Recommended Internet Explorer Settings


Previous Topic Previous Next Topic Next
Xoc Software

Other Xoc managed sites:
http://grr.xoc.net
http://www.986faq.com
http://www.mayainfo.org
http://www.codexarchive.com

Internet Explorer has many Security, Privacy, and Advanced options. These are my recommended settings. Disclaimer: I take no responsibility if these settings allow bad stuff to happen to your machine, but in most cases, these settings are more restrictive than the default.

You can download a Internet Explorer Settings .reg file that will patch the registry to set these settings (zipped).

Settings in Bold Face are different from the High Safety setting.

Setting

Internet

Local intranet

Trusted sites

Restricted sites

Code Details
Run components not signed with Authenticode

Disable

Disable

Disable

Disable

2004 Determines whether Internet Explorer runs ActiveX components that are not signed with Authenticode.
Run components signed with Authenticode

Enable

Enabled

Enabled

Disable

2001 Determines whether Internet Explorer runs ActiveX components that are signed with Authenticode.
Automatic prompting for ActiveX controls

Disable

Disable

Disable

Disable

2201 Controls whether users are automatically prompted for ActiveX control installations.
Binary and script behaviors

Administrator Approved

Administrator Approved

Administrator Approved

Disable

2000 Needed to run Google Maps.
Download signed ActiveX controls

Disable

Prompt

Disable2

Disable

1001 Determines whether users can download signed ActiveX components. ActiveX controls are programs that run on your machine in the context of the web browser. They should not be downloaded unless they a well-known control signed coming from a trusted web site, such as microsoft.com.
Download unsigned ActiveX controls

Disable

Disable

Disable

Disable

1004 Determines whether users can download unsigned ActiveX components. ActiveX controls are programs that run on your machine in the context of the web browser. They should not be downloaded unless they a well-known signed control coming from a trusted web site, such as microsoft.com.
Initialize and script ActiveX controls not marked as safe

Disable

Disable

Disable

Disable

1201 Determines whether a script can interact with untrusted ActiveX components in a security zone. Untrusted ActiveX components are not meant for use on Internet Web pages, but in some cases they can be used on Web pages where you can ensure that they will not be misused. This setting should be disabled unless you can trust all ActiveX components and all scripts on all pages in the specified security zone. If enabled, this setting causes Internet Explorer to initialize and script both trusted and untrusted ActiveX components and to ignore the Script ActiveX controls marked safe for scripting setting.
Run ActiveX controls and plug-ins

Administrator Approved

Administrator Approved

Administrator Approved

Disable

1200 Determines whether Internet Explorer can run ActiveX components and plug-ins from Web pages. ActiveX controls are programs that run on your machine in the context of the web browser. They should be disabled except for trusted controls on trusted pages.
Script ActiveX controls marked safe for scripting

Enable1

Enable

Enable

Disable

1405 Determines whether an ActiveX component that is marked safe for scripting can interact with a script. This setting affects only ActiveX components that are loaded with <param> tags.
Automatic prompting for file downloads

Disable

Disable

Disable

Disable

2200 Determines whether users are prompted for non user-initiated file downloads. Regardless of this setting, users receive file download dialogs for user-initiated downloads.
File download

Enable

Enable

Enable

Disable

1803 Determines whether users can download files, based on the zone of the Web page that contains the download link, not the zone from which the file originated.
Font download

Disable

Disable

Disable

Disable

1604 Determines whether users can download fonts, based on the zone of the Web page that contains the download link, not the zone from which the file originated.
Java permissions

Disable Java

Medium Safety

High Safety

Disable Java

1C00 Determines whether Internet Explorer uses the security settings and permissions requested in the signed .cab file to determine whether to run a Java applet.
Access data sources across domains

Disable

Prompt

Disable

Disable

1406 Determines whether ActiveX components that connect to data sources are allowed to connect to a different server to obtain data.
Allow META REFRESH

Enable

Enable

Enable

Disable

1608 Determines whether Web pages can use meta-refreshes to reload Web pages after a reset delay.
Allow scripting of Internet Explorer Webbrowser control

Disable

Enable

Disable

Disable

1206 Determines whether scripts can control the Internet Explorer Webbrowser control.
Allow script-initiated windows without size or position constraints

Disable

Disable

Disable

Disable

2102 Controls restrictions on script-initiated pop-up windows and windows that include the title and status bars.
Allow Web pages to use restricted protocols for active content

Disable

Disable

Disable

Disable

2300 Controls whether a resource hosted on a page accessed through a protocol restricted in a particular URL zone can run active content such as script, ActiveX, Java and Binary Behaviors. The list of restricted protocols for each zone can be set in the Restricted Protocols section under Network Protocol Lockdown policy.
Display mixed content

Disable

Prompt

Prompt

Disable

1609 Determines whether Web pages can display content from both secure and non-secure servers.
Don't prompt for client certificate selection when no certificate or only one certificate exists

Disable

Enable

Disable

Disable

1A04 Determines whether users are prompted to select a certificate when no trusted certificate or only one trusted certificate has been installed on the computer. When disabled, users are prompted for a certificate.
Drag and drop or copy and paste files

Prompt

Enable

Prompt

Disable

1802 Determines whether users can drag and drop or copy and paste files from Web pages in the specified security zone.
Installation of desktop items

Disable

Prompt

Disable

Disable

1800 Determines whether users can install desktop items from Web pages in the specified security zone.
Launching programs and files in an IFRAME

Disable

Prompt

Disable

Disable

1804 Determines whether users can launch programs and files from an IFRAME element (containing a directory or folder reference) in Web pages in the specified security zone.
Navigate sub-frames across different domains

Disable

Enable

Prompt

Disable

1607 Determines whether readers of a Web page can navigate the sub-frame of a window with a top-level document that resides in a different domain.
Open files based on content, not file extension

Enable

Enable

Enable

Enable

2100 Controls MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.
Software channel permissions

High safety

Medium Safety

High Safety

High Safety

1E05 Determines the permissions given to software distribution channels.
  • 'High Safety': prevents users from being notified about software updates by email, software packages from being automatically downloaded to users' computers, and software packages from being automatically installed on users' computers.
  • ''Medium Safety': notifies users about software updates by email, and allows software packages to be automatically downloaded to (but not installed on) users' computers. The software packages must be validly signed; users are not prompted about the download.
  • Low Safety': notifies users about software updates by email, allows software packages to be automatically downloaded to users' computers, and allows software packages to be automatically installed on users' computers.
Submit nonencrypted form data

Enable

Enable

Enable

Disable

1601 Determines whether HTML pages in the specified security zone can submit forms or accept forms from servers in the specified security zone. Forms sent with Secure Sockets Layer (SSL) encryption are always allowed; this setting only affects data that is submitted by non-SSL forms.
Use Pop-up Blocker

Enable

Enable

Enable

Enable

1809 Determines whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.
Userdata persistence

Disable

Enable

Enable

Disable

1606 Determines whether a Web page can save a small file of personal information, associated with the page, to the computer.
Web sites in less privileged web content zone can navigate into this zone

Disable

Disable

Enable

Disable

2101 Determines whether Web sites from less privileged zones, such as Restricted Sites, can navigate into this zone.
Active scripting

Enable

Enable

Enable

Disable

1400 Determines whether Internet Explorer can run script code on Web pages in the specified security zone.
Allow paste operations via script

Disable

Enable

Prompt

Disable

1407 Determines whether a Web page can cut, copy, or paste information from the Clipboard.
Scripting of Java spplets

Disable

Enable

Prompt

Disable

1402 Determines whether scripts in the specified security zone can use objects that exist within Java applets.
Logon

Prompt for user name and password

Automatic logon only in Intranet Zone

Prompt for username and password.

Prompt for user name and password

1A00 Determines how HTTP user authentication is handled.

1 "Script ActiveX controls marked safe for scripting" should only be enabled if "Run ActiveX Controls and plug-ins" is set to Administrator Approved.
2 "Download ActiveX controls" in the Trusted Sites zone can be briefly changed to "Prompt" to download an ActiveX control from a trusted source. It should immediately be disabled again.

Below are the Advanced settings. Descriptions in Bold Face are changed from the default.

 

Description Discussion

Always expand ALT text for images Determines whether an image should expand to fit all of the alternate text when the Show Pictures check box is cleared.

Move system caret with focus/selection changes Determines whether the system caret moves whenever the focus or selection changes. Some accessibility aids, such as screen readers or screen magnifiers, use the system caret to determine which area of the screen to read or magnify.

Always send URLs as UTF-8 (requires restart) Determines whether to use UTF-8, a standard that defines characters so that they are readable in any language. If enabled, you can exchange Internet addresses (URLs) that contain characters from any language.

Automatically check for Internet Explorer updates Determines whether Internet Explorer checks the Web to see if a newer version of the application is available. If enabled, Internet Explorer checks the Web for a newer version approximately every 30 days, notifies you when a new version is available, and asks whether you want to download it.

Close unused folders in History and Favorites (requires restart) Determines whether, upon opening a folder in the Favorites bar, History bar, or Organize Favorites window, any folders opened previously close.

Disable Script Debugging (Internet Explorer) Determines whether the script debugger is turned off or on (assuming a script debugger has been installed). Script debuggers are used by Web site developers to test programs and scripts in their Web pages.

Disable Script Debugging (Other) Determines whether the script debugger is turned off or on (assuming a script debugger has been installed). Script debuggers are used by Web site developers to test programs and scripts in their Web pages.

Display a notification about every script error Determines whether Internet Explorer displays the actual script error when a Web page does not appear properly due to problems with a script. You may want to enable this setting for developers when testing Web pages.

Enable folder view for FTP sites Determines whether FTP sites are shown in folder view, which is similar to browsing folders in Windows Explorer. Even when enabled, this setting may not work with certain types of proxy connections. If you disable this setting, FTP sites display their contents in an HTML-based layout.

Enable Install On Demand (Internet Explorer) Determines whether Internet Explorer components automatically download and install if a Web page requires them in order to display properly or perform a particular task.

Enable Install On Demand (Other) Determines whether Internet Explorer automatically downloads and installs Web components other than the Internet Explorer Web components that a Web page requires in order to display properly or perform a particular task.

Enable offline items to be synchronized on a schedule Determines whether offline items are synchronized on a schedule.

Enable page transitions Determines whether, as you move from one page to another, Internet Explorer fades out the page you are leaving and fades in the page you are going to.

Enable Personalized Favorites Menu Determines whether your Favorites list is kept clear by hiding links you have not used recently, while keeping other links easily accessible. You can view hidden links by clicking the down arrow at the bottom of the Favorites menu.

Enable third-party browser extensions (requires restart)

Determines whether the non-Microsoft features that you installed for use with Internet Explorer are enabled. If you encounter problems with Internet Explorer that you cannot resolve, you can use this setting to help determine if non-Microsoft features are causing the problem, without uninstalling these features. You must restart Internet Explorer after enabling or disabling this setting.

Note: Necessary to be on to run the Google Toolbar.

Enable visual styles on button and controls in web pages Determines whether controls in Web pages use Windows display settings.

Force offscreen composition even under Terminal Server (requires restart) Determines whether you want to force off-screen compositing, even if you are running Terminal Server. When enabled, this setting eliminates the flashing that you see with the compositing normally used by Internet Explorer running under Terminal Server. However, enabling this setting might severely decrease the performance of Internet Explorer running under Terminal Server.

Notify when downloads complete Determines whether a message is displayed at the end of a file download to indicate that the download is complete.

Reuse windows for launching shortcuts Determines whether, when you click a Web link in an Internet-aware program, such as Outlook Express, and when there is already an Internet Explorer window open, the Web page appears in the open browser window. If you disable this setting, Internet Explorer opens a new window.

Show friendly HTTP error messages Determines whether, when there is a problem connecting with an Internet server, Internet Explorer provides a detailed description, with hints about how to correct the problem. If you disable this setting, you see only the error code and the name of the error.

Show friendly URLs Determines whether the status bar displays the short, friendly name of a page. When enabled, the status bar displays the name of the current Web page or any link, image, or object when you position your mouse over it. If you disable this setting, Internet Explorer displays the full Internet address (URL).

Show Go button in Address bar Determines whether the Go button is shown next to the Address bar. When the Go button is displayed, you can type an address in the Address bar, and then click Go to go to that Web page. Even when the Go button is displayed, you can press ENTER after typing the address to go to that Web page.

Always

Underline links Determines how you want links on Web pages underlined.

Use inline AutoComplete Determines whether you want Internet Explorer to complete entries when you type Web addresses on the Address bar, based on entries that you have used before.

Use Passive FTP (for firewall and DSL modem compatibility) Determines whether Internet Explorer uses the passive FTP mode, which does not require your (local) computer to know its Internet IP address and is more secure. Some network configurations work only when the passive mode is turned on, while others work only when the passive mode is turned off. Most network configurations support both modes.

Use smooth scrolling Determines whether a special type of scrolling is used to display content at a predefined speed.

Use HTTP 1.1 Determines whether Internet Explorer attempts to use HTTP 1.1 when connecting to Web servers. Many Web sites still use HTTP 1.0, so if you are having difficulties connecting to some Web sites, you may want to disable this setting.

Use HTTP 1.1 through proxy connections Determines whether Internet Explorer attempts to use HTTP 1.1 when connecting to Web servers when using a proxy server. Many Web sites still use HTTP 1.0, so if you are having difficulties connecting to some Web sites, you may want to disable this setting.

Use Java 2 for <applet> (requires restart)

Java console enabled (requires restart)

Java logging enabled

JIT compiler for virtual machine enabled (requires restart)

Enable Automatic Image Resizing Determines whether Internet Explorer automatically resizes large images so that they fit in the browser window.

Enable Image Toolbar (requires restart) Determines whether the image toolbar is displayed. The image toolbar makes it easy to print, e-mail, and save images from a Web page.

Play animations in web pages Determines whether animations can play when Web pages are displayed. Pages that contain animations are sometimes displayed very slowly. If you want to display pages more quickly, disable this setting. When this setting is disabled, you can still play an individual animation by right-clicking the animation, and then clicking Show Picture.

Play sounds in web pages Determines whether music and other sounds can play when pages are displayed. Sometimes pages that contain audio clips are displayed very slowly. If you want to display pages more quickly, disable this setting. If a non-Microsoft audio program is installed, or if a video clip is playing, some sounds may play even if you disable this setting.

Play videos in web pages Determines whether video clips can play when Web pages are displayed. Sometimes pages that contain video clips are displayed very slowly. If you want to display pages more quickly, disable this setting. When this setting is disabled, you can still play an individual video by right-clicking the icon that represents the animation, and then clicking Show Picture.

Show image download placeholders Determines whether placeholders are drawn for graphical images while they are downloading. This allows items in the page to be positioned where they will appear when the images are fully downloaded. This setting is ignored if the Show Pictures check box is cleared.

Show pictures Determines whether graphical images are included when pages are displayed. Sometimes pages that contain several graphical images are displayed very slowly. If you want to display pages more quickly, disable this setting. When this setting is disabled, you can still display an individual image by right-clicking the icon that represents the graphic, and then clicking Show Picture.

Smart image dithering Determines whether Internet Explorer smoothes images so that they appear less jagged when displayed.

Print background colors and images Determines whether Internet Explorer prints background colors and images when you print a Web page. Enabling this setting may slow down the speed at which your page is printed and the quality of the print, depending on the capabilities of your printer.

Do not search from the Address bar

When searching Determines how Internet Explorer responds when you search for sites from the Address bar.

Allow active content from CDs to run on My Computer

Allow active content to run in files on My Computer

Allow software to run or install even if the signature is invalid

Check for publisher's certificate revocation Determines whether Internet Explorer checks a software publisher’s certificate to see if it has been revoked, before accepting it as valid.

Check for server certificate revocation (requires restart) Determines whether Internet Explorer checks an Internet site’s certificate to see if it has been revoked, before accepting it as valid.

Check for signatures on downloaded programs Determines whether Internet Explorer verifies the identity of the programs that you download. When enabled, a dialog box appears, when you download a program, that provides the information that Internet Explorer finds during the check.

Do not save encrypted pages to disk

Determines whether secured information is retained in your Temporary Internet Files folder. You may want to enable this setting if you are using Internet Explorer from a shared computer and you do not want other people to have access to your secured information. For example, when this setting is disabled, any information that you exchange with secure (https) Web sites, such as passwords or credit card information, may be stored in this folder.

This must be off if a program is to be downloaded from a SSL web site without saving it first.

Empty Temporary Internet Files folder when browser is closed

Determines whether the Temporary Internet Files folder is cleared when you close the browser.

Enable Integrated Windows Authentication (requires restart) Determines whether Internet Explorer uses Integrated Windows Authentication.

Enable Profile Assistant Determines whether Internet Explorer accepts Web site requests for Profile Assistant information. If you disable this setting, Profile Assistant information is not provided, and you are not prompted to provide information. If you enable this setting, when a Web site requests Profile Assistant information, you are prompted to choose the information to share. At that time, you can also choose to allow this information to be shared with that Web site in the future without prompting.

Use SSL 2.0 Determines whether Internet Explorer sends and receives secured information through SSL2 (Secured Sockets Layer Level 2), the standard protocol for secure transmissions. All secure Web sites support this protocol.

Use SSL 3.0 Determines whether Internet Explorer sends and receives secured information through SSL3 (Secured Sockets Layer Level 3), a protocol that is intended to be more secure than SSL2. Note that some Web sites may not support this protocol.

Use TLS 1.0 Determines whether Internet Explorer sends and receives secured information through TLS (Transport Layer Security), an open security standard similar to SSL3. Note that some Web sites may not support this protocol.

Warn about invalid site certificates Determines whether Internet Explorer warns you if the address (URL) in a Web site security certificate is not valid.

Warn if changing between secure and not secure mode Determines whether Internet Explorer warns you if you are switching between Internet sites that are secure and sites that are not.

Warn if forms submittal is being redirected Determines whether Internet Explorer warns you when the information that you enter on a Web-based form is being sent to a Web site other than the one you are currently viewing.

Top