About URL Security Zone Templates
Templates provide an easy way for users to set the level of security they want for a particular URL security zone. For more information on URL security zones, see About URL Security Zones.
The URL security zone templates provide different levels of security. The High template contains settings that provide the highest level of security by restricting Web sites from performing potentially damaging operations. The Low template contains settings that provide the lowest level of security, allowing Web sites more access to the user's system.
- Security Zone Templates
- High Template
- Medium-High Template
- Medium Template
- Medium-Low Template
- Low Template
- Template-based Policy Values for URL Actions
- URL Policy Changes
- Microsoft Internet Explorer 6 Policy Changes
- Internet Explorer 4.0 Policy Changes
- Registry Keys
Security Zone Templates
When URL security zones were introduced in Microsoft Internet Explorer 4.0, there were three default templates (High, Medium, and Low). A fourth template, Medium-Low, was added in Microsoft Internet Explorer 5. A Medium-High template was introduced with Windows Internet Explorer 7.
Windows Internet Explorer provides the following five separate security zone templates.
- High Template
- Medium-High Template
- Medium Template
- Medium-Low Template
- Low Template
High Template
The High template is used for URL security zones that contain Web sites that could cause damage to your computer or data. The settings used by this template will restrict sites from performing potentially damaging operations. By default, the Restricted sites zone uses this template.
Medium-High Template
The Medium-High template is new for Internet Explorer 7 for Windows XP Service Pack 2 (SP2) and Windows Vista. With this template, per-application override settings that disable Microsoft ActiveX warnings in certain situations are not allowed.
Medium Template
The Medium template is used for URL security zones that contain Web sites that are neither trusted nor untrusted. By default, the Internet zone uses this template.
Medium-Low Template
The Medium-Low template is used for URL security zones that contain Web sites that are unlikely to cause damage to your computer or data. By default, the Local intranet zone uses this template.
Low Template
The Low template is used for URL security zones that contain Web sites that are fully trusted by the user. By default, the Trusted sites zone uses this template.
Template-based Policy Values for URL Actions
The following table lists the URL actions and default URL policy settings for each of the five security zone templates, as of Internet Explorer 7. Descriptions for the URL Action Flag constants in the following tables can be found at URL Action Flags. Descriptions for the URL Policy Flag constants can be found at URL Policy Flags. Note: URL policy flag names have been shortened in the table below to enhance readability.
| High | Medium-High | Medium | Medium-Low | Low |
|---|---|---|---|---|
| URLACTION_ACTIVEX_NO_WEBOC_SCRIPT | ||||
| DISALLOW a | DISALLOW | DISALLOW | ALLOW a | ALLOW |
| URLACTION_ACTIVEX_OVERRIDE_OBJECT_SAFETY | ||||
| DISALLOW | DISALLOW | DISALLOW | DISALLOW | QUERY a |
| URLACTION_ACTIVEX_OVERRIDE_OPTIN | ||||
| DISALLOW | DISALLOW | ALLOW | ALLOW | ALLOW |
| URLACTION_ACTIVEX_OVERRIDE_REPURPOSEDETECTION | ||||
| DISALLOW | DISALLOW | ALLOW | ALLOW | ALLOW |
| URLACTION_ACTIVEX_RUN | ||||
| DISALLOW | ALLOW | ALLOW | ALLOW | ALLOW |
| URLACTION_ACTIVEX_SCRIPTLET_RUN | ||||
| DISALLOW | DISALLOW | DISALLOW | ALLOW | ALLOW |
| URLACTION_ACTIVEX_DYNSRC_VIDEO_AND_ANIMATION | ||||
| DISALLOW | DISALLOW | DISALLOW | DISALLOW | DISALLOW |
| URLACTION_ALLOW_APEVALUATION | ||||
| ALLOW | ALLOW | ALLOW | DISALLOW | DISALLOW |
| URLACTION_ALLOW_RESTRICTEDPROTOCOLS | ||||
| DISALLOW | QUERY | QUERY | QUERY | QUERY |
| URLACTION_AUTOMATIC_ACTIVEX_UI | ||||
| DISALLOW | DISALLOW | DISALLOW | ALLOW | ALLOW |
| URLACTION_AUTOMATIC_DOWNLOAD_UI | ||||
| DISALLOW | DISALLOW | DISALLOW | ALLOW | ALLOW |
| URLACTION_BEHAVIOR_RUN | ||||
| DISALLOW | ALLOW | ALLOW | ALLOW | ALLOW |
| URLACTION_CHANNEL_SOFTDIST_PERMISSIONS | ||||
| PROHIBIT | PRECACHE | PRECACHE | PRECACHE | AUTOINSTALL |
| URLACTION_CLIENT_CERT_PROMPT | ||||
| DISALLOW | DISALLOW | DISALLOW | ALLOW | ALLOW |
| URLACTION_COOKIES | ||||
| DISALLOW | ALLOW | ALLOW | ALLOW | ALLOW |
| URLACTION_COOKIES_ENABLED | ||||
| Not defined in any templates. | ||||
| URLACTION_COOKIES_SESSION | ||||
| DISALLOW | ALLOW | ALLOW | ALLOW | ALLOW |
| URLACTION_COOKIES_SESSION_THIRD_PARTY | ||||
| DISALLOW | ALLOW | ALLOW | ALLOW | ALLOW |
| URLACTION_COOKIES_THIRD_PARTY | ||||
| DISALLOW | QUERY | QUERY | ALLOW | ALLOW |
| URLACTION_CREDENTIALS_USE | ||||
| MUST_PROMPT_USER | CONDITIONAL_PROMPT | CONDITIONAL_PROMPT | CONDITIONAL_PROMPT | SILENT_LOGON_OK |
| URLACTION_CROSS_DOMAIN_DATA | ||||
| DISALLOW | DISALLOW | DISALLOW | QUERY | ALLOW |
| URLACTION_DOTNET_USERCONTROLS | ||||
| DISALLOW d | DISALLOW | ALLOW | ALLOW | ALLOW |
| URLACTION_DOWNLOAD_SIGNED_ACTIVEX | ||||
| DISALLOW | QUERY | QUERY | QUERY | ALLOW |
| URLACTION_DOWNLOAD_UNSIGNED_ACTIVEX | ||||
| DISALLOW | DISALLOW | DISALLOW | DISALLOW | QUERY |
| URLACTION_FEATURE_DATA_BINDING | ||||
| DISALLOW d | ALLOW | ALLOW | ALLOW | ALLOW |
| URLACTION_FEATURE_FORCE_ADDR_AND_STATUS | ||||
| DISALLOW | DISALLOW | DISALLOW | ALLOW | ALLOW |
| URLACTION_FEATURE_MIME_SNIFFING | ||||
| DISALLOW | ALLOW | ALLOW | ALLOW | ALLOW |
| URLACTION_FEATURE_SCRIPT_STATUS_BAR | ||||
| DISALLOW | DISALLOW | DISALLOW | ALLOW | ALLOW |
| URLACTION_FEATURE_WINDOW_RESTRICTIONS | ||||
| DISALLOW | DISALLOW | DISALLOW | ALLOW | ALLOW |
| URLACTION_FEATURE_ZONE_ELEVATION | ||||
| DISALLOW | ALLOW | ALLOW | ALLOW | QUERY |
| URLACTION_HTML_FONT_DOWNLOAD | ||||
| QUERY | ALLOW | ALLOW | ALLOW | ALLOW |
| URLACTION_HTML_INCLUDE_FILE_PATH | ||||
| DISALLOW | DISALLOW | ALLOW | ALLOW | ALLOW |
| URLACTION_HTML_JAVA_RUN | ||||
| ALLOW b | ALLOW | ALLOW | ALLOW | ALLOW |
| URLACTION_HTML_META_REFRESH | ||||
| DISALLOW | ALLOW | ALLOW | ALLOW | ALLOW |
| URLACTION_HTML_MIXED_CONTENT | ||||
| QUERY | QUERY | QUERY | QUERY | QUERY |
| URLACTION_HTML_SUBFRAME_NAVIGATE | ||||
| DISALLOW | DISALLOW | DISALLOW | ALLOW | ALLOW |
| URLACTION_HTML_SUBMIT_FORMS | ||||
| QUERY | ALLOW | ALLOW | ALLOW | ALLOW |
| URLACTION_HTML_USERDATA_SAVE | ||||
| DISALLOW | ALLOW | ALLOW | ALLOW | ALLOW |
| URLACTION_JAVA_PERMISSIONS | ||||
| PROHIBIT | HIGH | HIGH | MEDIUM | LOW |
| URLACTION_LOOSE_XAML | ||||
| DISALLOW | ALLOW | ALLOW | ALLOW | ALLOW |
| URLACTION_LOWRIGHTS | ||||
| ALLOW c | ALLOW | ALLOW | DISALLOW | DISALLOW |
| URLACTION_MANAGED_SIGNED | ||||
| DISALLOW | ALLOW | ALLOW | ALLOW | |
| URLACTION_MANAGED_UNSIGNED | ||||
| DISALLOW | ALLOW | ALLOW | ALLOW | |
| URLACTION_SCRIPT_JAVA_USE | ||||
| DISALLOW | ALLOW | ALLOW | ALLOW | ALLOW |
| URLACTION_SCRIPT_PASTE | ||||
| DISALLOW | QUERY | QUERY | QUERY | ALLOW |
| URLACTION_SCRIPT_RUN | ||||
| DISALLOW | ALLOW | ALLOW | ALLOW | ALLOW |
| URLACTION_SCRIPT_SAFE_ACTIVEX | ||||
| DISALLOW | ALLOW | ALLOW | ALLOW | ALLOW |
| URLACTION_SHELL_ENHANCED_DRAGDROP_SECURITY | ||||
| QUERY | ||||
| URLACTION_SHELL_EXECUTE_HIGHRISK | ||||
| DISALLOW | QUERY | QUERY | ALLOW | ALLOW |
| URLACTION_SHELL_EXECUTE_LOWRISK | ||||
| Not defined in any templates. | ||||
| URLACTION_SHELL_EXECUTE_MODRISK | ||||
| Not defined in any templates. | ||||
| URLACTION_SHELL_FILE_DOWNLOAD | ||||
| DISALLOW | ALLOW | ALLOW | ALLOW | ALLOW |
| URLACTION_SHELL_INSTALL_DTITEMS | ||||
| DISALLOW | QUERY | QUERY | QUERY | ALLOW |
| URLACTION_SHELL_MOVE_OR_COPY | ||||
| QUERY | ALLOW | ALLOW | ALLOW | ALLOW |
| URLACTION_SHELL_POPUPMGR | ||||
| ALLOW | ALLOW | ALLOW | DISALLOW | DISALLOW |
| URLACTION_SHELL_RTF_OBJECTS_LOAD | ||||
| Not defined in any templates. | ||||
| URLACTION_SHELL_VERB | ||||
| DISALLOW | QUERY | QUERY | QUERY | ALLOW |
| URLACTION_SHELL_WEBVIEW_VERB | ||||
| Not defined in any templates. | ||||
| URLACTION_WINDOWS_BROWSER_APPLICATIONS | ||||
| DISALLOW | ALLOW | ALLOW | ALLOW | ALLOW |
| URLACTION_WINFX_SETUP | ||||
| DISALLOW | ALLOW | ALLOW | ALLOW | ALLOW |
| URLACTION_XPS_DOCUMENTS | ||||
| DISALLOW | ALLOW | ALLOW | ALLOW | ALLOW |
a The URL policy flag names have been shortened to enhance readability.
b Although URLACTION_HTML_JAVA_RUN is not an aggregate URL action, its function is derived from the URL policy setting of URLACTION_JAVA_PERMISSIONS.
c URLACTION_LOWRIGHTS available on Windows Vista only.
d New for Windows Internet Explorer 8.
URL Policy Changes
This section describes modifications to the policy templates from prior versions of Internet Explorer.
Microsoft Internet Explorer 6 Policy Changes
The following table contains the URL actions whose URL policy was changed in Internet Explorer 7. Below each URL action is the URL policy assigned by the Microsoft Internet Explorer 6 version of the specified template.
| High | Medium | Medium-Low | Low | |
|---|---|---|---|---|
| URLACTION_COOKIES_ENABLED | ||||
| DISALLOW | QUERY | ALLOW | ALLOW | |
| URLACTION_HTML_SUBFRAME_NAVIGATE | ||||
| ALLOW | ||||
| URLACTION_HTML_SUBMIT_FORMS | ||||
| QUERY | ||||
| URLACTION_FEATURE_ZONE_ELEVATION | ||||
| ALLOW | ||||
| URLACTION_SCRIPT_PASTE | ||||
| ALLOW | ALLOW | |||
| URLACTION_SHELL_EXECUTE_HIGHRISK | ||||
| QUERY | ||||
| URLACTION_SHELL_EXECUTE_LOWRISK | ||||
| ALLOW | ALLOW | ALLOW | ALLOW | |
| URLACTION_SHELL_EXECUTE_MODRISK | ||||
| QUERY | QUERY | ALLOW | ALLOW | |
| URLACTION_SHELL_RTF_OBJECTS_LOAD | ||||
| DISALLOW | ALLOW | ALLOW | ALLOW | |
| URLACTION_SHELL_WEBVIEW_VERB | ||||
| QUERY | QUERY | ALLOW | ALLOW | |
Internet Explorer 4.0 Policy Changes
The following table contains the URL actions whose URL policy was changed in Internet Explorer 5. Below each URL action is the URL policy assigned by the Internet Explorer 4.0 version of the specified template.
| High | Medium | Medium-Low | Low | |
|---|---|---|---|---|
| URLACTION_ACTIVEX_OVERRIDE_OBJECT_SAFETY | ||||
| QUERY | ||||
| URLACTION_HTML_SUBMIT_FORMS | ||||
| DISALLOW | ||||
| URLACTION_SHELL_FILE_DOWNLOAD | ||||
| QUERY | QUERY | |||
| URLACTION_SHELL_MOVE_OR_COPY | ||||
| DISALLOW | QUERY | |||
| URLACTION_SHELL_VERB | ||||
| QUERY | ||||
Registry Keys
The registry stores the settings for each template in the following keys.
HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER
Software
Microsoft
Windows
CurrentVersion
Internet Settings
TemplatePolicies
High
MedHigh
Medium
MedLow
Low
This information is for reference only. You should not directly manipulate the registry because information stored in the registry may not always be stored in the same location.
Security Warning: Setting these registry keys incorrectly can compromise the security of your application. The values for these registry keys are safe by default. By adjusting these values you could put users at risk of an elevation of privilege attack. You should review Security Considerations: URL Security Zones API before continuing.