Recommended Internet Explorer Settings
[gicekdfk]
Previous
Next
Xoc Software
Training RVBA Conventions Maya Calendar Program Company Information Tools ASP.NET and Other Tips Articles Architecting, Writing, and Maintaining Large Programs in Visual Basic Constructing a 404 Handler for IIS Constructing a Links Page using XML Differences between XHTML 1.0 and HTML 4.0 ECMA, ISO, IETF RFCs, and Other Standards Home Automation Cataloging a Library Implementing a Privacy Policy Using P3P Mining Web Server Logs Object Oriented Programming Concepts Recommended Computer Books Recommended Internet Explorer Settings Review of the Compaq iPaq 3800 Series: H3830, H3835, H3850, H3870, H3875 Things to Consider when Internationalizing an Application Understanding the Internet Jigsaw Puzzle Using the Localization Toolkit Xoc Scale Search Engine Ratings Foldit Temporary Download Site Miscellaneous Downloads Links Search EmailOther Xoc managed sites:
http://grr.xoc.net
http://www.986faq.com
http://www.mayainfo.org
https://mayacalendar.xoc.net
http://www.yachtslog.com
Internet Explorer has many Security, Privacy, and Advanced options. These are my recommended settings. Disclaimer: I take no responsibility if these settings allow bad stuff to happen to your machine, but in most cases, these settings are more restrictive than the default.
You can download a Internet Explorer Settings .reg file that will patch the registry to set these settings (zipped).
Settings in Bold Face are different from the High Safety setting.
| Setting |
Internet |
Local intranet |
Trusted sites |
Restricted sites |
Code | Details |
|---|---|---|---|---|---|---|
| Run components not signed with Authenticode |
Disable |
Disable |
Disable |
Disable |
2004 | Determines whether Internet Explorer runs ActiveX components that are not signed with Authenticode. |
| Run components signed with Authenticode |
Enable |
Enabled |
Enabled |
Disable |
2001 | Determines whether Internet Explorer runs ActiveX components that are signed with Authenticode. |
| Automatic prompting for ActiveX controls |
Disable |
Disable |
Disable |
Disable |
2201 | Controls whether users are automatically prompted for ActiveX control installations. |
| Binary and script behaviors |
Administrator Approved |
Administrator Approved |
Administrator Approved |
Disable |
2000 | Needed to run Google Maps. |
| Download signed ActiveX controls |
Disable |
Prompt |
Disable2 |
Disable |
1001 | Determines whether users can download signed ActiveX components. ActiveX controls are programs that run on your machine in the context of the web browser. They should not be downloaded unless they a well-known control signed coming from a trusted web site, such as microsoft.com. |
| Download unsigned ActiveX controls |
Disable |
Disable |
Disable |
Disable |
1004 | Determines whether users can download unsigned ActiveX components. ActiveX controls are programs that run on your machine in the context of the web browser. They should not be downloaded unless they a well-known signed control coming from a trusted web site, such as microsoft.com. |
| Initialize and script ActiveX controls not marked as safe |
Disable |
Disable |
Disable |
Disable |
1201 | Determines whether a script can interact with untrusted ActiveX components in a security zone. Untrusted ActiveX components are not meant for use on Internet Web pages, but in some cases they can be used on Web pages where you can ensure that they will not be misused. This setting should be disabled unless you can trust all ActiveX components and all scripts on all pages in the specified security zone. If enabled, this setting causes Internet Explorer to initialize and script both trusted and untrusted ActiveX components and to ignore the Script ActiveX controls marked safe for scripting setting. |
| Run ActiveX controls and plug-ins |
Administrator Approved |
Administrator Approved |
Administrator Approved |
Disable |
1200 | Determines whether Internet Explorer can run ActiveX components and plug-ins from Web pages. ActiveX controls are programs that run on your machine in the context of the web browser. They should be disabled except for trusted controls on trusted pages. |
| Script ActiveX controls marked safe for scripting |
Enable1 |
Enable |
Enable |
Disable |
1405 | Determines whether an ActiveX component that is marked safe for scripting can interact with a script. This setting affects only ActiveX components that are loaded with <param> tags. |
| Automatic prompting for file downloads |
Disable |
Disable |
Disable |
Disable |
2200 | Determines whether users are prompted for non user-initiated file downloads. Regardless of this setting, users receive file download dialogs for user-initiated downloads. |
| File download |
Enable |
Enable |
Enable |
Disable |
1803 | Determines whether users can download files, based on the zone of the Web page that contains the download link, not the zone from which the file originated. |
| Font download |
Disable |
Disable |
Disable |
Disable |
1604 | Determines whether users can download fonts, based on the zone of the Web page that contains the download link, not the zone from which the file originated. |
| Java permissions |
Disable Java |
Medium Safety |
High Safety |
Disable Java |
1C00 | Determines whether Internet Explorer uses the security settings and permissions requested in the signed .cab file to determine whether to run a Java applet. |
| Access data sources across domains |
Disable |
Prompt |
Disable |
Disable |
1406 | Determines whether ActiveX components that connect to data sources are allowed to connect to a different server to obtain data. |
| Allow META REFRESH |
Enable |
Enable |
Enable |
Disable |
1608 | Determines whether Web pages can use meta-refreshes to reload Web pages after a reset delay. |
| Allow scripting of Internet Explorer Webbrowser control |
Disable |
Enable |
Disable |
Disable |
1206 | Determines whether scripts can control the Internet Explorer Webbrowser control. |
| Allow script-initiated windows without size or position constraints |
Disable |
Disable |
Disable |
Disable |
2102 | Controls restrictions on script-initiated pop-up windows and windows that include the title and status bars. |
| Allow Web pages to use restricted protocols for active content |
Disable |
Disable |
Disable |
Disable |
2300 | Controls whether a resource hosted on a page accessed through a protocol restricted in a particular URL zone can run active content such as script, ActiveX, Java and Binary Behaviors. The list of restricted protocols for each zone can be set in the Restricted Protocols section under Network Protocol Lockdown policy. |
| Display mixed content |
Disable |
Prompt |
Prompt |
Disable |
1609 | Determines whether Web pages can display content from both secure and non-secure servers. |
| Don't prompt for client certificate selection when no certificate or only one certificate exists |
Disable |
Enable |
Disable |
Disable |
1A04 | Determines whether users are prompted to select a certificate when no trusted certificate or only one trusted certificate has been installed on the computer. When disabled, users are prompted for a certificate. |
| Drag and drop or copy and paste files |
Prompt |
Enable |
Prompt |
Disable |
1802 | Determines whether users can drag and drop or copy and paste files from Web pages in the specified security zone. |
| Installation of desktop items |
Disable |
Prompt |
Disable |
Disable |
1800 | Determines whether users can install desktop items from Web pages in the specified security zone. |
| Launching programs and files in an IFRAME |
Disable |
Prompt |
Disable |
Disable |
1804 | Determines whether users can launch programs and files from an IFRAME element (containing a directory or folder reference) in Web pages in the specified security zone. |
| Navigate sub-frames across different domains |
Disable |
Enable |
Prompt |
Disable |
1607 | Determines whether readers of a Web page can navigate the sub-frame of a window with a top-level document that resides in a different domain. |
| Open files based on content, not file extension |
Enable |
Enable |
Enable |
Enable |
2100 | Controls MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature. |
| Software channel permissions |
High safety |
Medium Safety |
High Safety |
High Safety |
1E05 | Determines the permissions given to software distribution channels.
|
| Submit nonencrypted form data |
Enable |
Enable |
Enable |
Disable |
1601 | Determines whether HTML pages in the specified security zone can submit forms or accept forms from servers in the specified security zone. Forms sent with Secure Sockets Layer (SSL) encryption are always allowed; this setting only affects data that is submitted by non-SSL forms. |
| Use Pop-up Blocker |
Enable |
Enable |
Enable |
Enable |
1809 | Determines whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked. |
| Userdata persistence |
Disable |
Enable |
Enable |
Disable |
1606 | Determines whether a Web page can save a small file of personal information, associated with the page, to the computer. |
| Web sites in less privileged web content zone can navigate into this zone |
Disable |
Disable |
Enable |
Disable |
2101 | Determines whether Web sites from less privileged zones, such as Restricted Sites, can navigate into this zone. |
| Active scripting |
Enable |
Enable |
Enable |
Disable |
1400 | Determines whether Internet Explorer can run script code on Web pages in the specified security zone. |
| Allow paste operations via script |
Disable |
Enable |
Prompt |
Disable |
1407 | Determines whether a Web page can cut, copy, or paste information from the Clipboard. |
| Scripting of Java spplets |
Disable |
Enable |
Prompt |
Disable |
1402 | Determines whether scripts in the specified security zone can use objects that exist within Java applets. |
| Logon |
Prompt for user name and password |
Automatic logon only in Intranet Zone |
Prompt for username and password. |
Prompt for user name and password |
1A00 | Determines how HTTP user authentication is handled. |
1 "Script ActiveX
controls marked safe for scripting" should only be enabled if "Run ActiveX
Controls and plug-ins" is set to Administrator Approved.
2 "Download ActiveX
controls" in the Trusted Sites zone can be briefly changed to "Prompt" to
download an ActiveX control from a trusted source. It should immediately be
disabled again.
Below are the Advanced settings. Descriptions in Bold Face are changed from the default.
|
|
Description | Discussion |
|---|---|---|
| Always expand ALT text for images | Determines whether an image should expand to fit all of the alternate text when the Show Pictures check box is cleared. | |
| Move system caret with focus/selection changes | Determines whether the system caret moves whenever the focus or selection changes. Some accessibility aids, such as screen readers or screen magnifiers, use the system caret to determine which area of the screen to read or magnify. | |
| Always send URLs as UTF-8 (requires restart) | Determines whether to use UTF-8, a standard that defines characters so that they are readable in any language. If enabled, you can exchange Internet addresses (URLs) that contain characters from any language. | |
| Automatically check for Internet Explorer updates | Determines whether Internet Explorer checks the Web to see if a newer version of the application is available. If enabled, Internet Explorer checks the Web for a newer version approximately every 30 days, notifies you when a new version is available, and asks whether you want to download it. | |
| Close unused folders in History and Favorites (requires restart) | Determines whether, upon opening a folder in the Favorites bar, History bar, or Organize Favorites window, any folders opened previously close. | |
| Disable Script Debugging (Internet Explorer) | Determines whether the script debugger is turned off or on (assuming a script debugger has been installed). Script debuggers are used by Web site developers to test programs and scripts in their Web pages. | |
| Disable Script Debugging (Other) | Determines whether the script debugger is turned off or on (assuming a script debugger has been installed). Script debuggers are used by Web site developers to test programs and scripts in their Web pages. | |
| Display a notification about every script error | Determines whether Internet Explorer displays the actual script error when a Web page does not appear properly due to problems with a script. You may want to enable this setting for developers when testing Web pages. | |
| Enable folder view for FTP sites | Determines whether FTP sites are shown in folder view, which is similar to browsing folders in Windows Explorer. Even when enabled, this setting may not work with certain types of proxy connections. If you disable this setting, FTP sites display their contents in an HTML-based layout. | |
| Enable Install On Demand (Internet Explorer) | Determines whether Internet Explorer components automatically download and install if a Web page requires them in order to display properly or perform a particular task. | |
| Enable Install On Demand (Other) | Determines whether Internet Explorer automatically downloads and installs Web components other than the Internet Explorer Web components that a Web page requires in order to display properly or perform a particular task. | |
| Enable offline items to be synchronized on a schedule | Determines whether offline items are synchronized on a schedule. | |
| Enable page transitions | Determines whether, as you move from one page to another, Internet Explorer fades out the page you are leaving and fades in the page you are going to. | |
| Enable Personalized Favorites Menu | Determines whether your Favorites list is kept clear by hiding links you have not used recently, while keeping other links easily accessible. You can view hidden links by clicking the down arrow at the bottom of the Favorites menu. | |
| Enable third-party browser extensions (requires restart) |
Determines whether the non-Microsoft features that you installed for use with Internet Explorer are enabled. If you encounter problems with Internet Explorer that you cannot resolve, you can use this setting to help determine if non-Microsoft features are causing the problem, without uninstalling these features. You must restart Internet Explorer after enabling or disabling this setting. Note: Necessary to be on to run the Google Toolbar. |
|
| Enable visual styles on button and controls in web pages | Determines whether controls in Web pages use Windows display settings. | |
| Force offscreen composition even under Terminal Server (requires restart) | Determines whether you want to force off-screen compositing, even if you are running Terminal Server. When enabled, this setting eliminates the flashing that you see with the compositing normally used by Internet Explorer running under Terminal Server. However, enabling this setting might severely decrease the performance of Internet Explorer running under Terminal Server. | |
| Notify when downloads complete | Determines whether a message is displayed at the end of a file download to indicate that the download is complete. | |
| Reuse windows for launching shortcuts | Determines whether, when you click a Web link in an Internet-aware program, such as Outlook Express, and when there is already an Internet Explorer window open, the Web page appears in the open browser window. If you disable this setting, Internet Explorer opens a new window. | |
| Show friendly HTTP error messages | Determines whether, when there is a problem connecting with an Internet server, Internet Explorer provides a detailed description, with hints about how to correct the problem. If you disable this setting, you see only the error code and the name of the error. | |
| Show friendly URLs | Determines whether the status bar displays the short, friendly name of a page. When enabled, the status bar displays the name of the current Web page or any link, image, or object when you position your mouse over it. If you disable this setting, Internet Explorer displays the full Internet address (URL). | |
| Show Go button in Address bar | Determines whether the Go button is shown next to the Address bar. When the Go button is displayed, you can type an address in the Address bar, and then click Go to go to that Web page. Even when the Go button is displayed, you can press ENTER after typing the address to go to that Web page. | |
|
Always |
Underline links | Determines how you want links on Web pages underlined. |
| Use inline AutoComplete | Determines whether you want Internet Explorer to complete entries when you type Web addresses on the Address bar, based on entries that you have used before. | |
| Use Passive FTP (for firewall and DSL modem compatibility) | Determines whether Internet Explorer uses the passive FTP mode, which does not require your (local) computer to know its Internet IP address and is more secure. Some network configurations work only when the passive mode is turned on, while others work only when the passive mode is turned off. Most network configurations support both modes. | |
| Use smooth scrolling | Determines whether a special type of scrolling is used to display content at a predefined speed. | |
| Use HTTP 1.1 | Determines whether Internet Explorer attempts to use HTTP 1.1 when connecting to Web servers. Many Web sites still use HTTP 1.0, so if you are having difficulties connecting to some Web sites, you may want to disable this setting. | |
| Use HTTP 1.1 through proxy connections | Determines whether Internet Explorer attempts to use HTTP 1.1 when connecting to Web servers when using a proxy server. Many Web sites still use HTTP 1.0, so if you are having difficulties connecting to some Web sites, you may want to disable this setting. | |
| Use Java 2 for <applet> (requires restart) | ||
| Java console enabled (requires restart) | ||
| Java logging enabled | ||
| JIT compiler for virtual machine enabled (requires restart) | ||
| Enable Automatic Image Resizing | Determines whether Internet Explorer automatically resizes large images so that they fit in the browser window. | |
| Enable Image Toolbar (requires restart) | Determines whether the image toolbar is displayed. The image toolbar makes it easy to print, e-mail, and save images from a Web page. | |
| Play animations in web pages | Determines whether animations can play when Web pages are displayed. Pages that contain animations are sometimes displayed very slowly. If you want to display pages more quickly, disable this setting. When this setting is disabled, you can still play an individual animation by right-clicking the animation, and then clicking Show Picture. | |
| Play sounds in web pages | Determines whether music and other sounds can play when pages are displayed. Sometimes pages that contain audio clips are displayed very slowly. If you want to display pages more quickly, disable this setting. If a non-Microsoft audio program is installed, or if a video clip is playing, some sounds may play even if you disable this setting. | |
| Play videos in web pages | Determines whether video clips can play when Web pages are displayed. Sometimes pages that contain video clips are displayed very slowly. If you want to display pages more quickly, disable this setting. When this setting is disabled, you can still play an individual video by right-clicking the icon that represents the animation, and then clicking Show Picture. | |
| Show image download placeholders | Determines whether placeholders are drawn for graphical images while they are downloading. This allows items in the page to be positioned where they will appear when the images are fully downloaded. This setting is ignored if the Show Pictures check box is cleared. | |
| Show pictures | Determines whether graphical images are included when pages are displayed. Sometimes pages that contain several graphical images are displayed very slowly. If you want to display pages more quickly, disable this setting. When this setting is disabled, you can still display an individual image by right-clicking the icon that represents the graphic, and then clicking Show Picture. | |
| Smart image dithering | Determines whether Internet Explorer smoothes images so that they appear less jagged when displayed. | |
| Print background colors and images | Determines whether Internet Explorer prints background colors and images when you print a Web page. Enabling this setting may slow down the speed at which your page is printed and the quality of the print, depending on the capabilities of your printer. | |
|
Do not search from the Address bar |
When searching | Determines how Internet Explorer responds when you search for sites from the Address bar. |
| Allow active content from CDs to run on My Computer | ||
| Allow active content to run in files on My Computer | ||
| Allow software to run or install even if the signature is invalid | ||
| Check for publisher's certificate revocation | Determines whether Internet Explorer checks a software publisher’s certificate to see if it has been revoked, before accepting it as valid. | |
| Check for server certificate revocation (requires restart) | Determines whether Internet Explorer checks an Internet site’s certificate to see if it has been revoked, before accepting it as valid. | |
| Check for signatures on downloaded programs | Determines whether Internet Explorer verifies the identity of the programs that you download. When enabled, a dialog box appears, when you download a program, that provides the information that Internet Explorer finds during the check. | |
| Do not save encrypted pages to disk |
Determines whether secured information is retained in your Temporary Internet Files folder. You may want to enable this setting if you are using Internet Explorer from a shared computer and you do not want other people to have access to your secured information. For example, when this setting is disabled, any information that you exchange with secure (https) Web sites, such as passwords or credit card information, may be stored in this folder. This must be off if a program is to be downloaded from a SSL web site without saving it first. |
|
|
Empty Temporary Internet Files folder when browser is closed |
Determines whether the Temporary Internet Files folder is cleared when you close the browser. | |
| Enable Integrated Windows Authentication (requires restart) | Determines whether Internet Explorer uses Integrated Windows Authentication. | |
| Enable Profile Assistant | Determines whether Internet Explorer accepts Web site requests for Profile Assistant information. If you disable this setting, Profile Assistant information is not provided, and you are not prompted to provide information. If you enable this setting, when a Web site requests Profile Assistant information, you are prompted to choose the information to share. At that time, you can also choose to allow this information to be shared with that Web site in the future without prompting. | |
| Use SSL 2.0 | Determines whether Internet Explorer sends and receives secured information through SSL2 (Secured Sockets Layer Level 2), the standard protocol for secure transmissions. All secure Web sites support this protocol. | |
| Use SSL 3.0 | Determines whether Internet Explorer sends and receives secured information through SSL3 (Secured Sockets Layer Level 3), a protocol that is intended to be more secure than SSL2. Note that some Web sites may not support this protocol. | |
| Use TLS 1.0 | Determines whether Internet Explorer sends and receives secured information through TLS (Transport Layer Security), an open security standard similar to SSL3. Note that some Web sites may not support this protocol. | |
| Warn about invalid site certificates | Determines whether Internet Explorer warns you if the address (URL) in a Web site security certificate is not valid. | |
| Warn if changing between secure and not secure mode | Determines whether Internet Explorer warns you if you are switching between Internet sites that are secure and sites that are not. | |
| Warn if forms submittal is being redirected | Determines whether Internet Explorer warns you when the information that you enter on a Web-based form is being sent to a Web site other than the one you are currently viewing. |
Top
[www.xoc.net] Copyright © 1997-2023 by Gregory Reddick
. All
Rights Reserved.
02/20/09 01:28