sites Zone.      enabled/disabled
            The "Allow scripting of
            Internet Explorer web
            browser control" current
            user setting should be
            configured correctly for the
CCE-16277-6 Trusted Sites Zone.          enabled/disabled


            The "Allow active scripting"
            current user setting should
            be configured correctly for
CCE-16377-4 the Trusted Sites Zone.      enabled/disabled
            The "Display mixed
            content" current user
            setting should be
            configured correctly for the
CCE-16625-6 Trusted Sites Zone.          enabled/disabled

            The "Include local directory
            path when uploading files
            to a server" current user
            setting should be
            configured correctly for the
CCE-16409-5 Trusted Sites Zone.          enabled/disabled
            The "Script ActiveX
            controls marked safe for
            scripting" current user
            setting should be
            configured correctly for the
CCE-15965-7 Trusted Sites Zone.          enabled/disabled


            The "Java permissions"
            current user setting should
            be configured correctly for
CCE-16250-3 the Trusted Sites Zone.     enabled/disabled

            The "Launching programs
            and unsafe files" current
            user setting should be
            configured correctly for the
CCE-16167-9 Trusted Sites Zone.          enabled/disabled

            The "Prevent the
            configuration of cipher
            strength update information
            URLs" machine setting
            should be configured
CCE-15849-3 correctly.                  enabled/disabled
            The "Enable cut, copy or
            paste operations from the
            clipboard if
            URLACTION_SCRIPT_PA
            STE is set to Prompt:
            Internet Explorer
            Processes" current user
            setting should be
CCE-15964-0 configured correctly.       enabled/disabled
            The "Enable cut, copy or
            paste operations from the
            clipboard if
            URLACTION_SCRIPT_PA
            STE is set to Prompt:
            Process List" current user
            setting should be
CCE-15991-3 configured correctly.      enabled/disabled

            The "Enable cut, copy or
            paste operations from the
            clipboard if
            URLACTION_SCRIPT_PA
            STE is set to Prompt: All
            Processes" current user
            setting should be
CCE-15969-9 configured correctly.     enabled/disabled


            The "Hide the Command
            Bar" current user setting
            should be configured
CCE-16956-5 correctly.                   enabled/disabled


            The "Disable customizing
            browser toolbar buttons"
            current user setting should
CCE-16722-1 be configured correctly.    enabled/disabled


            The "Auto-hide the
            Toolbars" current user
            setting should be
CCE-16952-4 configured correctly.        enabled/disabled


            The "Customize Command
            Labels" current user setting
            should be configured
CCE-16051-5 correctly.                   enabled/disabled


            The "Set location of Stop
            and Refresh buttons"
            current user setting should
CCE-16930-0 be configured correctly.    enabled/disabled


            The "Turn off Developer
            Tools" current user setting
            should be configured
CCE-16700-7 correctly.                  enabled/disabled
            The "Turn off toolbar
            upgrade tool" current user
            setting should be
CCE-16863-3 configured correctly.        enabled/disabled




            The "Lock all Toolbars"
            current user setting should
CCE-16727-0 be configured correctly.    enabled/disabled


            The "Use large Icons for
            Command Buttons" current
            user setting should be
CCE-16969-8 configured correctly.    enabled/disabled


            The "Disable customizing
            browser toolbars" current
            user setting should be
CCE-16590-2 configured correctly.        enabled/disabled




            The "Hide the Status Bar"
            current user setting should
CCE-16868-2 be configured correctly.    enabled/disabled




            The "Network Protocol
            Lockdown: All Processes"
            machine setting should be
CCE-15060-7 configured correctly.     enabled/disabled




            The "Network Protocol
            Lockdown: Internet
            Explorer Processes"
            machine setting should be
CCE-15791-7 configured correctly.     enabled/disabled


            The "Network Protocol
            Lockdown: Process List"
            machine setting should be
CCE-15817-0 configured correctly.     enabled/disabled
            The "Intranet Zone
            Restricted Protocols"
            machine setting should be
CCE-15296-7 configured correctly.     enabled/disabled




            The "Trusted Sites Zone
            Restricted Protocols"
            machine setting should be
CCE-15529-1 configured correctly.     enabled/disabled




            The "Restricted Sites Zone
            Restricted Protocols"
            machine setting should be
CCE-15040-9 configured correctly.      enabled/disabled




            The "Local Machine Zone
            Restricted Protocols"
            machine setting should be
CCE-15890-7 configured correctly.     enabled/disabled




            The "Internet Zone
            Restricted Protocols"
            machine setting should be
CCE-15895-6 configured correctly.     enabled/disabled

            The "Local Machine Zone
            Lockdown Security:
            Process List" machine
            setting should be
CCE-16175-2 configured correctly.      enabled/disabled


            The "Local Machine Zone
            Lockdown Security:
            Internet Explorer
            Processes" machine
            setting should be
CCE-16669-4 configured correctly.      enabled/disabled
            The "Local Machine Zone
            Lockdown Security: All
            Processes" machine
            setting should be
CCE-16162-0 configured correctly.        enabled/disabled


            The "MK Protocol Security
            Restriction: Process List"
            current user setting should
CCE-16061-4 be configured correctly.    enabled/disabled




            The "MK Protocol Security
            Restriction: All Processes"
            current user setting should
CCE-16982-1 be configured correctly.    enabled/disabled


            The "MK Protocol Security
            Restriction: Internet
            Explorer Processes"
            current user setting should
CCE-16938-3 be configured correctly.    enabled/disabled


            The "Information Bar:
            Internet Explorer
            Processes" current user
            setting should be
CCE-16128-1 configured correctly.        enabled/disabled




            The "Information Bar: All
            Processes" current user
            setting should be
CCE-15726-3 configured correctly.        enabled/disabled


            The "Information Bar:
            Process List" current user
            setting should be
CCE-15264-5 configured correctly.        enabled/disabled
            The "Maximum number of
            connections per server
            (HTTP 1.0)" current user
            setting should be
CCE-17109-0 configured correctly.       enabled/disabled




            The "Turn off Cross
            Document Messaging"
            current user setting should
CCE-16161-2 be configured correctly.    enabled/disabled




            The "Maximum number of
            connections per server
            (HTTP 1.1)" current user
            setting should be
CCE-16743-7 configured correctly.       enabled/disabled




            The "Turn off the
            XDomainRequest Object"
            current user setting should
CCE-17122-3 be configured correctly.    enabled/disabled


            The "Enable Native
            XMLHttpRequest Support"
            current user setting should
CCE-17113-2 be configured correctly.    enabled/disabled


            The "Auto-hide the
            Toolbars" machine setting
            should be configured
CCE-15717-2 correctly.                  enabled/disabled


            The "Turn off Developer
            Tools" machine setting
            should be configured
CCE-15950-9 correctly.                  enabled/disabled




            The "Lock all Toolbars"
            machine setting should be
CCE-15972-3 configured correctly.     enabled/disabled
            The "Use large Icons for
            Command Buttons"
            machine setting should be
CCE-15474-0 configured correctly.     enabled/disabled


            The "Set location of Stop
            and Refresh buttons"
            machine setting should be
CCE-15945-9 configured correctly.     enabled/disabled


            The "Turn off toolbar
            upgrade tool" machine
            setting should be
CCE-15472-4 configured correctly.      enabled/disabled


            The "Hide the Command
            Bar" machine setting
            should be configured
CCE-15874-1 correctly.                 enabled/disabled


            The "Customize Command
            Labels" machine setting
            should be configured
CCE-15471-6 correctly.              enabled/disabled




            The "Hide the Status Bar"
            machine setting should be
CCE-15860-0 configured correctly.     enabled/disabled




            The "Turn off the
            XDomainRequest Object"
            machine setting should be
CCE-16394-9 configured correctly.     enabled/disabled




            The "Maximum number of
            connections per server
            (HTTP 1.1)" machine
            setting should be
CCE-16244-6 configured correctly.      enabled/disabled
            The "Maximum number of
            connections per server
            (HTTP 1.0)" machine
            setting should be
CCE-16275-0 configured correctly.       enabled/disabled




            The "Turn off Cross
            Document Messaging"
            machine setting should be
CCE-16372-5 configured correctly.     enabled/disabled


            The "Enable Native
            XMLHttpRequest Support"
            machine setting should be
CCE-15496-3 configured correctly.     enabled/disabled


            The "Turn off Windows
            Search AutoComplete"
            current user setting should
CCE-16472-3 be configured correctly.    enabled/disabled

            The "Turn on inline
            AutoComplete for Web
            addresses" current user
            setting should be
CCE-16704-9 configured correctly.       enabled/disabled




            The "Consistent Mime
            Handling: All Processes"
            current user setting should
CCE-15484-9 be configured correctly.    enabled/disabled




            The "Consistent Mime
            Handling: Internet Explorer
            Processes" current user
            setting should be
CCE-15836-0 configured correctly.       enabled/disabled
            The "Consistent Mime
            Handling: Process List"
            current user setting should
CCE-16087-9 be configured correctly.    enabled/disabled


            The "Prevent Deleting
            Temporary Internet Files"
            current user setting should
CCE-16405-3 be configured correctly.    enabled/disabled


            The "Prevent Deleting
            Favorites Site Data" current
            user setting should be
CCE-16414-5 configured correctly.        enabled/disabled

            The "Turn off "Delete
            Browsing History"
            functionality" current user
            setting should be
CCE-15670-3 configured correctly.         enabled/disabled


            The "Prevent Deleting
            Form Data" current user
            setting should be
CCE-16427-7 configured correctly.         enabled/disabled


            The "Prevent Deleting
            Passwords" current user
            setting should be
CCE-15683-6 configured correctly.         enabled/disabled


            The "Disable "Configuring
            History"" current user
            setting should be
CCE-16432-7 configured correctly.         enabled/disabled

            The "Prevent Deleting Web
            sites that the User has
            Visited" current user setting
            should be configured
CCE-15533-3 correctly.                    enabled/disabled


            The "Prevent Deleting
            Cookies" current user
            setting should be
CCE-15466-6 configured correctly.         enabled/disabled
            The "Prevent Deleting
            InPrivate Filtering data"
            current user setting should
CCE-15925-1 be configured correctly.    enabled/disabled




            The "Restrict File
            Download: All Processes"
            current user setting should
CCE-16332-9 be configured correctly.    enabled/disabled


            The "Restrict File
            Download: Internet
            Explorer Processes"
            current user setting should
CCE-16337-8 be configured correctly.    enabled/disabled


            The "Restrict File
            Download: Process List"
            current user setting should
CCE-16323-8 be configured correctly.    enabled/disabled

            The "Local Machine Zone
            Lockdown Security:
            Process List" current user
            setting should be
CCE-16293-3 configured correctly.        enabled/disabled


            The "Local Machine Zone
            Lockdown Security:
            Internet Explorer
            Processes" current user
            setting should be
CCE-16672-8 configured correctly.        enabled/disabled


            The "Local Machine Zone
            Lockdown Security: All
            Processes" current user
            setting should be
CCE-15799-0 configured correctly.        enabled/disabled


            The "Protection From Zone
            Elevation: Process List"
            machine setting should be
CCE-16518-3 configured correctly.     enabled/disabled
            The "Protection From Zone
            Elevation: All Processes"
            machine setting should be
CCE-16641-3 configured correctly.     enabled/disabled


            The "Disable the Programs
            page" machine setting
            should be configured
CCE-16862-5 correctly.                enabled/disabled


            The "Disable the Content
            page" machine setting
            should be configured
CCE-16858-3 correctly.                  enabled/disabled


            The "Use UTF-8 for mailto
            links" machine setting
            should be configured
CCE-16981-3 correctly.                enabled/disabled


            The "Disable the General
            page" machine setting
            should be configured
CCE-16488-9 correctly.                  enabled/disabled


            The "Send internationalized
            domain names" machine
            setting should be
CCE-16990-4 configured correctly.       enabled/disabled


            The "Disable the
            Connections page"
            machine setting should be
CCE-16598-5 configured correctly.     enabled/disabled


            The "Disable the Privacy
            page" machine setting
            should be configured
CCE-16068-9 correctly.                  enabled/disabled
            The "Binary Behavior
            Security Restriction: All
            Processes" machine
            setting should be
CCE-16112-5 configured correctly.       enabled/disabled


            The "Admin-approved
            behaviors" machine setting
            should be configured
CCE-16389-9 correctly.                 enabled/disabled

            The "Binary Behavior
            Security Restriction:
            Process List" machine
            setting should be
CCE-15631-5 configured correctly.       enabled/disabled

            The "Binary Behavior
            Security Restriction:
            Internet Explorer
            Processes" machine
            setting should be
CCE-16376-6 configured correctly.       enabled/disabled


            The "Turn on Automatic
            Signup" current user
            setting should be
CCE-15410-4 configured correctly.       enabled/disabled




            The "Microsoft Chat"
            current user setting should
CCE-15951-7 be configured correctly.    enabled/disabled




            The "Microsoft Agent"
            current user setting should
CCE-16101-8 be configured correctly.    enabled/disabled




            The "Shockwave Flash"
            current user setting should
CCE-15867-5 be configured correctly.    enabled/disabled
            The "Carpoint" current user
            setting should be
CCE-15937-6 configured correctly.       enabled/disabled




            The "Audio/Video Player"
            current user setting should
CCE-15616-6 be configured correctly.    enabled/disabled




            The "MSNBC" current user
            setting should be
CCE-15224-9 configured correctly.    enabled/disabled




            The "Investor" current user
            setting should be
CCE-15140-7 configured correctly.       enabled/disabled


            The "Microsoft Survey
            Control" current user
            setting should be
CCE-16000-2 configured correctly.       enabled/disabled


            The "Microsoft Scriptlet
            Component" current user
            setting should be
CCE-16074-7 configured correctly.       enabled/disabled


            The "NetShow File
            Transfer Control" current
            user setting should be
CCE-16070-5 configured correctly.       enabled/disabled




            The "DHTML Edit Control"
            current user setting should
CCE-15378-3 be configured correctly.    enabled/disabled




            The "Menu Controls"
            current user setting should
CCE-15978-0 be configured correctly.    enabled/disabled
            The "Disable Open in New
            Window menu option"
            current user setting should
CCE-16037-4 be configured correctly.    enabled/disabled


            The "Disable Context
            menu" current user setting
            should be configured
CCE-15786-7 correctly.                 enabled/disabled


            The "File menu: Disable
            New menu option" current
            user setting should be
CCE-15933-5 configured correctly.        enabled/disabled


            The "Help menu: Remove
            'Tour' menu option" current
            user setting should be
CCE-15131-6 configured correctly.       enabled/disabled

            The "Help menu: Remove
            'Send Feedback' menu
            option" current user setting
            should be configured
CCE-15929-3 correctly.                   enabled/disabled

            The "File menu: Disable
            Save As Web Page
            Complete" current user
            setting should be
CCE-15905-3 configured correctly.        enabled/disabled


            The "File menu: Disable
            Open menu option" current
            user setting should be
CCE-15955-8 configured correctly.     enabled/disabled


            The "View menu: Disable
            Source menu option"
            current user setting should
CCE-15808-9 be configured correctly.    enabled/disabled




            The "Turn off Print Menu"
            current user setting should
CCE-15125-8 be configured correctly.    enabled/disabled
            The "File menu: Disable
            closing the browser and
            Explorer windows" current
            user setting should be
CCE-16042-4 configured correctly.        enabled/disabled


            The "File menu: Disable
            Save As... menu option"
            current user setting should
CCE-15302-3 be configured correctly.    enabled/disabled


            The "View menu: Disable
            Full Screen menu option"
            current user setting should
CCE-15918-6 be configured correctly.    enabled/disabled

            The "Tools menu: Disable
            Internet Options... menu
            option" current user setting
            should be configured
CCE-15927-7 correctly.                   enabled/disabled




            The "Hide Favorites menu"
            current user setting should
CCE-16052-3 be configured correctly.    enabled/disabled

            The "Scripted Window
            Security Restrictions:
            Process List" machine
            setting should be
CCE-15923-6 configured correctly.        enabled/disabled




            The "Scripted Window
            Security Restrictions: All
            Processes" machine
            setting should be
CCE-15928-5 configured correctly.        enabled/disabled


            The "MK Protocol Security
            Restriction: Process List"
            machine setting should be
CCE-17005-0 configured correctly.      enabled/disabled
            The "MK Protocol Security
            Restriction: All Processes"
            machine setting should be
CCE-16763-5 configured correctly.       enabled/disabled


            The "Object Caching
            Protection: Internet
            Explorer Processes"
            current user setting should
CCE-15341-1 be configured correctly.    enabled/disabled




            The "Object Caching
            Protection: All Processes"
            current user setting should
CCE-16214-9 be configured correctly.    enabled/disabled


            The "Object Caching
            Protection: Process List"
            current user setting should
CCE-15844-4 be configured correctly.    enabled/disabled


            The "Restricted Sites Zone
            Template" current user
            setting should be
CCE-15637-2 configured correctly.      enabled/disabled

            The "Turn on Warn about
            Certificate Address
            Mismatch" current user
            setting should be
CCE-15316-3 configured correctly.        enabled/disabled

            The "Intranet Sites: Include
            all sites that bypass the
            proxy server" current user
            setting should be
CCE-16301-4 configured correctly.        enabled/disabled


            The "Locked-Down Internet
            Zone Template" current
            user setting should be
CCE-16172-9 configured correctly.     enabled/disabled
            The "Trusted Sites Zone
            Template" current user
            setting should be
CCE-15887-3 configured correctly.           enabled/disabled


            The "Intranet Zone
            Template" current user
            setting should be
CCE-16111-7 configured correctly.           enabled/disabled




            The "Locked-Down Local
            Machine Zone Template"
            current user setting should
CCE-16297-4 be configured correctly.    enabled/disabled


            The "Internet Zone
            Template" current user
            setting should be
CCE-15865-9 configured correctly.           enabled/disabled


            The "Site to Zone
            Assignment List" current
            user setting should be
CCE-16259-4 configured correctly.           enabled/disabled

            The "Turn on Information
            bar notification for intranet
            content" current user
            setting should be
CCE-16273-5 configured correctly.           enabled/disabled


            The "Locked-Down Intranet
            Zone Template" current
            user setting should be
CCE-16306-3 configured correctly.     enabled/disabled


            The "Local Machine Zone
            Template" current user
            setting should be
CCE-16124-0 configured correctly.           enabled/disabled
            The "Turn on automatic
            detection of the intranet"
            current user setting should
CCE-16284-2 be configured correctly.    enabled/disabled


            The "Locked-Down
            Restricted Sites Zone
            Template" current user
            setting should be
CCE-16287-5 configured correctly.         enabled/disabled




            The "Locked-Down Trusted
            Sites Zone Template"
            current user setting should
CCE-16310-5 be configured correctly.    enabled/disabled

            The "Intranet Sites: Include
            all local (intranet) sites not
            listed in other zones"
            current user setting should
CCE-16120-8 be configured correctly.       enabled/disabled


            The "Intranet Sites: Include
            all network paths (UNCs)"
            current user setting should
CCE-16049-9 be configured correctly.     enabled/disabled


            The "Play sounds in web
            pages" current user setting
            should be configured
CCE-16801-3 correctly.                  enabled/disabled




            The "Allow active content
            from CDs to run on user
            machines" current user
            setting should be
CCE-15924-4 configured correctly.         enabled/disabled


            The "Check for signatures
            on downloaded programs"
            current user setting should
CCE-16056-4 be configured correctly.    enabled/disabled
            The "Allow software to run
            or install even if the
            signature is invalid" current
            user setting should be
CCE-15932-7 configured correctly.         enabled/disabled


            The "Turn off Encryption
            Support" current user
            setting should be
CCE-15938-4 configured correctly.        enabled/disabled

            The "Empty Temporary
            Internet Files folder when
            browser is closed" current
            user setting should be
CCE-15940-0 configured correctly.        enabled/disabled


            The "Do not allow resetting
            Internet Explorer settings"
            current user setting should
CCE-16908-6 be configured correctly.    enabled/disabled

            The "Automatically check
            for Internet Explorer
            updates" current user
            setting should be
CCE-16899-7 configured correctly.        enabled/disabled


            The "Check for server
            certificate revocation"
            current user setting should
CCE-16592-8 be configured correctly.    enabled/disabled


            The "Play animations in
            web pages" current user
            setting should be
CCE-16920-1 configured correctly.        enabled/disabled




            The "Turn off ClearType"
            current user setting should
CCE-16725-4 be configured correctly.    enabled/disabled


            The "Turn on Caret
            Browsing support" current
            user setting should be
CCE-16742-9 configured correctly.        enabled/disabled
            The "Use HTTP 1.1
            through proxy connections"
            current user setting should
CCE-16606-6 be configured correctly.    enabled/disabled


            The "Do not save
            encrypted pages to disk"
            current user setting should
CCE-15973-1 be configured correctly.    enabled/disabled


            The "Allow third-party
            browser extensions"
            current user setting should
CCE-16720-5 be configured correctly.    enabled/disabled




            The "Use HTTP 1.1"
            current user setting should
CCE-16916-9 be configured correctly.    enabled/disabled


            The "Turn on the hover
            color option" current user
            setting should be
CCE-16383-2 configured correctly.        enabled/disabled
            The "Prevent users from
            configuring the color of
            links that have already
            been clicked" current user
            setting should be
CCE-16515-9 configured correctly.        enabled/disabled


            The "Prevent users from
            configuring the hover color"
            current user setting should
CCE-16770-0 be configured correctly.     enabled/disabled
            The "Prevent users from
            configuring the color of
            links that have not yet been
            clicked" current user
            setting should be
CCE-15911-1 configured correctly.        enabled/disabled
                                                               Old v4 CCE
            CCE Technical Mechanisms
                                                                    ID




(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Internet Zone\Allow cut, copy or
paste operations from the clipboard via script
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\3\1407               CCE-49

(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Locked-Down Restricted Sites
Zone\Only allow approved domains to use ActiveX controls
without prompt
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\4\120b
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Internet Zone\Allow drag and
drop or copy and paste files
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\3\1802               CCE-685


(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Security
Zones: Do not allow users to change policies
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Security_options_edit      CCE-833
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Advanced Page\Allow software to run or install
even if the signature is invalid
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Download\RunInvalidSignatures                         CCE-449
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Locked-Down Trusted Sites
Zone\Use SmartScreen Filter
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\2\2301

(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Advanced Page\Check for server certificate
revocation
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\CertificateRevocation        CCE-690
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Restricted Sites Zone\Scripting of
Java applets
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\4\1402                 CCE-1000
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Restricted Sites Zone\Use Pop-
up Blocker
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\4\1809                 CCE-660

(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Security
Zones: Use only machine settings
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Security_HKLM_only           CCE-5
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Internet Zone\Open files based
on content, not file extension
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\3\2100                 CCE-910


(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Security
Features\Consistent Mime Handling\Internet Explorer
Processes                                                        CCE-382
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Locked-Down Restricted Sites
Zone\Use SmartScreen Filter
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\4\2301

(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Locked-Down Intranet Zone\Use
SmartScreen Filter
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\1\2301

(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Internet Zone\Java permissions
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\3\1C00              CCE-132
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Local Machine Zone\Use
SmartScreen Filter
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\0\2301
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Do not
allow users to enable or disable add-ons
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Restrictions\NoExtensionManagement                   CCE-708
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\\Prevent
"Fix settings" functionality
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Security\DisableFixSecuritySettings                  CCE-948

(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Security
Features\MK Protocol Security Restriction\Internet Explorer
Processes
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PRO
TOCOL\(Reserved)                                              CCE-591
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Restricted Sites Zone\Open files
based on content, not file extension
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\4\2100               CCE-409
(1) GPO: User Configuration\Administrative
Templates\Windows Components\Internet Explorer\Turn on
the auto-complete feature for user names and passwords on
forms
(2) Registry Key:
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main\FormSuggest Passwords                            CCE-721

(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Restricted Sites Zone\Initialize
and script ActiveX controls not marked as safe
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\4\1201               CCE-26
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Restricted Sites Zone\Launching
applications and files in an IFRAME
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\4\1804               CCE-339
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Internet Zone\Access data
sources across domains
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\3\1406               CCE-47

(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Delete
Browsing History\Disable "Configuring History"
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Url History\DaysToKeep     CCE-66
(1) GPO: User Configuration\Administrative
Templates\Windows Components\Internet Explorer\Disable
AutoComplete for forms
(2) Registry Key:
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Control Panel\FormSuggest                             CCE-478
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Internet Zone\Automatic
prompting for file downloads
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\3\2200                CCE-16
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Restricted Sites Zone\Allow
active scripting
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\4\1400                CCE-292


(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Security
Zones: Do not allow users to add/delete sites
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Security_zones_map_edit     CCE-146

(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Disable the Advanced Page
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Control Panel\AdvancedTab                              CCE-810
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Internet Zone\Allow font
downloads
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\3\1604                CCE-491




(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Security
Features\Restrict ActiveX Install\Internet Explorer Processes   CCE-119

(1) GPO: User Configuration\Administrative
Templates\Windows Components\Internet Explorer\Browser
menus\Disable Save this program to disk option
(2) Registry Key:
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Restrictions\NoSelectDownloadDir                       CCE-412
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Restricted Sites Zone\Allow
status bar updates via script
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\4\2103               CCE-129
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Internet Zone\Download unsigned
ActiveX controls
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\3\1004               CCE-176


(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Prevent ignoring certificate errors
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\PreventIgnoreCertErrors    CCE-938
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Restricted Sites Zone\Download
unsigned ActiveX controls
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\4\1004               CCE-1012
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Disable
changing proxy settings
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Control Panel\Proxy                                   CCE-62
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Restricted Sites Zone\Allow file
downloads
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\4\1803               CCE-970
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Restricted Sites Zone\Download
signed ActiveX controls
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\4\1001               CCE-52
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Internet Zone\Logon options
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\3\1A00               CCE-720
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Restricted Sites Zone\Allow
installation of desktop items
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\4\1800               CCE-763
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Internet Zone\Use Pop-up
Blocker
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\3\1809               CCE-1002
(1) GPO: User Configuration\Administrative
Templates\Windows Components\Internet Explorer\Disable
changing certificate settings
(2) Registry Key:
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Control Panel\Certificates                            CCE-1037
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Restricted Sites Zone\Access
data sources across domains
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\4\1406               CCE-636

(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Restricted Sites Zone\Allow cut,
copy or paste operations from the clipboard via script
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\4\1407               CCE-1031
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Restricted Sites Zone\Allow
binary and script behaviors
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\4\2000               CCE-178
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Disable the Security Page
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Control Panel\SecurityTab                                CCE-595

(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Restricted Sites Zone\Script
ActiveX controls marked safe for scripting
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\4\1405                  CCE-973

(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Internet Zone\Initialize and script
ActiveX controls not marked as safe
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\3\1201                  CCE-586


(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Security
Features\Protection From Zone Elevation\Internet Explorer
Processes                                                         CCE-347




(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Security
Features\Restrict File Download\Internet Explorer Processes       CCE-668
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Advanced Page\Automatically check for Internet
Explorer updates
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Main\NoUpdateCheck                                       CCE-1008
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Turn off
Crash Detection
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Restrictions\NoCrashDetection                            CCE-753


(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Security
Features\Scripted Window Security Restrictions\Internet
Explorer Processes                                                CCE-827
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Disable
changing connection settings
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Control Panel\Connection Settings                    CCE-611
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Turn off
the Security Settings Check feature
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Security\DisableSecuritySettingsCheck                CCE-1054
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Restricted Sites Zone\Web sites
in less privileged Web content zones can navigate into this
zone
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\4\2101              CCE-698
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Restricted Sites Zone\Java
permissions
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\4\1C00              CCE-1088

(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Internet Zone\Web sites in less
privileged Web content zones can navigate into this zone
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\3\2101              CCE-724


(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Security
Features\Mime Sniffing Safety Feature\Internet Explorer
Processes                                                     CCE-985

(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Disable
changing Automatic Configuration settings
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Control Panel\Autoconfig                             CCE-471
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Restricted Sites Zone\Navigate
windows and frames across different domains
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\4\1607                     CCE-995




(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Restricted Sites Zone\Logon
options
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\4\1A00                     CCE-128
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Restricted Sites Zone\Allow
META REFRESH
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\4\1608                     CCE-680

(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Only use
the ActiveX Installer Service for installation of ActiveX Controls
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\AxInstaller\OnlyUseAXISForActiveXInstall
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Prevent
Bypassing SmartScreen Filter Warnings
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\PhishingFilter\PreventOverride
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Delete
Browsing History\Prevent Deleting Cookies
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Privacy\CleanCookies

(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Locked-Down Internet Zone\Use
SmartScreen Filter
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\3\2301
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Disable
Per-User Installation of ActiveX Controls
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Security\ActiveX\BlockNonAdminActiveXInstall
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Turn off
ActiveX opt-in prompt
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curre
ntVersion\Policies\Ext\NoFirsttimeprompt

(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Locked-Down Internet Zone\Only
allow approved domains to use ActiveX controls without
prompt
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\3\120b

(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Advanced Page\Turn off Encryption Support
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\SecureProtocols

(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Intranet Sites: Include all network
paths (UNCs)
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet         CCE-876
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Restricted Sites Zone\Allow drag
and drop or copy and paste files
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\4\1802                  CCE-41
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Restricted Sites Zone\Software
channel permissions
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\4\1E05                  CCE-520
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Restricted Sites Zone\Run .NET
Framework-reliant components signed with Authenticode
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\4\2001                  CCE-563
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Internet Zone\Allow status bar
updates via script
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\3\2103                  CCE-914
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Delete
Browsing History\Turn off "Delete Browsing History"
functionality
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Control Panel\DisableDeleteBrowsingHistory               CCE-1010
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Internet Zone\Allow installation of
desktop items
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\3\1800                  CCE-355
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Restricted Sites Zone\Run
ActiveX controls and plugins
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\4\1200                  CCE-841

(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Internet Zone\Only allow
approved domains to use ActiveX controls without prompt
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\3\120b

(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Restricted Sites Zone\Allow script-
initiated windows without size or position constraints
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\4\2102                  CCE-208
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Internet Zone\Launching
applications and files in an IFRAME
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\3\1804               CCE-689

(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Restricted Sites Zone\Only allow
approved domains to use ActiveX controls without prompt
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\4\120b

(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Internet Zone\Navigate windows
and frames across different domains
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\3\1607               CCE-245

(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Locked-Down Local Machine
Zone\Use SmartScreen Filter
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\0\2301
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Internet Zone\Software channel
permissions
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\3\1E05               CCE-359

(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Internet Zone\Allow script-
initiated windows without size or position constraints
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\3\2102               CCE-280

(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Delete
Browsing History\Prevent Deleting Temporary Internet Files
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Privacy\CleanTIF
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Restricted Sites Zone\Run .NET
Framework-reliant components not signed with Authenticode
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\4\2004               CCE-678
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Internet Zone\Download signed
ActiveX controls
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\3\1001               CCE-1013
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Restricted Sites Zone\Automatic
prompting for file downloads
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\4\2200               CCE-175
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Restricted Sites Zone\Allow font
downloads
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\4\1604               CCE-882
(1) GPO Settings: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Advanced Page\Allow active content from CDs
to run on user machines
(2) Registry Key:
HKLM\HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_L
OCKDOWN\Settings\LOCALMACHINE_CD_UNLOCK

GPO Settings: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Internet Zone\Allow scripting of
Internet Explorer web browser control
Registry Key:
HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVer
sion\Internet Settings\Zones\3\1206

GPO Settings: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Restricted Sites Zone\Allow
scripting of Internet Explorer web browser control
Registry Key:
HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVer
sion\Internet Settings\Zones\4\1206
(1) GPO Settings: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Internet Zone\Allow Scriptlets
(2) Registry Key:
HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVer
sion\Internet Settings\Zones\3\1209
GPO Settings: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Restricted Sites Zone\Allow
Scriptlets
Registry Key:
HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVer
sion\Internet Settings\Zones\4\1209
(1) GPO Settings: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Advanced Page\Check for signatures on
downloaded programs
(2) Registry Key:
HKLM\HKLM\Software\Policies\Microsoft\Internet
Explorer\Download]CheckExeSignatures

(1) GPO Settings: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Delete
Browsing History\Configure Delete Browsing History on exit
(2) Registry Key:
HKLM\HKLM\Software\Policies\Microsoft\Internet
Explorer\Privacy\ClearBrowsingHistoryOnExit

GPO Settings: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Disable
Automatic Install of Internet Explorer components
Registry Key:
HKLM\HKLM\Software\Policies\Microsoft\Internet
Explorer\Infodelivery\Restrictions\NoJITSetup

GPO Settings: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Disable
Periodic Check for Internet Explorer software updates
Registry Key:
HKLM\HKLM\Software\Policies\Microsoft\Internet
Explorer\Infodelivery\Restrictions\NoUpdateCheck
(1) GPO Settings: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Disable
showing the splash screen
(2) Registry Key:
HKLM\HKLM\Software\Policies\Microsoft\Internet
Explorer\Infodelivery\Restrictions\NoSplash
(1) GPO Settings: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Locked-Down Internet
Zone\Download signed ActiveX controls
(2) Registry Key:
HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVer
sion\Internet Settings\Lockdown_Zones\3\1001
(1) GPO Settings: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Advanced Page\Allow third-party browser
extensions
(2) Registry Key:
HKLM\HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\Enable Browser Extensions

GPO Settings: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Internet Zone\Include local
directory path when uploading files to a server
Registry Key:
HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVer
sion\Internet Settings\Zones\3\160A

GPO Settings: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Restricted Sites Zone\Include
local directory path when uploading files to a server
Registry Key:
HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVer
sion\Internet Settings\Zones\4\160A
(1) GPO Settings: Computer Configuration\Administrative
Templates\Windows Components\Internet
Explorer\Compatibility View\Include updated Web site lists
from Microsoft
(2) Registry Key:
HKLM\HKLM\Software\Policies\Microsoft\Internet
Explorer\BrowserEmulation\MSCompatibilityMode

(1) GPO Settings: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Intranet Zone\Java permissions
(2) Registry Key:
HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVer
sion\Internet Settings\Zones\1\1C00
(1) GPO Settings: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Local Machine Zone\Java
permissions
(2) Registry Key:
HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVer
sion\Internet Settings\Zones\0\1C00
(1) GPO Settings: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Locked-Down Internet Zone\Java
permissions
(2) Registry Key:
HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVer
sion\Internet Settings\Lockdown_Zones\3\1C00
(1) GPO Settings: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Locked-Down Intranet Zone\Java
permissions
(2) Registry Key:
HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVer
sion\Internet Settings\Lockdown_Zones\1\1C00
(1) GPO Settings: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Locked-Down Local Machine
Zone\Java permissions
(2) Registry Key:
HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVer
sion\Internet Settings\Lockdown_Zones\0\1C00
(1) GPO Settings: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Locked-Down Restricted Sites
Zone\Java permissions
(2) Registry Key:
HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVer
sion\Internet Settings\Lockdown_Zones\4\1C00
(1) GPO Settings: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Locked-Down Trusted Sites
Zone\Java permissions
(2) Registry Key:
HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVer
sion\Internet Settings\Lockdown_Zones\2\1C00
(1) GPO Settings: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Trusted Sites Zone\Java
permissions
(2) Registry Key:
HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVer
sion\Internet Settings\Zones\2\1C00
GPO Settings: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Internet Zone\Launching
programs and unsafe files
Registry Key:
HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVer
sion\Internet Settings\Zones\3\1806
GPO Settings: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Restricted Sites Zone\Launching
programs and unsafe files
Registry Key:
HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVer
sion\Internet Settings\Zones\4\1806

(1) GPO Settings: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Internet Zone\Loose XAML files
(2) Registry Key:
HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVer
sion\Internet Settings\Zones\3\2402
(1) GPO Settings: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Restricted Sites Zone\Loose
XAML files
(2) Registry Key:
HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVer
sion\Internet Settings\Zones\4\2402
(1) GPO Settings: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Make
proxy settings per-machine (rather than per-user)
(2) Registry Key:
HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVer
sion\Internet Settings\ProxySettingsPerUser
(1) GPO Settings: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Delete
Browsing History\Prevent Deleting Web sites that the User has
Visited
(2) Registry Key:
HKLM\HKLM\Software\Policies\Microsoft\Internet
Explorer\Privacy\CleanHistory
(1) GPO Settings: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Prevent
participation in the Customer Experience Improvement
Program
(2) Registry Key:
HKLM\HKLM\Software\Policies\Microsoft\Internet
Explorer\SQM\DisableCustomerImprovementProgram

(1) GPO Settings: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Prevent
performance of First Run Customize settings
(2) Registry Key:
HKLM\HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\DisableFirstRunCustomize
GPO Settings: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Internet Zone\Run .NET
Framework-reliant components not signed with Authenticode
Registry Key:
HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVer
sion\Internet Settings\Zones\3\2004

GPO Settings: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Internet Zone\Run .NET
Framework-reliant components signed with Authenticode
Registry Key:
HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVer
sion\Internet Settings\Zones\3\2001
(1) GPO Settings: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Internet Zone\Software channel
permissions
(2) Registry Key:
HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVer
sion\Internet Settings\Zones\3\1E05
(1) GPO Settings: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Settings\Component Updates\Periodic check for updates to
Internet Explorer and Internet Tools\Turn off changing the URL
to be displayed for checking updates to Internet Explorer and
Internet Tools
(2) Registry Key:
HKLM\HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\Update_Check_Page

(1) GPO Settings: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Settings\Component Updates\Periodic check for updates to
Internet Explorer and Internet Tools\Turn off configuring the
update check interval (in days)
(2) Registry Key:
HKLM\HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\Update_Check_Interval
(1) GPO Settings: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Settings\Component Updates\Periodic check for updates to
Internet Explorer and Internet Tools\Turn off configuring the
update check interval (in days) - Update check interval (in
days)
(2) Registry Key:
HKLM\HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\Update_Check_Interval
(1) GPO Settings: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Internet Zone\Turn Off First-Run
Opt-In
(2) Registry Key:
HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVer
sion\Internet Settings\Zones\3\1208
(1) GPO Settings: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Restricted Sites Zone\Turn Off
First-Run Opt-In
(2) Registry Key:
HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVer
sion\Internet Settings\Zones\4!1208
GPO Settings: Computer Configuration\Administrative
Templates\Windows Components\Internet
Explorer\InPrivate\Turn off InPrivate Browsing
Registry Key:
HKLM\HKLM\Software\Policies\Microsoft\Internet
Explorer\Privacy\EnableInPrivateBrowsing
(1) GPO Settings: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Turn off
Managing Phishing filter
(2) Registry Key:
HKLM\HKLM\Software\Policies\Microsoft\Internet
Explorer\PhishingFilter\Enabled

(1) GPO Settings: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Turn off
Managing SmartScreen Filter
(2) Registry Key: HKLM\Software\Policies\Microsoft\Internet
Explorer\PhishingFilter\EnabledV8
GPO Settings: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Internet Zone\Turn on Cross-Site
Scripting (XSS) Filter
Registry Key:
HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVer
sion\Internet Settings\Zones\3\1409
GPO Settings: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Restricted Sites Zone\Turn on
Cross-Site Scripting (XSS) Filter
Registry Key:
HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVer
sion\Internet Settings\Zones\4\1409
(1) GPO Settings: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Internet Zone\Turn on Protected
Mode
(2) Registry Key:
HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVer
sion\Internet Settings\Zones\3\2500
(1) GPO Settings: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Restricted Sites Zone\Turn on
Protected Mode
(2) Registry Key:
HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVer
sion\Internet Settings\Zones\4\2500
(1) GPO Settings: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Internet Zone\Userdata
persistence
(2) Registry Key:
HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVer
sion\Internet Settings\Zones\3\1606
(1) GPO Settings: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Restricted Sites Zone\Userdata
persistence
(2) Registry Key:
HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVer
sion\Internet Settings\Zones\4\1606




User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Disable external branding of
Internet Explorer




User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control
Panel\Advanced settings\Browsing\Turn off page transitions




User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control
Panel\Advanced settings\Internet Connection Wizard
Settings\Turn on the Internet Connection Wizard Auto Detect
(1) GPO: Computer Configuration\Administrative
Templates\Windows Components\Internet Explorer\Internet
Control Panel\Security Page\Intranet Zone\Download signed
ActiveX controls
(2) Registry Key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\1\1001
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Customize User Agent String
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\User Agent

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Do not allow users to enable or
disable add-ons
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Restrictions


User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Enforce Full Screen Mode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Disable changing ratings
settings
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Control Panel


User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Turn off Crash Detection
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Restrictions

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Prevent Internet Explorer
Search box from displaying
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Infodelivery\Restrictions

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Disable changing Temporary
Internet files settings
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Control Panel

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Turn off configuration of default
behavior of new tab creation
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\TabbedBrowsing

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Disable Per-User Installation of
ActiveX Controls
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Security\ActiveX
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Turn off tabbed browsing
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\TabbedBrowsing

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Restrict changing the default
search provider
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Infodelivery\Restrictions


User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Disable changing color settings
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Control Panel

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Disable changing language
settings
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Control Panel

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Prevent participation in the
Customer Experience Improvement Program
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\SQM

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Only use the ActiveX Installer
Service for installation of ActiveX Controls
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\AxInstaller

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Turn off page zooming
functionality
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\ZOOM

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Disable changing default
browser check
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Control Panel

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Disable changing Messaging
settings
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Control Panel
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Disable changing Advanced
page settings
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Control Panel

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Turn off the activation of the
quick pick menu
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\SearchScopes

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Turn off Automatic Crash
Recovery Prompt
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Recovery

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Disable changing Calendar and
Contact settings
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Control Panel

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Turn off displaying the Internet
Explorer Help Menu
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Restrictions


User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Disable changing proxy settings
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Control Panel

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Turn off Quick Tabs
functionality
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\TabbedBrowsing

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Disable caching of Auto-Proxy
scripts
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings


User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Turn off ActiveX opt-in prompt
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre
ntVersion\Policies\Ext
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Turn off the auto-complete
feature for web addresses
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Explorer\AutoComplete

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Turn off Reopen Last Browsing
Session
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Recovery

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Turn off managing Pop-up filter
level
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Restrictions

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Disable changing home page
settings
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Control Panel


User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Turn on menu bar by default
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Disable changing link color
settings
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Control Panel

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Turn off configuration of
window reuse
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main


User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Turn off Tab Grouping
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\TabbedBrowsing


User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Set tab process growth
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Disable Internet Connection
wizard
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Control Panel

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Prevent performance of First
Run Customize settings
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Turn off Managing Pop-up
Allow list
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Restrictions

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Configure new tab page default
behavior
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main


User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Turn off pop-up management
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Restrictions

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Disable changing secondary
home page settings
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main\SecondaryStartPages

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Prevent Bypassing
SmartScreen Filter Warnings
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\PhishingFilter

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Prevent "Fix settings"
functionality
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Security

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Restrict search providers to a
specific list of providers
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Infodelivery\Restrictions
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Disable changing Automatic
Configuration settings
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Control Panel

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Disable changing accessibility
settings
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Control Panel


User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Pop-up allow list
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\New Windows

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Turn off configuration of tabbed
browsing pop-up behavior
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\TabbedBrowsing

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Display error message on proxy
script download failure
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Turn off Managing
SmartScreen Filter
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\PhishingFilter


User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Turn on Suggested Sites
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Suggested Sites


User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Disable changing font settings
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Control Panel


User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Turn off Favorites bar
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\LinksBar
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Turn off suggestions for all user-
installed providers
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\SearchScopes

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Turn off the Security Settings
Check feature
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Security

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Use Automatic Detection for
dial-up connections
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Disable changing connection
settings
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Control Panel


User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Turn on Compatibility Logging
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\Feature_Enable_Compat_loggin
g

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Moving the menu bar above the
navigation bar
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Toolbar\WebBrowser

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Add a specific list of search
providers to the user's search provider list
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Infodelivery\Restrictions

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Disable Import/Export Settings
wizard
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Accelerators\Turn off
Accelerators
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Activities

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Accelerators\Deploy default
Accelerators
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\GPActivities\ActivitiesDefaultInstall

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Accelerators\Deploy non-
default Accelerators
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\GPActivities\ActivitiesInstall

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Accelerators\Use Policy
Accelerators
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Activities\Restrictions

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Accelerators\Deploy non-
default Accelerators
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\GPActivities\ActivitiesInstall

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Accelerators\Deploy default
Accelerators
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\GPActivities\ActivitiesDefaultInstall

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Accelerators\Use Policy
Accelerators
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Activities\Restrictions

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Accelerators\Turn off
Accelerators
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Activities
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Restricted Sites Zone\Allow scripting of Internet Explorer
web browser control
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\4
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Restricted Sites Zone\Automatic prompting for ActiveX
controls
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\4

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Restricted Sites Zone\Allow active content over
restricted protocols to access my computer
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\4

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Restricted Sites Zone\Allow websites to open windows
without address or status bars
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\4

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Restricted Sites Zone\Allow websites to prompt for
information using scripted windows
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\4

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Restricted Sites Zone\Disable .NET Framework Setup
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\4


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Restricted Sites Zone\Do not prompt for client certificate
selection when no certificates or only one certificate exists.
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\4

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Restricted Sites Zone\XAML browser applications
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\4
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Restricted Sites Zone\XPS documents
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\4

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Restricted Sites Zone\Display mixed content
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\4

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Restricted Sites Zone\Submit non-encrypted form data
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\4

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Restricted Sites Zone\Allow video and animation on a
Web page that uses a legacy media player
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\4

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Restricted Sites Zone\Use SmartScreen Filter
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\4
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Settings\Advanced
settings\Printing\Allow the printing of background colors and
images
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Restrict
ActiveX Install\Process List
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Restrict
ActiveX Install\All Processes
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIV
EXINSTALL
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Delete Browsing
History\Prevent Deleting Favorites Site Data
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Privacy

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Delete Browsing
History\Prevent Deleting Passwords
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Control Panel

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Delete Browsing
History\Prevent Deleting InPrivate Filtering data
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Privacy

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Delete Browsing
History\Configure Delete Browsing History on exit
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Privacy

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Delete Browsing
History\Prevent Deleting Form Data
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Control Panel

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\Download unsigned ActiveX controls
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\3

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\Allow binary and script behaviors
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\3

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\Submit non-encrypted form data
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\3

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\Download signed ActiveX controls
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\3
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\Allow video and animation on a Web page
that uses a legacy media player
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\3

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\Use Pop-up Blocker
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\3
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\Open files based on content, not file
extension
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\3

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\Run ActiveX controls and plugins
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\3
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\Launching applications and files in an
IFRAME
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\3

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\Display mixed content
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\3

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\Scripting of Java applets
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\3

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\Access data sources across domains
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\3
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\Initialize and script ActiveX controls not
marked as safe
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\3

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\Turn Off First-Run Opt-In
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\3

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\Allow active content over restricted
protocols to access my computer
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\3

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\Use SmartScreen Filter
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\3

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\Disable .NET Framework Setup
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\3

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\Include local directory path when
uploading files to a server
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\3

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\XPS documents
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\3

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\Userdata persistence
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\3
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\Allow META REFRESH
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\3

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\Allow Scriptlets
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\3

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\Run .NET Framework-reliant components
signed with Authenticode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\3

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\Logon options
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\3

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\Only allow approved domains to use
ActiveX controls without prompt
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\3
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\Navigate windows and frames across
different domains
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\3

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\Web sites in less privileged Web content
zones can navigate into this zone
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\3


User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\Do not prompt for client certificate
selection when no certificates or only one certificate exists.
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\3
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\Allow script-initiated windows without size
or position constraints
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\3

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\Allow cut, copy or paste operations from
the clipboard via script
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\3

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\Launching programs and unsafe files
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\3

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\XAML browser applications
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\3

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\Turn on Cross-Site Scripting (XSS) Filter
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\3

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\Loose XAML files
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\3

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\Automatic prompting for file downloads
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\3

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\Allow installation of desktop items
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\3
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\Allow font downloads
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\3

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\Allow file downloads
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\3

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\Java permissions
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\3

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\Automatic prompting for ActiveX controls
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\3

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\Software channel permissions
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\3

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\Allow websites to prompt for information
using scripted windows
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\3

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\Allow active scripting
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\3

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\Turn on Protected Mode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\3
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\Allow status bar updates via script
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\3


User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\Run .NET Framework-reliant components
not signed with Authenticode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\3

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\Allow websites to open windows without
address or status bars
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\3
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\Allow drag and drop or copy and paste
files
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\3
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\Script ActiveX controls marked safe for
scripting
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\3


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Restrict File
Download\All Processes
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILED
OWNLOAD

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Restrict File
Download\Process List
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Allow Scriptlets
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\4
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Allow script-initiated
windows without size or position constraints
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\4


User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Include local directory path
when uploading files to a server
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\1
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Disable .NET Framework
Setup
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\1
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Software channel
permissions
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\0
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Allow installation of desktop
items
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\3
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Scripting of Java
applets
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\4

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Java permissions
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\0
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Allow binary and
script behaviors
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\4
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Do not prompt for
client certificate selection when no certificates or only one
certificate exists.
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\4
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Display mixed
content
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\4

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Userdata persistence
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\1


User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Include local directory path
when uploading files to a server
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\3

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Allow font downloads
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\1


User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Run .NET Framework-
reliant components not signed with Authenticode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\2

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Allow font downloads
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\3
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Allow video and
animation on a Web page that uses a legacy media player
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\0
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Download unsigned ActiveX
controls
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\3

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Turn on Protected Mode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\3


User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Do not prompt for client
certificate selection when no certificates or only one certificate
exists.
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\3
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Launching programs
and unsafe files
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\2

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Loose XAML files
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\2
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Allow installation of desktop
items
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\1
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Web sites in less privileged
Web content zones can navigate into this zone
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\1

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Initialize and script
ActiveX controls not marked as safe
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\0

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Allow Scriptlets
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\0

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Use Pop-up Blocker
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\2

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Navigate windows and
frames across different domains
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\3


User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Only allow approved
domains to use ActiveX controls without prompt
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\0

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Initialize and script
ActiveX controls not marked as safe
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\4
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Use SmartScreen
Filter
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\4

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Display mixed content
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\1

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Automatic prompting for file
downloads
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\3

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Submit non-
encrypted form data
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\4

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Logon options
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\2
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Scripting of Java
applets
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\0

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Allow active scripting
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\1
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Allow binary and script
behaviors
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\1
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Allow drag and drop or copy
and paste files
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\3

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Initialize and script
ActiveX controls not marked as safe
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\2

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Logon options
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\3

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Allow websites to open
windows without address or status bars
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\1

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Open files based on
content, not file extension
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\0

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Turn on Cross-Site
Scripting (XSS) Filter
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\4

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Only allow approved
domains to use ActiveX controls without prompt
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\3
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Allow video and animation
on a Web page that uses a legacy media player
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\1


User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Web sites in less
privileged Web content zones can navigate into this zone
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\4

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Disable .NET
Framework Setup
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\4
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Download unsigned
ActiveX controls
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\4




User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Run .NET
Framework-reliant components not signed with Authenticode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\4
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Launching
programs and unsafe files
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\4

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Allow Scriptlets
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\2
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Allow cut, copy or
paste operations from the clipboard via script
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\0

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Allow scripting of
Internet Explorer web browser control
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\2

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Turn Off First-Run Opt-In
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\1

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Disable .NET
Framework Setup
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\0
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Download signed ActiveX
controls
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\3


User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Do not prompt for client
certificate selection when no certificates or only one certificate
exists.
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\1

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Open files based on
content, not file extension
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\3
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Java permissions
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\2

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Access data sources
across domains
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\0
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Allow binary and script
behaviors
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\3

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Turn on Protected Mode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\1
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Submit non-encrypted form
data
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\3

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Java permissions
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\1

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Loose XAML files
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\4


User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Only allow
approved domains to use ActiveX controls without prompt
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\4
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Allow active scripting
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\0

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Automatic prompting for file
downloads
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\1
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Download signed
ActiveX controls
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\4
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Submit non-encrypted form
data
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\1

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Launching
applications and files in an IFRAME
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\4
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\XAML browser
applications
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\4


User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Allow script-initiated
windows without size or position constraints
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\0
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Turn on Cross-Site
Scripting (XSS) Filter
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\3
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Allow websites to open
windows without address or status bars
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\3

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Logon options
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\1
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Launching programs and
unsafe files
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\3

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Allow script-initiated
windows without size or position constraints
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\3

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Allow status bar
updates via script
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\0
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Run ActiveX controls
and plugins
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\2

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Scripting of Java applets
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\1
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Download unsigned ActiveX
controls
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\1
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Turn on Cross-Site
Scripting (XSS) Filter
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\2

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Allow script-initiated
windows without size or position constraints
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\2

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Allow Scriptlets
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\3

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\XPS documents
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\2

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Allow font downloads
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\2


User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Web sites in less privileged
Web content zones can navigate into this zone
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\3

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Open files based on
content, not file extension
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\2
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Disable .NET
Framework Setup
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\2
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Allow META REFRESH
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\3


User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Run .NET
Framework-reliant components signed with Authenticode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\0
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Software channel
permissions
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\3

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Script ActiveX
controls marked safe for scripting
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\0


User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Allow websites to
open windows without address or status bars
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\0


User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Allow websites to
prompt for information using scripted windows
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\4

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Allow file downloads
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\2
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Turn Off First-Run
Opt-In
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\4

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Display mixed content
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\2


User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Run .NET Framework-
reliant components not signed with Authenticode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\1
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Allow status bar updates via
script
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\3

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\XAML browser applications
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\1

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Script ActiveX controls
marked safe for scripting
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\3

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Automatic prompting
for file downloads
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\0
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Software channel
permissions
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\1
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Allow websites to prompt for
information using scripted windows
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\1
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Allow META
REFRESH
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\4

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Allow websites to
open windows without address or status bars
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\2

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Initialize and script ActiveX
controls not marked as safe
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\1
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Allow binary and
script behaviors
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\0
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Launching programs and
unsafe files
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\1


User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Do not prompt for
client certificate selection when no certificates or only one
certificate exists.
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\0
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Run .NET Framework-
reliant components signed with Authenticode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\2

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Script ActiveX controls
marked safe for scripting
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\1
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Allow status bar updates via
script
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\1

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Userdata persistence
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\2
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Software channel
permissions
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\4

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Java permissions
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\3


User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Allow websites to
open windows without address or status bars
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\4

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Launching applications and
files in an IFRAME
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\3
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Allow installation of
desktop items
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\0

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Access data
sources across domains
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\4

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Initialize and script ActiveX
controls not marked as safe
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\3

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Use Pop-up Blocker
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\4
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Userdata
persistence
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\4

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Java permissions
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\4

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Allow file downloads
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\3

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Loose XAML files
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\3
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Run .NET
Framework-reliant components signed with Authenticode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\4
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Run ActiveX controls and
plugins
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\3


User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Allow websites to
prompt for information using scripted windows
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\0

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Allow Scriptlets
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\1
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Download unsigned
ActiveX controls
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\2


User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Include local
directory path when uploading files to a server
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\4


User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Run .NET Framework-
reliant components signed with Authenticode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\1
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\XPS documents
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\0

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Allow status bar
updates via script
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\4

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Userdata persistence
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\3

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Allow cut, copy or
paste operations from the clipboard via script
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\2
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Allow binary and script
behaviors
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\2


User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Include local
directory path when uploading files to a server
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\0

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Allow active scripting
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\2
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Turn Off First-Run Opt-
In
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\2
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Allow drag and drop
or copy and paste files
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\4

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\XAML browser applications
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\3

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Script ActiveX controls
marked safe for scripting
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\2
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Launching programs
and unsafe files
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\0

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Navigate windows and
frames across different domains
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\1

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Automatic
prompting for ActiveX controls
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\4

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Only allow approved
domains to use ActiveX controls without prompt
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\1

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Allow active scripting
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\3
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Submit non-encrypted
form data
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\2

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Allow META REFRESH
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\1
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Allow installation of
desktop items
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\2

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Allow drag and drop
or copy and paste files
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\0

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Turn on Cross-Site
Scripting (XSS) Filter
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\0

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Logon options
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\4
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Allow active
scripting
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\4
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Turn on Cross-Site
Scripting (XSS) Filter
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\1
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Allow drag and drop
or copy and paste files
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\2

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Loose XAML files
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\1
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Use SmartScreen
Filter
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\2
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Run ActiveX controls and
plugins
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\1

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Use Pop-up Blocker
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\3
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Turn Off First-Run
Opt-In
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\0
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Download signed
ActiveX controls
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\2

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Allow cut, copy or paste
operations from the clipboard via script
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\1
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Allow installation of
desktop items
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\4
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\XAML browser
applications
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\2
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Allow drag and drop or copy
and paste files
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\1


User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Run .NET Framework-
reliant components signed with Authenticode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\3
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Scripting of Java
applets
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\2


User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Include local directory
path when uploading files to a server
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\2

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Allow websites to prompt for
information using scripted windows
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\3

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Only allow approved
domains to use ActiveX controls without prompt
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\2
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Scripting of Java applets
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\3


User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Web sites in less
privileged Web content zones can navigate into this zone
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\2

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Allow scripting of
Internet Explorer web browser control
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\0

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Allow font downloads
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\0
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\XAML browser
applications
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\0

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Submit non-
encrypted form data
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\0

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Allow websites to
prompt for information using scripted windows
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\2
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Disable .NET Framework
Setup
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\3
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\XPS documents
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\4

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Use Pop-up Blocker
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\0
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Run ActiveX
controls and plugins
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\4
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Download signed ActiveX
controls
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\1

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Open files based on
content, not file extension
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\4

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Launching applications and
files in an IFRAME
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\1

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Automatic prompting for
ActiveX controls
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\3


User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Allow video and
animation on a Web page that uses a legacy media player
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\2
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Automatic
prompting for file downloads
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\4
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Access data sources
across domains
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\2
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Allow file
downloads
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\4

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Loose XAML files
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\0

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Allow file downloads
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\1


User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Allow video and
animation on a Web page that uses a legacy media player
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\4

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Navigate windows
and frames across different domains
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\4

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Automatic prompting for
ActiveX controls
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\1
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Navigate windows and
frames across different domains
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\2

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\XPS documents
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\3

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Allow file downloads
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\0

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Launching
applications and files in an IFRAME
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\2

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Navigate windows
and frames across different domains
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\0


User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Allow video and animation
on a Web page that uses a legacy media player
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\3
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Download signed
ActiveX controls
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\0

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Userdata persistence
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\0
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Run ActiveX controls
and plugins
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\0
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Allow status bar
updates via script
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\2

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Use SmartScreen Filter
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\3
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Turn on Protected
Mode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\0

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Allow script-initiated
windows without size or position constraints
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\1

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Automatic prompting
for ActiveX controls
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\2

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\XPS documents
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\1


User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Do not prompt for
client certificate selection when no certificates or only one
certificate exists.
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\2
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Automatic prompting
for ActiveX controls
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\0

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Turn Off First-Run Opt-In
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\3
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Download unsigned
ActiveX controls
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\0
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Access data sources across
domains
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\1

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Open files based on
content, not file extension
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\1
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Allow META
REFRESH
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\2




User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Run .NET
Framework-reliant components not signed with Authenticode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\0
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Display mixed
content
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\0
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Allow scripting of
Internet Explorer web browser control
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\4

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Allow cut, copy or paste
operations from the clipboard via script
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\3
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Turn on Protected
Mode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\2
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Allow META
REFRESH
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\0


User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Allow cut, copy or
paste operations from the clipboard via script
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\4
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Software channel
permissions
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\2


User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Web sites in less
privileged Web content zones can navigate into this zone
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\0
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Use SmartScreen
Filter
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\0
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Run .NET Framework-
reliant components not signed with Authenticode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\3
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Turn on Protected
Mode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\4

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Use SmartScreen Filter
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\1

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Display mixed content
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\3

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Launching
applications and files in an IFRAME
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\0

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Allow scripting of Internet
Explorer web browser control
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\1

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Automatic prompting
for file downloads
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\2
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Access data sources across
domains
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\3
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Logon options
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\0

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Script ActiveX
controls marked safe for scripting
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\4

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Use Pop-up Blocker
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\1
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Allow font
downloads
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\4

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Allow scripting of Internet
Explorer web browser control
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Lockdown_Zones\3

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Restrict
ActiveX Install\Internet Explorer Processes
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIV
EXINSTALL

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Restrict
ActiveX Install\All Processes
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIV
EXINSTALL

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Restrict
ActiveX Install\Process List
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Application
Compatibility\Enable cut, copy or paste operations from the
clipboard if URLACTION_SCRIPT_PASTE is set to
Prompt\Internet Explorer Processes
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\Feature_Enable_Script_Paste_
URLAction_If_Prompt


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Application
Compatibility\Enable cut, copy or paste operations from the
clipboard if URLACTION_SCRIPT_PASTE is set to Prompt\All
Processes
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\Feature_Enable_Script_Paste_
URLAction_If_Prompt

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Application
Compatibility\Enable cut, copy or paste operations from the
clipboard if URLACTION_SCRIPT_PASTE is set to
Prompt\Process List
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Object
Caching Protection\Process List
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl




Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Object
Caching Protection\Internet Explorer Processes
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING




Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Object
Caching Protection\All Processes
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Corporate Settings\Code
Download\Prevent setting of the code download path for each
machine
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Navigate windows and frames
across different domains
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\0

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Turn Off First-Run Opt-In
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\0
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Automatic prompting for ActiveX
controls
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\0

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Allow video and animation on a
Web page that uses a legacy media player
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\0

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Software channel permissions
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\0

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Allow binary and script behaviors
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\0

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Only allow approved domains to
use ActiveX controls without prompt
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\0
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Allow Scriptlets
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\0

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Java permissions
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\0

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Download signed ActiveX controls
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\0

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Allow installation of desktop items
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\0

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Disable .NET Framework Setup
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\0

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Allow META REFRESH
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\0
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Launching programs and unsafe
files
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\0

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Allow cut, copy or paste operations
from the clipboard via script
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\0
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Turn on Protected Mode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\0
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Open files based on content, not
file extension
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\0

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Userdata persistence
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\0

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Allow file downloads
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\0

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Run ActiveX controls and plugins
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\0

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Allow active content over restricted
protocols to access my computer
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\0
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Script ActiveX controls marked safe
for scripting
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\0
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Allow drag and drop or copy and
paste files
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\0
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Allow scripting of Internet Explorer
web browser control
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\0

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Include local directory path when
uploading files to a server
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\0

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Run .NET Framework-reliant
components signed with Authenticode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\0
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Turn on Cross-Site Scripting (XSS)
Filter
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\0

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Allow font downloads
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\0

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\XPS documents
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\0

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Allow active scripting
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\0


User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Do not prompt for client certificate
selection when no certificates or only one certificate exists.
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\0
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Allow websites to prompt for
information using scripted windows
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\0
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Access data sources across
domains
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\0

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Display mixed content
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\0

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\XAML browser applications
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\0

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Use SmartScreen Filter
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\0

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Allow script-initiated windows
without size or position constraints
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\0

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Scripting of Java applets
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\0

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Logon options
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\0
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Allow status bar updates via script
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\0


User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Run .NET Framework-reliant
components not signed with Authenticode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\0

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Submit non-encrypted form data
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\0
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Launching applications and files in
an IFRAME
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\0

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Loose XAML files
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\0

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Web sites in less privileged Web
content zones can navigate into this zone
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\0
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Download unsigned ActiveX
controls
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\0

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Use Pop-up Blocker
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\0
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Automatic prompting for file
downloads
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\0
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Initialize and script ActiveX controls
not marked as safe
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\0

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Allow websites to open windows
without address or status bars
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\0

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Network
Protocol Lockdown\Internet Explorer Processes
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCK
DOWN

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Network
Protocol Lockdown\All Processes
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCK
DOWN

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Network
Protocol Lockdown\Process List
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl




Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Consistent
Mime Handling\All Processes
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Consistent
Mime Handling\Process List
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Restricted Sites Zone\Automatic prompting for ActiveX
controls
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\4

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Restricted Sites Zone\Submit non-encrypted form data
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\4

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Restricted Sites Zone\Automatic prompting for file
downloads
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\4

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Restricted Sites Zone\Allow websites to open windows
without address or status bars
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\4

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Restricted Sites Zone\Display mixed content
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\4


User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Restricted Sites Zone\Include local directory path when
uploading files to a server
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\4

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Restricted Sites Zone\Use Pop-up Blocker
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\4
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Restricted Sites Zone\Run .NET Framework-reliant
components signed with Authenticode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\4

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Restricted Sites Zone\XPS documents
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\4

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Restricted Sites Zone\Allow file downloads
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\4

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Restricted Sites Zone\Logon options
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\4

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Restricted Sites Zone\Allow script-initiated windows
without size or position constraints
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\4

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Restricted Sites Zone\Allow websites to prompt for
information using scripted windows
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\4

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Restricted Sites Zone\Java permissions
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\4

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Restricted Sites Zone\Open files based on content, not
file extension
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\4
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Restricted Sites Zone\Allow binary and script behaviors
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\4

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Restricted Sites Zone\Userdata persistence
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\4
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Restricted Sites Zone\Access data sources across
domains
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\4


User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Restricted Sites Zone\Allow video and animation on a
Web page that uses a legacy media player
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\4

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Restricted Sites Zone\Use SmartScreen Filter
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\4
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Restricted Sites Zone\Allow drag and drop or copy and
paste files
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\4

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Restricted Sites Zone\Allow active scripting
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\4
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Restricted Sites Zone\Turn on Cross-Site Scripting
(XSS) Filter
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\4
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Restricted Sites Zone\Navigate windows and frames
across different domains
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\4

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Restricted Sites Zone\Allow cut, copy or paste
operations from the clipboard via script
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\4

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Restricted Sites Zone\Download signed ActiveX controls
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\4


User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Restricted Sites Zone\Run .NET Framework-reliant
components not signed with Authenticode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\4




User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Restricted Sites Zone\Do not prompt for client certificate
selection when no certificates or only one certificate exists.
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\4

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Restricted Sites Zone\Software channel permissions
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\4

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Restricted Sites Zone\Allow active content over
restricted protocols to access my computer
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\4
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Restricted Sites Zone\Disable .NET Framework Setup
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\4

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Restricted Sites Zone\Loose XAML files
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\4

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Restricted Sites Zone\Allow META REFRESH
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\4

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Restricted Sites Zone\Launching applications and files in
an IFRAME
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\4

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Restricted Sites Zone\Allow installation of desktop items
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\4

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Restricted Sites Zone\Turn on Protected Mode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\4

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Restricted Sites Zone\Allow status bar updates via script
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\4

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Restricted Sites Zone\Initialize and script ActiveX
controls not marked as safe
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\4
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Restricted Sites Zone\Launching programs and unsafe
files
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\4

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Restricted Sites Zone\Only allow approved domains to
use ActiveX controls without prompt
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\4

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Restricted Sites Zone\Allow font downloads
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\4

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Restricted Sites Zone\Scripting of Java applets
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\4
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Restricted Sites Zone\Download unsigned ActiveX
controls
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\4

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Restricted Sites Zone\Run ActiveX controls and plugins
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\4


User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Restricted Sites Zone\Web sites in less privileged Web
content zones can navigate into this zone
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\4

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Restricted Sites Zone\XAML browser applications
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\4
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Restricted Sites Zone\Turn Off First-Run Opt-In
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\4

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Restricted Sites Zone\Allow Scriptlets
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\4

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Restricted Sites Zone\Script ActiveX controls marked
safe for scripting
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\4
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Settings\Advanced
settings\Searching\Prevent configuration of search from the
Address bar
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Settings\Advanced
settings\Internet Connection Wizard Settings\Turn on the
Internet Connection Wizard Auto Detect
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Connection Wizard

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Settings\URL
Encoding\Turn off sending URLs as UTF-8 (requires restart)
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Add-on
Management\Add-on List
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre
ntVersion\Policies\Ext
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Add-on
Management\Deny all add-ons unless specifically allowed in
the Add-on List
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre
ntVersion\Policies\Ext
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Add-on
Management\All Processes
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGE
MENT

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Add-on
Management\Process List
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Mime
Sniffing Safety Feature\Process List
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl


User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Mime
Sniffing Safety Feature\Internet Explorer Processes
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING


User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Mime
Sniffing Safety Feature\All Processes
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Allow binary and
script behaviors
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\0


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Launching applications and
files in an IFRAME
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\3
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Allow cut, copy or paste
operations from the clipboard via script
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\3

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Turn on Protected
Mode
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\4


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Web sites in less privileged
Web content zones can navigate into this zone
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\3


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Userdata persistence
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\3


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Allow font downloads
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\2


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Loose XAML files
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\4


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Allow file downloads
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\0
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Download unsigned ActiveX
controls
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\3


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Turn on Cross-Site
Scripting (XSS) Filter
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\2


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Allow Scriptlets
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\3


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Loose XAML files
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\3


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Script ActiveX
controls marked safe for scripting
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\0


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Navigate windows
and frames across different domains
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\4

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Software channel
permissions
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\1
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Turn on Cross-Site
Scripting (XSS) Filter
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\1


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Web sites in less
privileged Web content zones can navigate into this zone
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\2


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Use Pop-up Blocker
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\1


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Allow cut, copy or
paste operations from the clipboard via script
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\0


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Allow cut, copy or paste
operations from the clipboard via script
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\1


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Allow status bar
updates via script
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\2
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Allow binary and
script behaviors
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\4


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Logon options
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\3


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Turn on Cross-Site
Scripting (XSS) Filter
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\4

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Turn Off First-Run
Opt-In
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\0


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Logon options
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\0

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Allow binary and script
behaviors
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\2


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Script ActiveX controls
marked safe for scripting
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\3
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Userdata persistence
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\0

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Disable .NET Framework
Setup
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\1


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Allow scripting of
Internet Explorer web browser control
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\4


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Download signed
ActiveX controls
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\2


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Allow installation of
desktop items
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\2

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Automatic prompting for file
downloads
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\3


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Allow websites to prompt for
information using scripted windows
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\1
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Open files based on
content, not file extension
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\1


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Download signed
ActiveX controls
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\0


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Loose XAML files
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\2

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Software channel
permissions
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\3

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Turn on Protected
Mode
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\0

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Submit non-encrypted form
data
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\3

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Software channel
permissions
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\2
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\XAML browser
applications
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\4


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Allow websites to
prompt for information using scripted windows
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\4


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Initialize and script ActiveX
controls not marked as safe
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\3


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Automatic prompting
for ActiveX controls
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\2

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Display mixed
content
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\0


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Launching
applications and files in an IFRAME
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\0


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Allow active scripting
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\3
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Allow font
downloads
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\4

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Disable .NET
Framework Setup
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\0


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Initialize and script
ActiveX controls not marked as safe
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\0


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Allow active scripting
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\2


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Allow websites to
open windows without address or status bars
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\2


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Allow drag and drop
or copy and paste files
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\2


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Web sites in less
privileged Web content zones can navigate into this zone
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\0
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Do not prompt for client
certificate selection when no certificates or only one certificate
exists.
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\1


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Disable .NET
Framework Setup
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\4


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Logon options
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\1


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\XPS documents
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\3


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Launching programs
and unsafe files
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\0

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Allow binary and script
behaviors
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\3

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Scripting of Java
applets
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\4
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Allow META REFRESH
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\3


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Only allow approved
domains to use ActiveX controls without prompt
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\0


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Allow active scripting
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\0

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Disable .NET Framework
Setup
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\3

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Download unsigned ActiveX
controls
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\1


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Allow status bar
updates via script
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\0


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Allow Scriptlets
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\0
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Include local directory path
when uploading files to a server
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\1


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Download unsigned
ActiveX controls
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\0


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Automatic prompting for
ActiveX controls
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\1


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Open files based on
content, not file extension
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\3

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Turn on Protected
Mode
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\2


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Allow file downloads
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\1


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Launching applications and
files in an IFRAME
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\1
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Submit non-encrypted form
data
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\1


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Turn Off First-Run Opt-In
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\3


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Turn on Cross-Site
Scripting (XSS) Filter
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\3


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Script ActiveX
controls marked safe for scripting
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\4

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Disable .NET
Framework Setup
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\2


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Userdata persistence
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\2


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Launching programs
and unsafe files
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\2
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Script ActiveX controls
marked safe for scripting
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\1


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Navigate windows and
frames across different domains
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\1

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Allow file
downloads
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\4


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Allow video and
animation on a Web page that uses a legacy media player
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\0


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Open files based on
content, not file extension
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\0


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Do not prompt for client
certificate selection when no certificates or only one certificate
exists.
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\3
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Initialize and script
ActiveX controls not marked as safe
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\4

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\XAML browser
applications
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\0


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Download signed
ActiveX controls
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\4


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Navigate windows
and frames across different domains
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\0


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Allow cut, copy or
paste operations from the clipboard via script
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\4


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\XPS documents
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\4


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Allow websites to
open windows without address or status bars
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\0
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\XAML browser
applications
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\2


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Allow installation of
desktop items
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\0

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Allow installation of desktop
items
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\1


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Allow video and
animation on a Web page that uses a legacy media player
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\2

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Access data sources across
domains
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\1


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Allow video and animation
on a Web page that uses a legacy media player
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\3


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Loose XAML files
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\0
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Allow installation of
desktop items
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\4

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Userdata
persistence
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\4


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Navigate windows and
frames across different domains
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\3

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Allow META
REFRESH
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\4


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Run .NET Framework-
reliant components not signed with Authenticode
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\1


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Automatic
prompting for ActiveX controls
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\4


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Display mixed content
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\3
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Include local
directory path when uploading files to a server
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\0


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Allow Scriptlets
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\1


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Use Pop-up Blocker
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\0

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Allow installation of desktop
items
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\3


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Allow scripting of
Internet Explorer web browser control
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\0


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Open files based on
content, not file extension
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\2

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Allow status bar updates via
script
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\1
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Launching
applications and files in an IFRAME
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\4


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Download unsigned
ActiveX controls
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\2


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Access data sources
across domains
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\0

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Run ActiveX controls and
plugins
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\3


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Allow Scriptlets
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\2

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Download signed ActiveX
controls
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\1


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Display mixed content
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\2
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Allow video and
animation on a Web page that uses a legacy media player
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\4


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Use Pop-up Blocker
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\4


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Logon options
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\4


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Userdata persistence
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\1


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Automatic prompting for
ActiveX controls
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\3


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Allow websites to open
windows without address or status bars
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\1


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Allow font downloads
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\3
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\XPS documents
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\2


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Allow video and animation
on a Web page that uses a legacy media player
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\1


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Run .NET Framework-
reliant components signed with Authenticode
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\1

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Turn Off First-Run Opt-
In
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\2

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Scripting of Java
applets
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\0


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Allow active scripting
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\1

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Allow status bar updates via
script
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\3
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Allow status bar
updates via script
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\4


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Launching
programs and unsafe files
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\4


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Display mixed content
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\1


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Allow websites to
prompt for information using scripted windows
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\0


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Script ActiveX controls
marked safe for scripting
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\2


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\XAML browser applications
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\1


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Allow file downloads
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\2
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Allow active
scripting
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\4


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Download unsigned
ActiveX controls
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\4


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Run .NET Framework-
reliant components not signed with Authenticode
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\2


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Turn on Cross-Site
Scripting (XSS) Filter
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\0

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Display mixed
content
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\4

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Software channel
permissions
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\0

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Allow binary and script
behaviors
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\1
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Allow META
REFRESH
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\2


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Initialize and script
ActiveX controls not marked as safe
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\2


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Use Pop-up Blocker
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\2


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\XPS documents
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\0


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Allow META REFRESH
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\1

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Scripting of Java
applets
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\2


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Scripting of Java applets
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\1
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Run ActiveX controls
and plugins
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\0


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Allow script-initiated
windows without size or position constraints
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\3


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Do not prompt for
client certificate selection when no certificates or only one
certificate exists.
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\4


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Include local
directory path when uploading files to a server
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\4


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Access data
sources across domains
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\4


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Allow font downloads
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\1
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\XAML browser applications
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\3


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Allow drag and drop
or copy and paste files
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\4

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Launching programs and
unsafe files
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\1


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Allow drag and drop
or copy and paste files
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\0


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Allow script-initiated
windows without size or position constraints
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\0


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Automatic
prompting for file downloads
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\4


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Include local directory
path when uploading files to a server
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\2
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Initialize and script ActiveX
controls not marked as safe
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\1


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\XPS documents
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\1


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Submit non-
encrypted form data
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\4


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Run .NET
Framework-reliant components signed with Authenticode
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\4


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Web sites in less
privileged Web content zones can navigate into this zone
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\4


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Use Pop-up Blocker
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\3


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Run .NET Framework-
reliant components signed with Authenticode
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\3
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Allow META
REFRESH
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\0


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Allow Scriptlets
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\4


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Turn on Protected Mode
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\3


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Automatic prompting
for ActiveX controls
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\0


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Do not prompt for
client certificate selection when no certificates or only one
certificate exists.
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\0


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Allow websites to
prompt for information using scripted windows
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\2


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Allow websites to open
windows without address or status bars
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\3
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Run .NET
Framework-reliant components not signed with Authenticode
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\0


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Run .NET Framework-
reliant components not signed with Authenticode
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\3

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Software channel
permissions
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\4


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Allow websites to prompt for
information using scripted windows
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\3


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Allow script-initiated
windows without size or position constraints
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\2

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Automatic prompting for file
downloads
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\1


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Allow font downloads
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\0
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Allow scripting of
Internet Explorer web browser control
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\2


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Run .NET
Framework-reliant components signed with Authenticode
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\0


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Allow drag and drop or copy
and paste files
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\3


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Allow websites to
open windows without address or status bars
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\4


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Run .NET
Framework-reliant components not signed with Authenticode
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\4


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Turn on Protected Mode
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\1

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Turn Off First-Run
Opt-In
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\4
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Submit non-
encrypted form data
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\0


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone\Automatic prompting
for file downloads
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\0


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Include local directory path
when uploading files to a server
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\3


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Allow drag and drop or copy
and paste files
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\1


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Scripting of Java applets
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\3

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Submit non-encrypted
form data
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\2


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Run ActiveX
controls and plugins
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\4
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Launching programs and
unsafe files
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\3


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Access data sources
across domains
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\2


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Allow cut, copy or
paste operations from the clipboard via script
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\2


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Allow scripting of Internet
Explorer web browser control
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\3


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Navigate windows and
frames across different domains
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\2


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Logon options
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\2


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Only allow approved
domains to use ActiveX controls without prompt
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\2
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Access data sources across
domains
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\3


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Allow script-initiated
windows without size or position constraints
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\1


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Open files based on
content, not file extension
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\4


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone\Allow file downloads
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\3


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Only allow approved
domains to use ActiveX controls without prompt
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\1

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Run ActiveX controls
and plugins
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\2


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Run .NET Framework-
reliant components signed with Authenticode
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\2
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone\Allow script-initiated
windows without size or position constraints
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\4


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Launching
applications and files in an IFRAME
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\2


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Do not prompt for
client certificate selection when no certificates or only one
certificate exists.
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\2


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Turn Off First-Run Opt-In
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\1


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Allow scripting of Internet
Explorer web browser control
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\1

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Run ActiveX controls and
plugins
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\1
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone\Automatic prompting
for file downloads
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\2


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Loose XAML files
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\1


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone\Web sites in less privileged
Web content zones can navigate into this zone
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Lockdown_Zones\1

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Persistence Behavior\File size
limits for Local Machine zone
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Persistence\0

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Persistence Behavior\File size
limits for Intranet zone
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Persistence\1

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Persistence Behavior\File size
limits for Internet zone
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Persistence\3

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Persistence Behavior\File size
limits for Restricted Sites zone
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Persistence\4

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Persistence Behavior\File size
limits for Trusted Sites zone
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Persistence\2
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Allow websites to prompt for information
using scripted windows
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\1

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Run ActiveX controls and plugins
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\1

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\XAML browser applications
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\1

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Use SmartScreen Filter
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\1

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Allow cut, copy or paste operations from
the clipboard via script
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\1

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Allow active content over restricted
protocols to access my computer
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\1

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Turn on Cross-Site Scripting (XSS) Filter
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\1

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Allow binary and script behaviors
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\1
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Turn Off First-Run Opt-In
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\1

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Download unsigned ActiveX controls
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\1

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Run .NET Framework-reliant components
signed with Authenticode
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\1

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Include local directory path when
uploading files to a server
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\1

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Turn on Protected Mode
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\1

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Allow scripting of Internet Explorer web
browser control
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\1

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Scripting of Java applets
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\1
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Launching applications and files in an
IFRAME
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\1
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Access data sources across domains
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\1

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Display mixed content
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\1

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Allow active scripting
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\1


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Do not prompt for client certificate
selection when no certificates or only one certificate exists.
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\1

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Software channel permissions
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\1

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Allow META REFRESH
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\1

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Allow Scriptlets
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\1
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Script ActiveX controls marked safe for
scripting
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\1
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Allow font downloads
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\1

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Submit non-encrypted form data
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\1

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Web sites in less privileged Web content
zones can navigate into this zone
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\1

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Automatic prompting for file downloads
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\1

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Userdata persistence
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\1

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Allow video and animation on a Web page
that uses a legacy media player
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\1

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Allow file downloads
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\1

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Allow installation of desktop items
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\1
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Allow drag and drop or copy and paste
files
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\1

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Loose XAML files
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\1

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Allow websites to open windows without
address or status bars
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\1

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Run .NET Framework-reliant components
not signed with Authenticode
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\1

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Only allow approved domains to use
ActiveX controls without prompt
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\1

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Launching programs and unsafe files
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\1

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Logon options
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\1

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Initialize and script ActiveX controls not
marked as safe
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\1
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Use Pop-up Blocker
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\1
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Open files based on content, not file
extension
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\1

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Navigate windows and frames across
different domains
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\1

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Disable .NET Framework Setup
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\1

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Allow script-initiated windows without size
or position constraints
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\1

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\XPS documents
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\1

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Allow status bar updates via script
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\1

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Automatic prompting for ActiveX controls
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\1
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Add-on
Management\Process List
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Add-on
Management\Add-on List
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curre
ntVersion\Policies\Ext
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Add-on
Management\Deny all add-ons unless specifically allowed in
the Add-on List
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curre
ntVersion\Policies\Ext


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Add-on
Management\All Processes
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGE
MENT

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Scripted
Window Security Restrictions\Process List
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Scripted
Window Security Restrictions\Internet Explorer Processes
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRI
CTIONS

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Scripted
Window Security Restrictions\All Processes
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRI
CTIONS

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Compatibility View\Use Policy
List of Internet Explorer 7 sites
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\BrowserEmulation\PolicyList
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Compatibility View\Turn off
Compatibility View button
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\CommandBar

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Compatibility View\Turn on
Internet Explorer 7 Standards Mode
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\BrowserEmulation

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Compatibility View\Turn on
Internet Explorer Standards Mode for Local Intranet
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\BrowserEmulation

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Compatibility View\Turn off
Compatibility View
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\BrowserEmulation

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Turn off Data
Execution Prevention
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Main

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Turn off Data
URI Support
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_DATAURI
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet
Settings\AutoComplete\Turn off Windows Search
AutoComplete
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Main\WindowsSearch

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Launching programs and unsafe files
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\1

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Download unsigned ActiveX controls
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\1
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Run .NET Framework-reliant components
signed with Authenticode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\1

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Automatic prompting for file downloads
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\1

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Allow script-initiated windows without size
or position constraints
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\1

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Run ActiveX controls and plugins
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\1

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Use SmartScreen Filter
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\1

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Software channel permissions
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\1

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Download signed ActiveX controls
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\1

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Allow active content over restricted
protocols to access my computer
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\1
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Loose XAML files
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\1

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Allow META REFRESH
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\1
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Navigate windows and frames across
different domains
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\1

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Allow websites to open windows without
address or status bars
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\1

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Java permissions
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\1

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Automatic prompting for ActiveX controls
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\1

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Turn on Cross-Site Scripting (XSS) Filter
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\1

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Web sites in less privileged Web content
zones can navigate into this zone
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\1
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Allow drag and drop or copy and paste
files
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\1

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Use Pop-up Blocker
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\1

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Display mixed content
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\1

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Allow Scriptlets
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\1
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Initialize and script ActiveX controls not
marked as safe
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\1
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Launching applications and files in an
IFRAME
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\1

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Scripting of Java applets
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\1

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Allow status bar updates via script
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\1

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Turn on Protected Mode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\1
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Userdata persistence
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\1
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Script ActiveX controls marked safe for
scripting
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\1

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Include local directory path when
uploading files to a server
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\1

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Allow video and animation on a Web page
that uses a legacy media player
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\1


User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Run .NET Framework-reliant components
not signed with Authenticode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\1
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Open files based on content, not file
extension
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\1

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Allow font downloads
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\1

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Allow file downloads
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\1
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Submit non-encrypted form data
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\1

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\XPS documents
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\1

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Allow binary and script behaviors
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\1

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Allow websites to prompt for information
using scripted windows
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\1

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Allow active scripting
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\1

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Access data sources across domains
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\1

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Only allow approved domains to use
ActiveX controls without prompt
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\1

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\XAML browser applications
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\1
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Turn Off First-Run Opt-In
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\1

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Allow installation of desktop items
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\1


User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Do not prompt for client certificate
selection when no certificates or only one certificate exists.
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\1

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Logon options
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\1
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Allow scripting of Internet Explorer web
browser control
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\1

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Disable .NET Framework Setup
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\1

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone\Allow cut, copy or paste operations from
the clipboard via script
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\1

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Protection
From Zone Elevation\Process List
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Protection
From Zone Elevation\All Processes
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION




User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Protection
From Zone Elevation\Internet Explorer Processes
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Settings\Display
settings\General Colors\Prevent users from configuring
background color
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Settings

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Settings\Display
settings\General Colors\Prevent the use of Windows colors
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Settings\Display
settings\General Colors\Prevent users from configuring text
color
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Settings

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Network
Protocol Lockdown\Restricted Protocols Per Security
Zone\Local Machine Zone Restricted Protocols
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Win
dows\CurrentVersion\Internet Settings\RestrictedProtocols

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Network
Protocol Lockdown\Restricted Protocols Per Security
Zone\Intranet Zone Restricted Protocols
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Win
dows\CurrentVersion\Internet Settings\RestrictedProtocols

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Network
Protocol Lockdown\Restricted Protocols Per Security
Zone\Internet Zone Restricted Protocols
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Win
dows\CurrentVersion\Internet Settings\RestrictedProtocols
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Network
Protocol Lockdown\Restricted Protocols Per Security
Zone\Restricted Sites Zone Restricted Protocols
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Win
dows\CurrentVersion\Internet Settings\RestrictedProtocols

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Network
Protocol Lockdown\Restricted Protocols Per Security
Zone\Trusted Sites Zone Restricted Protocols
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Win
dows\CurrentVersion\Internet Settings\RestrictedProtocols

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Mime
Sniffing Safety Feature\Process List
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl




Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Mime
Sniffing Safety Feature\All Processes
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Settings\Advanced
settings\Browsing\Turn on script debugging
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Settings\Advanced
settings\Browsing\Turn off friendly http error messages
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Settings\Advanced
settings\Browsing\Turn on the display of a notification about
every script error
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Settings\Advanced
settings\Browsing\Turn off configuring underline links
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Settings\Advanced
settings\Browsing\Turn off smooth scrolling
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Information
Bar\All Processes
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_SECURITYBAND




Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Information
Bar\Internet Explorer Processes
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_SECURITYBAND

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Information
Bar\Process List
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\Allow active content over restricted
protocols to access my computer
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\3

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\Allow websites to open windows without
address or status bars
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\3

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\Allow websites to prompt for information
using scripted windows
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\3

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\Use SmartScreen Filter
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\3
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\Disable .NET Framework Setup
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\3

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\Allow META REFRESH
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\3

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\XAML browser applications
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\3

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\Scripting of Java applets
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\3

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\Allow video and animation on a Web page
that uses a legacy media player
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\3


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\Do not prompt for client certificate
selection when no certificates or only one certificate exists.
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\3

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\Run ActiveX controls and plugins
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\3

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\Allow file downloads
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\3
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\Allow binary and script behaviors
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\3
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\Script ActiveX controls marked safe for
scripting
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\3

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\Display mixed content
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\3

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\Allow scripting of Internet Explorer web
browser control
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\3

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\Allow active scripting
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\3

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\Submit non-encrypted form data
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\3

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\Automatic prompting for ActiveX controls
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\3

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone\XPS documents
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\3
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Turn off Data
URI Support
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_DATAURI

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Compatibility View\Turn on
Internet Explorer Standards Mode for Local Intranet
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\BrowserEmulation

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Compatibility View\Turn off
Compatibility View
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\BrowserEmulation

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Compatibility View\Use Policy
List of Internet Explorer 7 sites
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\BrowserEmulation\PolicyList

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Compatibility View\Turn off
Compatibility View button
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\CommandBar

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Compatibility View\Turn on
Internet Explorer 7 Standards Mode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\BrowserEmulation

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Compatibility View\Include
updated Web site lists from Microsoft
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\BrowserEmulation

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Use UTF-
8 for mailto links
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Protocols\Mailto

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Disable
the Advanced page
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Control Panel
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Send
internationalized domain names
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Prevent
ignoring certificate errors
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Disable
the Content page
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Control Panel

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Disable
the General page
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Control Panel

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Disable
the Privacy page
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Control Panel

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Disable
the Connections page
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Control Panel

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Disable
the Programs page
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Control Panel

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Disable
the Security page
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Control Panel
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Only allow approved domains to
use ActiveX controls without prompt
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\0
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Allow drag and drop or copy and
paste files
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\0

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Script ActiveX controls marked safe
for scripting
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\0

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Disable .NET Framework Setup
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\0

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Allow video and animation on a
Web page that uses a legacy media player
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\0

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\XPS documents
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\0

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Allow script-initiated windows
without size or position constraints
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\0

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\XAML browser applications
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\0
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Allow websites to prompt for
information using scripted windows
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\0

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Initialize and script ActiveX controls
not marked as safe
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\0

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Download signed ActiveX controls
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\0

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Allow installation of desktop items
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\0

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Software channel permissions
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\0

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Allow META REFRESH
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\0

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Allow status bar updates via script
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\0
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Download unsigned ActiveX
controls
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\0
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Launching applications and files in
an IFRAME
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\0

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Userdata persistence
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\0

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Allow file downloads
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\0


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Do not prompt for client certificate
selection when no certificates or only one certificate exists.
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\0

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Loose XAML files
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\0

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Turn on Protected Mode
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\0

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Turn Off First-Run Opt-In
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\0

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Submit non-encrypted form data
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\0
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Allow binary and script behaviors
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\0

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Allow font downloads
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\0

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Allow active content over restricted
protocols to access my computer
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\0
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Automatic prompting for file
downloads
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\0

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Allow websites to open windows
without address or status bars
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\0

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Use Pop-up Blocker
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\0

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Display mixed content
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\0

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Allow Scriptlets
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\0
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Web sites in less privileged Web
content zones can navigate into this zone
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\0

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Run .NET Framework-reliant
components signed with Authenticode
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\0

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Allow active scripting
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\0
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Automatic prompting for ActiveX
controls
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\0

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Scripting of Java applets
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\0

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Include local directory path when
uploading files to a server
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\0
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Turn on Cross-Site Scripting (XSS)
Filter
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\0
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Launching programs and unsafe
files
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\0
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Allow scripting of Internet Explorer
web browser control
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\0

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Logon options
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\0

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Allow cut, copy or paste operations
from the clipboard via script
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\0

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Run .NET Framework-reliant
components not signed with Authenticode
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\0

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Navigate windows and frames
across different domains
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\0
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Access data sources across
domains
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\0

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Open files based on content, not
file extension
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\0

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone\Run ActiveX controls and plugins
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\0
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Binary
Behavior Security Restriction\All Processes
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_BEHAVIORS

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Binary
Behavior Security Restriction\Process List
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Binary
Behavior Security Restriction\Admin-approved behaviors
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Binary
Behavior Security Restriction\Internet Explorer Processes
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_BEHAVIORS

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Turn Off First-Run Opt-In
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\2

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Allow installation of desktop items
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\2

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\XAML browser applications
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\2

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Run .NET Framework-reliant
components not signed with Authenticode
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\2
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Allow font downloads
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\2

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Allow script-initiated windows without
size or position constraints
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\2

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Script ActiveX controls marked safe
for scripting
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\2

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Initialize and script ActiveX controls
not marked as safe
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\2

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Only allow approved domains to use
ActiveX controls without prompt
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\2

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Navigate windows and frames
across different domains
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\2

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\XPS documents
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\2
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Turn on Cross-Site Scripting (XSS)
Filter
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\2
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Allow drag and drop or copy and
paste files
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\2
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Automatic prompting for file
downloads
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\2

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Web sites in less privileged Web
content zones can navigate into this zone
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\2

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Loose XAML files
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\2

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Userdata persistence
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\2

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Allow active content over restricted
protocols to access my computer
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\2

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Allow active scripting
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\2

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Allow video and animation on a Web
page that uses a legacy media player
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\2
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Download unsigned ActiveX controls
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\2

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Include local directory path when
uploading files to a server
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\2

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Disable .NET Framework Setup
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\2

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Allow websites to prompt for
information using scripted windows
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\2

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Allow websites to open windows
without address or status bars
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\2
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Access data sources across
domains
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\2

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Use Pop-up Blocker
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\2

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Logon options
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\2
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Automatic prompting for ActiveX
controls
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\2

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Submit non-encrypted form data
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\2

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Software channel permissions
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\2

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Allow META REFRESH
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\2

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Allow binary and script behaviors
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\2

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Run ActiveX controls and plugins
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\2

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Allow Scriptlets
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\2

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Turn on Protected Mode
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\2

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Display mixed content
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\2
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Use SmartScreen Filter
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\2

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Allow file downloads
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\2
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Launching applications and files in
an IFRAME
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\2

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Allow status bar updates via script
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\2

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Download signed ActiveX controls
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\2

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Run .NET Framework-reliant
components signed with Authenticode
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\2

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Scripting of Java applets
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\2
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Launching programs and unsafe
files
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\2
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Open files based on content, not file
extension
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\2


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Do not prompt for client certificate
selection when no certificates or only one certificate exists.
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\2

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Allow scripting of Internet Explorer
web browser control
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\2

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Allow cut, copy or paste operations
from the clipboard via script
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Zones\2

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control
Panel\Advanced Page\Use HTTP 1.1
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Wi
ndows\CurrentVersion\Internet Settings

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control
Panel\Advanced Page\Do not save encrypted pages to disk
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control
Panel\Advanced Page\Do not allow resetting Internet Explorer
settings
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Control Panel
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control
Panel\Advanced Page\Empty Temporary Internet Files folder
when browser is closed
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Cache
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control
Panel\Advanced Page\Turn off ClearType
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Main

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control
Panel\Advanced Page\Play animations in web pages
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Main
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control
Panel\Advanced Page\Use HTTP 1.1 through proxy
connections
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Wi
ndows\CurrentVersion\Internet Settings

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control
Panel\Advanced Page\Turn on Caret Browsing support
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\CaretBrowsing

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control
Panel\Advanced Page\Play sounds in web pages
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Main

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone Template
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Intranet Settings\Template Policies

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone Template
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Local Machine Zone Settings\Template
Policies

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone Template
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Lockdown Settings\Template
Policies
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Turn on automatic detection of the intranet
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\ZoneMap


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone Template
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Trusted Sites Settings\Template Policies

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone Template
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Intranet Lockdown Settings\Template
Policies


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Restricted Sites Zone Template
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Restricted Sites Settings\Template Policies

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone Template
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Restricted Sites Lockdown
Settings\Template Policies

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone Template
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Local Machine Zone Lockdown
Settings\Template Policies

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone Template
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Trusted Sites Lockdown Settings\Template
Policies
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Sites: Include all sites that bypass the proxy
server
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\ZoneMap
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Site to Zone Assignment List
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Sites: Include all local (intranet) sites not listed
in other zones
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\ZoneMap

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Turn on Information bar notification for intranet content
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Turn on Warn about Certificate Address Mismatch
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone Template
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Template Policies


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Pop-up allow list
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\New Windows

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Turn off configuration of tabbed
browsing pop-up behavior
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\TabbedBrowsing

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Configure new tab page default
behavior
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Main
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Turn off the auto-complete
feature for web addresses
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Explorer\AutoComplete


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Turn off tabbed browsing
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\TabbedBrowsing


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Turn on Compatibility Logging
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\Feature_Enable_Compat_loggin
g

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Turn off configuration of default
behavior of new tab creation
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\TabbedBrowsing


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Set tab process growth
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Main

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Turn off displaying the Internet
Explorer Help Menu
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Restrictions

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Restrict changing the default
search provider
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Infodelivery\Restrictions


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Turn on menu bar by default
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Main
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Turn off suggestions for all user-
installed providers
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\SearchScopes


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Turn off Favorites bar
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\LinksBar

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Turn off the activation of the
quick pick menu
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\SearchScopes

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Turn off Automatic Crash
Recovery Prompt
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Recovery

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Turn off configuration of
window reuse
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Main

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Turn off Quick Tabs
functionality
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\TabbedBrowsing

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Turn off Managing Pop-up
Allow list
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Restrictions

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Add a specific list of search
providers to the user's search provider list
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Infodelivery\Restrictions

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Restrict search providers to a
specific list of providers
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Infodelivery\Restrictions
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Turn off page zooming
functionality
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\ZOOM


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Enforce Full Screen Mode
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Main


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Customize User Agent String
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\User Agent

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Prevent Internet Explorer
Search box from displaying
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Infodelivery\Restrictions

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Turn off managing Pop-up filter
level
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Restrictions

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Turn off Reopen Last Browsing
Session
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Recovery


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Turn off pop-up management
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Restrictions

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Settings\Advanced
settings\Multimedia\Turn off picture display
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Settings\Advanced
settings\Multimedia\Turn off automatic image resizing
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Settings\Advanced
settings\Multimedia\Allow the display of image download
placeholders
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Settings\Advanced
settings\Multimedia\Turn off smart image dithering
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Inte
rnet Explorer

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\InPrivate\Turn off InPrivate
Browsing
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Privacy

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\InPrivate\InPrivate Filtering
Threshold
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Safety\PrivacIE

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\InPrivate\Do not collect
InPrivate Filtering data
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Safety\PrivacIE

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\InPrivate\Disable toolbars and
extensions when InPrivate Browsing starts
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Safety\PrivacIE

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\InPrivate\Turn off InPrivate
Filtering
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Safety\PrivacIE

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\InPrivate\Turn off InPrivate
Filtering
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Safety\PrivacIE

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\InPrivate\Disable toolbars and
extensions when InPrivate Browsing starts
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Safety\PrivacIE
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\InPrivate\Do not collect
InPrivate Filtering data
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Safety\PrivacIE

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\InPrivate\InPrivate Filtering
Threshold
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Safety\PrivacIE

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Settings\Display
settings\Prevent users from choosing default text size
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Restrictions

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Download unsigned ActiveX controls
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\2

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Allow Scriptlets
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\2

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Allow websites to prompt for
information using scripted windows
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\2

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Allow binary and script behaviors
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\2

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Turn on Protected Mode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\2
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Logon options
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\2

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Disable .NET Framework Setup
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\2

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Use Pop-up Blocker
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\2


User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Do not prompt for client certificate
selection when no certificates or only one certificate exists.
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\2
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Automatic prompting for file
downloads
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\2
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Allow drag and drop or copy and
paste files
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\2

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Allow installation of desktop items
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\2

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\XPS documents
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\2
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Download signed ActiveX controls
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\2

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Allow websites to open windows
without address or status bars
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\2

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Loose XAML files
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\2
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Turn on Cross-Site Scripting (XSS)
Filter
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\2

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Allow META REFRESH
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\2

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Submit non-encrypted form data
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\2

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Run ActiveX controls and plugins
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\2

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Run .NET Framework-reliant
components signed with Authenticode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\2
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Userdata persistence
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\2

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\XAML browser applications
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\2
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Automatic prompting for ActiveX
controls
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\2

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Web sites in less privileged Web
content zones can navigate into this zone
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\2

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Allow font downloads
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\2

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Allow file downloads
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\2
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Access data sources across
domains
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\2

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Allow script-initiated windows without
size or position constraints
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\2
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Turn Off First-Run Opt-In
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\2
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Initialize and script ActiveX controls
not marked as safe
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\2

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Software channel permissions
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\2

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Allow video and animation on a Web
page that uses a legacy media player
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\2
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Navigate windows and frames
across different domains
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\2

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Allow cut, copy or paste operations
from the clipboard via script
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\2

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Scripting of Java applets
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\2

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Only allow approved domains to use
ActiveX controls without prompt
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\2
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Open files based on content, not file
extension
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\2

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Allow status bar updates via script
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\2
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Launching applications and files in
an IFRAME
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\2

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Use SmartScreen Filter
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\2


User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Run .NET Framework-reliant
components not signed with Authenticode
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\2

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Allow active content over restricted
protocols to access my computer
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\2
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Allow scripting of Internet Explorer
web browser control
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\2

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Allow active scripting
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\2
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Display mixed content
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\2

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Include local directory path when
uploading files to a server
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\2
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Script ActiveX controls marked safe
for scripting
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\2

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Java permissions
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\2
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone\Launching programs and unsafe
files
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Zones\2

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Settings\Component
Updates\Help Menu > About Internet Explorer\Prevent the
configuration of cipher strength update information URLs
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Application
Compatibility\Enable cut, copy or paste operations from the
clipboard if URLACTION_SCRIPT_PASTE is set to
Prompt\Internet Explorer Processes
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\Feature_Enable_Script_Paste_
URLAction_If_Prompt
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Application
Compatibility\Enable cut, copy or paste operations from the
clipboard if URLACTION_SCRIPT_PASTE is set to
Prompt\Process List
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Application
Compatibility\Enable cut, copy or paste operations from the
clipboard if URLACTION_SCRIPT_PASTE is set to Prompt\All
Processes
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\Feature_Enable_Script_Paste_
URLAction_If_Prompt

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Toolbars\Hide the Command
Bar
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\CommandBar

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Toolbars\Disable customizing
browser toolbar buttons
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre
ntVersion\Policies\Explorer

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Toolbars\Auto-hide the
Toolbars
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\CommandBar

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Toolbars\Customize Command
Labels
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\CommandBar

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Toolbars\Set location of Stop
and Refresh buttons
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\CommandBar

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Toolbars\Turn off Developer
Tools
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\IEDevTools
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Toolbars\Turn off toolbar
upgrade tool
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Toolbars\Restrictions


User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Toolbars\Lock all Toolbars
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Toolbar

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Toolbars\Use large Icons for
Command Buttons
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\CommandBar

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Toolbars\Disable customizing
browser toolbars
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre
ntVersion\Policies\Explorer


User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Toolbars\Hide the Status Bar
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Network
Protocol Lockdown\All Processes
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCK
DOWN


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Network
Protocol Lockdown\Internet Explorer Processes
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCK
DOWN

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Network
Protocol Lockdown\Process List
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Network
Protocol Lockdown\Restricted Protocols Per Security
Zone\Intranet Zone Restricted Protocols
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Wi
ndows\CurrentVersion\Internet Settings\RestrictedProtocols


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Network
Protocol Lockdown\Restricted Protocols Per Security
Zone\Trusted Sites Zone Restricted Protocols
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Wi
ndows\CurrentVersion\Internet Settings\RestrictedProtocols


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Network
Protocol Lockdown\Restricted Protocols Per Security
Zone\Restricted Sites Zone Restricted Protocols
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Wi
ndows\CurrentVersion\Internet Settings\RestrictedProtocols


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Network
Protocol Lockdown\Restricted Protocols Per Security
Zone\Local Machine Zone Restricted Protocols
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Wi
ndows\CurrentVersion\Internet Settings\RestrictedProtocols


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Network
Protocol Lockdown\Restricted Protocols Per Security
Zone\Internet Zone Restricted Protocols
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Wi
ndows\CurrentVersion\Internet Settings\RestrictedProtocols

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Local
Machine Zone Lockdown Security\Process List
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Local
Machine Zone Lockdown Security\Internet Explorer Processes
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_L
OCKDOWN
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Local
Machine Zone Lockdown Security\All Processes
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_L
OCKDOWN

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\MK Protocol
Security Restriction\Process List
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\MK Protocol
Security Restriction\All Processes
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PRO
TOCOL

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\MK Protocol
Security Restriction\Internet Explorer Processes
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PRO
TOCOL


User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Information
Bar\Internet Explorer Processes
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_SECURITYBAND


User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Information
Bar\All Processes
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_SECURITYBAND

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Information
Bar\Process List
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security
Features\AJAX\Maximum number of connections per server
(HTTP 1.0)
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MAXCONNECTION
SPER1_0SERVER

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\AJAX\Turn
off Cross Document Messaging
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_CROSS_DOCUME
NT_MESSAGING

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security
Features\AJAX\Maximum number of connections per server
(HTTP 1.1)
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MAXCONNECTION
SPERSERVER

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\AJAX\Turn
off the XDomainRequest Object
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_XDOMAINREQUES
T

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\AJAX\Enable
Native XMLHttpRequest Support
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Toolbars\Auto-hide the
Toolbars
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\CommandBar

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Toolbars\Turn off Developer
Tools
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\IEDevTools


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Toolbars\Lock all Toolbars
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Toolbar
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Toolbars\Use large Icons for
Command Buttons
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\CommandBar

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Toolbars\Set location of Stop
and Refresh buttons
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\CommandBar

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Toolbars\Turn off toolbar
upgrade tool
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Toolbars\Restrictions

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Toolbars\Hide the Command
Bar
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\CommandBar

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Toolbars\Customize Command
Labels
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\CommandBar


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Toolbars\Hide the Status Bar
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Main


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\AJAX\Turn
off the XDomainRequest Object
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_XDOMAINREQUES
T

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security
Features\AJAX\Maximum number of connections per server
(HTTP 1.1)
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MAXCONNECTION
SPERSERVER
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security
Features\AJAX\Maximum number of connections per server
(HTTP 1.0)
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MAXCONNECTION
SPER1_0SERVER


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\AJAX\Turn
off Cross Document Messaging
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_CROSS_DOCUME
NT_MESSAGING

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\AJAX\Enable
Native XMLHttpRequest Support
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Main
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet
Settings\AutoComplete\Turn off Windows Search
AutoComplete
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main\WindowsSearch
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet
Settings\AutoComplete\Turn on inline AutoComplete for Web
addresses
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Win
dows\CurrentVersion\Explorer\AutoComplete


User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Consistent
Mime Handling\All Processes
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING




User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Consistent
Mime Handling\Internet Explorer Processes
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Consistent
Mime Handling\Process List
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Delete Browsing
History\Prevent Deleting Temporary Internet Files
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Privacy

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Delete Browsing
History\Prevent Deleting Favorites Site Data
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Privacy

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Delete Browsing History\Turn
off "Delete Browsing History" functionality
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Control Panel

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Delete Browsing
History\Prevent Deleting Form Data
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Control Panel

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Delete Browsing
History\Prevent Deleting Passwords
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Control Panel

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Delete Browsing
History\Disable "Configuring History"
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Control Panel

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Delete Browsing
History\Prevent Deleting Web sites that the User has Visited
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Privacy

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Delete Browsing
History\Prevent Deleting Cookies
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Privacy
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Delete Browsing
History\Prevent Deleting InPrivate Filtering data
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Privacy

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Restrict File
Download\All Processes
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILED
OWNLOAD

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Restrict File
Download\Internet Explorer Processes
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILED
OWNLOAD

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Restrict File
Download\Process List
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Local
Machine Zone Lockdown Security\Process List
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl


User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Local
Machine Zone Lockdown Security\Internet Explorer Processes
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_L
OCKDOWN

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Local
Machine Zone Lockdown Security\All Processes
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_L
OCKDOWN

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Protection
From Zone Elevation\Process List
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Protection
From Zone Elevation\All Processes
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Disable
the Programs page
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Control Panel

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Disable
the Content page
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Control Panel

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Use UTF-
8 for mailto links
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings\Protocols\Mailto

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Disable
the General page
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Control Panel

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Send
internationalized domain names
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Disable
the Connections page
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Control Panel

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Disable
the Privacy page
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Control Panel
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Binary
Behavior Security Restriction\All Processes
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_BEHAVIORS

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Binary
Behavior Security Restriction\Admin-approved behaviors
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windo
ws\CurrentVersion\Internet Settings

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Binary
Behavior Security Restriction\Process List
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Binary
Behavior Security Restriction\Internet Explorer Processes
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_BEHAVIORS


User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Settings\Advanced
settings\Signup Settings\Turn on Automatic Signup
HKEY_CURRENT_USER\Software\Policies\Microsoft\IEAK

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Administrator Approved
Controls\Microsoft Chat
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\AllowedControls

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Administrator Approved
Controls\Microsoft Agent
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\AllowedControls

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Administrator Approved
Controls\Shockwave Flash
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\AllowedControls
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Administrator Approved
Controls\Carpoint
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\AllowedControls

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Administrator Approved
Controls\Audio/Video Player
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\AllowedControls

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Administrator Approved
Controls\MSNBC
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\AllowedControls

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Administrator Approved
Controls\Investor
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\AllowedControls

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Administrator Approved
Controls\Microsoft Survey Control
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\AllowedControls

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Administrator Approved
Controls\Microsoft Scriptlet Component
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\AllowedControls

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Administrator Approved
Controls\NetShow File Transfer Control
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\AllowedControls

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Administrator Approved
Controls\DHTML Edit Control
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\AllowedControls

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Administrator Approved
Controls\Menu Controls
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\AllowedControls
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Browser menus\Disable Open
in New Window menu option
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Restrictions

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Browser menus\Disable
Context menu
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Restrictions

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Browser menus\File menu:
Disable New menu option
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Restrictions

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Browser menus\Help menu:
Remove 'Tour' menu option
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Restrictions

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Browser menus\Help menu:
Remove 'Send Feedback' menu option
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Restrictions

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Browser menus\File menu:
Disable Save As Web Page Complete
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Infodelivery\Restrictions

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Browser menus\File menu:
Disable Open menu option
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Restrictions

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Browser menus\View menu:
Disable Source menu option
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Restrictions

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Browser menus\Turn off Print
Menu
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Restrictions
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Browser menus\File menu:
Disable closing the browser and Explorer windows
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Restrictions

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Browser menus\File menu:
Disable Save As... menu option
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Restrictions

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Browser menus\View menu:
Disable Full Screen menu option
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Restrictions

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Browser menus\Tools menu:
Disable Internet Options... menu option
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Restrictions

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Browser menus\Hide Favorites
menu
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Restrictions

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Scripted
Window Security Restrictions\Process List
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl


Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Scripted
Window Security Restrictions\All Processes
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRI
CTIONS

Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\MK Protocol
Security Restriction\Process List
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl
Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\MK Protocol
Security Restriction\All Processes
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PRO
TOCOL


User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Object
Caching Protection\Internet Explorer Processes
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING


User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Object
Caching Protection\All Processes
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Object
Caching Protection\Process List
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Restricted Sites Zone Template
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Restricted Sites Settings\Template Policies

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Turn on Warn about Certificate Address Mismatch
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Sites: Include all sites that bypass the proxy
server
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\ZoneMap
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Internet Zone Template
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Lockdown Settings\Template
Policies
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Trusted Sites Zone Template
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Trusted Sites Settings\Template Policies

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Zone Template
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Intranet Settings\Template Policies

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Local Machine Zone Template
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Local Machine Zone Lockdown
Settings\Template Policies

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Internet Zone Template
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Template Policies

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Site to Zone Assignment List
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Turn on Information bar notification for intranet content
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Intranet Zone Template
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Intranet Lockdown Settings\Template
Policies
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Local Machine Zone Template
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Local Machine Zone Settings\Template
Policies
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Turn on automatic detection of the intranet
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\ZoneMap

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Restricted Sites Zone Template
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Restricted Sites Lockdown
Settings\Template Policies

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Locked-Down Trusted Sites Zone Template
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Trusted Sites Lockdown Settings\Template
Policies
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Sites: Include all local (intranet) sites not listed
in other zones
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\ZoneMap

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control Panel\Security
Page\Intranet Sites: Include all network paths (UNCs)
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\ZoneMap

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control
Panel\Advanced Page\Play sounds in web pages
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control
Panel\Advanced Page\Allow active content from CDs to run on
user machines
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_L
OCKDOWN\Settings
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control
Panel\Advanced Page\Check for signatures on downloaded
programs
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Download
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control
Panel\Advanced Page\Allow software to run or install even if
the signature is invalid
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Download

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control
Panel\Advanced Page\Turn off Encryption Support
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control
Panel\Advanced Page\Empty Temporary Internet Files folder
when browser is closed
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings\Cache
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control
Panel\Advanced Page\Do not allow resetting Internet Explorer
settings
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Control Panel
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control
Panel\Advanced Page\Automatically check for Internet
Explorer updates
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control
Panel\Advanced Page\Check for server certificate revocation
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control
Panel\Advanced Page\Play animations in web pages
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control
Panel\Advanced Page\Turn off ClearType
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control
Panel\Advanced Page\Turn on Caret Browsing support
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\CaretBrowsing
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control
Panel\Advanced Page\Use HTTP 1.1 through proxy
connections
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Win
dows\CurrentVersion\Internet Settings

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control
Panel\Advanced Page\Do not save encrypted pages to disk
HKEY_CURRENT_USER\Software\Policies\Microsoft\Window
s\CurrentVersion\Internet Settings

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control
Panel\Advanced Page\Allow third-party browser extensions
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Main

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Control
Panel\Advanced Page\Use HTTP 1.1
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Win
dows\CurrentVersion\Internet Settings

User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Settings\Display
settings\Link Colors\Turn on the hover color option
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Settings
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Settings\Display
settings\Link Colors\Prevent users from configuring the color
of links that have already been clicked
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Settings
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Settings\Display
settings\Link Colors\Prevent users from configuring the hover
color
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Settings
User Configuration\Administrative Templates\Windows
Components\Internet Explorer\Internet Settings\Display
settings\Link Colors\Prevent users from configuring the color
of links that have not yet been clicked
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet
Explorer\Settings
    Microsoft Security Compliance
                                                       Microsoft Security Compliance
    Management Toolkit for Internet
                                                       Manager (SCM) Baselines and
   Explorer 8, Version 1.0: "Internet
                                                              Settings Packs
   Explorer 8 Security Baseline.xml"



                                                      Microsoft Tool: Security Compliance
                                                      Manager (SCM)
Setting Index #32: This policy setting allows you     Microsoft Baseline: Internet Explorer 8
to manage whether scripts can perform a               SCM URL:
clipboard operation (for example, cut, copy, and      http://go.microsoft.com/fwlink/?LinkId=1139
paste) in the security zone.                          40




                                                      Microsoft Tool: Security Compliance
                                                      Manager (SCM)
Setting Index #20: This policy setting controls       Microsoft Baseline: Internet Explorer 8
whether or not the user is prompted to allow          SCM URL:
ActiveX controls to run on Web sites other than       http://go.microsoft.com/fwlink/?LinkId=1139
the Web site that installed the ActiveX control.      40

                                                      Microsoft Tool: Security Compliance
                                                      Manager (SCM)
                                                      Microsoft Baseline: Internet Explorer 8
Setting Index #33: This policy setting allows you     SCM URL:
to manage whether users can drag files or copy        http://go.microsoft.com/fwlink/?LinkId=1139
and paste files from a source within the zone.        40


                                                      Microsoft Tool: Security Compliance
                                                      Manager (SCM)
Setting Index #91: If you enable this policy setting, Microsoft Baseline: Internet Explorer 8
you disable the Custom Level button and Security SCM URL:
level for this zone slider on the Security tab in the http://go.microsoft.com/fwlink/?LinkId=1139
Internet Options dialog box.                          40

                                                      Microsoft Tool: Security Compliance
                                                      Manager (SCM)
                                                      Microsoft Baseline: Internet Explorer 8
                                                      SCM URL:
Setting Index #83: Allow software to run or install   http://go.microsoft.com/fwlink/?LinkId=1139
even if the signature is invalid                      40
                                                     Microsoft Tool: Security Compliance
                                                     Manager (SCM)
                                                     Microsoft Baseline: Internet Explorer 8
Setting Index #22: This policy setting controls      SCM URL:
whether SmartScreen Filter scans pages in this       http://go.microsoft.com/fwlink/?LinkId=1139
zone for malicious content.                          40


                                                     Microsoft Tool: Security Compliance
                                                     Manager (SCM)
                                                     Microsoft Baseline: Internet Explorer 8
Setting Index #24: This policy setting allows you    SCM URL:
to manage whether Internet Explorer will check       http://go.microsoft.com/fwlink/?LinkId=1139
revocation status of servers' certificates.          40

                                                  Microsoft Tool: Security Compliance
                                                  Manager (SCM)
                                                  Microsoft Baseline: Internet Explorer 8
Setting Index #77: This policy setting allows you SCM URL:
to manage whether applets are exposed to scripts http://go.microsoft.com/fwlink/?LinkId=1139
within the zone.                                  40

                                                     Microsoft Tool: Security Compliance
                                                     Manager (SCM)
                                                     Microsoft Baseline: Internet Explorer 8
Setting Index #79: This policy setting allows you    SCM URL:
to manage whether unwanted pop-up windows            http://go.microsoft.com/fwlink/?LinkId=1139
appear.                                              40

                                                   Microsoft Tool: Security Compliance
                                                   Manager (SCM)
                                                   Microsoft Baseline: Internet Explorer 8
                                                   SCM URL:
Setting Index #92: This policy setting affects how http://go.microsoft.com/fwlink/?LinkId=1139
security zone changes apply to different users.    40

                                                   Microsoft Tool: Security Compliance
Setting Index #46: This policy setting allows you  Manager (SCM)
to manage MIME sniffing for file promotion from    Microsoft Baseline: Internet Explorer 8
one type to another based on a MIME sniff. A       SCM URL:
MIME sniff is the recognition by Internet Explorer http://go.microsoft.com/fwlink/?LinkId=1139
of the file type based on a bit signature.         40
                                                   Microsoft Tool: Security Compliance
Setting Index #7: When set to Enabled, Internet    Manager (SCM)
Explorer examines each received file for a         Microsoft Baseline: Internet Explorer 8
consistent MIME type. When set to Disabled or      SCM URL:
Not configured, Internet Explorer does not require http://go.microsoft.com/fwlink/?LinkId=1139
consistent MIME data from each file.               40
                                                    Microsoft Tool: Security Compliance
                                                    Manager (SCM)
                                                    Microsoft Baseline: Internet Explorer 8
Setting Index #21: This policy setting controls     SCM URL:
whether SmartScreen Filter scans pages in this      http://go.microsoft.com/fwlink/?LinkId=1139
zone for malicious content.                         40


                                                    Microsoft Tool: Security Compliance
                                                    Manager (SCM)
                                                    Microsoft Baseline: Internet Explorer 8
Setting Index #18: This policy setting controls     SCM URL:
whether SmartScreen Filter scans pages in this      http://go.microsoft.com/fwlink/?LinkId=1139
zone for malicious content.                         40

                                                    Microsoft Tool: Security Compliance
                                                    Manager (SCM)
                                                    Microsoft Baseline: Internet Explorer 8
                                                    SCM URL:
Setting Index #42: This policy setting allows you   http://go.microsoft.com/fwlink/?LinkId=1139
to manage permissions for Java applets.             40

                                                     Microsoft Tool: Security Compliance
                                                     Manager (SCM)
                                                     Microsoft Baseline: Internet Explorer 8
Setting Index #15: This policy setting controls      SCM URL:
whether SmartScreen Filter scans pages in this       http://go.microsoft.com/fwlink/?LinkId=1139
zone for malicious content.                          40
                                                     Microsoft Tool: Security Compliance
                                                     Manager (SCM)
                                                     Microsoft Baseline: Internet Explorer 8
Setting Index #84: This policy setting allows you SCM URL:
to manage whether users have the ability to allow http://go.microsoft.com/fwlink/?LinkId=1139
or deny add-ons through Add-On Manager.              40
                                                     Microsoft Tool: Security Compliance
                                                     Manager (SCM)
Setting Index #51: This policy setting prevents      Microsoft Baseline: Internet Explorer 8
users from performing the "Fix settings"             SCM URL:
functionality related to the Security Settings Check http://go.microsoft.com/fwlink/?LinkId=1139
in Internet Explorer.                                40




Setting Index #9: When this setting is configured   Microsoft Tool: Security Compliance
to Enabled, the MK protocol is blocked for          Manager (SCM)
Windows Explorer and Internet Explorer, which       Microsoft Baseline: Internet Explorer 8
causes resources that use it to fail. When this     SCM URL:
setting is configured to Disabled, other            http://go.microsoft.com/fwlink/?LinkId=1139
applications can use the MK protocol API.           40
                                                    Microsoft Tool: Security Compliance
                                                    Manager (SCM)
                                                    Microsoft Baseline: Internet Explorer 8
Setting Index #72: This policy setting allows you   SCM URL:
to manage MIME sniffing for file promotion from     http://go.microsoft.com/fwlink/?LinkId=1139
one type to another based on a MIME sniff.          40

                                                Microsoft Tool: Security Compliance
                                                Manager (SCM)
Setting Index #96: This policy setting controls Microsoft Baseline: Internet Explorer 8
automatic completion of user names and          SCM URL:
passwords in forms on Web pages, and prevents http://go.microsoft.com/fwlink/?LinkId=1139
user prompts to save passwords.                 40


                                                    Microsoft Tool: Security Compliance
                                                    Manager (SCM)
                                                    Microsoft Baseline: Internet Explorer 8
                                                    SCM URL:
Setting Index #67: This policy setting allows you   http://go.microsoft.com/fwlink/?LinkId=1139
to manage ActiveX controls not marked as safe.      40

                                                    Microsoft Tool: Security Compliance
                                                    Manager (SCM)
Setting Index #69: This policy setting allows you   Microsoft Baseline: Internet Explorer 8
to manage whether applications may be run and       SCM URL:
files may be downloaded from an IFRAME              http://go.microsoft.com/fwlink/?LinkId=1139
reference in the HTML of the pages in this zone.    40

                                                    Microsoft Tool: Security Compliance
Setting Index #31: This policy setting allows you   Manager (SCM)
to manage whether Internet Explorer can access      Microsoft Baseline: Internet Explorer 8
data from another security zone using the           SCM URL:
Microsoft XML Parser (MSXML) or ActiveX Data        http://go.microsoft.com/fwlink/?LinkId=1139
Objects (ADO).                                      40

                                                  Microsoft Tool: Security Compliance
                                                  Manager (SCM)
                                                  Microsoft Baseline: Internet Explorer 8
Setting Index #25: This setting specifies the     SCM URL:
number of days that Internet Explorer keeps track http://go.microsoft.com/fwlink/?LinkId=1139
of the pages viewed in the History List.          40
                                                  Microsoft Tool: Security Compliance
                                                  Manager (SCM)
                                                  Microsoft Baseline: Internet Explorer 8
Setting Index #2: This policy setting controls    SCM URL:
automatic completion of fields in forms on Web    http://go.microsoft.com/fwlink/?LinkId=1139
pages.                                            40
                                                    Microsoft Tool: Security Compliance
                                                    Manager (SCM)
                                                    Microsoft Baseline: Internet Explorer 8
Setting Index #38: This policy setting determines   SCM URL:
whether users will be prompted for non user-        http://go.microsoft.com/fwlink/?LinkId=1139
initiated file downloads.                           40

                                                    Microsoft Tool: Security Compliance
                                                    Manager (SCM)
                                                    Microsoft Baseline: Internet Explorer 8
Setting Index #54: This policy setting allows you   SCM URL:
to manage whether script code on pages in the       http://go.microsoft.com/fwlink/?LinkId=1139
zone is run                                         40


                                                  Microsoft Tool: Security Compliance
                                                  Manager (SCM)
                                                  Microsoft Baseline: Internet Explorer 8
Setting Index #90: Enable this policy setting to  SCM URL:
disable the site management settings for security http://go.microsoft.com/fwlink/?LinkId=1139
zones.                                            40

                                                    Microsoft Tool: Security Compliance
Setting Index #29: This policy setting works in     Manager (SCM)
conjunction with other settings to ensure that      Microsoft Baseline: Internet Explorer 8
users cannot change the settings that are           SCM URL:
configured in the Advanced tab of Internet          http://go.microsoft.com/fwlink/?LinkId=1139
Explorer.                                           40

                                                      Microsoft Tool: Security Compliance
                                                      Manager (SCM)
                                                      Microsoft Baseline: Internet Explorer 8
Setting Index #34: This policy setting allows you SCM URL:
to manage whether pages of the zone may               http://go.microsoft.com/fwlink/?LinkId=1139
download HTML fonts.                                  40
                                                      Microsoft Tool: Security Compliance
                                                      Manager (SCM)
                                                      Microsoft Baseline: Internet Explorer 8
Setting Index #10: This policy setting provides the SCM URL:
ability to block ActiveX control installation prompts http://go.microsoft.com/fwlink/?LinkId=1139
for Internet Explorer processes.                      40

                                                    Microsoft Tool: Security Compliance
                                                    Manager (SCM)
                                                    Microsoft Baseline: Internet Explorer 8
Setting Index #5: This policy setting prevents      SCM URL:
users from saving a program or file that Internet   http://go.microsoft.com/fwlink/?LinkId=1139
Explorer has downloaded to the hard disk.           40
                                                  Microsoft Tool: Security Compliance
                                                  Manager (SCM)
                                                  Microsoft Baseline: Internet Explorer 8
Setting Index #63: This policy setting allows you SCM URL:
to manage whether script is allowed to update the http://go.microsoft.com/fwlink/?LinkId=1139
status bar within the zone.                       40

                                                     Microsoft Tool: Security Compliance
                                                     Manager (SCM)
                                                     Microsoft Baseline: Internet Explorer 8
Setting Index #40: This policy setting allows you    SCM URL:
to manage whether users may download                 http://go.microsoft.com/fwlink/?LinkId=1139
unsigned ActiveX controls from the zone.             40


Setting Index #52: When a user experiences           Microsoft Tool: Security Compliance
Secure Socket Layer/Transport Layer Security         Manager (SCM)
(SSL/TLS) certificate errors such as "expired,"      Microsoft Baseline: Internet Explorer 8
"revoked," or "name mismatch," Internet Explorer     SCM URL:
blocks the user's ability to continue browsing the   http://go.microsoft.com/fwlink/?LinkId=1139
Web site.                                            40

                                                     Microsoft Tool: Security Compliance
                                                     Manager (SCM)
                                                     Microsoft Baseline: Internet Explorer 8
Setting Index #66: This policy setting allows you    SCM URL:
to manage whether users may download                 http://go.microsoft.com/fwlink/?LinkId=1139
unsigned ActiveX controls from the zone.             40
                                                     Microsoft Tool: Security Compliance
                                                     Manager (SCM)
                                                     Microsoft Baseline: Internet Explorer 8
                                                     SCM URL:
Setting Index #28: This policy setting removes       http://go.microsoft.com/fwlink/?LinkId=1139
users' ability to change proxy settings.             40

                                                     Microsoft Tool: Security Compliance
                                                     Manager (SCM)
                                                     Microsoft Baseline: Internet Explorer 8
Setting Index #58: This policy setting allows you    SCM URL:
to manage whether file downloads are permitted       http://go.microsoft.com/fwlink/?LinkId=1139
from the zone.                                       40

                                                     Microsoft Tool: Security Compliance
                                                     Manager (SCM)
                                                     Microsoft Baseline: Internet Explorer 8
Setting Index #65: This policy setting allows you    SCM URL:
to manage whether users may download signed          http://go.microsoft.com/fwlink/?LinkId=1139
ActiveX controls from a page in the zone.            40
                                                    Microsoft Tool: Security Compliance
                                                    Manager (SCM)
                                                    Microsoft Baseline: Internet Explorer 8
                                                    SCM URL:
Setting Index #44: This policy setting allows you   http://go.microsoft.com/fwlink/?LinkId=1139
to manage settings for logon options.               40

                                                    Microsoft Tool: Security Compliance
                                                    Manager (SCM)
                                                    Microsoft Baseline: Internet Explorer 8
Setting Index #60: This policy setting allows you   SCM URL:
to manage whether users can install Active          http://go.microsoft.com/fwlink/?LinkId=1139
Desktop items from this zone.                       40

                                                    Microsoft Tool: Security Compliance
                                                    Manager (SCM)
Setting Index #48: This policy setting allows you   Microsoft Baseline: Internet Explorer 8
to manage whether unwanted pop-up windows           SCM URL:
appear. Pop-up windows that are opened when         http://go.microsoft.com/fwlink/?LinkId=1139
the end user clicks a link are not blocked.         40
                                                    Microsoft Tool: Security Compliance
                                                    Manager (SCM)
                                                    Microsoft Baseline: Internet Explorer 8
Setting Index #3: This policy setting removes a     SCM URL:
user's ability to change certificate settings in    http://go.microsoft.com/fwlink/?LinkId=1139
Internet Explorer.                                  40

                                                    Microsoft Tool: Security Compliance
Setting Index #53: This policy setting allows you   Manager (SCM)
to manage whether Internet Explorer can access      Microsoft Baseline: Internet Explorer 8
data from another security zone using the           SCM URL:
Microsoft XML Parser (MSXML) or ActiveX Data        http://go.microsoft.com/fwlink/?LinkId=1139
Objects (ADO).                                      40


                                                    Microsoft Tool: Security Compliance
                                                    Manager (SCM)
Setting Index #56: This policy setting allows you   Microsoft Baseline: Internet Explorer 8
to manage whether scripts can perform a             SCM URL:
clipboard operation (for example, cut, copy, and    http://go.microsoft.com/fwlink/?LinkId=1139
paste) in the security zone.                        40

                                                    Microsoft Tool: Security Compliance
                                                    Manager (SCM)
                                                    Microsoft Baseline: Internet Explorer 8
                                                    SCM URL:
Setting Index #55: This policy setting allows you   http://go.microsoft.com/fwlink/?LinkId=1139
to manage dynamic binary and script behaviors.      40
                                                   Microsoft Tool: Security Compliance
                                                   Manager (SCM)
                                                   Microsoft Baseline: Internet Explorer 8
                                                   SCM URL:
Setting Index #30: This policy setting removes the http://go.microsoft.com/fwlink/?LinkId=1139
Security tab from the Internet Options dialog box. 40


                                                    Microsoft Tool: Security Compliance
                                                    Manager (SCM)
                                                    Microsoft Baseline: Internet Explorer 8
                                                    SCM URL:
Setting Index #76: Restricted Sites Zone: Script    http://go.microsoft.com/fwlink/?LinkId=1139
ActiveX controls marked safe for scripting          40


                                                    Microsoft Tool: Security Compliance
                                                    Manager (SCM)
                                                    Microsoft Baseline: Internet Explorer 8
                                                    SCM URL:
Setting Index #41: This policy setting allows you   http://go.microsoft.com/fwlink/?LinkId=1139
to manage ActiveX controls not marked as safe.      40
                                                    Microsoft Tool: Security Compliance
Setting Index #13: This setting controls the        Manager (SCM)
Internet Explorer restrictions on each Web page     Microsoft Baseline: Internet Explorer 8
that it opens. These restrictions depend on the     SCM URL:
location of the Web page (such as Internet zone,    http://go.microsoft.com/fwlink/?LinkId=1139
Intranet zone, or Local Machine zone).              40
Setting Index #11: When set to Enabled, file        Microsoft Tool: Security Compliance
download prompts that are not user-initiated are    Manager (SCM)
blocked for Internet Explorer processes. When       Microsoft Baseline: Internet Explorer 8
set to Disabled, file download prompts will occur   SCM URL:
that are not user-initiated for Internet Explorer   http://go.microsoft.com/fwlink/?LinkId=1139
processes.                                          40

                                                  Microsoft Tool: Security Compliance
                                                  Manager (SCM)
                                                  Microsoft Baseline: Internet Explorer 8
Setting Index #23: This policy setting allows you SCM URL:
to manage whether Internet Explorer checks the http://go.microsoft.com/fwlink/?LinkId=1139
Internet for newer versions.                      40
                                                  Microsoft Tool: Security Compliance
                                                  Manager (SCM)
                                                  Microsoft Baseline: Internet Explorer 8
Setting Index #94: This policy setting allows you SCM URL:
to manage the crash detection feature of add-on http://go.microsoft.com/fwlink/?LinkId=1139
management in Internet Explorer.                  40
Setting Index #12: When set to Enabled, pop-up Microsoft Tool: Security Compliance
windows will not display in Windows Explorer or   Manager (SCM)
for Internet Explorer processes. When set to      Microsoft Baseline: Internet Explorer 8
Disabled or Do not configure, scripts can create  SCM URL:
pop-up windows and windows that can hide other http://go.microsoft.com/fwlink/?LinkId=1139
windows.                                          40
                                                     Microsoft Tool: Security Compliance
                                                     Manager (SCM)
                                                     Microsoft Baseline: Internet Explorer 8
                                                     SCM URL:
Setting Index #27: This policy setting removes       http://go.microsoft.com/fwlink/?LinkId=1139
users' ability to change dial-up settings.           40
                                                     Microsoft Tool: Security Compliance
                                                     Manager (SCM)
Setting Index #82: This policy setting turns off the Microsoft Baseline: Internet Explorer 8
Security Settings Check feature, which checks        SCM URL:
Internet Explorer security settings to determine     http://go.microsoft.com/fwlink/?LinkId=1139
when the settings put Internet Explorer at risk.     40


                                                  Microsoft Tool: Security Compliance
                                                  Manager (SCM)
                                                  Microsoft Baseline: Internet Explorer 8
Setting Index #80: This policy setting allows you SCM URL:
to manage whether Web sites from less privileged http://go.microsoft.com/fwlink/?LinkId=1139
zones can navigate into this zone.                40

                                                    Microsoft Tool: Security Compliance
                                                    Manager (SCM)
                                                    Microsoft Baseline: Internet Explorer 8
                                                    SCM URL:
Setting Index #68: This policy setting allows you   http://go.microsoft.com/fwlink/?LinkId=1139
to manage permissions for Java applets.             40


                                                  Microsoft Tool: Security Compliance
                                                  Manager (SCM)
                                                  Microsoft Baseline: Internet Explorer 8
Setting Index #49: This policy setting allows you SCM URL:
to manage whether Web sites from less privileged http://go.microsoft.com/fwlink/?LinkId=1139
zones can navigate into this zone.                40
Setting Index #8: When set to Enabled, MIME       Microsoft Tool: Security Compliance
sniffing will not promote a file of one type to a Manager (SCM)
more dangerous file type. When set to Disabled, Microsoft Baseline: Internet Explorer 8
MIME sniffing configures Internet Explorer        SCM URL:
processes to allow the promotion of a file to a   http://go.microsoft.com/fwlink/?LinkId=1139
more dangerous file type.                         40

                                                    Microsoft Tool: Security Compliance
                                                    Manager (SCM)
                                                    Microsoft Baseline: Internet Explorer 8
Setting Index #26: This policy setting removes a    SCM URL:
user's ability to change automatically configured   http://go.microsoft.com/fwlink/?LinkId=1139
settings.                                           40
                                                  Microsoft Tool: Security Compliance
                                                  Manager (SCM)
                                                  Microsoft Baseline: Internet Explorer 8
Setting Index #71: This policy setting allows you SCM URL:
to manage the opening of sub-frames and access http://go.microsoft.com/fwlink/?LinkId=1139
of applications across different domains.         40




                                                    Microsoft Tool: Security Compliance
                                                    Manager (SCM)
                                                    Microsoft Baseline: Internet Explorer 8
                                                    SCM URL:
Setting Index #70: This policy setting allows you   http://go.microsoft.com/fwlink/?LinkId=1139
to manage settings for logon options.               40

                                                    Microsoft Tool: Security Compliance
Setting Index #61: This policy setting allows you   Manager (SCM)
to manage whether a user's browser can be           Microsoft Baseline: Internet Explorer 8
redirected to another Web page if the author of     SCM URL:
the Web page uses the Meta Refresh setting to       http://go.microsoft.com/fwlink/?LinkId=1139
redirect browsers to another Web page.              40

                                                    Microsoft Tool: Security Compliance
                                                    Manager (SCM)
                                                    Microsoft Baseline: Internet Explorer 8
                                                    SCM URL:
Setting Index #85: This policy setting allows you   http://go.microsoft.com/fwlink/?LinkId=1139
to specify how ActiveX controls are installed.      40
                                                    Microsoft Tool: Security Compliance
Setting Index #86: The SmartScreen Filter           Manager (SCM)
prevents users from navigating to and               Microsoft Baseline: Internet Explorer 8
downloading from sites known to host malicious      SCM URL:
content, including Phishing or malicious software   http://go.microsoft.com/fwlink/?LinkId=1139
attacks.                                            40
                                                    Microsoft Tool: Security Compliance
                                                    Manager (SCM)
                                                    Microsoft Baseline: Internet Explorer 8
                                                    SCM URL:
Setting Index #87: This policy setting is used to   http://go.microsoft.com/fwlink/?LinkId=1139
prevent users from deleting cookies.                40


                                                    Microsoft Tool: Security Compliance
                                                    Manager (SCM)
                                                    Microsoft Baseline: Internet Explorer 8
Setting Index #17: This policy setting controls     SCM URL:
whether SmartScreen Filter scans pages in this      http://go.microsoft.com/fwlink/?LinkId=1139
zone for malicious content.                         40
                                                    Microsoft Tool: Security Compliance
                                                    Manager (SCM)
                                                    Microsoft Baseline: Internet Explorer 8
Setting Index #4: This policy setting allows you to SCM URL:
disable the per-user installation of ActiveX        http://go.microsoft.com/fwlink/?LinkId=1139
controls.                                           40
                                                    Microsoft Tool: Security Compliance
                                                    Manager (SCM)
                                                    Microsoft Baseline: Internet Explorer 8
                                                    SCM URL:
Setting Index #93: This policy setting allows you http://go.microsoft.com/fwlink/?LinkId=1139
to turn off the ActiveX opt-in prompt.              40




                                                    Microsoft Tool: Security Compliance
                                                    Manager (SCM)
Setting Index #16: This policy setting controls     Microsoft Baseline: Internet Explorer 8
whether or not the user is prompted to allow        SCM URL:
ActiveX controls to run on Web sites other than     http://go.microsoft.com/fwlink/?LinkId=1139
the Web site that installed the ActiveX control.    40

                                                    Microsoft Tool: Security Compliance
                                                    Manager (SCM)
Setting Index #95: This policy setting allows you   Microsoft Baseline: Internet Explorer 8
to turn off support for Transport Layer Security    SCM URL:
(TLS) 1.0, TLS 1.1, TLS 1.2, Secure Sockets         http://go.microsoft.com/fwlink/?LinkId=1139
Layer (SSL) 2.0 or SSL 3.0 in the browser.          40


                                                    Microsoft Tool: Security Compliance
                                                    Manager (SCM)
                                                    Microsoft Baseline: Internet Explorer 8
Setting Index #50: This policy setting controls     SCM URL:
whether URLs representing UNCs are mapped           http://go.microsoft.com/fwlink/?LinkId=1139
into the local Intranet security zone.              40

                                                    Microsoft Tool: Security Compliance
                                                    Manager (SCM)
                                                    Microsoft Baseline: Internet Explorer 8
Setting Index #57: This policy setting allows you   SCM URL:
to manage whether users can drag files or copy      http://go.microsoft.com/fwlink/?LinkId=1139
and paste files from a source within the zone.      40

                                                    Microsoft Tool: Security Compliance
                                                    Manager (SCM)
                                                    Microsoft Baseline: Internet Explorer 8
                                                    SCM URL:
Setting Index #78: This policy setting allows you   http://go.microsoft.com/fwlink/?LinkId=1139
to manage software channel permissions.             40
                                                  Microsoft Tool: Security Compliance
                                                  Manager (SCM)
Setting Index #74: This policy setting allows you Microsoft Baseline: Internet Explorer 8
to manage whether .NET Framework components SCM URL:
that are signed with Authenticode can be          http://go.microsoft.com/fwlink/?LinkId=1139
executed from Internet Explorer.                  40

                                                  Microsoft Tool: Security Compliance
                                                  Manager (SCM)
                                                  Microsoft Baseline: Internet Explorer 8
Setting Index #37: This policy setting allows you SCM URL:
to manage whether script is allowed to update the http://go.microsoft.com/fwlink/?LinkId=1139
status bar within the zone.                       40

                                                    Microsoft Tool: Security Compliance
                                                    Manager (SCM)
                                                    Microsoft Baseline: Internet Explorer 8
Setting Index #81: This policy setting prevents     SCM URL:
users from performing the "Delete Browsing          http://go.microsoft.com/fwlink/?LinkId=1139
History" action in Internet Explorer.               40

                                                    Microsoft Tool: Security Compliance
                                                    Manager (SCM)
                                                    Microsoft Baseline: Internet Explorer 8
Setting Index #35: This policy setting allows you   SCM URL:
to manage whether users can install Active          http://go.microsoft.com/fwlink/?LinkId=1139
Desktop items from this zone.                       40

                                                  Microsoft Tool: Security Compliance
                                                  Manager (SCM)
                                                  Microsoft Baseline: Internet Explorer 8
Setting Index #75: This policy setting allows you SCM URL:
to manage whether ActiveX controls and plug-ins http://go.microsoft.com/fwlink/?LinkId=1139
can be run on pages from the specified zone.      40


                                                    Microsoft Tool: Security Compliance
                                                    Manager (SCM)
Setting Index #14: This policy setting controls     Microsoft Baseline: Internet Explorer 8
whether or not the user is prompted to allow        SCM URL:
ActiveX controls to run on Web sites other than     http://go.microsoft.com/fwlink/?LinkId=1139
the Web site that installed the ActiveX control.    40


                                                    Microsoft Tool: Security Compliance
                                                    Manager (SCM)
Setting Index #62: This policy setting allows you   Microsoft Baseline: Internet Explorer 8
to manage restrictions on script-initiated pop-up   SCM URL:
windows and windows that include the title and      http://go.microsoft.com/fwlink/?LinkId=1139
status bars.                                        40
                                                    Microsoft Tool: Security Compliance
                                                    Manager (SCM)
Setting Index #43: This policy setting allows you   Microsoft Baseline: Internet Explorer 8
to manage whether applications may be run and       SCM URL:
files may be downloaded from an IFRAME              http://go.microsoft.com/fwlink/?LinkId=1139
reference in the HTML of the pages in this zone.    40


                                                    Microsoft Tool: Security Compliance
                                                    Manager (SCM)
Setting Index #89: This policy setting controls     Microsoft Baseline: Internet Explorer 8
whether or not the user is prompted to allow        SCM URL:
ActiveX controls to run on Web sites other than     http://go.microsoft.com/fwlink/?LinkId=1139
the Web site that installed the ActiveX control.    40


                                                  Microsoft Tool: Security Compliance
                                                  Manager (SCM)
                                                  Microsoft Baseline: Internet Explorer 8
Setting Index #45: This policy setting allows you SCM URL:
to manage the opening of sub-frames and access http://go.microsoft.com/fwlink/?LinkId=1139
of applications across different domains.         40


                                                    Microsoft Tool: Security Compliance
                                                    Manager (SCM)
                                                    Microsoft Baseline: Internet Explorer 8
Setting Index #19: This policy setting controls     SCM URL:
whether SmartScreen Filter scans pages in this      http://go.microsoft.com/fwlink/?LinkId=1139
zone for malicious content.                         40




Setting Index #47: This policy setting allows you
to manage software channel permissions. If you
enable this policy setting, you can choose the
following options from the drop-down box:


                                                    Microsoft Tool: Security Compliance
                                                    Manager (SCM)
Setting Index #36: This policy setting allows you   Microsoft Baseline: Internet Explorer 8
to manage restrictions on script-initiated pop-up   SCM URL:
windows and windows that include the title and      http://go.microsoft.com/fwlink/?LinkId=1139
status bars.                                        40

                                                    Microsoft Tool: Security Compliance
                                                    Manager (SCM)
                                                    Microsoft Baseline: Internet Explorer 8
Setting Index #88: This policy setting is used to   SCM URL:
prevent users from deleting temporary Internet      http://go.microsoft.com/fwlink/?LinkId=1139
files.                                              40
                                                    Microsoft Tool: Security Compliance
                                                    Manager (SCM)
                                                    Microsoft Baseline: Internet Explorer 8
Setting Index #73: Restricted Sites Zone: Run       SCM URL:
.NET Framework-reliant components not signed        http://go.microsoft.com/fwlink/?LinkId=1139
with Authenticode                                   40

                                                    Microsoft Tool: Security Compliance
                                                    Manager (SCM)
                                                    Microsoft Baseline: Internet Explorer 8
Setting Index #39: This policy setting allows you   SCM URL:
to manage whether users may download signed         http://go.microsoft.com/fwlink/?LinkId=1139
ActiveX controls from a page in the zone.           40

                                                    Microsoft Tool: Security Compliance
                                                    Manager (SCM)
                                                    Microsoft Baseline: Internet Explorer 8
Setting Index #64: This policy setting determines   SCM URL:
whether users will be prompted for non user-        http://go.microsoft.com/fwlink/?LinkId=1139
initiated file downloads.                           40

                                                    Microsoft Tool: Security Compliance
                                                    Manager (SCM)
                                                    Microsoft Baseline: Internet Explorer 8
Setting Index #59: This policy setting allows you   SCM URL:
to manage whether pages of the zone may             http://go.microsoft.com/fwlink/?LinkId=1139
download HTML fonts.                                40


                                                    Microsoft Tool: Security Compliance
                                                    Manager (SCM)
                                                    Microsoft Baseline: Internet Explorer 8
                                                    SCM URL:
                                                    http://go.microsoft.com/fwlink/?LinkId=1139
                                                    40


                                                    Microsoft Tool: Security Compliance
                                                    Manager (SCM)
                                                    Microsoft Baseline: Internet Explorer 8
                                                    SCM URL:
                                                    http://go.microsoft.com/fwlink/?LinkId=1139
                                                    40


                                                    Microsoft Tool: Security Compliance
                                                    Manager (SCM)
                                                    Microsoft Baseline: Internet Explorer 8
                                                    SCM URL:
                                                    http://go.microsoft.com/fwlink/?LinkId=1139
                                                    40
Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40

Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40

Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40

Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40
Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40

Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40


Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40


Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40

Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40

Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40

Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40
Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40

Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40

Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40

Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40

Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40

Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40

Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40
Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40

Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40

Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40
Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40

Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40

Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40

Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40
Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40


Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40

Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40




Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40




Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40
Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40

Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40
Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40




Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40

Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40

Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40

Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40
Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40

Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40

Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40
Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40
Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40




Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40
Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40
Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40
Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40
Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40
Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40
Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40
Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40
Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40
Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40
Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40
Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40
Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40
Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40
Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40
Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40
Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40
Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40
Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40
Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40
Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40
Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40
Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40
Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40
Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40
Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40
Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40
Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40
Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40
Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40
Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40
Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40
Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40
Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40
Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40
Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40
Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40
Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40
Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40
Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40
Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40
Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40
Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40
Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40
Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40
Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40
Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40
Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40
Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40
Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40
Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40
Microsoft Tool: Security Compliance
Manager (SCM)
Microsoft Baseline: Internet Explorer 8
SCM URL:
http://go.microsoft.com/fwlink/?LinkId=1139
40
Microsoft Tool: Security Compliance
Manager (SCM)
M