Computer Configuration

Back to: http://ie7triage.spaces.live.com

The following GPO Map applies to Internet Explorer 7.0 XP/2K3. The map is to help simplify find the correct tree location for a particular group policy object.

Computer Configuration->Administrative Templates->Windows Components->RSS Feeds

Turn off background sync for feeds

Turn off addition and removal of feeds

Turn off downloading of enclosures

Turn off feed discovery

Turn off the feed list

Computer Configuration->Administrative Templates->Windows Components->Internet Explorer

Turn off displaying the Internet Explorer Help Menu

Enforce Full Screen Mode

Customize User Agent String

Prevent “Fix settings” functionality

Turn off the Security Settings Check Feature

Turn off Managing Phishing filter

Turn on Compatibility Logging

Security Zones: Use only machine settings

Security Zones: Do not allow users to change policies

Security Zones: Do not allow users to add/delete sites

Make proxy settings per-machine (rather than per-user)

Disable Automatic Install of Internet Explorer components

Disable Periodic Check for Internet Explorer software updates

Disable software update shell notifications on program launch

Disable showing the splash screen

Turn off Crash Detection

Do not allow users to enabled or disable add-ons

Turn off pop-up management

Turn off Managing Pop-up Allow list

Turn off managing Pop-up filter level

Pop-up allow list

Disable changing connection settings

Disable changing proxy settings

Disable changing Automatic Configuration settings

Prevent participation in the Customer Experience Improvement Program

Turn off page zooming functionality

Prevent performance of First Run Customize settings

Turn off tabbed browsing

Turn off configuration of tabbed browsing pop-up behavior

Turn off Quick Tabs functionality

Turn on menu bar by default

Turn off configuration of default behavior of new tab creation

Turn off configuration of window reuse

Prevent the Internet Explorer search box from displaying

Restrict changing the default search provider

Add a specific list of search providers to the user’s search provider list

Turn off “Delete Browsing History” functionality

Disable “Configuring History”

Prevent the deletion of temporary Internet files and cookies

Turn off “Delete Forms” functionality

Turn off “Delete Passwords” functionality

Computer Configuration->Administrative Templates->Windows Components->Internet Explorer->Application Compatibility

Enable cut, copy or past operations from the clipboard if URLACTION_SCRIPT_PASTE is set to Prompt

Computer Configuration->Administrative Templates->Windows Components->Internet Explorer->Internet Control Panel

Disable the General Page

Disable the Security Page

Disable the Content Page

Disable the Connections Page

Disable the Programs Page

Disable the Advanced Page

Send internationalized domain names

Use UTF-8 for mailto links

Prevent ignoring certificate errors

Computer Configuration->Administrative Templates->Windows Components->Internet Explorer->Internet Control Panel->Security Page

Turn on automatic detection of the Intranet

Turn on Information bar notification for intranet Content

Site to Zone assignment List

Intranet Sites: Include all local (intranet sites not listed in other

Intranet Sites: Include all sites that bypass the proxy server

Intranet Sites: Include all network paths (UNCs)

Internet Zone Template

Intranet Zone Template

Trusted Sites Zone Template

Local Machine Zone Template

Locked-Down Local Machine Zone Template

Locked-Down Internet Zone Template

Locked-Down Intranet Zone Template

Locked-Down Trusted Zone Template

Locked-Down Trusted Sites Zone Template

Locked-Down Restricted Sites Zone Template

Computer Configuration->Administrative Templates->Windows Components->Internet Explorer->Internet Control Panel->Security Page->Internet Zone

Computer Configuration->Administrative Templates->Windows Components->Internet Explorer->Internet Control Panel->Security Page->Locked Down Internet Zone

Computer Configuration->Administrative Templates->Windows Components->Internet Explorer->Internet Control Panel->Security Page->Intranet Zone

Computer Configuration->Administrative Templates->Windows Components->Internet Explorer->Internet Control Panel->Security Page->Locked-Down Intranet Zone

Computer Configuration->Administrative Templates->Windows Components->Internet Explorer->Internet Control Panel->Security Page->Trusted Sites Zone

Computer Configuration->Administrative Templates->Windows Components->Internet Explorer->Internet Control Panel->Security Page->Locked-Down Trusted Sites Zone

Computer Configuration->Administrative Templates->Windows Components->Internet Explorer->Internet Control Panel->Security Page->Restricted Sites Zone

Computer Configuration->Administrative Templates->Windows Components->Internet Explorer->Internet Control Panel->Security Page->Locked-Down Restricted Sites Zone

Computer Configuration->Administrative Templates->Windows Components->Internet Explorer->Internet Control Panel->Security Page->Local Machine Sites Zone

Computer Configuration->Administrative Templates->Windows Components->Internet Explorer->Internet Control Panel->Security Page->Locked-Down Local Machine Zone

Turn Off First-Run Opt-In

Allow Scriptlets

Disable WinFX Runtme components Setup

Web Browser Applications

XPS files

Loose or un-compiled XAML files

Turn on Protect Mode

Allow video and animation on a webpage that does not use external media player (through dynsrc attribute)

Allow status bar updates via script

Run .Net Framework-reliant components signed with Authenticode

Run .Net Framework-reliant components not signed with Authenticode

Download signed ActiveX controls

Download unsigned ActiveX controls

Initialize and script ActiveX controls not marked as safe

Run ActiveX controls marked safe for scripting

Allow file downloads

Allow font downloads

Java permissions

Access data sources across domains

Automatic prompting for file downloads

Automatic prompting for ActiveX controls

Allow META REFRESH

Allow script-initiated windows without size or position constraints

Allow binary and script behaviors

Display mixed content

Do not prompt for client certificate selection when no certificates or only one certificate exists

Allow drag and drop or copy and paste files

Allow installation of desktop items

Launching applications and files in an IFRAME

Navigate sub-frames across different domains

Open files based on content, not file extension

Software channel permissions

Submit non-encrypted form data

Use Pop-up Blocker

Userdata persistence

Web sites in less privileged Web content zones can navigate into this zone

Allow active scripting

Allow cut, copy or paste operations from the clipboard via script

Scripting of Java applets

Logon options

Computer Configuration->Administrative Templates->Windows Components->Internet Explorer->Internet Control Panel->Advanced Page

Do not allow resetting Internet Explorer settings

Automatically check for Internet Explorer updates

Allow Install On Demand (Internet Explorer)

Allow Install On Demand (except Internet Explorer)

Allow third-party browser extensions

Play animation in web pages

Play sounds in web pages

Play video in web pages

Allow active content from CDs to run on user machines

Allow software to run or install even if the signature is invalid

Check for server certificate revocation

Check for signatures on downloaded programs

Do not save encrypted pages to disk

Empty Temporary Internet Files folder when browser is closed

Turn off Profile Assistant

Turn off Clear Type

Computer Configuration->Administrative Templates->Windows Components->Internet Explorer->Security Features

Binary Behavior Security Restriction

MK Protocol Security Restriction

Local Machine Zone Lockdown Security

Consistent Mime Handling

Mime Sniffing Safety Feature

Object Caching Protection

Scripted Window Security Restrictions

Protection From Zone Elevation

Information Bar

Restrict ActiveX Install

Restrict File Download

Add-On Management

Network Protocol Lockdown

Enable Native XMLHttp Support

Computer Configuration->Administrative Templates->Windows Components->Internet Explorer->Internet Settings->Component Updates->Periodic check for updates to Internet Explorer and Internet Tools

Turn off changing the URL to be displayed for checking updates to Internet Explorer and Internet Tools

Computer Configuration->Administrative Templates->Windows Components->Internet Explorer->Internet Settings->Component Updates->Help Menu > About Internet Explorer

Turn off configuring the update check internet (in days)

Computer Configuration->Administrative Templates->Windows Components->Internet Explorer->Corporate Settings->Code Download

Prevent settings of the code downloaded path for each machine

Computer Configuration->Administrative Templates->Windows Components->Internet Explorer->Toolbars

Turn off Toolbar upgrade tool

User Configuration->Windows Settings->Internet Explorer Maintenance->Browser User Interface

Browser Title

Custom Logo and Animated Bitmaps (Internet Explorer 6.0 Only)

Customize the static logo bitmaps

Small (22x22) bitmap

Large (38x38) bitmap

Customize the animated bitmaps (upper right corner)

Small (22x22) bitmap

Large (38x38) bitmap

Browser Toolbar Customizations (Internet Explorer 6.0 Only)

Background

Use Windows default toolbar background bitmap

Customize toolbar background bitmap

Delete existing toolbar buttons, if present

User Configuration->Windows Settings->Internet Explorer Maintenance->Connection

Connection Settings

Do not customize Connection Settings

Import the current Connection settings from this machine

Delete existing Dial-up Connection settings

Automatic Browser Configuration

Automatic detect configuration settings

Enable Automatic Configuration

Automatic configure every xxx minutes.

Auto-config URL (.INS file)

Auto-proxy URL (.js, .jvs, or .pac file)

Proxy Settings

Enable Proxy Settings

Address of Proxy

Use the same proxy server for all addresses

Exceptions

Do not use proxy server for addresses beginning with

Do not use proxy server for local (intranet addresses

User Agent String

Customize string to b appended to user agent string

User Configuration->Windows Settings->Internet Explorer Maintenance->URLs

Favorites and Links

Place favorites and links at the top of the list in the order specified below

Delete existing Favorites and Links, if present

Only delete the favorites created by the administrator

Delete existing channels, if present

Important URLs

Customize Home page URL

Customize Search bar URL

Customize Online support page URL

User Configuration->Windows Settings->Internet Explorer Maintenance->Security

Security Zones and Content Ratings

Security Zones and Privacy

Do not customize security zones and privacy

Import the current security zones and privacy settings

Content Rating

Do not customize Content Ratings

Import the current Content Ratings settings

Authenticode Settings

Do not customize Authenticode Security

Import current Authenticode Security information

Enable trusted publisher lockdown

User Configuration->Windows Settings->Internet Explorer Maintenance->Programs

Programs

Do not customize Program Settings

Import the current Program Settings

User Configuration->Windows Settings->Internet Explorer Maintenance->Preference Mode->Advanced

Corporate Settings

Temporary Internet Files (User)

Check for newer versions of stored pages:

Never

Every Time you start Internet Explorer

Every Visit to the Page

Automatically

Set amount of disk space to use (in MB)

Temporary Internet Files (Machine)

Set amount of disk space to use (in MB)

Disable Roaming Cache

Code Download

Path - CODEBASE;http://activex.microsoft.com/objects/ocget.dll

Related Sites and Errors

Show the menu item, and turn on the toolbar button

Show the menu item, but do not turn on the toolbar button

Disable the menu item, and the browser toolbar button

Internet Settings

Autocomplete

Use inline AutoComplete for Web Addresses

Use inline AutoComplete in Windows Explorer

Use AutoComplete for Web Addresses

Use AutoComplete for forms

Use AutoComplete for user names and passwords on forms

Prompt to save passwords

Display Settings

Text Size

Largest

Large

Medium

Smaller

Smallest

General Colors

Background Colors

Text Colors

Use Windows Colors

Advanced settings [Per User]

Connection: Enable Autodialing

Browsing: Disable script debugging

Browsing: Show friendly URLs

Browsing: Use smooth scrolling

Browsing: Enable page transitions

Browsing: Enable page hit counting

Browsing: Automatically check for Internet Explorer updates

Browsing: Underline links

Always

Never

Hover

Enable folder view for FTP sites

Show Go button in Address bar

Show friendly http error messages

Display a notification about every script error

Multimedia: Show pictures

Multimedia: Enable Image Toolbar Hovering

Multimedia: Enable Automatic Image Resizing

Multimedia: Don’t show HTML Content in the Media Bar

Multimedia: Play animation

Multimedia: Play Videos

Multimedia: Play Sounds

Multimedia: Smart image dithering

Multimedia: Show image download placeholders

Security: Enable Profile Assistant

Security: Delete saved pages when browser closed

Security: Do not save encrypted pages to disk

Security: Warn if forms submit is being redirected

Security: Warn if changing between secure and not secure

Microsoft VM: Microsoft VM logging enabled

Microsoft VM: Microsoft VM JIT complier enabled

Printing: Print background colors and images

Searching: Search Provider Keyword (type INTRANET if you have and internal AutoSearch server)

Searching: When searching from the address bar

Display results, and go to the most likely site

Just go to the most likely site

Just display the results in the main window

Do not search from the address bar

HTTP 1.1 Settings: Use HTTP 1.1

HTTP 1.1 Settings: Use HTTP 1.1 through proxy connections

Signup Settings: Disable Automatic Signup

Internet Connection Wizard Settings: Do not run Internet Connection Wizard

URL Encoding

Always send URLs as UTF 8 (requires restart)

Component Updates

Periodic check for updates to Internet Explorer and Internet Tools:

http://go.microsoft.com/fwlink/?LinkId=54843

Update check interval (in days)

Help Menu > About Internet Explorer: http://go.microsoft.com/fwlink/?LinkId=54798

User Configuration->Administrative Templates->Windows Components->RSS Feeds

Turn off background sync for feeds

Turn off addition and removal of feeds

Turn off downloading of enclosures

Turn off feed discovery

Turn off the feed list

User Configuration->Administrative Templates->Windows Components->Internet Explorer->Application Compatibility

Enable cut, copy or past operations from the clipboard if URLACTION_SCRIPT_PASTE is set to Prompt

User Configuration ->Administrative Templates->Windows Components->Internet Explorer->Internet Control Panel

Disable the General Page

Disable the Security Page

Disable the Content Page

Disable the Connections Page

Disable the Programs Page

Disable the Advanced Page

Send internationalized domain names

Use UTF-8 for mailto links

Prevent ignoring certificate errors

User Configuration->Administrative Templates->Windows Components->Internet Explorer->Internet Control Panel->Security Page

Turn on automatic detection of the Intranet

Turn on Information bar notification for intranet Content

Site to Zone assignment List

Intranet Sites: Include all local (intranet sites not listed in other

Intranet Sites: Include all sites that bypass the proxy server

Intranet Sites: Include all network paths (UNCs)

Internet Zone Template

Intranet Zone Template

Trusted Sites Zone Template

Local Machine Zone Template

Locked-Down Local Machine Zone Template

Locked-Down Internet Zone Template

Locked-Down Intranet Zone Template

Locked-Down Trusted Zone Template

Locked-Down Trusted Sites Zone Template

Locked-Down Restricted Sites Zone Template

User Configuration->Administrative Templates->Windows Components->Internet Explorer->Internet Control Panel->Security Page->Internet Zone

User Configuration->Administrative Templates->Windows Components->Internet Explorer->Internet Control Panel->Security Page->Locked Down Internet Zone

User Configuration->Administrative Templates->Windows Components->Internet Explorer->Internet Control Panel->Security Page->Intranet Zone

User Configuration->Administrative Templates->Windows Components->Internet Explorer->Internet Control Panel->Security Page->Locked-Down Intranet Zone

User Configuration->Administrative Templates->Windows Components->Internet Explorer->Internet Control Panel->Security Page->Trusted Sites Zone

User Configuration->Administrative Templates->Windows Components->Internet Explorer->Internet Control Panel->Security Page->Locked-Down Trusted Sites Zone

User Configuration->Administrative Templates->Windows Components->Internet Explorer->Internet Control Panel->Security Page->Restricted Sites Zone

User Configuration->Administrative Templates->Windows Components->Internet Explorer->Internet Control Panel->Security Page->Locked-Down Restricted Sites Zone

User Configuration->Administrative Templates->Windows Components->Internet Explorer->Internet Control Panel->Security Page->Local Machine Sites Zone

User Configuration->Administrative Templates->Windows Components->Internet Explorer->Internet Control Panel->Security Page->Locked-Down Local Machine Zone

Turn Off First-Run Opt-In

Allow Scriptlets

Disable WinFX Runtme components Setup

Web Browser Applications

XPS files

Loose or un-compiled XAML files

Turn on Protect Mode

Allow video and animation on a webpage that does not use external media player (through dynsrc attribute)

Allow status bar updates via script

Run .Net Framework-reliant components signed with Authenticode

Run .Net Framework-reliant components not signed with Authenticode

Download signed ActiveX controls

Download unsigned ActiveX controls

Initialize and script ActiveX controls not marked as safe

Run ActiveX controls marked safe for scripting

Allow file downloads

Allow font downloads

Java permissions

Access data sources across domains

Automatic prompting for file downloads

Automatic prompting for ActiveX controls

Allow META REFRESH

Allow script-initiated windows without size or position constraints

Allow binary and script behaviors

Display mixed content

Do not prompt for client certificate selection when no certificates or only one certificate exists

Allow drag and drop or copy and paste files

Allow installation of desktop items

Launching applications and files in an IFRAME

Navigate sub-frames across different domains

Open files based on content, not file extension

Software channel permissions

Submit non-encrypted form data

Use Pop-up Blocker

Userdata persistence

Web sites in less privileged Web content zones can navigate into this zone

Allow active scripting

Allow cut, copy or paste operations from the clipboard via script

Scripting of Java applets

Logon options

User Configuration->Administrative Templates->Windows Components->Internet Explorer->Offline Files

Disable adding channels

Disable removing channels

Disable adding schedules for offline pages

Disable editing schedules for offline pages

Disable removing schedules for offline pages

Disable offline page hit logging

Disable all scheduled offline pages

Disable channel users interface completely

Disable downloading of site subscription content

Disable editing and creating of schedule groups

Subscription Limits

(Applies to Internet 6.0 and below only. IE7 to does not support offline files)

User Configuration->Administrative Templates->Windows Components->Internet Explorer->Browser menus

File menu: Disable Save As… menu option

File menu: Disable New menu option

File menu: Disable Open menu option

File menu: Disable closing the browser and Explorer windows

View menu: Disable Source menu option

View menu: disable Full Screen menu option

Hide Favorites menu

Tools Menu: Disable Internet Options… menu option

Help menu: Remove ‘Tip of the Day’ menu option

Help menu: Remove ‘For Netscape Users’ menu option

Help menu: Remove ‘Tour’ menu option

Help menu: Remove ‘Send Feedback’ menu option

Disable Context menu

Disable open in New Window menu option

Disable Save this program to disk option

User Configuration->Administrative Templates->Windows Components->Internet Explorer->Toolbars

Disable customizing browser toolbar buttons

Disable customizing browser toolbars

Configure Toolbar Buttons

Turn off toolbar upgrade tool

Show Back button

Show Forward button

Show Stop button

Show Refresh button

Show Home button

Show Search button

Show Favorites button

Show History button

Show Folders button

Show Fullscreen button

Show Tools button

Show Mail button

Show Font size button

Show Print button

Show Edit button

Show Discussion button

Show Cut button

Show Copy button

Show Paste button

Show Encoding Button

User Configuration->Administrative Templates->Windows Components->Internet Explorer->Persistence Behavior

File size limits for Local Machine Zone

File size limits for Intranet Zone

File size limits for Trusted Sites Zone

File size limits for Internet Zone

File size limits for Restricted Sites Zone

User Configuration->Administrative Templates->Windows Components->Internet Explorer->Administrator Approved Controls

Audio/Video Player

ActiveMovie Control

Media Control

Menu Controls

MCSiMenu

Popup Menu Object

Ikonic Menu Control

Microsoft Agent

Microsoft Chat

Microsoft Survey Control

Shockwave Flash

NetShow File Transfer Control

DHTML Edit Control

Microsoft Scriptlet Component

Carpoint

Investor

MSNBC

User Configuration->Administrative Templates->Windows Components->Internet Explorer->Security Features

Binary Behavior Security Restriction

MK Protocol Security Restriction

Local Machine Zone Lockdown Security

Consistent Mime Handling

Mime Sniffing Safety Feature

Object Caching Protection

Scripted Window Security Restrictions

Protection From Zone Elevation

Information Bar

Restrict ActiveX Install

Restrict File Download

Add-On Management

Network Protocol Lockdown

Enable Native XMLHttp Support

User Configuration->Administrative Templates->Windows Components->Internet Explorer->Internet Settings->AutoComplete

Turn on inline AutoComplete for Web Addresses

Turn off inline AutoComplete in Windows Explorer

User Configuration->Administrative Templates->Windows Components->Internet Explorer->Internet Settings->Display Settings

Prevent users from choosing default text size

User Configuration->Administrative Templates->Windows Components->Internet Explorer->Internet Settings->Display Settings->General Colors

Prevent users from configuring background color

Prevent users from configuring text colors

Prevent the user of Windows Colors

User Configuration->Administrative Templates->Windows Components->Internet Explorer->Internet Settings->Display Settings->Link Colors

Prevent users from configuring the color of links that have not yet been clicked

Prevent users from configuring the color of links that have already been clicked

Turn on the hover color option

Prevent users from configuring the hover color

User Configuration->Administrative Templates->Windows Components->Internet Explorer->Internet Settings->Advanced settings->Internet Connection Wizard

Turn off the Internet Connection Wizard Auto Detect

User Configuration->Administrative Templates->Windows Components->Internet Explorer->Internet Settings->Advanced settings->Signup Settings

Turn on Automatic Signup

User Configuration->Administrative Templates->Windows Components->Internet Explorer->Internet Settings->Advanced settings->Printing

Allow the printing of background colors and images

User Configuration->Administrative Templates->Windows Components->Internet Explorer->Internet Settings->Advanced settings->Searching

Prevent configuration of search from the Address bar

User Configuration->Administrative Templates->Windows Components->Internet Explorer->Internet Settings->Advanced settings->Multimedia

Windows Vista will be added to this map as soon as we get the time to review. Also, we would like to add the registry location and values to to this map.