In Part 1 of this series, I described the security zones in Microsoft Internet Explorer (IE) 5.0. Here, in Part 2, I'll show you how to configure the security settings for each zone. In the final part of this series, I'll explain how to use create rules in Active Directory (AD) to centrally and consistently configure these IE security settings for all users in your domain according to each type of user.
Custom Level Security Settings
To view IE's preconfigured settings, open IE, select Tools, Internet Options, and select the Security tab, as Figure 1 shows. IE has four zones: Internet, Local intranet, Trusted sites, and Restricted sites. Each zone has a preset level of security—Low, Medium-low, Medium, and High. To view IE’s actual security settings for a particular zone, click Custom Level, which displays the Security Settings dialog box, as Figure 2 shows. Almost all of the categories for these settings have the same three choices: disable, enable, and prompt. If you disable the policy, users can't perform the operation; enable it, and they can. If you select prompt, IE displays a warning dialog box each time the users try the operation, letting them make the security decision on a case-by-case basis. I recommend that you select this option only for conscientious, Internet security-savvy users who can make informed decisions. For other users, the prompt option can become a nuisance dialog box that they will click through without thinking; seeing the warning box can also cause users to make countless calls to your Help desk. . . .
)
)
Register
*://*.windowsecurity.com, although if you specify https you're limited to https. Why not have articles that tell security admins something specific, like to search their network for files like secumgr.exe, which can override the security settings of IE.
Patrick Nolan April 19, 2001