Make proxy settings per-machine (rather than per-user) Applies proxy settings to all users of the same computer. If you enable this policy, users cannot set user-specific proxy settings. They must use the zones created for all users of the computer. If you disable this policy or do not configure it, users of the same computer can establish their own proxy settings. This policy is intended to ensure that proxy settings apply uniformly to the same computer and do not vary from user to user. Go to GPS Prevent setting of the code download path for each machine This policy setting prevents the setting of the code download path for each machine. The Internet Component Download service exposes a function that is called by an application to download, verify, and install code for an OLE component. Using this setting, the user can set the code download path. If you enable this policy setting, the user cannot specify the download path for the code. You must specify the download path. If you disable or do not configure this policy setting, the user can specify the download path for the code. === Presentation information === PathCODEBASE === Detailed values: === text: Id: Path; ValueName: CodeBaseSearchPath Go to GPS Prevent the configuration of cipher strength update information URLs This policy setting prevents the configuration of cipher strength update information URLs. When you log on to secure pages, access cannot be granted unless your Internet browser connects with a prespecified encryption. To ensure that your browser meets this requirement, this policy setting allows you to specify the URL to update your browser security setting. If you enable this policy setting, the user will not be able to configure the cipher strength update information URL. You must specify the cipher strength update information URL. If you disable or do not configure this policy setting, the user can configure the cipher strength update information URL. === Presentation information === Cipher Strength Update Information URL:http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=128bit === Detailed values: === text: Id: HelpAbout128Link; ValueName: IEAKUpdateUrl Go to GPS Restrict potentially unsafe HTML Help functions to specified folders With this policy, you can restrict certain HTML Help commands to function only in HTML Help (.chm) files within specified folders and their subfolders. Alternatively, you can disable these commands on the entire system. It is strongly recommended that only folders requiring administrative privileges be added to this policy. The "Shortcut" command is used to add a link to a Help topic, and runs executables that are external to the Help file. The "WinHelp" command is used to add a link to a Help topic, and runs a WinHLP32.exe Help (.hlp) file. When this policy is disabled, or not configured, these commands are fully functional for all Help files. When this policy is enabled, the commands will function only for .chm files in the specified folders and their subfolders. To restrict the commands to one or more folders, enable the policy and enter the desired folders in the text box on the settings tab of the Policy Properties dialog box. Use a semicolon to separate folders. For example, to restrict the commands to only .chm files in the %windir%\help folder and D:\somefolder, add the following string to the edit box: "%windir%\help;D:\somefolder". To disallow the "Shortcut" and "WinHelp" commands on the entire local system, enable the policy and leave the text box on the settings tab of the Policy Properties dialog box blank. Note: An environment variable may be used, (for example, %windir%), so long as it is defined on the system. For example, %programfiles% is not defined on some early versions of Windows. Note: Only folders on the local computer can be specified in this policy. You cannot use this policy to enable the "Shortcut" and "WinHelp" commands for .chm files that are stored on mapped drives or accessed using UNC paths. For additional options, see the "Restrict these programs from being launched from Help" policy. === Presentation information === Enter folder names separated by semi-colons: Example: %windir%\Help;%windir%\pchealth;%programfiles% === Detailed values: === text: Id: HelpQualifiedRootDir_Edit; ValueName: HelpQualifiedRootDir Go to GPS Security Zones: Do not allow users to add/delete sites Prevents users from adding or removing sites from security zones. A security zone is a group of Web sites with the same security level. If you enable this policy, the site management settings for security zones are disabled. (To see the site management settings for security zones, in the Internet Options dialog box, click the Security tab, and then click the Sites button.) If you disable this policy or do not configure it, users can add Web sites to or remove sites from the Trusted Sites and Restricted Sites zones, and alter settings for the Local Intranet zone. This policy prevents users from changing site management settings for security zones established by the administrator. Note: The "Disable the Security page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), which removes the Security tab from the interface, takes precedence over this policy. If it is enabled, this policy is ignored. Also, see the "Security zones: Use only machine settings" policy. Go to GPS Security Zones: Do not allow users to change policies Prevents users from changing security zone settings. A security zone is a group of Web sites with the same security level. If you enable this policy, the Custom Level button and security-level slider on the Security tab in the Internet Options dialog box are disabled. If you disable this policy or do not configure it, users can change the settings for security zones. This policy prevents users from changing security zone settings established by the administrator. Note: The "Disable the Security page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), which removes the Security tab from Internet Explorer in Control Panel, takes precedence over this policy. If it is enabled, this policy is ignored. Also, see the "Security zones: Use only machine settings" policy. Go to GPS Security Zones: Use only machine settings Applies security zone information to all users of the same computer. A security zone is a group of Web sites with the same security level. If you enable this policy, changes that the user makes to a security zone will apply to all users of that computer. If you disable this policy or do not configure it, users of the same computer can establish their own security zone settings. This policy is intended to ensure that security zone settings apply uniformly to the same computer and do not vary from user to user. Also, see the "Security zones: Do not allow users to change policies" policy. Go to GPS Turn off changing the URL to be displayed for checking updates to Internet Explorer and Internet To This policy setting allows checking for updates for Internet Explorer from the specified URL, included by default in Internet Explorer. If you enable this policy setting, users will not be able to change the URL to be displayed for checking updates to Internet Explorer and Internet Tools. You must specify the URL to be displayed for checking updates to Internet Explorer and Internet Tools. If you disable or do not configure this policy setting, users will be able to change the URL to be displayed for checking updates to Internet Explorer and Internet Tools. === Presentation information === URL to be displayed for updates:http://www.microsoft.com/isapi/redir.dll?Prd=ie&Pver=5.0&Ar=ie5update === Detailed values: === text: Id: UpdatePage; ValueName: Update_Check_Page Go to GPS Turn off configuring the update check interval (in days) This setting specifies the update check interval. The default value is 30 days. If you enable this policy setting, the user will not be able to configure the update check interval. You have to specify the update check interval. If you disable or do not configure this policy setting, the user will have the freedom to configure the update check interval. === Presentation information === Update check interval (in days): === Detailed values: === decimal: Id: UpdateInterval; ValueName: Update_Check_Interval Go to GPS Turn off Data Execution Prevention This policy setting allows you to turn off the Data Execution Prevention feature for Internet Explorer on Windows Server 2008, Windows Vista SP1 and Windows XP SP3. If you enable this policy setting, Internet Explorer will not opt-in to Data Execution Prevention on platforms that support the SetProcessDEPPolicy API. If you disable or do not configure this policy, Internet Explorer will use the SetProcessDEPPolicy API to turn on Data Execution Prevention protection on platforms that support the API. This policy has no effect if Windows has been configured to enable Data Execution Prevention. Go to GPS