Submitted by Damien on
Tags:
There are occasions when you have problems with Internet Explorer (IE) having problems with Javascript or plugins that at least partially stem from the browser's security level, for example it can cause Drupal's Ubercart e-commerce module to not let IE users to checkout (a bad thing). For those occasions, here are all of the IE8 security settings listed out in a single table in all their gory detail.
To see them go to the Tools browser menu, click on the Internet Options menu item and then the Security tab, then click Custom Level to see how each setting is adjusted based on the specific security level.
| Setting | Medium (default) | Medium-High | High |
|---|---|---|---|
| .NET Framework | |||
| Loose XAML: | enable | enable | disable |
| XAML browser applications: | enable | enable | disable |
| XPS documents: | enable | enable | disable |
| ActiveX controls and plugins | |||
| Allow previously unused ActiveX controls to run without prompt: | enable | disable | disable |
| Allow scriptlets: | disable | disable | disable |
| Automatic prompting for ActiveX controls: | disable | disable | disable |
| Binary and script behaviors: | enable | enable | disable |
| Display video and animation on a webpage that does not use external media player: | disable | disable | disable |
| Download signed ActiveX controls: | prompt (recommended) | prompt (recommended) | disable |
| Download unsigned ActiveX controls: | disable (recommended) | disable (recommended) | disable (recommended) |
| Initialize and script ActiveX controls not marked as safe for scripting: | disable (recommended) | disable (recommended) | disable (recommended) |
| Only allow approved domains to use ActiveX without prompt | disable | enable | enable |
| Run ActiveX controls and plug-ins: | enable | enable | disable |
| Script ActiveX controls marked safe for scripting: | enable | enable | disable |
| Downloads | |||
| Automatic prompting for file downloads: | disable | disable | disable |
| File download: | enable | enable | disable |
| Font download: | enable | enable | disable |
| Enable .NET framework setup | |||
| : | enable | enable | disable |
| Miscellaneous | |||
| Access data sources across domains: | disable | disable | disable |
| Allow META REFRESH: | enable | enable | disable |
| Allow scripting of Microsoft web browser control: | enable | disable | disable |
| Allow script-initiated windows without size or position contraints: | disable | disable | disable |
| Allow webpages to use restricted protocols for active content: | prompt | prompt | disable |
| Allow websites to open windows without address or status bars: | enable | disable | disable |
| Display mixed content: | prompt | prompt | prompt |
| Don't prompt for client certificate selection with no certificates or only one certificate exists: | disable | disable | disable |
| Drag and drop or copy and paste files: | enable | enable | prompt |
| Include local directory path when uploading files to a server: | enable | disable | disable |
| Installation of desktop items: | prompt (recommended) | prompt (recommended) | disable |
| Launching applications and unsafe files: | prompt (recommended) | prompt (recommended) | disable |
| Launching programs and files in an IFRAME: | prompt (recommended) | prompt (recommended) | disable |
| Navigate windows and frames across different domains: | disable | disable | disable |
| Open files based on content, not file extension: | enable | enable | disable |
| Submit non-encrypted for data: | enable | enable | prompt |
| Use Pop-up Blocker: | enable | enable | enable |
| Use SmartScreen Filter: | enable | enable | enable |
| Userdata persistence: | enable | enable | disable |
| Websites in less privileged web content zones can navigate into this zone: | enable | enable | disable |
| Scripting | |||
| Active scripting: | enable | enable | disable |
| Allow Programmatic clipboard access: | prompt | prompt | disable |
| Allow status bar updates via script: | enable | disable | disable |
| Allow websites to prompt for information using scripted windows: | enable | disable | disable |
| Enable XSS filter: | enable | enable | enable |
| Scripting of Java applets: | enable | enable | disable |
| User Authentication | |||
| Login: | Automatic logon only in Intranet zone | Automatic logon only in Intranet zone | Prompt for user name and password |
FYI these were obtained from a Windows XP SP3 virtual machine and may behave differently on different versions of Windows.
2 Comments
Missing the following
Submitted by Chris (not verified) on
Missing the following section: .NET Framework-reliant components, which has the following settings:
Permissions for componenents with manifests
Run componenents not signed with Authenticode
Run componenents signed with Authenticode
I'm running Win XP SP3 too. The locale of my OS is English - perhaps that's the disconnect?
Also, there is a typo in the following: "Allow webpages to use restricted protocols for active content:". "for active content" should be "form active content". Otherwise very handy and helpful. Thanks - Chris
Is there a way to export a
Submitted by Jesse Kurth (not verified) on
Is there a way to export a .csv or .xls file out of IE8 with a summary of these security settings?