5-Control de Calidad

but is not displayed in the settings for Internet Explorer.
The Local Machine zone

allows Web content to run with fewer restrictions. Unfortunately, attackers also
try to take advantage of the Local Machine zone to elevate their privileges and
compromise a computer.
In Windows XP Service Pack 2, all local files and content that is processed by
Internet Explorer has the security of the Local Machine zone applied to it. This
differs from previous versions, where local content was considered to be secure and
had no zone-based security was placed on it.
This feature dramatically restricts HTML in the Local Machine zone and controls
running in the Local Machine Zone. This helps to mitigate attacks where the Local
Machine zone is used as an attack vector to load malicious code.</string>
<string id="IESF_ExplainMimeSniffingSafetyFeature_AllProcs_Explain">This
policy setting determines whether Internet Explorer MIME sniffing will prevent
promotion of a file of one type to a more dangerous file type.
If you enable this policy setting, the Mime Sniffing Safety Feature is enabled for
all processes.
If you disable or do not configure this policy setting, the Mime Sniffing Safety
Feature is disabled for all processes.</string>
<string id="IESF_ExplainMimeSniffingSafetyFeature_IE_Explain">This policy
setting determines whether Internet Explorer MIME sniffing will prevent promotion
of a file of one type to a more dangerous file type.
If you enable this policy setting, MIME sniffing will never promote a file of one
type to a more dangerous file type.
If you disable this policy setting, Internet Explorer processes will allow a MIME
sniff promoting a file of one type to a more dangerous file type.
If you do not configure this policy setting, MIME sniffing will never promote a
file of one type to a more dangerous file type.</string>
<string id="IESF_ExplainMimeSniffingSafetyFeature_ProcList_Explain">This
policy setting determines whether Internet Explorer MIME sniffing will prevent
promotion of a file of one type to a more dangerous file type.
This policy setting allows administrators to define applications for which they
want this security feature to be prevented or allowed.
If you enable this policy setting and enter a Value of 1, this protection will be
in effect. If you enter a Value of 0, any file may be promoted to more dangerous
file types. The Value Name is the name of the executable. If a Value Name is empty
or the Value is not 0 or 1, the policy setting is ignored.
Do not enter the Internet Explorer processes in this list: use the related Internet
Explorer Processes policy to enable or disable IE processes. If the All Processes
policy setting is enabled, the processes configured in this box take precedence
over that setting.
If you disable or do not configure this policy setting, the security feature is
allowed.</string>
<string id="IESF_ExplainMimeSniffingSafetyFeatureCategory">One of the backup
criteria for determining a file type is the result of the MIME sniff. By examining
(or sniffing) a file, Internet Explorer can recognize the bit signatures of certain
types of files. In Windows XP Service Pack 2, Internet Explorer MIME sniffing will
never promote a file of one type to a more dangerous file type. For example, files
that are received as plain text but that include HTML code will not be promoted to
the HTML type, which could contain malicious code.
In the absence of other file type information, the MIME sniff might be the only
information that determines how to handle a given file download. If, for instance,
Internet Explorer upgrades a text file to an HTML file, the file might execute code
from the browser and possibly elevate the file's security privilege.
Settings note: this feature can be turned off by zone in IE security zones
settings.</string>
<string id="IESF_ExplainMKProtocolSecurityRestriction_AllProcs_Explain">The
MK Protocol Security Restriction policy setting reduces attack surface area by
preventing the MK protocol. Resources hosted on the MK protocol will fail.
If you enable this policy setting, the MK Protocol is disabled for all processes.
Any use of the MK Protocol is blocked.
If you disable or do not configure this policy setting, the MK Protocol is

enabled.</string>
<string id="IESF_ExplainMKProtocolSecurityRestriction_IE_Explain">The MK
Protocol Security Restriction policy setting reduces attack surface area by
If you enable this policy setting, the MK Protocol is prevented for File Explorer
and Internet Explorer, and resources hosted on the MK protocol will fail.
If you disable this policy setting, applications can use the MK protocol API.
Resources hosted on the MK protocol will work for the File Explorer and Internet
Explorer processes.
If you do not configure this policy setting, the MK Protocol is prevented for File
Explorer and Internet Explorer, and resources hosted on the MK protocol will
fail.</string>
<string id="IESF_ExplainMKProtocolSecurityRestriction_ProcList_Explain">The
MK Protocol Security Restriction policy setting reduces attack surface area by
If you enable this policy setting and enter a Value of 1, use of the MK protocol is
prevented. If you enter a Value of 0, use of the MK protocol is allowed. If a Value
Name is empty or the Value is not 0 or 1, the policy setting is ignored.
over that setting.
If you disable or do not configure this policy setting, the policy setting is
ignored.</string>
<string id="IESF_ExplainMKProtocolSecurityRestrictionCategory">In a reduction
of attack surface, retired protocols are no longer supported. This feature disables
the MK protocol. Resources hosted on the MK protocol will fail. Some legacy
middleware apps may use this API, and this registry key can be set to allow them to
continue to use it.</string>
<string id="IESF_ExplainNetworkProtocolLockdown_AllProcs_Explain">Internet
Explorer may be configured to prevent active content obtained through restricted
protocols from running in an unsafe manner. This policy setting controls whether
restricting content obtained through restricted protocols is prevented or allowed.
If you enable this policy setting, restricting content obtained through restricted
protocols is allowed for all processes other than File Explorer or Internet
Explorer.
If you disable this policy setting, restricting content obtained through restricted
protocols is prevented for all processes other than File Explorer or Internet
Explorer.
If you do not configure this policy setting, no policy is enforced for processes
other than File Explorer and Internet Explorer.</string>
<string id="IESF_ExplainNetworkProtocolLockdown_IE_Explain">File Explorer and
Internet Explorer may be configured to prevent active content obtained through
restricted protocols from running in an unsafe manner. This policy setting controls
whether restricting content obtained through restricted protocols is prevented or
allowed.
If you enable this policy setting, restricting content obtained through restricted
protocols is allowed for File Explorer and Internet Explorer processes. For
example, you can restrict active content from pages served over the http and https
protocols by adding the value names http and https.
If you disable this policy setting, restricting content obtained through restricted
protocols is prevented for File Explorer and Internet Explorer processes.
If you do not configure this policy setting, the policy setting is

ignored.</string>
<string id="IESF_ExplainNetworkProtocolLockdown_ProcList_Explain">Internet
Explorer may be configured to prevent active content obtained through restricted
protocols from running in an unsafe manner. This policy setting controls whether
restricting content obtained through restricted protocols is prevented or allowed.
want restricting content obtained through restricted protocols to be prevented or
allowed.
If you enable this policy setting and enter a Value of 1, restricting content
obtained through restricted protocols is allowed. If you enter a Value of 0,
restricting content obtained through restricted protocols is blocked. The Value
Name is the name of the executable. If a Value Name is empty or the Value is not 0
or 1, the policy setting is ignored.
Do not enter the File Explorer or Internet Explorer processes in this list: use the
related Internet Explorer Processes policy to enable or disable these processes. If
the All Processes policy setting is enabled, the processes configured in this box
take precedence over that setting.
allowed.</string>
<string id="IESF_ExplainNetworkProtocolLockdownCategory">In File Explorer,
Internet Explorer, or any other process which opts into the security restriction,
Network Protocol Lockdown may be implemented in any security zone in order to
prevent active content obtained through restricted protocols from running in an
unsafe manner, if the target URL is in that zone. Each zone may be set to either
prompt the user when such content attempts to run, or to simply disallow the
content in that zone.</string>
<string id="IESF_ExplainObjectCachingProtection_AllProcs_Explain">This policy
setting defines whether a reference to an object is accessible when the user
navigates within the same domain or to a new domain.
If you enable this policy setting, object reference is no longer accessible when
navigating within or across domains for all processes.
If you disable or do not configure this policy setting, object reference is

retained when navigating within or across domains in the Restricted Zone
sites.</string>
<string id="IESF_ExplainObjectCachingProtection_IE_Explain">This policy
If you enable this policy setting, an object reference is no longer accessible when
navigating within or across domains for Internet Explorer processes.
If you disable this policy setting, an object reference is retained when navigating
within or across domains for Internet Explorer processes.
If you do not configure this policy setting, an object reference is no longer

accessible when navigating within or across domains for Internet Explorer
processes.</string>
<string id="IESF_ExplainObjectCachingProtection_ProcList_Explain">This policy
If you enable this policy setting and enter a Value of 1, references to objects are
inaccessible after navigation. If you enter a Value of 0, references to objects are
still accessible after navigation. The Value Name is the name of the executable. If
a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored.
over that setting.
allowed.</string>
<string id="IESF_ExplainObjectCachingProtectionCategory">In previous versions
of Windows with Internet Explorer, some Web pages could access objects cached from
another Web site. In Windows XP Service Pack 2, a reference to an object is no
longer accessible when the user navigates to a new domain.
For Windows XP Service Pack 2, there is now a new security context on all
scriptable objects so that access to all cached objects is blocked. In addition to
blocking access when navigating across domains, access is also blocked when
navigating within the same domain. (In this context, a domain is defined as a fully
qualified domain name (FQDN)). A reference to an object is no longer accessible
after the context has changed due to navigation.</string>
<string
id="IESF_ExplainProtectionFromZoneElevation_AllProcs_Explain">Internet Explorer
places restrictions on each Web page it opens. The restrictions are dependent upon
the location of the Web page (Internet, Intranet, Local Machine zone, and so on).
For example, Web pages on the local computer have the fewest security restrictions
and reside in the Local Machine zone, making the Local Machine security zone a
prime target for malicious users.
If you enable this policy setting, any zone can be protected from zone elevation
for all processes.
If you disable or do not configure this policy setting, processes other than
Internet Explorer or those listed in the Process List receive no such
protection.</string>
<string id="IESF_ExplainProtectionFromZoneElevation_IE_Explain">Internet
Explorer places restrictions on each Web page it opens. The restrictions are
dependent upon the location of the Web page (Internet, Intranet, Local Machine
zone, etc.). Web pages on the local computer have the fewest security restrictions
and reside in the Local Machine zone, making the Local Machine security zone a
prime target for malicious users. Zone Elevation also disables JavaScript
navigation if there is no security context.
If you enable this policy setting, any zone can be protected from zone elevation by
Internet Explorer processes.
If you disable this policy setting, no zone receives such protection for Internet
Explorer processes.
If you do not configure this policy setting, any zone can be protected from zone
elevation by Internet Explorer processes.</string>
<string
id="IESF_ExplainProtectionFromZoneElevation_ProcList_Explain">Internet Explorer
places restrictions on each Web page it opens. The restrictions are dependent upon
the location of the Web page (Internet, Intranet, Local Machine zone, and so on).
Web pages on the local computer have the fewest security restrictions and reside in
the Local Machine zone, making the Local Machine security zone a prime target for
malicious users. Zone Elevation also disables JavaScript navigation if there is no
security context.
If you enable this policy setting and enter a Value of 1, elevation to more
privileged zones can be prevented. If you enter a Value of 0, elevation to any zone
is allowed. The Value Name is the name of the executable. If a Value Name is empty
or the Value is not 0 or 1, the policy setting is ignored.
over that setting.
allowed.</string>
<string id="IESF_ExplainProtectionFromZoneElevationCategory">When a Web page
is opened in Internet Explorer, Internet Explorer puts restrictions on what the
page can do, based on where that Web page came from: the Internet, a local intranet
server, a trusted site, and so on. For example, pages on the Internet have stricter
security restrictions than pages on a user's local intranet. Web pages on a user's
computer are in the Local Machine security zone, where they have the fewest
security restrictions. This makes the Local Machine security zone a prime target
for malicious users. Zone Elevation Blocks makes it harder to get code to run in
this zone. (As a separate feature, Local Machine Zone Lockdown makes the zone less
vulnerable to malicious users by changing its security settings.)
Internet Explorer prevents the overall security context for any link on a page from
being higher than the security context of the root URL. This means, for example,
that a page in the Internet zone cannot navigate to a page in the Local Intranet
zone, except as the result of a user-initiated action. A script, for example, could
not cause this navigation. For the purpose of this mitigation, the security context
ranking of the zones, from highest security context to lowest, is: Restricted Sites
zone, Internet zone, Local Intranet zone, Trusted Sites zone, and Local Machine
zone.
Zone Elevation also disables JavaScript navigation if there is no security context.
Settings note: this feature can be turned off or set to prompt by zone in IE
security zones settings.</string>
<string id="IESF_ExplainRestrictActiveXInstall_AllProcs_Explain">This policy
setting enables applications hosting the Web Browser Control to block automatic
prompting of ActiveX control installation.
If you enable this policy setting, the Web Browser Control will block automatic
prompting of ActiveX control installation for all processes.
If you disable or do not configure this policy setting, the Web Browser Control
will not block automatic prompting of ActiveX control installation for all
processes.</string>
<string id="IESF_ExplainRestrictActiveXInstall_IE_Explain">This policy
setting enables blocking of ActiveX control installation prompts for Internet
Explorer processes.
If you enable this policy setting, prompting for ActiveX control installations will
be blocked for Internet Explorer processes.
If you disable this policy setting, prompting for ActiveX control installations
will not be blocked for Internet Explorer processes.
If you do not configure this policy setting, the user's preference will be used to
determine whether to block ActiveX control installations for Internet Explorer
processes.</string>
<string id="IESF_ExplainRestrictActiveXInstall_ProcList_Explain">This policy
prompting of ActiveX control installation.
If you enable this policy setting and enter a Value of 1, automatic prompting of
ActiveX control installation is blocked. If you enter a Value of 0, automatic
prompting of ActiveX control installation is allowed. The Value Name is the name of
the executable. If a Value Name is empty or the Value is not 0 or 1, the policy
setting is ignored.
over that setting.
allowed.</string>
<string id="IESF_ExplainRestrictActiveXInstallCategory">Enables applications
hosting the Web Browser Control to block automatic prompting of ActiveX control
installation. If a policy setting blocks prompting for an ActiveX control
installation, the Notification bar appears instead.</string>
<string id="IESF_ExplainRestrictFileDownload_AllProcs_Explain">This policy
prompting of file downloads that are not user initiated.
If you enable this policy setting, the Web Browser Control will block automatic
prompting of file downloads that are not user initiated for all processes.
If you disable this policy setting, the Web Browser Control will not block
automatic prompting of file downloads that are not user initiated for all
processes.</string>
<string id="IESF_ExplainRestrictFileDownload_IE_Explain">This policy setting
enables blocking of file download prompts that are not user initiated.
If you enable this policy setting, file download prompts that are not user
initiated will be blocked for Internet Explorer processes.
If you disable this policy setting, prompting will occur for file downloads that
are not user initiated for Internet Explorer processes.
If you do not configure this policy setting, the user's preference determines
whether to prompt for file downloads that are not user initiated for Internet
Explorer processes.</string>
<string id="IESF_ExplainRestrictFileDownload_ProcList_Explain">This policy
prompting of file downloads that are not user initiated.
If you enable this policy setting and enter a Value of 1, automatic prompting of
non-initiated file downloads is blocked. If you enter a Value of 0, automatic
prompting of non-initiated file downloads is allowed. The Value Name is the name of
the executable. If a Value Name is empty or the Value is not 0 or 1, the policy
setting is ignored.
over that setting.
allowed.</string>
<string id="IESF_ExplainRestrictFileDownloadCategory">Enables applications
hosting the Web Browser Control to block automatic prompting of file downloads that
were not user initiated. If a policy setting blocks prompting for a file download,
the Notification bar appears instead.</string>
<string
id="IESF_ExplainScriptedWindowSecurityRestrictions_AllProcs_Explain">Internet
Explorer allows scripts to programmatically open, resize, and reposition windows of
various types. The Window Restrictions security feature restricts popup windows and
prohibits scripts from displaying windows in which the title and status bars are
not visible to the user or obfuscate other Windows' title and status bars.
If you enable this policy setting, scripted windows are restricted for all
processes.
If you disable or do not configure this policy setting, scripted windows are not
restricted.</string>
<string
id="IESF_ExplainScriptedWindowSecurityRestrictions_IE_Explain">Internet Explorer
allows scripts to programmatically open, resize, and reposition windows of various
types. The Window Restrictions security feature restricts popup windows and
If you enable this policy setting, popup windows and other restrictions apply for
File Explorer and Internet Explorer processes.
If you disable this policy setting, scripts can continue to create popup windows
and windows that obfuscate other windows.
If you do not configure this policy setting, popup windows and other restrictions
apply for File Explorer and Internet Explorer processes.</string>
<string
id="IESF_ExplainScriptedWindowSecurityRestrictions_ProcList_Explain">Internet
Explorer allows scripts to programmatically open, resize, and reposition windows of
various types. The Window Restrictions security feature restricts popup windows and
If you enable this policy setting and enter a Value of 1, such windows may not be
opened. If you enter a Value of 0, windows have none of these restrictions. The
Value Name is the name of the executable. If a Value Name is empty or the Value is
not 0 or 1, the policy setting is ignored.
over that setting.
allowed.</string>
<string id="IESF_ExplainScriptedWindowSecurityRestrictionsCategory">Internet
Explorer provides the capability for scripts to programmatically open additional
windows of various types, and to resize and reposition existing windows. The Window
Restrictions security feature restricts two types of script-initiated windows that
have been used by malicious persons to deceive users: popup windows (which do not
have components such as the address bar, title bar, status bar, and toolbars) and
windows that include the title bar and status bar.
Script-initiated windows with the title bar and status bar are constrained in
scripted movement to ensure that these important and informative bars remain
visible after the operation completes.
- Scripts cannot position windows so that the title bar or address bar are above
the visible top of the display.
- Scripts cannot position windows such that the status bar is below the visible
bottom of the display.
- Script-initiated windows that include a title bar and status bar are constrained
in scripted sizing to ensure that the title bar and status bar remain visible after
the operation completes.
- Scripts cannot resize windows such that the title bar, address bar, or status bar
cannot be seen.
- When creating a window, the definition of the fullscreen=yes specification is
changed to mean "show the window as maximized," which will keep the title bar,
address bar, and status bar visible.
Internet Explorer has been modified to not turn off the status bar for any windows.
The status bar is always visible for all Internet Explorer windows.
Script-initiated popup windows are now constrained so that they:
- Do not extend above the top or below the bottom of the parent Internet Explorer
Web Object Control (WebOC) window.
- Are smaller in height than the parent WebOC window.
- Overlap the parent window horizontally.
- Stay with the parent window if the parent window moves.
- Appear above its parent so other windows (such as a dialog box) cannot be
hidden.</string>
<string id="IESF_ExplainSecurityFeaturesCategory">Contains settings to enable
or disable security features for Internet Explorer, File Explorer and other
applications.</string>
<string id="IESF_NPLRest_Category">Restricted Protocols Per Security
Zone</string>
<string id="IESF_NPLRest_Category_Explain">The list of restricted protocols
governed by Network Protocol Lockdown varies per security zone. Use these policies
to set the restricted protocol list for each zone.
If policy is set in both Computer Configuration and User Configuration, the two
lists are combined.</string>
<string id="IESF_NPLRest_InternetZone">Internet Zone Restricted
Protocols</string>
<string id="IESF_NPLRest_IntranetZone">Intranet Zone Restricted
Protocols</string>
<string id="IESF_NPLRest_LocalMachineZone">Local Machine Zone Restricted
Protocols</string>
<string id="IESF_NPLRest_RestrictedSitesZone">Restricted Sites Zone
Restricted Protocols</string>
<string id="IESF_NPLRest_TrustedSitesZone">Trusted Sites Zone Restricted
Protocols</string>
<string id="IESF_NPLRestrictionsList_Explain">For each zone, the Network
Protocol Lockdown security restriction may be configured to prevent active content
obtained through restricted protocols from running in an unsafe manner, either by
prompting the user, or simply disabling the content. For each zone, this list of
protocols may be configured here, and applies to all processes which have opted in
to the security restriction.
If you enable this policy setting for a zone, this sets the list of protocols to be
restricted if that zone is set to Prompt or Disable for "Allow active content over
restricted protocols to access my computer."
If you disable or do not configure this policy setting for a zone, no protocols are
restricted for that zone, regardless of the setting for "Allow active content over
restricted protocols to access my computer."
Note. If policy for a zone is set in both Computer Configuration and User
Configuration, both lists of protocols will be restricted for that zone.</string>
<string id="IESF_Policy_BinaryBehaviorAdminAllow">Admin-approved
behaviors</string>
<string id="IESF_PolicyAllProcesses">All Processes</string>
<string id="IESF_PolicyExplorerProcesses">Internet Explorer
Processes</string>
<string id="IESF_PolicyProcessList">Process List</string>
<string id="IESF_PolicyScriptPasteAllProcesses">Bypass prompting for
Clipboard access for scripts running in any process</string>
<string id="IESF_PolicyScriptPasteExplorerProcesses">Bypass prompting for
Clipboard access for scripts running in the Internet Explorer process</string>
<string id="IESF_PolicyScriptPasteProcessList">Define applications and
processes that can access the Clipboard without prompting</string>
<string id="AddonManagement_IgnoreAddonApprovalStatus">Automatically activate
newly installed add-ons</string>
<string
id="AddonManagement_DisableAddonLoadTimePerformanceNotifications">Turn off add-on
performance notifications</string>
<string id="InternetExplorer">Internet Explorer</string>
<string id="InternetSettings">Internet Settings</string>
<string id="Investor">Investor</string>
<string id="IZ_ExplainIncludeUnspecifiedLocalSites">This policy setting
controls whether local sites which are not explicitly mapped into any Security Zone
are forced into the local Intranet security zone.
If you enable this policy setting, local sites which are not explicitly mapped into
a zone are considered to be in the Intranet Zone.
If you disable this policy setting, local sites which are not explicitly mapped
into a zone will not be considered to be in the Intranet Zone (so would typically
be in the Internet Zone).
If you do not configure this policy setting, users choose whether to force local
sites into the Intranet Zone.</string>
<string id="IESF_ENABLE_MD2_MD4">Install binaries signed by MD2 and MD4
signing technologies</string>
<string id="IESF_Explain_ENABLE_MD2_MD4">This policy setting allows you to
manage whether Internet Explorer 9 can install ActiveX controls and other binaries
signed with MD2 and MD4 signing technologies. Internet Explorer 9 does not support
MD2 and MD4 signing technologies by default, because they are not as secure as
other technologies.
If you enable this policy setting, Internet Explorer 9 installs binaries signed by
MD2 and MD4 signing technologies.
If you disable or do not configure this policy setting, Internet Explorer 9 does
not install binaries signed by MD2 and MD4 signing technologies.</string>
<string id="IZ_ExplainProxyByPass">This policy setting controls whether sites
which bypass the proxy server are mapped into the local Intranet security zone.
If you enable this policy setting, sites which bypass the proxy server are mapped
into the Intranet Zone.
If you disable this policy setting, sites which bypass the proxy server aren't
necessarily mapped into the Intranet Zone (other rules might map one there).
If you do not configure this policy setting, users choose whether sites which
bypass the proxy server are mapped into the Intranet Zone.</string>
<string id="IZ_ExplainUNCAsIntranet">This policy setting controls whether
URLs representing UNCs are mapped into the local Intranet security zone.
If you enable this policy setting, all network paths are mapped into the Intranet
Zone.
If you disable this policy setting, network paths are not necessarily mapped into
the Intranet Zone (other rules might map one there).
If you do not configure this policy setting, users choose whether network paths are
mapped into the Intranet Zone.</string>
<string id="IZ_ExplainZonemaps">This policy setting allows you to manage a
list of sites that you want to associate with a particular security zone. These
zone numbers have associated security settings that apply to all of the sites in
the zone.
Internet Explorer has 4 security zones, numbered 1-4, and these are used by this
policy setting to associate sites to zones. They are: (1) Intranet zone, (2)
Trusted Sites zone, (3) Internet zone, and (4) Restricted Sites zone. Security
settings can be set for each of these zones through other policy settings, and
their default settings are: Trusted Sites zone (Low template), Intranet zone
(Medium-Low template), Internet zone (Medium template), and Restricted Sites zone
(High template). (The Local Machine zone and its locked down equivalent have
special security settings that protect your local computer.)
If you enable this policy setting, you can enter a list of sites and their related
zone numbers. The association of a site with a zone will ensure that the security
settings for the specified zone are applied to the site. For each entry that you
add to the list, enter the following information:
Valuename – A host for an intranet site, or a fully qualified domain name for other
sites. The valuename may also include a specific protocol. For example, if you
enter http://www.contoso.com as the valuename, other protocols are not affected. If
you enter just www.contoso.com, then all protocols are affected for that site,
including http, https, ftp, and so on. The site may also be expressed as an IP
address (e.g., 127.0.0.1) or range (e.g., 127.0.0.1-10). To avoid creating
conflicting policies, do not include additional characters after the domain such as
trailing slashes or URL path. For example, policy settings for www.contoso.com and
www.contoso.com/mail would be treated as the same policy setting by Internet
Explorer, and would therefore be in conflict.
Value - A number indicating the zone with which this site should be associated for
security settings. The Internet Explorer zones described above are 1-4.
If you disable or do not configure this policy, users may choose their own site-to-
zone assignments.</string>
<string id="IZ_ExplainZoneTemplatesPolicy">This template policy setting
allows you to configure policy settings in this zone consistent with a selected
security level, for example, Low, Medium Low, Medium, or High.
If you enable this template policy setting and select a security level, all values
for individual settings in the zone will be overwritten by the standard template
defaults.
If you disable this template policy setting, no security level is configured.
If you do not configure this template policy setting, no security level is

configured.
Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by
comparing the settings in the active URL's zone against those in the Locked-Down
equivalent zone. If you select a security level for any zone (including selecting
no security), the same change should be made to the Locked-Down equivalent.
Note. It is recommended to configure template policy settings in one Group Policy

object (GPO) and configure any related individual policy settings in a separate
GPO. You can then use Group Policy management features (for example, precedence,
inheritance, or enforce) to apply individual settings to specific targets.</string>
<string id="IZ_IncludeUnspecifiedLocalSites">Intranet Sites: Include all
local (intranet) sites not listed in other zones</string>
<string id="IZ_InternetZone">Internet Zone</string>
<string id="IZ_InternetZoneLockdown">Locked-Down Internet Zone</string>
<string id="IZ_InternetZoneLockdown_Explain">The settings in this zone apply
only if the Internet Zone is in 'lockdown' mode, such as when the Network Protocol
Lockdown security feature is in effect. If the zone is locked down, these URL
action settings do not override the standard Internet Zone settings, but are
compared against them. If the settings for that URL action in the two zones are the
same, then that setting is used. Otherwise, the user is presented with a
Notification bar, and may allow the zone to operate with the standard (non-
lockdown) zone's setting.</string>
<string id="IZ_IntranetZone">Intranet Zone</string>
<string id="IZ_IntranetZoneLockdown">Locked-Down Intranet Zone</string>
<string id="IZ_IntranetZoneLockdown_Explain">The settings in this zone apply
only if the Intranet Zone is in 'lockdown' mode, such as when the Network Protocol
Lockdown security feature is in effect. If the zone is locked down, these URL
action settings do not override the standard Intranet Zone settings, but are
<string id="IZ_ItemnameAdminApproved">Administrator approved</string>
<string id="IZ_ItemnameAnonymousLogon">Anonymous logon</string>
<string id="IZ_ItemnameAutomaticLogon">Automatic logon with current username
and password</string>
<string id="IZ_ItemnameAutomaticLogonInIntranetZone">Automatic logon only in
Intranet zone</string>
<string id="IZ_ItemnameCustom">Custom</string>
<string id="IZ_ItemnameDisable">Disable</string>
<string id="IZ_ItemnameDisableJava">Disable Java</string>
<string id="IZ_ItemnameEnable">Enable</string>
<string id="IZ_ItemnameHigh">High</string>
<string id="IZ_ItemnameHighSafety">High safety</string>
<string id="IZ_ItemnameLow">Low</string>
<string id="IZ_ItemnameLowSafety">Low safety</string>
<string id="IZ_ItemnameMedium">Medium</string>
<string id="IZ_ItemnameMediumHigh">Medium High</string>
<string id="IZ_ItemnameMediumLow">Medium Low</string>
<string id="IZ_ItemnameMediumSafety">Medium safety</string>
<string id="IZ_ItemnamePrompt">Prompt</string>
<string id="IZ_ItemnamePromptLogon">Prompt for user name and
password</string>
<string id="IZ_LocalMachineZone">Local Machine Zone</string>
<string id="IZ_LocalMachineZoneLockdown">Locked-Down Local Machine
Zone</string>
<string id="IZ_LocalMachineZoneLockdown_Explain">The settings in this zone
apply only if the Local Machine Zone is in 'lockdown' mode, such as when the Local
Machine Zone Lockdown security feature is in effect. If the zone is locked down,
these URL action settings do not override the standard Local Machine Zone settings,
but are compared against them. If the settings for that URL action in the two zones
are the same, then that setting is used. Otherwise, the user is presented with a
<string id="IZ_Policy_AddressStatusBar">Allow websites to open windows
without status bar or Address bar</string>
<string id="IZ_Policy_AddressStatusBar_Explain">This policy setting controls
whether websites can open new Internet Explorer windows that have no status bar or
Address bar.
If you enable this policy setting, websites can open new Internet Explorer windows
that have no status bar or Address bar.
If you disable this policy setting, websites cannot open new Internet Explorer
windows that have no status bar or Address bar.
If you do not configure this policy setting, the user can choose whether websites
can open new Internet Explorer Windows that have no status bar or Address
bar.</string>
<string id="IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt">Allow
only approved domains to use ActiveX controls without prompt</string>
<string
id="IZ_EXPLAIN_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt">This policy
setting controls whether or not the user is prompted to allow ActiveX controls to
run on websites other than the website that installed the ActiveX control.
If you enable this policy setting, the user is prompted before ActiveX controls can
run from websites in this zone. The user can choose to allow the control to run
from the current site or from all sites.
If you disable this policy setting, the user does not see the per-site ActiveX
prompt, and ActiveX controls can run from all sites in this zone.</string>
<string id="IZ_Policy_AllowDynsrcPlayback">Allow video and animation on a
webpage that uses an older media player</string>
<string id="IZ_Policy_AllowDynsrcPlayback_Explain">This policy setting allows
the playing of video and animation through older media players in specified zones.
Video and animation playback through the object tag may still be allowed, because
this involves external controls or media players.
The dynsrc attribute on the img tag specifies an older media player. Also, as of
Internet Explorer 8, this policy setting controls HTML+TIME media elements that
refer to audio and video files.
If you enable this policy setting, video and animation can be played through older
media players in specified zones.
If you disable this policy setting, video and animation cannot be played through
older media players.
If you do not configure this policy setting, video and animation can be played
through older media players in specified zones.</string>
<string id="IZ_Policy_AllowScriptlets">Allow scriptlets</string>
<string id="IZ_Policy_AllowScriptlets_Explain">This policy setting allows you
to manage whether the user can run scriptlets.
If you enable this policy setting, the user can run scriptlets.
If you disable this policy setting, the user cannot run scriptlets.
If you do not configure this policy setting, the user can enable or disable
scriptlets.</string>
<string id="IZ_Policy_FirstRunOptInDefaultEnable">Turn off first-run
prompt</string>
<string id="IZ_Policy_FirstRunOptIn">Turn off first-run prompt</string>
<string id="IZ_Policy_FirstRunOptIn_ExplainDefaultDisable">This policy
setting controls the first-run response that the user sees on a zone-by-zone basis.
When the user encounters a new control that has not previously run in Internet
Explorer, he or she may be prompted to approve the control. This policy setting
determines whether the user is prompted.
If you enable this policy setting, the first-run prompt is turned off in the
corresponding zone.
If you disable this policy setting, the first-run prompt is turned on in the
corresponding zone.
If you do not configure this policy setting, the first-run prompt is turned off by
default.</string>
<string id="IZ_Policy_FirstRunOptIn_ExplainDefaultEnable">This policy setting
controls the first-run response that the user sees on a zone-by-zone basis. When
the user encounters a new control that has not previously run in Internet Explorer,
he or she may be prompted to approve the control. This policy setting determines
whether the user is prompted.
If you enable this policy setting, the first-run prompt is turned off in the
corresponding zone.
If you disable this policy setting, the first-run prompt is turned on in the
corresponding zone.
If you do not configure this policy setting, the first-run prompt is turned on by
default.</string>
<string id="IZ_Policy_LocalPathForUpload">Include local path when user is
uploading files to a server</string>
<string id="IZ_Policy_LocalPathForUpload_Explain">This policy setting
controls whether or not local path information is sent when the user is uploading a
file via an HTML form. If the local path information is sent, some information may
be unintentionally revealed to the server. For instance, files sent from the user's
desktop may contain the user name as a part of the path.
If you enable this policy setting, path information is sent when the user is
uploading a file via an HTML form.
If you disable this policy setting, path information is removed when the user is
uploading a file via an HTML form.
If you do not configure this policy setting, the user can choose whether path
information is sent when he or she is uploading a file via an HTML form. By
default, path information is sent.</string>
<string id="IZ_Policy_Phishing">Turn on SmartScreen Filter scan</string>
<string id="IZ_Policy_Phishing_Explain">This policy setting controls whether
SmartScreen Filter scans pages in this zone for malicious content.
If you enable this policy setting, SmartScreen Filter scans pages in this zone for
malicious content.
If you disable this policy setting, SmartScreen Filter does not scan pages in this
zone for malicious content.
If you do not configure this policy setting, the user can choose whether
SmartScreen Filter scans pages in this zone for malicious content.
Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter
scans pages in this zone for malicious content.</string>
<string id="IZ_Policy_ScriptPrompt">Allow websites to prompt for information
by using scripted windows</string>
<string id="IZ_Policy_ScriptPrompt_Explain">This policy setting determines
whether scripted windows are automatically displayed.
If you enable this policy setting, scripted windows are displayed.
If you disable this policy setting, the user must choose to display any scripted
windows by using the Notification bar.
If you do not configure this policy setting, the user can enable or disable the
Notification bar behavior.</string>
<string id="IZ_Policy_ScriptStatusBar">Allow updates to status bar via
script</string>
<string id="IZ_Policy_ScriptStatusBarDefaultEnable">Allow updates to status
bar via script</string>
<string id="IZ_Policy_ScriptStatusBar_ExplainDefaultDisable">This policy
setting allows you to manage whether script is allowed to update the status bar
within the zone.
If you enable this policy setting, script is allowed to update the status bar.
If you disable or do not configure this policy setting, script is not allowed to
update the status bar.</string>
<string id="IZ_Policy_ScriptStatusBar_ExplainDefaultEnable">This policy
setting allows you to manage whether script is allowed to update the status bar
within the zone.
If you enable this policy setting, script is allowed to update the status bar.
If you disable or do not configure this policy setting, script is allowed to update
the status bar.</string>
<string id="IZ_Policy_TurnOnProtectedMode">Turn on Protected Mode</string>
<string id="IZ_Policy_TurnOnProtectedMode_Explain">This policy setting allows
you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from
exploited vulnerabilities by reducing the locations that Internet Explorer can
write to in the registry and the file system.
If you enable this policy setting, Protected Mode is turned on. The user cannot
turn off Protected Mode.
If you disable this policy setting, Protected Mode is turned off. The user cannot
turn on Protected Mode.
If you do not configure this policy setting, the user can turn on or turn off
Protected Mode.</string>
<string id="IZ_PolicyTurnOnXSSFilter">Turn on Cross-Site Scripting
Filter</string>
<string id="IZ_EXPLAIN_PolicyTurnOnXSSFilter">This policy controls whether or
not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script
injections into websites in this zone.
If you enable this policy setting, the XSS Filter is turned on for sites in this
zone, and the XSS Filter attempts to block cross-site script injections.
If you disable this policy setting, the XSS Filter is turned off for sites in this
zone, and Internet Explorer permits cross-site script injections.</string>
<string id="IZ_Policy_UnsafeFiles">Show security warning for potentially
unsafe files</string>
<string id="IZ_Policy_UnsafeFiles_Explain">This policy setting controls
whether or not the "Open File - Security Warning" message appears when the user
tries to open executable files or other potentially unsafe files (from an intranet
file share by using File Explorer, for example).
If you enable this policy setting and set the drop-down box to Enable, these files
open without a security warning. If you set the drop-down box to Prompt, a security
warning appears before the files open.
If you disable this policy setting, these files do not open.

If you do not configure this policy setting, the user can configure how the
computer handles these files. By default, these files are blocked in the Restricted
zone, enabled in the Intranet and Local Computer zones, and set to prompt in the
Internet and Trusted zones.</string>
<string id="IZ_Policy_WebBrowserApps">Allow loading of XAML Browser
Applications</string>
<string id="IZ_Policy_WebBrowserApps_Explain">This policy setting allows you
to manage the loading of XAML Browser Applications (XBAPs). These are browser-
hosted, ClickOnce-deployed applications built via WinFX. These applications run in
a security sandbox and take advantage of the Windows Presentation Foundation
platform for the web.
If you enable this policy setting and set the drop-down box to Enable, XBAPs are
automatically loaded inside Internet Explorer. The user cannot change this
behavior. If you set the drop-down box to Prompt, the user is prompted for loading
XBAPs.
If you disable this policy setting, XBAPs are not loaded inside Internet Explorer.
The user cannot change this behavior.
If you do not configure this policy setting, the user can decide whether to load
XBAPs inside Internet Explorer.</string>
<string id="IZ_Policy_WebBrowserControl">Allow scripting of Internet Explorer
WebBrowser controls</string>
<string id="IZ_Policy_WebBrowserControl_Explain">This policy setting
determines whether a page can control embedded WebBrowser controls via script.
If you enable this policy setting, script access to the WebBrowser control is
allowed.
If you disable this policy setting, script access to the WebBrowser control is not
allowed.
If you do not configure this policy setting, the user can enable or disable script
access to the WebBrowser control. By default, script access to the WebBrowser
control is allowed only in the Local Machine and Intranet zones.</string>
<string id="IZ_Policy_WinFXRuntimeComponent">Turn off .NET Framework
Setup</string>
<string id="IZ_Policy_WinFXRuntimeComponent_Explain">This policy setting
prevents the user's computer from starting Microsoft .NET Framework Setup when the
user is browsing to .NET Framework content in Internet Explorer. The .NET Framework
is the next-generation platform for Windows. It uses the common language runtime
and incorporates support from multiple developer tools. It includes the new managed
code APIs for Windows.
If you enable this policy setting, .NET Framework Setup is turned off. The user
cannot change this behavior.
If you disable this policy setting, .NET Framework Setup is turned on. The user
If you do not configure this policy setting, .NET Framework Setup is turned on by
default. The user can change this behavior.</string>
<string id="IZ_Policy_XAML">Allow loading of XAML files</string>
<string id="IZ_Policy_XAML_Explain">This policy setting allows you to manage
the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-
based declarative markup language commonly used for creating rich user interfaces
and graphics that take advantage of the Windows Presentation Foundation.
If you enable this policy setting and set the drop-down box to Enable, XAML files
are automatically loaded inside Internet Explorer. The user cannot change this
XAML files.
If you disable this policy setting, XAML files are not loaded inside Internet
Explorer. The user cannot change this behavior.
XAML files inside Internet Explorer.</string>
<string id="IZ_Policy_XPS">Allow loading of XPS files</string>
<string id="IZ_Policy_XPS_Explain">This policy setting allows you to manage
the loading of XPS files. These files contain a fixed-layout representation of
paginated content and are portable across platforms, devices, and applications.
If you enable this policy setting and set the drop-down box to Enable, XPS files
are automatically loaded inside Internet Explorer. The user cannot change this
XPS files.
If you disable this policy setting, XPS files are not loaded inside Internet
Explorer. The user cannot change this behavior.
XPS files inside Internet Explorer.</string>
<string id="IZ_PolicyAccessDataSourcesAcrossDomains">Access data sources
across domains</string>
<string
id="IZ_PolicyAccessDataSourcesAcrossDomains_ExplainDefaultDisable">This policy
setting allows you to manage whether Internet Explorer can access data from another
security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).
If you enable this policy setting, users can load a page in the zone that uses
MSXML or ADO to access data from another site in the zone. If you select Prompt in
the drop-down box, users are queried to choose whether to allow a page to be loaded
in the zone that uses MSXML or ADO to access data from another site in the zone.
If you disable this policy setting, users cannot load a page in the zone that uses
MSXML or ADO to access data from another site in the zone.
If you do not configure this policy setting, users cannot load a page in the zone
that uses MSXML or ADO to access data from another site in the zone.</string>
<string
id="IZ_PolicyAccessDataSourcesAcrossDomains_ExplainDefaultEnable">This policy
If you do not configure this policy setting, users can load a page in the zone that
uses MSXML or ADO to access data from another site in the zone.</string>
<string
id="IZ_PolicyAccessDataSourcesAcrossDomains_ExplainDefaultPrompt">This policy
If you do not configure this policy setting, users are queried to choose whether to
allow a page to be loaded in the zone that uses MSXML or ADO to access data from
another site in the zone.</string>
<string id="IZ_PolicyActiveScripting">Allow active scripting</string>
<string id="IZ_PolicyActiveScripting_ExplainDefaultDisable">This policy
setting allows you to manage whether script code on pages in the zone is run.
If you enable this policy setting, script code on pages in the zone can run
automatically. If you select Prompt in the drop-down box, users are queried to
choose whether to allow script code on pages in the zone to run.
If you disable this policy setting, script code on pages in the zone is prevented
from running.
If you do not configure this policy setting, script code on pages in the zone is
prevented from running.</string>
<string id="IZ_PolicyActiveScripting_ExplainDefaultEnable">This policy
from running.
If you do not configure this policy setting, script code on pages in the zone can
run automatically.</string>
<string id="IZ_PolicyActiveScripting_ExplainDefaultPrompt">This policy
from running.
allow script code on pages in the Local Machine zone to run.</string>
<string id="IZ_PolicyAllowMETAREFRESH">Allow META REFRESH</string>
<string id="IZ_PolicyAllowMETAREFRESH_ExplainDefaultDisable">This policy
setting allows you to manage whether a user's browser can be redirected to another
Web page if the author of the Web page uses the Meta Refresh setting (tag) to
redirect browsers to another Web page.
If you enable this policy setting, a user's browser that loads a page containing an
active Meta Refresh setting can be redirected to another Web page.
If you disable this policy setting, a user's browser that loads a page containing
an active Meta Refresh setting cannot be redirected to another Web page.
If you do not configure this policy setting, a user's browser that loads a page
containing an active Meta Refresh setting cannot be redirected to another Web
page.</string>
<string id="IZ_PolicyAllowMETAREFRESH_ExplainDefaultEnable">This policy
setting allows you to manage whether a user's browser can be redirected to another
Web page if the author of the Web page uses the Meta Refresh setting (tag) to
redirect browsers to another Web page.
If you enable this policy setting, a user's browser that loads a page containing an
active Meta Refresh setting can be redirected to another Web page.
If you disable this policy setting, a user's browser that loads a page containing
an active Meta Refresh setting cannot be redirected to another Web page.
If you do not configure this policy setting, a user's browser that loads a page
containing an active Meta Refresh setting can be redirected to another Web
page.</string>
<string id="IZ_PolicyAllowPasteViaScript">Allow cut, copy or paste operations
from the clipboard via script</string>
<string id="IZ_PolicyAllowPasteViaScript_ExplainDefaultDisable">This policy
setting allows you to manage whether scripts can perform a clipboard operation (for
example, cut, copy, and paste) in a specified region.
If you enable this policy setting, a script can perform a clipboard operation.
If you select Prompt in the drop-down box, users are queried as to whether to
perform clipboard operations.
If you disable this policy setting, a script cannot perform a clipboard operation.
If you do not configure this policy setting, a script cannot perform a clipboard
operation.</string>
<string id="IZ_PolicyAllowPasteViaScript_ExplainDefaultEnable">This policy
setting allows you to manage whether scripts can perform a clipboard operation (for
example, cut, copy, and paste) in a specified region.
If you enable this policy setting, a script can perform a clipboard operation.
If you select Prompt in the drop-down box, users are queried as to whether to
perform clipboard operations.
If you disable this policy setting, a script cannot perform a clipboard operation.
If you do not configure this policy setting, a script can perform a clipboard
operation.</string>
<string id="IZ_PolicyBinaryBehaviors">Allow binary and script
behaviors</string>
<string id="IZ_PolicyBinaryBehaviors_ExplainDefaultAdminApproved">This policy
setting allows you to manage dynamic binary and script behaviors: components that
encapsulate specific functionality for HTML elements to which they were attached.
If you enable this policy setting, binary and script behaviors are available. If
you select Administrator approved in the drop-down box, only behaviors listed in
the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are
available.
If you disable this policy setting, binary and script behaviors are not available
unless applications have implemented a custom security manager.
If you do not configure this policy setting, only behaviors listed in the Admin-
approved Behaviors under Binary Behaviors Security Restriction policy are
available.</string>
<string id="IZ_PolicyBinaryBehaviors_ExplainDefaultDisable">This policy
available.
If you do not configure this policy setting, binary and script behaviors are not
available unless applications have implemented a custom security manager.</string>
<string id="IZ_PolicyBinaryBehaviors_ExplainDefaultEnable">This policy
available.
If you do not configure this policy setting, binary and script behaviors are
available.</string>
<string id="IZ_PolicyBlockPopupWindows">Use Pop-up Blocker</string>
<string id="IZ_PolicyBlockPopupWindows_ExplainDefaultDisable">This policy
setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows
that are opened when the end user clicks a link are not blocked.
If you enable this policy setting, most unwanted pop-up windows are prevented from
appearing.
If you disable this policy setting, pop-up windows are not prevented from
appearing.
If you do not configure this policy setting, pop-up windows are not prevented from
appearing.</string>
<string id="IZ_PolicyBlockPopupWindows_ExplainDefaultEnable">This policy
setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows
that are opened when the end user clicks a link are not blocked.
If you enable this policy setting, most unwanted pop-up windows are prevented from
appearing.
If you disable this policy setting, pop-up windows are not prevented from
appearing.
If you do not configure this policy setting, most unwanted pop-up windows are
prevented from appearing.</string>
<string id="IZ_PolicyDisplayMixedContent">Display mixed content</string>
<string id="IZ_PolicyDisplayMixedContent_ExplainDefaultPrompt">This policy
setting allows you to manage whether users can display nonsecure items and manage
whether users receive a security information message to display pages containing
both secure and nonsecure items.
If you enable this policy setting, and the drop-down box is set to Enable, the user
does not receive a security information message (This page contains both secure and
nonsecure items. Do you want to display the nonsecure items?) and nonsecure content
can be displayed.
If the drop-down box is set to Prompt, the user will receive the security
information message on the Web pages that contain both secure (https://) and
nonsecure (http://) content.
If you disable this policy setting, users cannot receive the security information
message and nonsecure content cannot be displayed.
If you do not configure this policy setting, the user will receive the security
information message on the Web pages that contain both secure (https://) and
nonsecure (http://) content.</string>
<string id="IZ_PolicyDownloadSignedActiveX">Download signed ActiveX
controls</string>
<string id="IZ_PolicyDownloadSignedActiveX_ExplainDefaultDisable">This policy
setting allows you to manage whether users may download signed ActiveX controls
from a page in the zone.
If you enable this policy, users can download signed controls without user
intervention. If you select Prompt in the drop-down box, users are queried whether
to download controls signed by publishers who aren't trusted. Code signed by
trusted publishers is silently downloaded.
If you disable the policy setting, signed controls cannot be downloaded.
If you do not configure this policy setting, signed controls cannot be

downloaded.</string>
<string id="IZ_PolicyDownloadSignedActiveX_ExplainDefaultEnable">This policy
If you do not configure this policy setting, users can download signed controls
without user intervention.</string>
<string id="IZ_PolicyDownloadSignedActiveX_ExplainDefaultPrompt">This policy
If you do not configure this policy setting, users are queried whether to download
controls signed by publishers who aren't trusted. Code signed by trusted
publishers is silently downloaded.</string>
<string id="IZ_PolicyDownloadUnsignedActiveX">Download unsigned ActiveX
controls</string>
<string id="IZ_PolicyDownloadUnsignedActiveX_ExplainDefaultDisable">This
policy setting allows you to manage whether users may download unsigned ActiveX
controls from the zone. Such code is potentially harmful, especially when coming
from an untrusted zone.
If you enable this policy setting, users can run unsigned controls without user
intervention. If you select Prompt in the drop-down box, users are queried to
choose whether to allow the unsigned control to run.
If you disable this policy setting, users cannot run unsigned controls.
If you do not configure this policy setting, users cannot run unsigned
controls.</string>
<string id="IZ_PolicyDownloadUnsignedActiveX_ExplainDefaultEnable">This
If you do not configure this policy setting, users can run unsigned controls
without user intervention.</string>
<string id="IZ_PolicyDownloadUnsignedActiveX_ExplainDefaultPrompt">This
allow the unsigned control to run.</string>
<string id="IZ_PolicyDropOrPasteFiles">Allow drag and drop or copy and paste
files</string>
<string id="IZ_PolicyDropOrPasteFiles_ExplainDefaultEnable">This policy
setting allows you to manage whether users can drag files or copy and paste files
from a source within the zone.
If you enable this policy setting, users can drag files or copy and paste files
from this zone automatically. If you select Prompt in the drop-down box, users are
queried to choose whether to drag or copy files from this zone.
If you disable this policy setting, users are prevented from dragging files or
copying and pasting files from this zone.
If you do not configure this policy setting, users can drag files or copy and paste
files from this zone automatically.</string>
<string id="IZ_PolicyDropOrPasteFiles_ExplainDefaultPrompt">This policy
setting allows you to manage whether users can drag files or copy and paste files
from a source within the zone.
If you enable this policy setting, users can drag files or copy and paste files
from this zone automatically. If you select Prompt in the drop-down box, users are
queried to choose whether to drag or copy files from this zone.
If you disable this policy setting, users are prevented from dragging files or
copying and pasting files from this zone.
drag or copy files from this zone.</string>
<string id="IZ_PolicyRenderLegacyFilters">Render legacy filters</string>

<string id="IZ_PolicyRenderLegacyFilters_ExplainDefaultDisable">This policy
setting specifies whether Internet Explorer renders legacy visual filters in this
zone.
If you enable this policy setting, you can control whether or not Internet Explorer
renders legacy filters by selecting Enable, or Disable, under Options in Group
Policy Editor.
If you disable, or do not configure this policy setting, users can choose whether
or not to render filters in this zone. Users can change this setting on the
Security tab of the Internet Options dialog box. Filters are not rendered by
default in this zone.</string>
<string id="IZ_PolicyRenderLegacyFilters_ExplainDefaultEnable">This policy

setting specifies whether Internet Explorer renders legacy visual filters in this
zone.
If you enable this policy setting, you can control whether or not Internet Explorer
renders legacy filters by selecting Enable, or Disable, under Options in Group
Policy Editor.
If you disable, or do not configure this policy setting, users can choose whether
or not to render filters in this zone. Users can change this setting on the
Security tab of the Internet Options dialog box. Filters are rendered by default in
this zone.</string>
<string id="IZ_PolicyFileDownload">Allow file downloads</string>

<string id="IZ_PolicyFileDownload_ExplainDefaultDisable">This policy setting
allows you to manage whether file downloads are permitted from the zone. This
option is determined by the zone of the page with the link causing the download,
not the zone from which the file is delivered.
If you enable this policy setting, files can be downloaded from the zone.
If you disable this policy setting, files are prevented from being downloaded from
the zone.
If you do not configure this policy setting, files are prevented from being
downloaded from the zone.</string>
<string id="IZ_PolicyFileDownload_ExplainDefaultEnable">This policy setting
allows you to manage whether file downloads are permitted from the zone. This
option is determined by the zone of the page with the link causing the download,
not the zone from which the file is delivered.
If you enable this policy setting, files can be downloaded from the zone.
If you disable this policy setting, files are prevented from being downloaded from
the zone.
If you do not configure this policy setting, files can be downloaded from the
zone.</string>
<string id="IZ_PolicyFontDownload">Allow font downloads</string>
<string id="IZ_PolicyFontDownload_ExplainDefaultEnable">This policy setting
allows you to manage whether pages of the zone may download HTML fonts.
If you enable this policy setting, HTML fonts can be downloaded automatically. If
you enable this policy setting and Prompt is selected in the drop-down box, users
are queried whether to allow HTML fonts to download.
If you disable this policy setting, HTML fonts are prevented from downloading.
If you do not configure this policy setting, HTML fonts can be downloaded
automatically.</string>
<string id="IZ_PolicyFontDownload_ExplainDefaultPrompt">This policy setting
allows you to manage whether pages of the zone may download HTML fonts.
If you enable this policy setting, HTML fonts can be downloaded automatically. If
you enable this policy setting and Prompt is selected in the drop-down box, users
are queried whether to allow HTML fonts to download.
If you disable this policy setting, HTML fonts are prevented from downloading.
If you do not configure this policy setting, users are queried whether to allow
HTML fonts to download.</string>
<string id="IZ_PolicyInstallDesktopItems">Allow installation of desktop
items</string>
<string id="IZ_PolicyInstallDesktopItems_ExplainDefaultDisable">This policy
setting allows you to manage whether users can install Active Desktop items from
this zone. The settings for this option are: If you enable this policy setting,
users can install desktop items from this zone automatically.
If you select Prompt in the drop-down box, users are queried to choose whether to
install desktop items from this zone.
If you disable this policy setting, users are prevented from installing desktop
items from this zone.
If you do not configure this policy setting, users are prevented from installing
desktop items from this zone.</string>
<string id="IZ_PolicyInstallDesktopItems_ExplainDefaultEnable">This policy
If you do not configure this policy setting, users can install desktop items from
this zone automatically.</string>
<string id="IZ_PolicyInstallDesktopItems_ExplainDefaultPrompt">This policy
install desktop items from this zone.</string>
<string id="IZ_PolicyInternetZoneLockdownTemplate">Locked-Down Internet Zone
Template</string>
<string id="IZ_PolicyInternetZoneTemplate">Internet Zone Template</string>
<string id="IZ_PolicyIntranetZoneLockdownTemplate">Locked-Down Intranet Zone
Template</string>
<string id="IZ_PolicyIntranetZoneTemplate">Intranet Zone Template</string>
<string id="IZ_PolicyJavaPermissions">Java permissions</string>
<string id="IZ_PolicyJavaPermissions_ExplainDefaultDisable">This policy
setting allows you to manage permissions for Java applets.
If you enable this policy setting, you can choose options from the drop-down box.
Custom, to control permissions settings individually.
Low Safety enables applets to perform all operations.
Medium Safety enables applets to run in their sandbox (an area in memory outside of
which the program cannot make calls), plus capabilities like scratch space (a safe
and secure storage area on the client computer) and user-controlled file I/O.
High Safety enables applets to run in their sandbox. Disable Java to prevent any
applets from running.
If you disable this policy setting, Java applets cannot run.
If you do not configure this policy setting, Java applets are disabled.</string>
<string id="IZ_PolicyJavaPermissions_ExplainDefaultHigh">This policy setting
allows you to manage permissions for Java applets.
If you do not configure this policy setting, the permission is set to High
Safety.</string>
<string id="IZ_PolicyJavaPermissions_ExplainDefaultLow">This policy setting
allows you to manage permissions for Java applets.
If you do not configure this policy setting, the permission is set to Low
Safety.</string>
<string id="IZ_PolicyJavaPermissions_ExplainDefaultMedium">This policy
setting allows you to manage permissions for Java applets.
If you do not configure this policy setting, the permission is set to Medium
Safety.</string>
<string id="IZ_PolicyLaunchAppsAndFilesInIFRAME">Launching applications and
files in an IFRAME</string>
<string id="IZ_PolicyLaunchAppsAndFilesInIFRAME_ExplainDefaultDisable">This
policy setting allows you to manage whether applications may be run and files may
be downloaded from an IFRAME reference in the HTML of the pages in this zone.
If you enable this policy setting, users can run applications and download files
from IFRAMEs on the pages in this zone without user intervention. If you select
Prompt in the drop-down box, users are queried to choose whether to run
applications and download files from IFRAMEs on the pages in this zone.
If you disable this policy setting, users are prevented from running applications
and downloading files from IFRAMEs on the pages in this zone.
If you do not configure this policy setting, users are prevented from running
applications and downloading files from IFRAMEs on the pages in this zone.</string>
<string id="IZ_PolicyLaunchAppsAndFilesInIFRAME_ExplainDefaultEnable">This
If you do not configure this policy setting, users can run applications and
download files from IFRAMEs on the pages in this zone without user
intervention.</string>
<string id="IZ_PolicyLaunchAppsAndFilesInIFRAME_ExplainDefaultPrompt">This
run applications and download files from IFRAMEs on the pages in this
zone.</string>
<string id="IZ_PolicyLocalMachineZoneLockdownTemplate">Locked-Down Local
Machine Zone Template</string>
<string id="IZ_PolicyLocalMachineZoneTemplate">Local Machine Zone
Template</string>
<string id="IZ_PolicyLogon">Logon options</string>
<string id="IZ_PolicyLogon_ExplainDefaultAutomatic">This policy setting
allows you to manage settings for logon options.
If you enable this policy setting, you can choose from the following logon options.
Anonymous logon to disable HTTP authentication and use the guest account only for
the Common Internet File System (CIFS) protocol.
Prompt for user name and password to query users for user IDs and passwords. After
a user is queried, these values can be used silently for the remainder of the
session.
Automatic logon only in Intranet zone to query users for user IDs and passwords in
other zones. After a user is queried, these values can be used silently for the
remainder of the session.
Automatic logon with current user name and password to attempt logon using Windows
NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge
Response is supported by the server, the logon uses the user's network user name
and password for logon. If Windows NT Challenge Response is not supported by the
server, the user is queried to provide the user name and password.
If you disable this policy setting, logon is set to Automatic logon only in
Intranet zone.
If you do not configure this policy setting, logon is set to Automatic logon with
current username and password.</string>
<string id="IZ_PolicyLogon_ExplainDefaultLogonInIntranet">This policy setting
allows you to manage settings for logon options.
session.
Intranet zone.
If you do not configure this policy setting, logon is set to Automatic logon only
in Intranet zone.</string>
<string id="IZ_PolicyLogon_ExplainDefaultPrompt">This policy setting allows
you to manage settings for logon options.
session.
Intranet zone.
If you do not configure this policy setting, logon is set to Prompt for username
and password.</string>
<string id="IZ_PolicyMimeSniffingURLaction">Enable MIME Sniffing</string>
<string id="IZ_PolicyMimeSniffingURLaction_ExplainDefaultDisable">This policy
setting allows you to manage MIME sniffing for file promotion from one type to
another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer
of the file type based on a bit signature.
If you enable this policy setting, the MIME Sniffing Safety Feature will not apply
in this zone. The security zone will run without the added layer of security
provided by this feature.
If you disable this policy setting, the actions that may be harmful cannot run;
this Internet Explorer security feature will be turned on in this zone, as dictated
by the feature control setting for the process.
If you do not configure this policy setting, the actions that may be harmful cannot
run; this Internet Explorer security feature will be turned on in this zone, as
dictated by the feature control setting for the process.</string>
<string id="IZ_PolicyMimeSniffingURLaction_ExplainDefaultEnable">This policy
setting allows you to manage MIME sniffing for file promotion from one type to
another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer
of the file type based on a bit signature.
If you enable this policy setting, the MIME Sniffing Safety Feature will not apply
in this zone. The security zone will run without the added layer of security
provided by this feature.
If you disable this policy setting, the actions that may be harmful cannot run;
this Internet Explorer security feature will be turned on in this zone, as dictated
by the feature control setting for the process.
If you do not configure this policy setting, the MIME Sniffing Safety Feature will
not apply in this zone.</string>
<string id="IZ_PolicyDragDropAcrossDomainsWithinWindow">Enable dragging of
content from different domains within a window</string>
<string id="IZ_PolicyDragDropAcrossDomainsWithinWindow_ExplainDefault">This
policy setting allows you to set options for dragging content from one domain to a
different domain when the source and destination are in the same window.
If you enable this policy setting and click Enable, users can drag content from one
domain to a different domain when the source and destination are in the same
window. Users cannot change this setting.
If you enable this policy setting and click Disable, users cannot drag content from
one domain to a different domain when the source and destination are in the same
window. Users cannot change this setting in the Internet Options dialog.
In Internet Explorer 10, if you disable this policy setting or do not configure it,
users cannot drag content from one domain to a different domain when the source and
destination are in the same window. Users can change this setting in the Internet
Options dialog.
In Internet Explorer 9 and earlier versions, if you disable this policy setting or
do not configure it, users can drag content from one domain to a different domain
when the source and destination are in the same window. Users cannot change this
setting in the Internet Options dialog.</string>
<string id="IZ_PolicyDragDropAcrossDomainsAcrossWindows">Enable dragging of
content from different domains across windows</string>
<string id="IZ_PolicyDragDropAcrossDomainsAcrossWindows_ExplainDefault">This
policy setting allows you to set options for dragging content from one domain to a
different domain when the source and destination are in different windows.
If you enable this policy setting and click Enable, users can drag content from one
domain to a different domain when the source and destination are in different
windows. Users cannot change this setting.
If you enable this policy setting and click Disable, users cannot drag content from
one domain to a different domain when both the source and destination are in
different windows. Users cannot change this setting.
In Internet Explorer 10, if you disable this policy setting or do not configure it,
users cannot drag content from one domain to a different domain when the source and
destination are in different windows. Users can change this setting in the Internet
Options dialog.
In Internet Explorer 9 and earlier versions, if you disable this policy or do not
configure it, users can drag content from one domain to a different domain when the
source and destination are in different windows. Users cannot change this
setting.</string>
<string id="IZ_PolicyNavigateSubframesAcrossDomains">Navigate windows and
frames across different domains</string>
<string
id="IZ_PolicyNavigateSubframesAcrossDomains_ExplainDefaultDisable">This policy
setting allows you to manage the opening of windows and frames and access of
applications across different domains.
If you enable this policy setting, users can open additional windows and frames
from other domains and access applications from other domains. If you select Prompt
in the drop-down box, users are queried whether to allow additional windows and
frames to access applications from other domains.
If you disable this policy setting, users cannot open other windows and frames from
other domains or access applications from different domains.
If you do not configure this policy setting, users cannot open other windows and
frames from different domains or access applications from different
domains.</string>
<string
id="IZ_PolicyNavigateSubframesAcrossDomains_ExplainDefaultEnable">This policy
setting allows you to manage the opening of windows and frames and access of
applications across different domains.
If you enable this policy setting, users can open windows and frames from othe
domains and access applications from other domains. If you select Prompt in the
drop-down box, users are queried whether to allow windows and frames to access
applications from other domains.
If you disable this policy setting, users cannot open windows and frames to access
applications from different domains.
If you do not configure this policy setting, users can open windows and frames from
othe domains and access applications from other domains.</string>
<string id="IZ_PolicyNetworkProtocolLockdown">Allow active content over
restricted protocols to access my computer</string>
<string id="IZ_PolicyNetworkProtocolLockdown_ExplainDefaultDisable">This
policy setting allows you to manage whether a resource hosted on an admin-
restricted protocol in the Trusted Sites Zone can run active content such as
script, ActiveX, Java and Binary Behaviors. The list of restricted protocols may be
set in the Trusted Sites Zone Restricted Protocols section under Network Protocol
Lockdown policy.
If you enable this policy setting, no Trusted Sites Zone content accessed is
affected, even for protocols on the restricted list. If you select Prompt from the
drop-down box, the Notification bar will appear to allow control over questionable
content accessed over any restricted protocols; content over other protocols is
unaffected.
If you disable this policy setting, all attempts to access such content over the
restricted protocols is blocked.
If you do not configure this policy setting, all attempts to access such content
over the restricted protocols is blocked when the Network Protocol Lockdown
security feature is enabled.</string>
<string id="IZ_PolicyNetworkProtocolLockdown_ExplainDefaultPrompt">This
policy setting allows you to manage whether a resource hosted on an admin-
restricted protocol in the Intranet Zone can run active content such as script,
ActiveX, Java and Binary Behaviors. The list of restricted protocols may be set in
the Intranet Zone Restricted Protocols section under Network Protocol Lockdown
policy.
If you enable this policy setting, no Intranet Zone content accessed is affected,
even for protocols on the restricted list. If you select Prompt from the drop-down
box, the Notification bar will appear to allow control over questionable content
accessed over any restricted protocols; content over other protocols is unaffected.
If you disable this policy setting, all attempts to access such content over the
restricted protocols is blocked.
If you do not configure this policy setting, the Notification bar will appear to
allow control over questionable content accessed over any restricted protocols when
the Network Protocol Lockdown security feature is enabled.</string>
<string id="IZ_PolicyNoPromptForOneOrNoClientCertificate">Do not prompt for
client certificate selection when no certificates or only one certificate
exists.</string>
<string
id="IZ_PolicyNoPromptForOneOrNoClientCertificate_ExplainDefaultDisable">This policy
setting allows you to manage whether users are prompted to select a certificate
when no certificate or only one certificate exists.
If you enable this policy setting, Internet Explorer does not prompt users with a
"Client Authentication" message when they connect to a Web site that has no
certificate or only one certificate.
If you disable this policy setting, Internet Explorer prompts users with a "Client
Authentication" message when they connect to a Web site that has no certificate or
only one certificate.
If you do not configure this policy setting, Internet Explorer prompts users with a
Client Authentication message when they connect to a Web site that has no
certificate or only one certificate.</string>
<string
id="IZ_PolicyNoPromptForOneOrNoClientCertificate_ExplainDefaultEnable">This policy
setting allows you to manage whether users are prompted to select a certificate
when no certificate or only one certificate exists.
If you enable this policy setting, Internet Explorer does not prompt users with a
"Client Authentication" message when they connect to a Web site that has no
certificate or only one certificate.
If you disable this policy setting, Internet Explorer prompts users with a "Client
Authentication" message when they connect to a Web site that has no certificate or
only one certificate.
If you do not configure this policy setting, Internet Explorer does not prompt
users with a "Client Authentication" message when they connect to a Web site that
has no certificate or only one certificate.</string>
<string id="IZ_PolicyNotificationBarActiveXURLaction">Automatic prompting for
ActiveX controls</string>
<string
id="IZ_PolicyNotificationBarActiveXURLaction_ExplainDefaultDisable">This policy
setting manages whether users will be automatically prompted for ActiveX control
installations.
If you enable this policy setting, users will receive a prompt when a site
instantiates an ActiveX control they do not have installed.
If you disable this policy setting, ActiveX control installations will be blocked
using the Notification bar. Users can click on the Notification bar to allow the
ActiveX control prompt.
If you do not configure this policy setting, ActiveX control installations will be
blocked using the Notification bar. Users can click on the Notification bar to
allow the ActiveX control prompt.</string>
<string
id="IZ_PolicyNotificationBarActiveXURLaction_ExplainDefaultEnable">This policy
setting manages whether users will be automatically prompted for ActiveX control
installations.
If you enable this policy setting, users will receive a prompt when a site
instantiates an ActiveX control they do not have installed.
If you disable this policy setting, ActiveX control installations will be blocked
using the Notification bar. Users can click on the Notification bar to allow the
ActiveX control prompt.
If you do not configure this policy setting, users will receive a prompt when a
site instantiates an ActiveX control they do not have installed.</string>
<string id="IZ_PolicyNotificationBarDownloadURLaction">Automatic prompting
for file downloads</string>
<string
id="IZ_PolicyNotificationBarDownloadURLaction_ExplainDefaultDisable">This policy
setting determines whether users will be prompted for non user-initiated file
downloads. Regardless of this setting, users will receive file download dialogs for
user-initiated downloads.
If you enable this setting, users will receive a file download dialog for automatic
download attempts.
If you disable or do not configure this setting, file downloads that are not user-
initiated will be blocked, and users will see the Notification bar instead of the
file download dialog. Users can then click the Notification bar to allow the file
download prompt.</string>
<string
id="IZ_PolicyNotificationBarDownloadURLaction_ExplainDefaultEnable">This policy
setting determines whether users will be prompted for non user-initiated file
downloads. Regardless of this setting, users will receive file download dialogs for
user-initiated downloads.
If you enable this setting, users will receive a file download dialog for automatic
download attempts.
If you disable or do not configure this setting, users will receive a file download
dialog for automatic download attempts.</string>
<string id="IZ_PolicyRestrictedSitesZoneLockdownTemplate">Locked-Down
Restricted Sites Zone Template</string>
<string id="IZ_PolicyRestrictedSitesZoneTemplate">Restricted Sites Zone
Template</string>
<string id="IZ_PolicyRunActiveXControls">Run ActiveX controls and
plugins</string>
<string id="IZ_PolicyRunActiveXControls_ExplainDefaultDisable">This policy
setting allows you to manage whether ActiveX controls and plug-ins can be run on
pages from the specified zone.
If you enable this policy setting, controls and plug-ins can run without user
intervention.
If you selected Prompt in the drop-down box, users are asked to choose whether to
allow the controls or plug-in to run.
If you disable this policy setting, controls and plug-ins are prevented from
running.
If you do not configure this policy setting, controls and plug-ins are prevented
from running.</string>
<string id="IZ_PolicyRunActiveXControls_ExplainDefaultEnable">This policy
setting allows you to manage whether ActiveX controls and plug-ins can be run on
pages from the specified zone.
If you enable this policy setting, controls and plug-ins can run without user
intervention.
If you selected Prompt in the drop-down box, users are asked to choose whether to
allow the controls or plug-in to run.
If you disable this policy setting, controls and plug-ins are prevented from
running.
If you do not configure this policy setting, controls and plug-ins can run without
user intervention.</string>
<string id="IZ_PolicyScriptActiveXMarkedSafe">Script ActiveX controls marked
safe for scripting</string>
<string id="IZ_PolicyScriptActiveXMarkedSafe_ExplainDefaultDisable">This
policy setting allows you to manage whether an ActiveX control marked safe for
scripting can interact with a script.
If you enable this policy setting, script interaction can occur automatically
without user intervention.
allow script interaction.
If you disable this policy setting, script interaction is prevented from occurring.
If you do not configure this policy setting, script interaction is prevented from
occurring.</string>
<string id="IZ_PolicyScriptActiveXMarkedSafe_ExplainDefaultEnable">This
policy setting allows you to manage whether an ActiveX control marked safe for
scripting can interact with a script.
If you enable this policy setting, script interaction can occur automatically
without user intervention.
allow script interaction.
If you disable this policy setting, script interaction is prevented from occurring.
If you do not configure this policy setting, script interaction can occur
automatically without user intervention.</string>
<string id="IZ_PolicyAntiMalwareCheckingOfActiveXControls">Don't run
antimalware programs against ActiveX controls</string>
<string
id="IZ_PolicyAntiMalwareCheckingOfActiveXControls_ExplainDefaultEnable">This policy
setting determines whether Internet Explorer runs antimalware programs against
ActiveX controls, to check if they're safe to load on pages.
If you enable this policy setting, Internet Explorer won't check with your
antimalware program to see if it's safe to create an instance of the ActiveX
control.
If you disable this policy setting, Internet Explorer always checks with your
control.
If you don't configure this policy setting, Internet Explorer always checks with
your antimalware program to see if it's safe to create an instance of the ActiveX
control. Users can turn this behavior on or off, using Internet Explorer Security
settings.</string>
<string
id="IZ_PolicyAntiMalwareCheckingOfActiveXControls_ExplainDefaultDisable">This
policy setting determines whether Internet Explorer runs antimalware programs
against ActiveX controls, to check if they're safe to load on pages.
If you enable this policy setting, Internet Explorer won't check with your
control.
If you disable this policy setting, Internet Explorer always checks with your
control.
If you don't configure this policy setting, Internet Explorer won't check with your
control. Users can turn this behavior on or off, using Internet Explorer Security
settings.</string>
<string id="IZ_PolicyScriptActiveXNotMarkedSafe">Initialize and script
ActiveX controls not marked as safe</string>
<string id="IZ_PolicyScriptActiveXNotMarkedSafe_ExplainDefaultDisable">This
policy setting allows you to manage ActiveX controls not marked as safe.
If you enable this policy setting, ActiveX controls are run, loaded with
parameters, and scripted without setting object safety for untrusted data or
scripts. This setting is not recommended, except for secure and administered zones.
This setting causes both unsafe and safe controls to be initialized and scripted,
ignoring the Script ActiveX controls marked safe for scripting option.
If you enable this policy setting and select Prompt in the drop-down box, users are
queried whether to allow the control to be loaded with parameters or scripted.
If you disable this policy setting, ActiveX controls that cannot be made safe are
not loaded with parameters or scripted.
If you do not configure this policy setting, ActiveX controls that cannot be made
safe are not loaded with parameters or scripted.</string>
<string id="IZ_PolicyScriptActiveXNotMarkedSafe_ExplainDefaultPrompt">This
policy setting allows you to manage ActiveX controls not marked as safe.
If you enable this policy setting, ActiveX controls are run, loaded with
parameters, and scripted without setting object safety for untrusted data or
scripts. This setting is not recommended, except for secure and administered zones.
This setting causes both unsafe and safe controls to be initialized and scripted,
ignoring the Script ActiveX controls marked safe for scripting option.
If you enable this policy setting and select Prompt in the drop-down box, users are
queried whether to allow the control to be loaded with parameters or scripted.
If you disable this policy setting, ActiveX controls that cannot be made safe are
not loaded with parameters or scripted.
If you do not configure this policy setting, users are queried whether to allow the
control to be loaded with parameters or scripted.</string>
<string id="IZ_PolicyScriptingOfJavaApplets">Scripting of Java
applets</string>
<string id="IZ_PolicyScriptingOfJavaApplets_ExplainDefaultDisable">This
policy setting allows you to manage whether applets are exposed to scripts within
the zone.
If you enable this policy setting, scripts can access applets automatically without
user intervention.
allow scripts to access applets.
If you disable this policy setting, scripts are prevented from accessing applets.
If you do not configure this policy setting, scripts are prevented from accessing
applets.</string>
<string id="IZ_PolicyScriptingOfJavaApplets_ExplainDefaultEnable">This policy
setting allows you to manage whether applets are exposed to scripts within the
zone.
If you enable this policy setting, scripts can access applets automatically without
user intervention.
allow scripts to access applets.
If you disable this policy setting, scripts are prevented from accessing applets.
If you do not configure this policy setting, scripts can access applets
automatically without user intervention.</string>
<string id="IZ_PolicySignedFrameworkComponentsURLaction">Run .NET Framework-
reliant components signed with Authenticode</string>
<string
id="IZ_PolicySignedFrameworkComponentsURLaction_ExplainDefaultDisable">This policy
setting allows you to manage whether .NET Framework components that are signed with
Authenticode can be executed from Internet Explorer. These components include
managed controls referenced from an object tag and managed executables referenced
from a link.
If you enable this policy setting, Internet Explorer will execute signed managed
components. If you select Prompt in the drop-down box, Internet Explorer will
prompt the user to determine whether to execute signed managed components.
If you disable this policy setting, Internet Explorer will not execute signed
managed components.
If you do not configure this policy setting, Internet Explorer will not execute
signed managed components.</string>
<string
id="IZ_PolicySignedFrameworkComponentsURLaction_ExplainDefaultEnable">This policy
setting allows you to manage whether .NET Framework components that are signed with
Authenticode can be executed from Internet Explorer. These components include
from a link.
If you enable this policy setting, Internet Explorer will execute signed managed
prompt the user to determine whether to execute signed managed components.
If you disable this policy setting, Internet Explorer will not execute signed
managed components.
If you do not configure this policy setting, Internet Explorer will execute signed
managed components.</string>
<string id="IZ_PolicySoftwareChannelPermissions">Software channel
permissions</string>
<string id="IZ_PolicySoftwareChannelPermissions_ExplainDefaultHigh">This
policy setting allows you to manage software channel permissions.
If you enable this policy setting, you can choose the following options from the
drop-down box.
Low safety to allow users to be notified of software updates by e-mail, software

packages to be automatically downloaded to users' computers, and software packages
to be automatically installed on users' computers.
Medium safety to allow users to be notified of software updates by e-mail and

software packages to be automatically downloaded to (but not installed on) users'
computers.
High safety to prevent users from being notified of software updates by e-mail,
software packages from being automatically downloaded to users' computers, and
software packages from being automatically installed on users' computers.
If you disable this policy setting, permissions are set to high safety.
If you do not configure this policy setting, permissions are set to High
safety.</string>
<string id="IZ_PolicySoftwareChannelPermissions_ExplainDefaultLow">This
drop-down box.


computers.
If you do not configure this policy setting, permissions are set to Low
safety.</string>
<string id="IZ_PolicySoftwareChannelPermissions_ExplainDefaultMedium">This
drop-down box.


computers.
If you do not configure this policy setting, permissions are set to Medium
safety.</string>
<string id="IZ_PolicySubmitNonencryptedFormData">Submit non-encrypted form
data</string>
<string id="IZ_PolicySubmitNonencryptedFormData_ExplainDefaultEnable">This
policy setting allows you to manage whether data on HTML forms on pages in the zone
may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always
allowed; this setting only affects non-SSL form data submission.
If you enable this policy setting, information using HTML forms on pages in this
zone can be submitted automatically. If you select Prompt in the drop-down box,
users are queried to choose whether to allow information using HTML forms on pages
in this zone to be submitted.
If you disable this policy setting, information using HTML forms on pages in this
zone is prevented from being submitted.
If you do not configure this policy setting, information using HTML forms on pages
in this zone can be submitted automatically.</string>
<string id="IZ_PolicySubmitNonencryptedFormData_ExplainDefaultPrompt">This
policy setting allows you to manage whether data on HTML forms on pages in the zone
may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always
allowed; this setting only affects non-SSL form data submission.
If you enable this policy setting, information using HTML forms on pages in this
zone can be submitted automatically. If you select Prompt in the drop-down box,
users are queried to choose whether to allow information using HTML forms on pages
in this zone to be submitted.
If you disable this policy setting, information using HTML forms on pages in this
zone is prevented from being submitted.
allow information using HTML forms on pages in this zone to be submitted.</string>
<string id="IZ_PolicyTrustedSitesZoneLockdownTemplate">Locked-Down Trusted
Sites Zone Template</string>
<string id="IZ_PolicyTrustedSitesZoneTemplate">Trusted Sites Zone
Template</string>
<string id="IZ_PolicyUnsignedFrameworkComponentsURLaction">Run .NET
Framework-reliant components not signed with Authenticode</string>
<string
id="IZ_PolicyUnsignedFrameworkComponentsURLaction_ExplainDefaultDisable">This
policy setting allows you to manage whether .NET Framework components that are not
signed with Authenticode can be executed from Internet Explorer. These components
include managed controls referenced from an object tag and managed executables
referenced from a link.
If you enable this policy setting, Internet Explorer will execute unsigned managed
prompt the user to determine whether to execute unsigned managed components.
If you disable this policy setting, Internet Explorer will not execute unsigned
managed components.
If you do not configure this policy setting, Internet Explorer will not execute
unsigned managed components.</string>
<string
id="IZ_PolicyUnsignedFrameworkComponentsURLaction_ExplainDefaultEnable">This policy
setting allows you to manage whether .NET Framework components that are not signed
with Authenticode can be executed from Internet Explorer. These components include
from a link.
If you enable this policy setting, Internet Explorer will execute unsigned managed
prompt the user to determine whether to execute unsigned managed components.
If you disable this policy setting, Internet Explorer will not execute unsigned
managed components.
If you do not configure this policy setting, Internet Explorer will execute
unsigned managed components.</string>
<string id="IZ_PolicyUserdataPersistence">Userdata persistence</string>
<string id="IZ_PolicyUserdataPersistence_ExplainDefaultDisable">This policy
setting allows you to manage the preservation of information in the browser's
history, in favorites, in an XML store, or directly within a Web page saved to
disk. When a user returns to a persisted page, the state of the page can be
restored if this policy setting is appropriately configured.
If you enable this policy setting, users can preserve information in the browser's
disk.
If you disable this policy setting, users cannot preserve information in the
browser's history, in favorites, in an XML store, or directly within a Web page
saved to disk.
If you do not configure this policy setting, users cannot preserve information in
the browser's history, in favorites, in an XML store, or directly within a Web page
saved to disk.</string>
<string id="IZ_PolicyUserdataPersistence_ExplainDefaultEnable">This policy
setting allows you to manage the preservation of information in the browser's
disk. When a user returns to a persisted page, the state of the page can be
restored if this policy setting is appropriately configured.
If you enable this policy setting, users can preserve information in the browser's
disk.
If you disable this policy setting, users cannot preserve information in the
saved to disk.
If you do not configure this policy setting, users can preserve information in the
saved to disk.</string>
<string id="IZ_PolicyWindowsRestrictionsURLaction">Allow script-initiated
windows without size or position constraints</string>
<string id="IZ_PolicyWindowsRestrictionsURLaction_ExplainDefaultDisable">This
policy setting allows you to manage restrictions on script-initiated pop-up windows
and windows that include the title and status bars.
If you enable this policy setting, Windows Restrictions security will not apply in
this zone. The security zone runs without the added layer of security provided by
this feature.
If you disable this policy setting, the possible harmful actions contained in
script-initiated pop-up windows and windows that include the title and status bars
cannot be run. This Internet Explorer security feature will be on in this zone as
dictated by the Scripted Windows Security Restrictions feature control setting for
the process.
If you do not configure this policy setting, the possible harmful actions contained
in script-initiated pop-up windows and windows that include the title and status
bars cannot be run. This Internet Explorer security feature will be on in this zone
as dictated by the Scripted Windows Security Restrictions feature control setting
for the process.</string>
<string id="IZ_PolicyWindowsRestrictionsURLaction_ExplainDefaultEnable">This
policy setting allows you to manage restrictions on script-initiated pop-up windows
and windows that include the title and status bars.
If you enable this policy setting, Windows Restrictions security will not apply in
this zone. The security zone runs without the added layer of security provided by
this feature.
If you disable this policy setting, the possible harmful actions contained in
script-initiated pop-up windows and windows that include the title and status bars
cannot be run. This Internet Explorer security feature will be on in this zone as
dictated by the Scripted Windows Security Restrictions feature control setting for
the process.
If you do not configure this policy setting, Windows Restrictions security will not
apply in this zone. The security zone runs without the added layer of security
provided by this feature.</string>
<string id="IZ_PolicyZoneElevationURLaction">Web sites in less privileged Web
content zones can navigate into this zone</string>
<string id="IZ_PolicyZoneElevationURLaction_ExplainDefaultDisable">This
policy setting allows you to manage whether Web sites from less privileged zones,
such as Internet sites, can navigate into this zone.
If you enable this policy setting, Web sites from less privileged zones can open
new windows in, or navigate into, this zone. The security zone will run without the
added layer of security that is provided by the Protection from Zone Elevation
security feature. If you select Prompt in the drop-down box, a warning is issued to
the user that potentially risky navigation is about to occur.
If you disable this policy setting, the possibly harmful navigations are prevented.
The Internet Explorer security feature will be on in this zone as set by Protection
from Zone Elevation feature control.
If you do not configure this policy setting, the possibly harmful navigations are
prevented. The Internet Explorer security feature will be on in this zone as set by
Protection from Zone Elevation feature control.</string>
<string id="IZ_PolicyZoneElevationURLaction_ExplainDefaultEnable">This policy
setting allows you to manage whether Web sites from less privileged zones, such as
Restricted Sites, can navigate into this zone.
new windows in, or navigate into, this zone. The security zone will run without
the added layer of security that is provided by the Protection from Zone Elevation
If you do not configure this policy setting, Web sites from less privileged zones
can open new windows in, or navigate into, this zone.</string>
<string id="IZ_PolicyZoneElevationURLaction_ExplainDefaultPrompt">This policy
setting allows you to manage whether Web sites from less privileged zones, such as
Restricted Sites, can navigate into this zone.
new windows in, or navigate into, this zone. The security zone will run without
the added layer of security that is provided by the Protection from Zone Elevation
If you do not configure this policy setting, a warning is issued to the user that
potentially risky navigation is about to occur.</string>
<string id="IZ_ProxyByPass">Intranet Sites: Include all sites that bypass the
proxy server</string>
<string id="IZ_RestrictedSitesZone">Restricted Sites Zone</string>
<string id="IZ_RestrictedSitesZoneLockdown">Locked-Down Restricted Sites
Zone</string>
<string id="IZ_RestrictedSitesZoneLockdown_Explain">The settings in this zone
apply only if the Restricted Zone is in 'lockdown' mode, such as when the Network
Protocol Lockdown security feature is in effect. If the zone is locked down, these
URL action settings do not override the standard Restricted Zone settings, but are
same, then that setting is used. Otherwise, the relevant behavior is strictly
blocked, preventing the zone from operating with the standard (non-lockdown) zone's
setting.</string>
<string id="IZ_SecurityPage">Security Page</string>
<string id="IZ_SecurityPageExplain">If you enable any policies for the
security page, it is strongly recommended that you also configure policy to disable
the security page from being presented in the UI to prevent users from believing
that they can change their security settings.
You can disable the security page using the policy located at Administrative
Templates\Windows Components\Internet Explorer\Internet Control Panel\.</string>
<string id="IZ_TrustedSitesZone">Trusted Sites Zone</string>
<string id="IZ_TrustedSitesZoneLockdown">Locked-Down Trusted Sites
Zone</string>
<string id="IZ_TrustedSitesZoneLockdown_Explain">The settings in this zone
apply only if the Trusted Zone is in 'lockdown' mode, such as when the Network
Protocol Lockdown security feature is in effect. If the zone is locked down, these
URL action settings do not override the standard Trusted Zone settings, but are
<string id="IZ_UNCAsIntranet">Intranet Sites: Include all network paths
(UNCs)</string>
<string id="IZ_Zonemaps">Site to Zone Assignment List</string>
<string id="LinkColor_Explain">This policy setting prevents the user from
specifying the color of webpage links that he or she has not yet clicked.
Appropriate color choices can make links easier to see for some users, especially
those who use high-contrast color schemes.
If you enable this policy setting, the user cannot specify the color of links not
yet clicked in Internet Explorer. You must specify the link color (for example:
192,192,192).
If you disable or do not configure this policy setting, the user can specify the
color of links not yet clicked.</string>
<string id="LinkColorPol">Prevent specifying the color of links that have not
yet been clicked</string>
<string id="LinkColors">Link Colors</string>
<string id="LinkColorVisited_Explain">This policy setting prevents the user
from specifying the color of webpage links that he or she has already clicked.
Appropriate color choices can make links easier to see for some users, especially
those who use high-contrast color schemes.
If you enable this policy setting, the user cannot specify the color of links
already clicked in Internet Explorer. You must specify the link color (for example:
192,192,192).
color of links already clicked.</string>
<string id="LinkColorVisitedPol">Prevent specifying the color of links that
have already been clicked</string>
<string id="ManualPhishing">Manual</string>
<string id="MaxSubscription">Subscription Limits</string>
<string id="MaxWebcrawlDepth0">0</string>
<string id="MediaSettings">Configure Media Explorer Bar</string>
<string id="Menu_Controls">Menu Controls</string>
<string id="Menus">Browser menus</string>
<string id="Microsoft_Agent">Microsoft Agent</string>
<string id="Microsoft_Chat">Microsoft Chat</string>
<string id="MSNBC">MSNBC</string>
<string id="Multimedia">Multimedia</string>
<string id="NetShowFile">NetShow File Transfer Control</string>
<string id="Never">Never</string>
<string id="New">Open in a new Internet Explorer window</string>
<string id="NoAddingChannels">Disable adding channels</string>
<string id="NoAddingSubscriptions">Disable adding schedules for offline
pages</string>
<string id="NoAutomaticSignup">Turn on automatic signup</string>
<string id="NoAutomaticSignup_Explain">This policy setting allows Internet
Explorer to be started automatically to complete the signup process after the
branding is complete for Internet service providers (ISPs) through the Internet
Explorer Administration Kit (IEAK).
If you enable this policy setting, Internet Explorer is started automatically to

complete the signup process after the branding is complete for ISPs (IEAK). The
user cannot change this behavior.
If you disable this policy setting, Internet Explorer is not started automatically
to complete the signup process after the branding is complete for ISPs (IEAK). The
user cannot change this behavior.
If you do not configure this policy setting, the user can decide whether to start
Internet Explorer automatically to complete the signup process after the branding
is complete for ISPs (IEAK).</string>
<string id="NoBandCustomize">Disable customizing browser toolbars</string>
<string id="NoBrowserContextMenu">Turn off Shortcut Menu</string>
<string id="NoCertError">Prevent ignoring certificate errors</string>
<string id="NoChannelLogging">Disable offline page hit logging</string>
<string id="NoChannelUI">Disable channel user interface completely</string>
<string id="NoDelBrowsingHistory">Prevent access to Delete Browsing
History</string>
<string id="NoDelForms">Prevent deleting form data</string>
<string id="NoDelPasswords">Prevent deleting passwords</string>
<string id="NoEditingScheduleGroups">Disable editing and creating of schedule
groups</string>
<string id="NoEditingSubscriptions">Disable editing schedules for offline
pages</string>
<string id="NoFavorites">Hide Favorites menu</string>
<string id="NoFirstRunCustomise">Prevent running First Run wizard</string>
<string id="NoHelpMenu">Prevent access to Internet Explorer Help</string>
<string id="NoIESearchBox">Prevent Internet Explorer Search box from
appearing</string>
<string id="NoJITSetup">Disable Automatic Install of Internet Explorer
components</string>
<string id="NoOpeninNewWnd">Disable Open in New Window menu option</string>
<string id="NoQuickTabs">Turn off Quick Tabs functionality</string>
<string id="NoRemovingChannels">Disable removing channels</string>
<string id="NoRemovingSubscriptions">Disable removing schedules for offline
pages</string>
<string id="NoScheduledUpdates">Disable all scheduled offline pages</string>
<string id="NoSearchProvider">Prevent changing the default search
provider</string>
<string id="NoSelectDownloadDir">Disable Save this program to disk
option</string>
<string id="NoSplash">Disable showing the splash screen</string>
<string id="NoSubscriptionContent">Disable downloading of site subscription
content</string>
<string id="NoTabBrowsing">Turn off tabbed browsing</string>
<string id="NoTabBrowsingPopups">Turn off configuration of pop-up windows in
tabbed browsing</string>
<string id="NoToolbarCustomize">Disable customizing browser toolbar
buttons</string>
<string id="NoUpdateCheck">Disable Periodic Check for Internet Explorer
software updates</string>
<string id="NoWindowReuse">Prevent configuration of how windows open</string>
<string id="OESettings">Configure Outlook Express</string>
<string id="PageTransitions">Turn off page transitions</string>
<string id="PageTransitions_Explain">This policy setting specifies if, as you
move from one Web page to another, Internet Explorer fades out of the page you are
leaving and fades into the page to which you are going.
If you enable this policy setting, page transitions will be turned off. The user
If you disable this policy setting, page transitions will be turned on. The user
If you do not configure this policy setting, the user can turn on or off page
transitions.
This feature only applies to versions of Internet Explorer up to and including

Internet Explorer 8.</string>
<string id="Persistence">Persistence Behavior</string>
<string id="Persistence_FileLimits0">File size limits for Local Machine
zone</string>
<string id="Persistence_FileLimits1">File size limits for Intranet
zone</string>
<string id="Persistence_FileLimits2">File size limits for Trusted Sites
zone</string>
<string id="Persistence_FileLimits3">File size limits for Internet
zone</string>
<string id="Persistence_FileLimits4">File size limits for Restricted Sites
zone</string>
<string id="PhishingOff">Off</string>
<string id="PhishingOn">On</string>
<string id="PopupBlocker_AllowList">Pop-up allow list</string>
<string id="Printing">Printing</string>
<string id="Printing_Explain">This policy setting specifies whether Internet
Explorer prints background colors and images when the user prints a webpage.
Including background colors and images might reduce the speed at which a page is
printed and the quality of the printing, depending on the capabilities of the
printer.
If you enable this policy setting, the printing of background colors and images is
turned on. The user cannot turn it off.
If you disable this policy setting, the printing of background colors and images is
turned off. The user cannot turn it on.
If you do not configure this policy setting, the user can turn on or turn off the
printing of background colors and images.</string>
<string id="RestrictAccessibility">Disable changing accessibility
settings</string>
<string id="RestrictAutoconfig">Disable changing Automatic Configuration
settings</string>
<string id="RestrictAutoImageResize">Turn off automatic image
resizing</string>
<string id="RestrictAutoImageResize_Explain">This policy setting specifies
that you want Internet Explorer to automatically resize large images so that they
fit in the browser window.
If you enable this policy setting, automatic image resizing is turned off. The user
cannot change this setting.
If you disable this policy setting, automatic image resizing is turned on. The user
cannot change this setting.
If you do not configure this policy setting, the user can turn on or off automatic
image resizing.</string>
<string id="RestrictCache">Disable changing Temporary Internet files
settings</string>
<string id="RestrictCalendarContact">Disable changing Calendar and Contact
settings</string>
<string id="RestrictCertificates">Disable changing certificate
settings</string>
<string id="RestrictCheckBrowser">Disable changing default browser
check</string>
<string id="NotifyNotDefaultBrowser">Notify users if Internet Explorer is not
the default web browser</string>
<string id="RestrictColors">Disable changing color settings</string>
<string id="RestrictConnectionSettings">Disable changing connection
settings</string>
<string id="RestrictConnectionWizard">Disable Internet Connection
wizard</string>
<string id="RestrictFonts">Disable changing font settings</string>
<string id="RestrictFormSuggest">Disable AutoComplete for forms</string>
<string id="RestrictFormSuggestPW">Turn on the auto-complete feature for user
names and passwords on forms</string>
<string id="RestrictHistory">Disable "Configuring History"</string>
<string id="RestrictHomePage">Disable changing home page settings</string>
<string id="RestrictLanguages">Disable changing language settings</string>
<string id="RestrictLinks">Disable changing link color settings</string>
<string id="RestrictMessaging">Disable changing Messaging settings</string>
<string id="RestrictPopupExceptionList">Prevent managing pop-up exception
list</string>
<string id="RestrictPopupManagement">Turn off pop-up management</string>
<string id="RestrictProfiles">Disable changing Profile Assistant
settings</string>
<string id="RestrictProxy">Prevent changing proxy settings</string>
<string id="RestrictRatings">Disable changing ratings settings</string>
<string id="RestrictResetWebSettings">Disable the Reset Web Settings
feature</string>
<string id="RestrictSettings">Prevent the deletion of temporary Internet
files and cookies</string>
<string id="RestrictWebAddressSuggest">Turn off the auto-complete feature for
web addresses</string>
<string id="RestrictWSAutoComplete">Turn off Windows Search
AutoComplete</string>
<string id="RestrictDomainSuggestion">Turn off URL Suggestions</string>
<string id="RSS_Feeds">RSS Feeds</string>
<string id="ScriptErrorCache">Turn on the display of script errors</string>
<string id="ScriptErrorCache_Explain">This policy setting specifies whether
to display script errors when a page does not appear properly because of problems
with its scripting. This feature is off by default, but it is useful to developers
when they are testing webpages.
If you enable this policy setting, the user is shown script errors when a page does
not appear properly because of problems with its scripting. The user cannot change
this policy setting.
If you disable this policy setting, the user is not shown script errors when a page
does not appear properly because of problems with its scripting. The user cannot
change this policy setting.
display of script errors.</string>
<string id="Scriptlet">Microsoft Scriptlet Component</string>
<string id="ScriptPaste">Clipboard access</string>
<string id="Search_NoFindFiles">Search: Disable Find Files via F3 within the
browser</string>
<string id="Search_NoSearchCustomization">Search: Disable Search
Customization</string>
<string id="Searching">Searching</string>
<string id="Security_HKLM_only">Security Zones: Use only machine settings
</string>
<string id="Security_options_edit">Security Zones: Do not allow users to
change policies</string>
<string id="Security_zones_map_edit">Security Zones: Do not allow users to
add/delete sites</string>
<string id="SecurityFeatures">Security Features</string>
<string id="SecurityPage_AutoDetect">Turn on automatic detection of
intranet</string>
<string id="SecurityPage_WarnOnIntranet">Turn on Notification bar
notification for intranet content</string>
<string id="ShellNotifications">Disable software update shell notifications
on program launch</string>
<string id="ShowPictures">Turn off image display</string>
<string id="ShowPictures_Explain">This policy setting specifies whether
graphical images are included when pages are displayed.
Sometimes, pages that contain several graphical images are displayed very slowly.
If you want to display pages more quickly, you can turn off image display.
If you enable this policy setting, images do not appear. The user cannot turn on
image display. However, the user can still display an individual image by right-
clicking the icon that represents the image and then clicking Show Picture. The
"Allow the display of image download placeholders" policy setting must be disabled
if this policy setting is enabled.
If you disable this policy setting, images appear. The user cannot turn off image
display.
If you do not configure this policy setting, the user can turn on or turn off image
display.</string>
<string id="ShowPlaceholders">Allow the display of image download
placeholders</string>
<string id="ShowPlaceholders_Explain">This policy setting specifies whether
placeholders appear for graphical images while the images are downloading. This
allows items on the page to be positioned where they will appear when the images
are completely downloaded. This option is ignored if the Show Pictures check box is
cleared.
If you enable this policy setting, placeholders appear for graphical images while
the images are downloading. The user cannot change this policy setting. The "Turn
off image display" policy setting must be disabled if this policy setting is
enabled.
If you disable this policy setting, placeholders will not appear for graphical
images while the images are downloading. The user cannot change this policy
setting.
If you do not configure this policy setting, the user can allow or prevent the
display of placeholders for graphical images while the images are
downloading.</string>
<string id="EnableAlternativeCodec">Allow Internet Explorer to play media
files that use alternative codecs</string>
<string id="EnableAlternativeCodec_Explain">This policy setting specifies
whether Internet Explorer plays media files that use alternative codecs and that
require additional software.
If you enable this policy setting, Internet Explorer plays these files, if the
appropriate software is installed.
If you disable this policy setting, Internet Explorer does not play these files.
If you do not configure this policy setting, the user can change the "Enable
alternative codecs in HTML5 media elements" setting on the Advanced tab in the
Internet Options dialog box.</string>
<string id="SignupSettings">Signup Settings</string>
<string id="SmartImageDithering">Turn off smart image dithering</string>
<string id="SmartImageDithering_Explain">This policy setting specifies
whether you want Internet Explorer to smooth images so that they appear less jagged
when displayed.
If you enable this policy setting, smart image dithering is turned off. The user
cannot turn it on.
If you disable this policy setting, smart image dithering is turned on. The user
cannot turn it off.
If you do not configure this policy setting, the user can turn on or turn off smart
image dithering.</string>
<string id="SmoothScrolling">Turn off smooth scrolling</string>
<string id="SmoothScrolling_Explain">This policy setting specifies whether
smooth scrolling is used to display content at a predefined speed.
If you enable this policy setting, smooth scrolling is turned off. The user cannot
turn on smooth scrolling.
If you disable this policy setting, smooth scrolling is turned on. The user cannot
turn off smooth scrolling.
If you do not configure this policy setting, the user can turn smooth scrolling on
or off.</string>
<string id="SpecificSearchProvider">Restrict search providers to a specific
list</string>
<string id="SQM_DisableCEIP">Prevent participation in the Customer Experience
Improvement Program</string>
<string id="SUPPORTED_IE4ONLY">Only Internet Explorer 4.0</string>
<string id="SUPPORTED_IE5">At least Internet Explorer 5.0</string>
<string id="SUPPORTED_IE5_6">Only Internet Explorer 5.0 and Internet Explorer
6.0</string>
<string id="SUPPORTED_IE5_7">Only Internet Explorer 5.0 through Internet
Explorer 7.0</string>
<string id="SUPPORTED_IE5_NONWIN8">At least Internet Explorer 5.0. Not
supported on Windows 8</string>
<string id="SUPPORTED_IE5_NONVISTA">At least Internet Explorer 5.0. Not
supported on Windows Vista</string>
<string id="SUPPORTED_IE6SP2">At least Internet Explorer 6.0 in Windows XP
with Service Pack 2 or Windows Server 2003 with Service Pack 1</string>
<string id="SUPPORTED_IE6SP2_IE7">Only Internet Explorer 6.0 in Windows XP
Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inclusive</string>
<string id="SUPPORTED_IE6SP2_IE8">Only Internet Explorer 6.0 in Windows XP
Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inclusive</string>
<string id="SUPPORTED_IE6SRVSP1">At least Internet Explorer 6.0 in Windows
2003 Service Pack 1</string>
<string id="SUPPORTED_IE6SRVSP1_NONVISTA">At least Internet Explorer 6.0 in
Windows 2003 Service Pack 1. Not supported on Windows Vista</string>
<string id="SUPPORTED_IE6SRVSP1ONLY">Only Internet Explorer 6.0 in Windows
2003 Service Pack 1</string>
<string id="SUPPORTED_IE7_8">Only Internet Explorer 7.0 and Internet Explorer
8.0</string>
<string id="SUPPORTED_IE7_9">Internet Explorer 7.0 to Internet Explorer
9.0</string>
10.0</string>
10.0</string>
<string id="SUPPORTED_IE10WIN8">At least Internet Explorer 10.0 on Windows
8</string>
<string id="SUPPORTED_IE11WIN8">At least Internet Explorer 11.0 on Windows
8.1</string>
<string id="SUPPORTED_IE7_NONVISTA">At least Internet Explorer 7.0. Not
supported on Windows Vista</string>
<string id="SUPPORTED_IE7VISTA">At least Internet Explorer 7.0 in Windows
Vista</string>
<string id="Survey">Microsoft Survey Control</string>
<string id="TabOpenInFgndBgnd">Prevent configuration of new tab
creation</string>
<string id="TextColor_Explain">This policy setting prevents the user from
specifying the text color in Internet Explorer.
If you enable this policy setting, the user cannot specify the text color in
Internet Explorer. You must specify the text color (for example: 192,192,192).
text color in Internet Explorer.</string>
<string id="TextColorPol">Prevent specifying text color</string>
<string id="ToolbarButtons">Configure Toolbar Buttons</string>
<string id="Toolbars">Toolbars</string>
<string id="Tools_Menu">Tools menu: Disable Internet Options... menu
option</string>
<string id="NoReportSiteProblems">Turn off the ability to launch report site
problems using a menu option</string>
<string id="TurnOnActiveXFiltering">Turn on ActiveX Filtering</string>
<string id="UnderlineLinksPol">Turn off configuring underline links</string>
<string id="UnderlineLinksPol_Explain">This policy setting specifies how you
want links on webpages to be underlined.
If you enable this policy setting, a user cannot choose when to underline links.
You must specify when to underline links:
• Always
• Never
• Hover (when the mouse pointer pauses on a link)
If you disable or do not configure this policy setting, the user can choose when to
underline links.</string>
<string id="UpdateCheck">Periodic check for updates to Internet Explorer and
Internet Tools</string>
<string id="UpdateIntervalPol">Prevent specifying the update check interval
(in days)</string>
<string id="UpdateIntervalPol_Explain">This policy setting prevents the user
from specifying the update check interval. The default value is 30 days.
If you enable this policy setting, the user cannot specify the update check
interval. You must specify the update check interval.
update check interval.</string>
<string id="UpdatePagePol">Prevent changing the URL for checking updates to
Internet Explorer and Internet Tools</string>
<string id="UpdatePagePol_Explain">This policy setting prevents the user from
changing the default URL for checking updates to Internet Explorer and Internet
Tools.
If you enable this policy setting, the user cannot change the URL that is displayed
for checking updates to Internet Explorer and Internet Tools. You must specify this
URL.
If you disable or do not configure this policy setting, the user can change the URL
that is displayed for checking updates to Internet Explorer and Internet
Tools.</string>
<string id="URLFailsPol">Prevent configuration of search on Address
bar</string>
<string id="URLFailsPol_Explain">This policy setting specifies whether the
user can conduct a search on the Address bar.
If you enable this policy setting, you must specify which of the following actions
applies to searches on the Address bar. The user cannot change the specified
action.
• Do not search from the Address bar: The user cannot use the Address bar for
searches. The user can still perform searches on the Search bar by clicking the
Search button.
• Display the results in the main window: When the user searches on the Address
bar, the list of search results is displayed in the main window.
If you disable or do not configure this policy setting, the user can specify what
action applies to searches on the Address bar.</string>
<string id="UTF8URLQuery_Always">Always encode query strings in UTF-
8</string>
<string id="UTF8URLQuery_Intranet">Encode query strings in UTF-8 only in
Intranet URLs</string>
<string id="UTF8URLQuery_Never">Never encode query strings in UTF-8</string>
<string id="UTF8URLQuery_NonIntranet">Encode query strings in UTF-8 only in
non-Intranet URLs</string>
<string id="UseHomePage">Go directly to home page</string>
<string id="UseHoverColor">Turn on the hover color option</string>
<string id="UseHoverColor_Explain">This policy setting makes hyperlinks
change color when the mouse pointer pauses on them.
If you enable this policy setting, the hover color option is turned on. The user
cannot turn it off.
If you disable this policy setting, the hover color option is turned off. The user
cannot turn it on.
hover color option.</string>
<string id="UserProxy">Make proxy settings per-machine (rather than per-
user)</string>
<string id="UseWelcomeIEPage">Go directly to "Welcome To IE" page</string>
<string id="UseWindowsColors">Prevent the use of Windows colors</string>
<string id="UseWindowsColors_Explain">This policy setting prevents the user
from using Windows colors as a part of the display settings.
If you enable this policy setting, Windows colors are turned off. The user cannot
turn them on.
If you disable this policy setting, Windows colors are turned on. The user cannot
turn them off.
If you do not configure this policy setting, the user can turn on or turn off
Windows colors for display.</string>
<string id="UTF8">Turn off sending URL path as UTF-8</string>
<string id="UTF8_Explain">This policy setting specifies whether to use 8-bit
Unicode Transformation Format (UTF-8), a standard that defines characters so they
are readable in any language. By using UTF-8, you can exchange Internet addresses
(URLs) that contain characters from any language.
If you enable this policy setting, Internet Explorer does not allow sending the
path portion of URLs as UTF-8. The user cannot change this policy setting.
If you disable this policy setting, Internet Explorer allows sending the path
portion of URLs as UTF-8. The user cannot change this policy setting.
If you do not configure this policy setting, the user can allow or prevent the
sending of the path portion of URLs as UTF-8.</string>
<string id="View_NoTheaterMode">View menu: Disable Full Screen menu
option</string>
<string id="View_NoViewSource">View menu: Disable Source menu option</string>
<string id="DisableDeveloperTools">Turn off Developer Tools</string>
<string id="DisableFavoritesBar">Turn off Favorites bar</string>
<string id="DisableTabGrouping">Turn off Tab Grouping</string>
<string id="IESF_DisableDataURI">Turn off Data URI support</string>
<string id="IESF_DisableDEP">Turn off Data Execution Prevention</string>
<string id="IE_ExplainDisableDeveloperTools">This policy setting allows you
to manage whether the user can access Developer Tools in Internet Explorer.
If you enable this policy setting, the user cannot access Developer Tools.
If you disable or do not configure this policy setting, the user can access
Developer Tools.</string>
<string id="IESF_DisablePasswordRevealButton">Do not display the reveal
password button</string>
<string id="IESF_ExplainDisablePasswordRevealButton">This policy setting
allows you to hide the reveal password button when Internet Explorer prompts users
for a password. The reveal password button is displayed during password entry. When
the user clicks the button, the current password value is visible until the mouse
button is released (or until the tap ends).
If you enable this policy setting, the reveal password button will be hidden for
all password fields. Users and developers will not be able to depend on the reveal
password button being displayed in any web form or web application.
If you disable or do not configure this policy setting, the reveal password button
can be shown by the application as a user types in a password. The reveal password
button is visible by default.
On at least Windows 8, if the "Do not display the reveal password button" policy
setting located in Computer Configuration\Administrative Templates\Windows
Components\Credential User Interface is enabled for the system, it will override
this policy setting.</string>
<string id="IE_ExplainDisableFavoritesBar">This policy setting allows you to
manage whether a user has access to the Favorites bar in Internet Explorer.
If you enable this policy setting, the Favorites bar is turned off.
If you disable this policy setting, the Favorites bar is turned on.
Favorites bar.</string>
<string id="IE_ExplainDisableTabGrouping">This policy setting allows you to
manage whether the user has access to Tab Grouping in Internet Explorer.
If you enable this policy setting, Tab Grouping is turned off.
If you disable this policy setting, Tab Grouping is turned on.
If you do not configure this policy setting, the user can turn on or turn off Tab
Grouping.</string>
<string id="IESF_ExplainDisableDEP">This policy setting allows you to turn
off the Data Execution Prevention feature for Internet Explorer on Windows Server
2008, Windows Vista with SP1, and Windows XP with SP3.
If you enable this policy setting, Internet Explorer does not turn on Data
Execution Prevention on platforms that support the SetProcessDEPPolicy function.
If you disable or do not configure this policy setting, Internet Explorer uses the
SetProcessDEPPolicy function to turn on Data Execution Prevention on platforms that
support the function.
This policy setting has no effect if Windows has been configured to enable Data
Execution Prevention.</string>
<string id="IESF_ExplainDisableDataURI">This policy setting allows you to
turn on or turn off Data URI support. A Data URI allows web developers to
encapsulate images and .css files within the body of the URL and optionally encode
them by using base 64 encoding. Malware filters or other network-based filters may
not properly filter encapsulated data.
If you enable this policy setting, Data URI support is turned off. Without Data URI
support, a Data URI will be interpreted as a failed URL.
If you disable this policy setting, Data URI support is turned on.
If you do not configure this policy setting, Data URI support can be turned on or
off through the registry.</string>
<string id="DBHDisableDeleteCookies">Prevent deleting cookies</string>
<string id="DBHDisableDeleteHistory">Prevent deleting websites that the user
has visited</string>
<string id="DBHDisableDeleteDownloadHistory">Prevent deleting download
history</string>
<string id="DBHDisableDeleteTIF">Prevent deleting temporary Internet
files</string>
<string id="DBHDisableDeleteInPrivateDataV8">Prevent deleting InPrivate
Filtering data</string>
<string id="DBHDisableDeleteInPrivateDataV9">Prevent deleting ActiveX
Filtering, Tracking Protection, and Do Not Track data</string>
<string id="DBHDisableKeepFavorites">Prevent deleting favorites site
data</string>
<string id="DBHDisableDeleteOnExit">Allow deleting browsing history on
exit</string>
<string id="DeleteBrowsingHistory">Delete Browsing History</string>
<string id="DisableACRPrompt">Turn off Automatic Crash Recovery</string>
<string id="IESF_MaxConnectionPerServer">Change the maximum number of
connections per host (HTTP 1.1)</string>
<string id="IESF_MaxConnectionPer1_0Server">Maximum number of connections per
server (HTTP 1.0)</string>
<string id="IESF_DisableXDM">Turn off cross-document messaging</string>
<string id="IESF_DisableXDR">Turn off the XDomainRequest object</string>
<string id="IESF_DisableWebSocket">Turn off the WebSocket Object</string>
<string id="IESF_WebSocketMaxConnectionsPerServer">Set the maximum number of
WebSocket connections per server</string>
<string id="IESF_ExplainDisableWebSocket">The WebSocket object allows
websites to request data across domains from your browser by using the WebSocket
protocol. This policy setting allows administrators to enable or disable the
WebSocket object. This policy setting does not prevent client-side communication
across domains via other features in Internet Explorer 10. Also, this policy
setting does not prevent a site from requesting cross-domain data through a server.
If you enable this policy setting, websites cannot request data across domains by
using the WebSocket object.
If you disable or do not configure this policy setting, websites can request data
across domains by using the WebSocket object. By default, the WebSocket object is
enabled.</string>
<string id="IESF_ExplainWebSocketMaxConnectionsPerServer">This policy setting
allows you to change the default limit of WebSocket connections per server. The
default limit is 6; you can select a value from 2 through 128.
If you enable this policy setting, Internet Explorer uses the WebSocket connection
limit that you set with this policy setting.
default limit of 6 WebSocket connections per server.</string>
<string id="DisableSafetyFilterOverride">Prevent bypassing SmartScreen Filter
warnings</string>
<string id="DisableSafetyFilterOverrideForAppRepUnknown">Prevent bypassing
SmartScreen Filter warnings about files that are not commonly downloaded from the
Internet</string>
<string id="IE_ExplainDBHDisableDeleteCookies">This policy setting prevents
the user from deleting cookies. This feature is available in the Delete Browsing
History dialog box.
If you enable this policy setting, cookies are preserved when the user clicks
Delete.
If you disable this policy setting, cookies are deleted when the user clicks
Delete.
If you do not configure this policy setting, the user can choose whether to delete
or preserve cookies when he or she clicks Delete.
If the "Prevent access to Delete Browsing History" policy setting is enabled, this
policy setting is enabled by default.</string>
<string id="IE_ExplainDBHDisableDeleteHistory">This policy setting prevents
the user from deleting the history of websites that he or she has visited. This
feature is available in the Delete Browsing History dialog box.
If you enable this policy setting, websites that the user has visited are preserved
when he or she clicks Delete.
If you disable this policy setting, websites that the user has visited are deleted
when he or she clicks Delete.
or preserve visited websites when he or she clicks Delete.
<string id="IE_ExplainDBHDisableDeleteTIF">This policy setting prevents the
user from deleting temporary Internet files. This feature is available in the
Delete Browsing History dialog box.
If you enable this policy setting, temporary Internet files are preserved when the
user clicks Delete.
If you disable this policy setting, temporary Internet files are deleted when the
user clicks Delete.
or preserve temporary Internet files when he or she clicks Delete.
<string id="IE_ExplainDBHDisableDeleteInPrivateDataV8">This policy setting
prevents the user from deleting InPrivate Filtering data. Internet Explorer
collects InPrivate Filtering data during browser sessions other than InPrivate
Browsing sessions to determine which third-party items should be blocked when
InPrivate Filtering is enabled. This feature is available in the Delete Browsing
History dialog box.
If you enable this policy setting, InPrivate Filtering data is preserved when the
user clicks Delete.
If you disable this policy setting, InPrivate Filtering data is deleted when the
user clicks Delete.
or preserve InPrivate Filtering data when he or she clicks Delete.</string>
<string id="IE_ExplainDBHDisableDeleteInPrivateDataV9">In Internet Explorer 9
and Internet Explorer 10:
This policy setting prevents users from deleting ActiveX Filtering and Tracking
Protection data, which includes the list of websites for which the user has chosen
to disable ActiveX Filtering or Tracking Protection. In addition, Tracking
Protection data is also collected if users turn on the Personalized Tracking
Protection List, which blocks third-party items while the user is browsing.
With at least Internet Explorer 11:

This policy setting prevents users from deleting ActiveX Filtering data, Tracking
Protection data, and Do Not Track exceptions stored for visited websites.
This feature is available in the Delete Browsing History dialog box.
If you enable this policy setting, ActiveX Filtering, Tracking Protection and Do
Not Track data is preserved when the user clicks Delete.
If you disable this policy setting, ActiveX Filtering, Tracking Protection and Do
Not Track data is deleted when the user clicks Delete.
If you don't configure this policy setting, users can turn this feature on and off,
determining whether to delete ActiveX Filtering, Tracking Protection, and Do Not
Track data when clicking Delete.</string>
<string id="IE_ExplainDBHDisableKeepFavorites">This policy setting prevents
the user from deleting favorites site data. This feature is available in the Delete
Browsing History dialog box.
If you enable this policy setting, favorites site data is preserved when the user
clicks Delete.
If you disable this policy setting, favorites site data is deleted when the user
clicks Delete.
or preserve favorites site data when he or she clicks Delete.
policy setting has no effect.</string>
<string id="IE_ExplainDBHDisableDeleteDownloadHistory">This policy setting
prevents the user from deleting his or her download history. This feature is
available in the Delete Browsing History dialog box.
If you enable this policy setting, download history is preserved when the user
clicks Delete.
If you disable this policy setting, download history is deleted when the user
clicks Delete.
or preserve download history when he or she clicks Delete.
<string id="IE_ExplainDBHDisableDeleteOnExit">This policy setting allows the
automatic deletion of specified items when the last browser window closes. The
preferences selected in the Delete Browsing History dialog box (such as deleting
temporary Internet files, cookies, history, form data, and passwords) are applied,
and those items are deleted.
If you enable this policy setting, deleting browsing history on exit is turned on.
If you disable this policy setting, deleting browsing history on exit is turned
off.
If you do not configure this policy setting, it can be configured on the General
tab in Internet Options.
policy setting has no effect.</string>
<string id="IE_ExplainDisableACRPrompt">This policy setting turns off
Automatic Crash Recovery.
If you enable this policy setting, Automatic Crash Recovery does not prompt the
user to recover his or her data after a program stops responding.
If you disable or do not configure this policy setting, Automatic Crash Recovery
prompts the user to recover his or her data after a program stops
responding.</string>
<string id="IESF_ExplainMaxConnectionPerServer">This policy setting allows
you to change the default connection limit for HTTP 1.1 from 6 connections per host
to a limit of your choice (from 2 through 128).
If you enable this policy setting, Internet Explorer uses the connection limit of
your choice for HTTP 1.1.
default connection limit for HTTP 1.1 (6 connections per host).
In versions of Internet Explorer before Internet Explorer 8, the default connection

limit for HTTP 1.1 was 2.</string>
<string id="IESF_ExplainMaxConnectionPer1_0Server">This policy setting allows
you to change the default connection limit for HTTP 1.0 from 6 connections per host
to a limit of your choice (from 2 through 128).
If you disable or do not configure this policy setting, Internet Explorer will use
the default connection limit for HTTP 1.0 (6 connections per host).
In versions of Internet Explorer prior to Internet Explorer 8, the default

connection limit for HTTP 1.0 was 4.</string>
<string id="IESF_ExplainDisableXDM">This policy setting allows you to manage
whether documents can request data across third-party domains embedded in the page.
If you enable this policy setting, documents cannot request data across third-party
domains embedded in the page.
If you disable or do not configure this policy setting, documents can request data
across third-party domains embedded in the page.</string>
<string id="IESF_ExplainDisableXDR">This policy setting allows you to choose
whether websites can request data across domains by using the XDomainRequest
object. Note that this policy setting does not block client-side communication
across domains through other features in Internet Explorer 8, and it does not
prevent a site from requesting cross-domain data through a server.
If you enable this policy setting, websites cannot request data across domains by
using the XDomainRequest object.
If you disable or do not configure this policy setting, websites can request data
across domains by using the XDomainRequest object.</string>
<string id="IE_ExplainDisableSafetyFilterOverride">This policy setting
determines whether the user can bypass warnings from SmartScreen Filter.
SmartScreen Filter prevents the user from browsing to or downloading from sites
that are known to host malicious content. SmartScreen Filter also prevents the
execution of files that are known to be malicious.
If you enable this policy setting, SmartScreen Filter warnings block the user.
If you disable or do not configure this policy setting, the user can bypass
SmartScreen Filter warnings.</string>
<string id="IE_ExplainDisableSafetyFilterOverrideForAppRepUnknown">This
policy setting determines whether the user can bypass warnings from SmartScreen
Filter. SmartScreen Filter warns the user about executable files that Internet
Explorer users do not commonly download from the Internet.
If you enable this policy setting, SmartScreen Filter warnings block the user.
If you disable or do not configure this policy setting, the user can bypass
SmartScreen Filter warnings.</string>
<string id="Advanced_EnableCaretBrowsing">Turn on Caret Browsing
support</string>
<string id="Advanced_EnableEnhancedProtectedMode">Turn on Enhanced Protected
Mode</string>
<string id="Advanced_EnableEnhancedProtectedMode64Bit">Turn on 64-bit tab
processes when running in Enhanced Protected Mode on 64-bit versions of
Windows</string>
<string id="Advanced_DisableEPMCompat">Do not allow ActiveX controls to run
in Protected Mode when Enhanced Protected Mode is enabled</string>
<string id="Advanced_EnableHttp1_1">Use HTTP 1.1</string>
<string id="Advanced_ProxyHttp1_1">Use HTTP 1.1 through proxy
connections</string>
<string id="Advanced_EnableSSL3Fallback">Allow fallback to SSL 3.0 (Internet
Explorer)</string>
<string id="Advanced_FallbackNonProtected">Non-Protected Mode Sites</string>
<string id="Advanced_FallbackAll">All Sites</string>
<string id="Advanced_FallbackNone">No Sites</string>
<string id="Advanced_EnableHTTP2">Allow Internet Explorer to use the HTTP2
network protocol</string>
<string id="Advanced_SetWinInetProtocols">Turn off encryption
support</string>
<string id="NoPrinting">Turn off Print Menu</string>
<string id="Advanced_DisableFlipAhead">Turn off the flip ahead with page
prediction feature</string>
<string id="Advanced_DisablePrefetchPrerender">Turn off loading websites and
content in the background to optimize performance</string>
<string id="Advanced_AlwaysSendDoNotTrack">Always send Do Not Track
header</string>
<string id="Content_ShowContentAdvisor">Show Content Advisor on Internet
Options</string>
<string id="Advanced_ExplainEnableCaretBrowsing">This policy setting allows
you to turn Caret Browsing on or off. Caret Browsing allows users to browse to a
webpage by using the keyboard to move the cursor. Caret Browsing supports standard
text-editor functionality, such as using the Shift key to select text and copying a
selection to the clipboard. This policy setting is particularly useful to users who
do not use a mouse.
If you enable this policy setting, Caret Browsing is turned on.
If you disable this policy setting, Caret Browsing is turned off.
If you do not configure this policy setting, Caret Browsing support can be turned
on or off through the registry.</string>
<string id="Advanced_ExplainEnableEnhancedProtectedMode">Enhanced Protected
Mode provides additional protection against malicious websites by using 64-bit
processes on 64-bit versions of Windows. For computers running at least Windows 8,
Enhanced Protected Mode also limits the locations Internet Explorer can read from
in the registry and the file system.
If you enable this policy setting, Enhanced Protected Mode will be turned on. Any
zone that has Protected Mode enabled will use Enhanced Protected Mode. Users will
not be able to disable Enhanced Protected Mode.
If you disable this policy setting, Enhanced Protected Mode will be turned off. Any
zone that has Protected Mode enabled will use the version of Protected Mode
introduced in Internet Explorer 7 for Windows Vista.
If you do not configure this policy, users will be able to turn on or turn off
Enhanced Protected Mode on the Advanced tab of the Internet Options
dialog.</string>
<string id="Advanced_ExplainEnableEnhancedProtectedMode64Bit">This policy
setting determines whether Internet Explorer 11 uses 64-bit processes (for greater
security) or 32-bit processes (for greater compatibility) when running in Enhanced
Protected Mode on 64-bit versions of Windows.
Important: Some ActiveX controls and toolbars may not be available when 64-bit
processes are used.
If you enable this policy setting, Internet Explorer 11 will use 64-bit tab
processes when running in Enhanced Protected Mode on 64-bit versions of Windows.
If you disable this policy setting, Internet Explorer 11 will use 32-bit tab
processes when running in Enhanced Protected Mode on 64-bit versions of Windows.
If you don't configure this policy setting, users can turn this feature on or off
using Internet Explorer settings. This feature is turned off by default.</string>
<string id="Advanced_ExplainDisableEPMCompat">This policy setting prevents
ActiveX controls from running in Protected Mode when Enhanced Protected Mode is
enabled. When a user has an ActiveX control installed that is not compatible with
Enhanced Protected Mode and a website attempts to load the control, Internet
Explorer notifies the user and gives the option to run the website in regular
Protected Mode. This policy setting disables this notification and forces all
websites to run in Enhanced Protected Mode.
Enhanced Protected Mode provides additional protection against malicious websites

by using 64-bit processes on 64-bit versions of Windows. For computers running at
least Windows 8, Enhanced Protected Mode also limits the locations Internet
Explorer can read from in the registry and the file system.
When Enhanced Protected Mode is enabled, and a user encounters a website that
attempts to load an ActiveX control that is not compatible with Enhanced Protected
Mode, Internet Explorer notifies the user and gives the option to disable Enhanced
Protected Mode for that particular website.
If you enable this policy setting, Internet Explorer will not give the user the
option to disable Enhanced Protected Mode. All Protected Mode websites will run in
Enhanced Protected Mode.
If you disable or do not configure this policy setting, Internet Explorer notifies
users and provides an option to run websites with incompatible ActiveX controls in
regular Protected Mode. This is the default behavior.</string>
<string id="Advanced_ExplainEnableHttp1_1">This policy setting allows you to
manage whether Internet Explorer uses HTTP 1.1.
If you enable this policy setting, Internet Explorer uses HTTP 1.1.
If you disable this policy setting, Internet Explorer does not use HTTP 1.1.
If you do not configure this policy setting, users can configure Internet Explorer
to use or not use HTTP 1.1.</string>
<string id="Advanced_ExplainProxyHttp1_1">This policy setting allows you to
manage whether Internet Explorer uses HTTP 1.1 through proxy connections.
If you enable this policy setting, Internet Explorer uses HTTP 1.1 through proxy
connections.
If you disable this policy setting, Internet Explorer does not use HTTP 1.1 through
proxy connections.
If you do not configure this policy setting, users can configure Internet Explorer
to use or not use HTTP 1.1 through proxy connections.</string>
<string id="Advanced_ExplainEnableHTTP2">This policy setting determines
whether Internet Explorer uses the HTTP2 network protocol. HTTP2 requests help
optimize the latency of network requests through compression, multiplexing, and
prioritization.
If you enable this policy setting, Internet Explorer uses the HTTP2 network
protocol.
If you disable this policy setting, Internet Explorer won't use the HTTP2 network
protocol.
If you don't configure this policy setting, users can turn this behavior on or off,
using Internet Explorer Advanced Internet Options settings. The default is
on.</string>
<string id="Advanced_ExplainEnableSSL3Fallback">This policy setting allows
you to block an insecure fallback to SSL 3.0. When this policy is enabled, Internet
Explorer will attempt to connect to sites using SSL 3.0 or below when TLS 1.0 or
greater fails.
We recommend that you do not allow insecure fallback in order to prevent a man-in-
the-middle attack.
This policy does not affect which security protocols are enabled.
If you disable this policy, system defaults will be used.

</string>
<string id="Advanced_ExplainSetWinInetProtocols">This policy setting allows
you to turn off support for Transport Layer Security (TLS) 1.0, TLS 1.1, TLS 1.2,
Secure Sockets Layer (SSL) 2.0, or SSL 3.0 in the browser. TLS and SSL are
protocols that help protect communication between the browser and the target
server. When the browser attempts to set up a protected communication with the
target server, the browser and server negotiate which protocol and version to use.
The browser and server attempt to match each other’s list of supported protocols
and versions, and they select the most preferred match.
If you enable this policy setting, the browser negotiates or does not negotiate an
encryption tunnel by using the encryption methods that you select from the drop-
down list.
If you disable or do not configure this policy setting, the user can select which
encryption method the browser supports.
Note: SSL 2.0 is off by default. SSL 2.0 is an outdated security protocol, and
enabling SSL 2.0 impairs the performance and functionality of TLS 1.0.</string>
<string id="IE_ExplainNoPrinting">This policy setting allows you to manage
whether users can access the Print menu. Starting with Windows 8, this policy
setting also allows you to manage whether users can access the Print flyout for
Internet Explorer and any printers under the Devices charm.
If you enable this policy setting, the Print menu in Internet Explorer will not be
available. Starting with Windows 8, the Print flyout for Internet Explorer will not
be available, and users will not see printers under the Devices charm.
If you disable or do not configure this policy setting, the Print menu in Internet
Explorer will be available. Starting with Windows 8, the Print flyout for Internet
Explorer will be available, and users will see installed printers under the Devices
charm.</string>
<string id="Advanced_ExplainDisableFlipAhead">This policy setting determines
whether a user can swipe across a screen or click Forward to go to the next pre-
loaded page of a website.
Microsoft collects your browsing history to improve how flip ahead with page
prediction works. This feature isn't available for Internet Explorer for the
desktop.
If you enable this policy setting, flip ahead with page prediction is turned off
and the next webpage isn't loaded into the background.
If you disable this policy setting, flip ahead with page prediction is turned on
and the next webpage is loaded into the background.
If you don't configure this setting, users can turn this behavior on or off, using
the Settings charm.</string>
<string id="Advanced_ExplainDisablePrefetchPrerender">This policy setting
determines whether Internet Explorer preemptively loads websites and content in the
background, speeding up performance such that when the user clicks a hyperlink, the
background page seamlessly switches into view.
If you enable this policy setting, Internet Explorer doesn't load any websites or
content in the background.
If you disable this policy setting, Internet Explorer preemptively loads websites
and content in the background.
If you don't configure this policy setting, users can turn this behavior on or off,
using Internet Explorer settings. This feature is turned on by default</string>
<string id="Advanced_ExplainAlwaysSendDoNotTrack">This policy setting allows
you to configure how Internet Explorer sends the Do Not Track (DNT) header.
If you enable this policy setting, Internet Explorer sends a DNT:1 header with all
HTTP and HTTPS requests. The DNT:1 header signals to the servers not to track the
user.
For Internet Explorer 9 and 10:

If you disable this policy setting, Internet Explorer only sends the Do Not Track
header if a Tracking Protection List is enabled or inPrivate Browsing mode is used.
For at least Internet Explorer 11:

If you disable this policy setting, Internet Explorer only sends the Do Not Track
header if inPrivate Browsing mode is used.
If you don't configure the policy setting, users can select the Always send Do Not
Track header option, in Internet Explorer settings. By selecting this option,
Internet Explorer sends a DNT:1 header with all HTTP and HTTPS requests; unless the
user grants a site-specific exception. Internet Explorer sends a DNT:0 header to
any sites granted an exception. By default, this option is turned on.</string>
<string id="Content_ExplainShowContentAdvisor">This policy setting shows the
Content Advisor setting on the Content tab of the Internet Options dialog box.
If you enable this policy setting, Internet Explorer displays the Content Advisor
setting on the Content tab of the Internet Options dialog box. Users can change
Content Advisor settings.
If you disable or do not configure this policy setting, Internet Explorer does not
display the Content Advisor setting on the Content tab of the Internet Options
dialog box.</string>
<string id="Protocols_None">Use no secure protocols</string>
<string id="Protocols_SSL2">Only use SSL 2.0</string>
<string id="Protocols_SSL3">Only use SSL 3.0</string>
<string id="Protocols_SSL2_SSL3">Use SSL 2.0 and SSL 3.0</string>
<string id="Protocols_TLS10">Only use TLS 1.0</string>
<string id="Protocols_SSL2_TLS10">Use SSL 2.0 and TLS 1.0</string>
<string id="Protocols_SSL2_SSL3_TLS10">Use SSL 2.0, SSL 3.0, and TLS
1.0</string>
1.1</string>
<string id="Protocols_TLS10_TLS11">Use TLS 1.0 and TLS 1.1</string>
<string id="Protocols_SSL2_TLS10_TLS11">Use SSL 2.0, TLS 1.0, and TLS
1.1</string>
1.1</string>
<string id="Protocols_SSL2_SSL3_TLS10_TLS11">Use SSL 2.0, SSL 3.0, TLS 1.0,
and TLS 1.1</string>
1.2</string>
1.2</string>
1.2</string>
1.2</string>
1.2</string>
<string id="Protocols_TLS10_TLS11_TLS12">Use TLS 1.0, TLS 1.1, and TLS
1.2</string>
<string id="Protocols_SSL2_TLS10_TLS11_TLS12">Use SSL 2.0, TLS 1.0, TLS 1.1,
<string id="Protocols_SSL3_TLS10_TLS11_TLS12">Use SSL 3.0, TLS 1.0, TLS 1.1,
<string id="Protocols_SSL2_SSL3_TLS10_TLS11_TLS12">Use SSL 2.0, SSL 3.0, TLS
1.0, TLS 1.1, and TLS 1.2</string>
<string id="LockToolbars">Lock all toolbars</string>
<string id="MoveStopRefresh">Lock location of Stop and Refresh
buttons</string>
<string id="NewTab_AboutBlank">about:blank</string>
<string id="NewTab_AboutTabs">New tab page</string>
<string id="NewTab_Homepage">Home page</string>
<string id="NewTabAction">Specify default behavior for a new tab</string>
<string id="SecondaryHomePages">Disable changing secondary home page
settings</string>
<string id="SetCommandLabels">Customize command labels</string>
<string id="TabProcGrowth">Set tab process growth</string>
<string id="FastShutdownOnUnload">Allow Internet Explorer 8 shutdown
behavior</string>
<string id="UseLargeIcons">Use large icons for command buttons</string>
<string id="MoveTabBand">Display tabs on a separate row</string>
<string id="CommandLabels_Icons">Show only icons</string>
<string id="CommandLabels_Selective">Show selective text</string>
<string id="CommandLabels_Text">Show all text labels</string>
<string id="HideCommandBar">Hide the Command bar</string>
<string id="HideStatusBar">Hide the status bar</string>
<string id="IE_ExplainHideCommandBar">This policy setting allows you to show
or hide the Command bar.
If you enable this policy setting, the Command bar is hidden and the user cannot
choose to show it.
If you disable this policy setting, the Command bar is shown and the user cannot
choose to hide it.
If you do not configure this policy setting, the Command bar is shown by default,
and the user can choose to hide it.</string>
<string id="IE_ExplainHideStatusBar">This policy setting allows you to show
or hide the status bar.
If you enable this policy setting, the status bar is hidden and the user cannot
choose to show it.
If you disable this policy setting, the status bar is shown and the user cannot
choose to hide it.
If you do not configure this policy setting, the status bar is shown by default,
and the user can choose to hide it.</string>
<string id="IE_ExplainLockToolbars">This policy setting allows you to lock or
unlock the toolbars on the user interface.
If you enable this policy setting, the toolbars are locked and the user cannot move
them.
If you disable this policy setting, the toolbars are unlocked and the user can move
them.
If you do not configure this policy setting, the toolbars are locked by default,
but the user can unlock them through the shortcut menu of the Command bar.</string>
<string id="IE_ExplainMoveStopRefresh">This policy setting allows you to lock
the Stop and Refresh buttons next to the Back and Forward buttons.
If you enable this policy setting, the Stop and Refresh buttons are next to the
Forward and Back buttons, and the user cannot move them.
If you disable this policy setting, the Stop and Refresh buttons are next to the
Address bar, and the user cannot move them.
If you do not configure this policy setting, the Stop and Refresh buttons are next
to the Address bar by default, and the user can choose to move them.</string>
<string id="IE_ExplainNewTabAction">This policy setting allows you to specify
what is displayed when the user opens a new tab.
If you enable this policy setting, you can choose which page to display when the
user opens a new tab: blank page (about:blank), the first home page, or the new tab
page.
If you disable or do not configure this policy setting, the user can select his or
her preference for this behavior. The new tab page is the default setting.</string>
<string id="IE_ExplainSecondaryHomePages">Secondary home pages are the
default Web pages that Internet Explorer loads in separate tabs from the home page
whenever the browser is run. This policy setting allows you to set default
secondary home pages.
If you enable this policy setting, you can specify which default home pages should
load as secondary home pages. The user cannot set custom default secondary home
pages.
If you disable or do not configure this policy setting, the user can add secondary
home pages.
Note: If the “Disable Changing Home Page Settings” policy is enabled, the user
cannot add secondary home pages.</string>
<string id="IE_ExplainSetCommandLabels">This policy setting allows you to
choose among three different labels for command buttons: show all text labels, show
selective text, or show only icons.
If you enable this policy setting, command buttons are displayed according to which
one of the following options you choose, and the user cannot change how command
buttons are displayed:
Show all text labels: All command buttons have only text.
Show selective text: Some command buttons have only text; some have icons and text.
Show only icons: All command buttons have only icons.

If you disable or do not configure this policy setting, the command buttons show
selective text by default, and the user can change this.</string>
<string id="IE_ExplainTabProcGrowth">This policy setting allows you to set
the rate at which Internet Explorer creates new tab processes. There are two
algorithms that Internet Explorer uses.
The default algorithm has four settings: low, medium, high, or default. Low creates
very few tab processes; medium creates a moderate amount of tab processes; and high
allows the tab process to grow very quickly and is intended only for computers that
have ample physical memory. The default setting creates the optimal number of tab
processes based on the operating system and amount of physical memory. We recommend
the default setting.
The second algorithm must be explicitly enabled through the creation of an integer
setting. In this case, each Internet Explorer isolation setting will quickly grow
to use the specified integer number of tab processes, regardless of the physical
memory on the computer or how many Internet Explorer isolation settings are
running.
If you enable this policy setting, you set the rate at which Internet Explorer
creates new tab processes to low, medium, or high, or to an integer.
If you disable or do not configure this policy setting, the tab process growth is
set to the default. The user can change this value by using the registry key. Note:
On Terminal Server, the default value is the integer “1”.</string>
<string id="IE_ExplainFastShutdownOnUnload">This policy setting allows you to
revert to the Internet Explorer 8 behavior of allowing OnUnLoad script handlers to
display UI during shutdown. This policy setting may be needed to fix compatibility
problems with particular web applications.
If you enable this policy setting, OnUnLoad script handlers display UI during
shutdown.
If you disable or do not configure this policy setting, OnUnLoad script handlers do
not display UI during shutdown (default behavior in Internet Explorer 9).</string>
<string id="IE_ExplainUseLargeIcons">This policy setting allows you increase
the size of icons for command buttons.
If you enable this policy setting, icons for command buttons are 20 x 20 pixels and
cannot be made smaller (16 x 16 pixels).
If you disable this policy setting, icons for command buttons are 16 x 16 pixels
(the default) and cannot be made bigger (20 x 20 pixels).
If you do not configure this policy setting, icons for command buttons are 16 x 16
pixels, and the user can make them bigger (20 x 20 pixels).</string>
<string id="IE_ExplainMoveTabBand">This policy setting allows you to manage
where tabs are displayed.
If you enable this policy setting, tabs are displayed on a separate row.
If you disable this policy setting, tabs are not displayed on a separate row.
If you do not configure this policy setting, the user can change where tabs are
displayed.</string>
<string id="SearchDisableUserSuggestions">Turn off suggestions for all user-
installed providers</string>
<string id="SearchTurnOffQuickPick">Turn off the quick pick menu</string>
<string id="IE_ExplainSearchDisableUserSuggestions">This policy setting
allows you to turn off suggestions for all user-installed search providers.
If you enable this policy setting, the user cannot view suggestions for user-
installed search providers.
If you disable or do not configure this policy setting, the user can choose to view
suggestions for all user-installed search providers that offer
suggestions.</string>
<string id="IE_ExplainSearchTurnOffQuickPick">This policy setting allows you
to prevent the quick pick menu from appearing when a user clicks in the Search box.
If you enable this policy setting, when a user clicks in the Search box, the quick
pick menu does not appear until the user starts typing.
If you disable or do not configure this policy setting, when a user clicks in the
Search box, the quick pick menu appears.</string>
<string id="DisableActiveXFirstPrompt">Turn off ActiveX Opt-In
prompt</string>
<string id="DisablePerUserActiveXInstall">Prevent per-user installation of
ActiveX controls</string>
<string id="OnlyUseAXISForActiveXInstall">Specify use of ActiveX Installer
Service for installation of ActiveX controls</string>
<string id="EnableSuggestedSites">Turn on Suggested Sites</string>
<string id="IE_ExplainDisableActiveXFirstPrompt">This policy setting allows
you to turn off the ActiveX Opt-In prompt. ActiveX Opt-In prevents websites from
loading any ActiveX control without prior approval. If a website attempts to load
an ActiveX control that Internet Explorer has not used before, a Notification bar
will appear, asking the user for approval.
If you enable this policy setting, the ActiveX Opt-In prompt does not appear.
Internet Explorer does not ask the user for permission to load an ActiveX control,
and Internet Explorer loads the control if it passes all other internal security
checks.
If you disable or do not configure this policy setting, the ActiveX Opt-In prompt
appears.</string>
<string id="IE_ExplainDisablePerUserActiveXInstall">This policy setting
allows you to prevent the installation of ActiveX controls on a per-user basis.
If you enable this policy setting, ActiveX controls cannot be installed on a per-
user basis.
If you disable or do not configure this policy setting, ActiveX controls can be
installed on a per-user basis.</string>
<string id="IE_ExplainOnlyUseAXISForActiveXInstall">This policy setting allows
you to specify how ActiveX controls are installed.
If you enable this policy setting, ActiveX controls are installed only if the
ActiveX Installer Service is present and has been configured to allow the
installation of ActiveX controls.
If you disable or do not configure this policy setting, ActiveX controls, including
per-user controls, are installed through the standard installation
process.</string>
<string id="IE_ExplainEnableSuggestedSites">This policy setting controls the
Suggested Sites feature, which recommends websites based on the user’s browsing
activity. Suggested Sites reports a user’s browsing history to Microsoft to suggest
sites that the user might want to visit.
If you enable this policy setting, the user is not prompted to enable Suggested
Sites. The user’s browsing history is sent to Microsoft to produce suggestions.
If you disable this policy setting, the entry points and functionality associated
with this feature are turned off.
If you do not configure this policy setting, the user can turn on and turn off the
Suggested Sites feature.</string>
<string id="CategoryPrivacy">Privacy</string>
<string id="DisableInPrivateBrowsing">Turn off InPrivate Browsing</string>
<string id="IE_ExplainDisableInPrivateBrowsing">This policy setting allows
you to turn off the InPrivate Browsing feature.
InPrivate Browsing prevents Internet Explorer from storing data about a user's
browsing session. This includes cookies, temporary Internet files, history, and
other data.
If you enable this policy setting, InPrivate Browsing is turned off.
If you disable this policy setting, InPrivate Browsing is available for use.
If you do not configure this policy setting, InPrivate Browsing can be turned on or
off through the registry.</string>
<string id="DisableInPrivateToolbars">Prevent the computer from loading
toolbars and Browser Helper Objects when InPrivate Browsing starts</string>
<string id="IE_ExplainDisableInPrivateToolbars">This policy setting allows
you to choose whether or not toolbars and Browser Helper Objects (BHOs) are loaded
by default during an InPrivate Browsing session.
Toolbars and BHOs may store data about a user's browsing session. By default, the
computer does not load them when InPrivate Browsing starts.
If you enable this policy setting, toolbars and BHOs are not loaded by default
during an InPrivate Browsing session.
If you disable this policy setting, toolbars and BHOs are loaded by default during
an InPrivate Browsing session.
If you do not configure this policy setting, it can be configured on the Privacy
tab in Internet Options.</string>
<string id="DisableInPrivateLogging">Turn off collection of InPrivate
Filtering data</string>
<string id="IE_ExplainDisableInPrivateLogging">This policy setting allows you
to turn off the collection of data used by the InPrivate Filtering Automatic mode.
The data consists of the URLs of third-party content, along with data about the
first-party websites that referenced it. It is collected during non-InPrivate
(normal) browsing sessions.
If you enable this policy setting, InPrivate Filtering data collection is turned
off.
If you disable this policy setting, InPrivate Filtering collection is turned on.
If you do not configure this policy setting, InPrivate Filtering data collection
can be turned on or off on the Privacy tab in Internet Options.</string>
<string id="InPrivateBlockingThresholdV8">Establish InPrivate Filtering
threshold</string>
<string id="IE_ExplainInPrivateBlockingThresholdV8">This policy setting
allows you to establish the threshold for InPrivate Filtering Automatic mode.
The threshold sets the number of first-party sites that a particular third-party
item can be referenced from before it is blocked. Setting this value lower can help
prevent more third-party sites from obtaining details about a user's browsing.
However, doing so may cause compatibility issues on some websites. The allowed
value range is 3 through 30.
If you enable this policy setting, the selected value is enforced.
If you disable or do not configure this policy setting, the user can establish the
InPrivate Filtering threshold by clicking the Safety button and then clicking
InPrivate Filtering.</string>
<string id="InPrivateBlockingThresholdV9">Establish Tracking Protection
threshold</string>
<string id="IE_ExplainInPrivateBlockingThresholdV9">This policy setting
allows you to establish the threshold for Tracking Protection Automatic mode.
The threshold sets the number of first-party sites that a particular third-party
item can be referenced from before it is blocked. Setting this value lower can help
prevent more third-party sites from obtaining details about a user's browsing.
However, doing so may cause compatibility issues on some websites. The allowed
value range is 3 through 30.
If you enable this policy setting, the selected value is enforced.
If you disable or do not configure this policy setting, the user can establish the
Tracking Protection threshold by clicking the Safety button and then clicking
Tracking Protection.</string>
<string id="DisableInPrivateBlockingV8">Turn off InPrivate Filtering</string>
<string id="IE_ExplainDisableInPrivateBlockingV8">This policy setting allows
you to turn off InPrivate Filtering.
InPrivate Filtering helps users control whether third parties can automatically
collect information about their browsing based on the sites that they visit.
InPrivate Filtering does this by identifying third-party content that is used by
multiple websites that users have visited.
If you enable this policy setting, InPrivate Filtering is turned off in all
browsing sessions, and InPrivate Filtering data is not collected.
If you disable this policy setting, InPrivate Filtering is available for use.
If you do not configure this policy setting, it can be configured through the
registry.</string>
<string id="DisableInPrivateBlockingV9">Turn off Tracking Protection</string>
<string id="IE_ExplainDisableInPrivateBlockingV9">This policy setting allows
you to turn off Tracking Protection.
Tracking Protection helps users control whether third parties can automatically
collect information about their browsing based on the sites that they visit.
Tracking Protection does this by identifying third-party content that is used by
multiple websites that users have visited.
If you enable this policy setting, Tracking Protection is disabled in all browsing
sessions, and Tracking Protection data is not collected.
If you disable this policy setting, Tracking Protection is available for use.
If you do not configure this policy setting, it can be configured through the
registry.</string>
<string id="CategoryAccelerators">Accelerators</string>
<string id="DeployAccelerators">Add non-default Accelerators</string>
<string id="DeployDefaultAccelerators">Add default Accelerators</string>
<string id="IE_ExplainDeployAccelerators">This policy setting allows you to
add non-default Accelerators.
If you enable this policy setting, the specified Accelerators are added to the
user's browser. The user can append other Accelerators to this list, but the user
cannot remove or change the Accelerators that this policy setting has added.
Default and non-default Accelerators should not overlap.
If you disable or do not configure this policy setting, the user has Accelerators
that are provided through first use of the browser.</string>
<string id="IE_ExplainDeployDefaultAccelerators">This policy setting allows
you to add default Accelerators.
If you enable this policy setting, the specified Accelerators are added to the
user's browser. The user can append other Accelerators to this list, but the user
cannot remove or change the Accelerators that this policy setting has added.
Default and non-default Accelerators should not overlap.
If you disable or do not configure this policy setting, the user has Accelerators
that are provided through first use of the browser.</string>
<string id="IE_ExplainTurnOffAccelerators">This policy setting allows you to
manage whether users can access Accelerators.
If you enable this policy setting, users cannot access Accelerators.
If you disable or do not configure this policy setting, users can access
Accelerators and install new Accelerators.</string>
<string id="IE_ExplainUsePolicyAccelerators">This policy setting restricts
the list of Accelerators that the user can access to only the set deployed through
Group Policy.
If you enable this policy setting, the user can access only Accelerators that are
deployed through Group Policy. The user cannot add or delete Accelerators.
If you disable or do not configure this policy setting, the user can access any
Accelerators that he or she has installed.</string>
<string id="TurnOffAccelerators">Turn off Accelerators</string>
<string id="UsePolicyAccelerators">Restrict Accelerators to those deployed
through Group Policy</string>
<string id="CategoryCompatView">Compatibility View</string>
<string id="CompatView_AllSites">Turn on Internet Explorer 7 Standards
Mode</string>
<string id="CompatView_DisableList">Turn off Compatibility View</string>
<string id="CompatView_IntranetSites">Turn on Internet Explorer Standards
Mode for local intranet</string>
<string id="CompatView_ShowButton">Turn off Compatibility View
button</string>
<string id="CompatView_UsePolicyList">Use Policy List of Internet Explorer 7
sites</string>
<string id="CompatView_UseQuirksPolicyList">Use Policy List of Quirks Mode
sites</string>
<string id="CompatView_UseMSList">Include updated website lists from
Microsoft</string>
<string id="IE_ExplainCompatView_AllSites">This policy setting allows you to
turn on Internet Explorer 7 Standards Mode. Compatibility View determines how
Internet Explorer identifies itself to a web server and determines whether content
is rendered in Internet Explorer 7 Standards Mode or the Standards Mode available
in the latest version of Internet Explorer.
If you enable this policy setting, Internet Explorer uses an Internet Explorer 7
user agent string (with an additional string appended). Additionally, all Standards
Mode webpages appear in Internet Explorer 7 Standards Mode. This option results in
the greatest compatibility with existing webpages, but newer content written to
common Internet standards may be displayed incorrectly.
If you disable this policy setting, Internet Explorer uses a current user agent
string. Additionally, all Standards Mode webpages appear in the Standards Mode
available in the latest version of Internet Explorer. This option matches the
default behavior of Internet Explorer.
If you do not configure this policy setting, the user can turn on and turn off
Internet Explorer 7 Standards Mode.</string>
<string id="IE_ExplainCompatView_DisableList">This policy setting controls
the Compatibility View feature, which allows the user to fix website display
problems that he or she may encounter while browsing.
If you enable this policy setting, the user cannot use the Compatibility View
button or manage the Compatibility View sites list.
If you disable or do not configure this policy setting, the user can use the
Compatibility View button and manage the Compatibility View sites list.</string>
<string id="IE_ExplainCompatView_IntranetSites">This policy setting controls
how Internet Explorer displays local intranet content. Intranet content is defined
as any webpage that belongs to the local intranet security zone.
If you enable this policy setting, Internet Explorer uses the current user agent
string for local intranet content. Additionally, all local intranet Standards Mode
pages appear in the Standards Mode available with the latest version of Internet
Explorer. The user cannot change this behavior through the Compatibility View
Settings dialog box.
If you disable this policy setting, Internet Explorer uses an Internet Explorer 7
user agent string (with an additional string appended) for local intranet content.
Additionally, all local intranet Standards Mode pages appear in Internet Explorer 7
Standards Mode. The user cannot change this behavior through the Compatibility View
Settings dialog box.
If you do not configure this policy setting, Internet Explorer uses an Internet
Explorer 7 user agent string (with an additional string appended) for local
intranet content. Additionally, all local intranet Standards Mode pages appear in
Internet Explorer 7 Standards Mode. This option results in the greatest
compatibility with existing webpages, but newer content written to common Internet
standards may be displayed incorrectly. This option matches the default behavior of
Internet Explorer.</string>
<string id="IE_ExplainCompatView_ShowButton">This policy setting controls the
Compatibility View button that appears on the Command bar. This button allows the
user to fix website display problems that he or she may encounter while browsing.
If you enable this policy setting, the user cannot use the Compatibility View
button.
If you disable or do not configure this policy setting, the user can use the
Compatibility View button.</string>
<string id="IE_ExplainCompatView_UsePolicyList">This policy setting allows
you to add specific sites that must be viewed in Internet Explorer 7 Compatibility
View.
If you enable this policy setting, the user can add and remove sites from the list,
but the user cannot remove the entries that you specify.
If you disable or do not configure this policy setting, the user can add and remove
sites from the list.</string>
<string id="IE_ExplainCompatView_UseQuirksPolicyList">Compatibility View
determines how Internet Explorer identifies itself to a web server and determines
whether content is rendered in Quirks Mode or the Standards Mode available in the
latest version of Internet Explorer.
If you enable this policy setting, Internet Explorer uses an Internet Explorer 7
user agent string (with an additional string appended). Additionally, webpages
included in this list appear in Quirks Mode.</string>
<string id="IZ_PolicyWarnCertMismatch">Turn on certificate address mismatch
warning</string>
<string id="IZ_ExplainPolicyWarnCertMismatch">This policy setting allows you
to turn on the certificate address mismatch security warning. When this policy
setting is turned on, the user is warned when visiting Secure HTTP (HTTPS) websites
that present certificates issued for a different website address. This warning
helps prevent spoofing attacks.
If you enable this policy setting, the certificate address mismatch warning always
appears.
If you disable or do not configure this policy setting, the user can choose whether
the certificate address mismatch warning appears (by using the Advanced page in the
Internet Control panel).</string>
<string id="IE_ExplainCompatView_UseMSList">This policy controls the website
compatibility lists that Microsoft provides. The updated website lists are
available on Windows Update.
If you enable this policy setting, the Microsoft-provided website lists are used
during browser navigation. If a user visits a site on the compatibility lists, the
pages are automatically displayed in Compatibility View.
If you disable this policy setting, the Microsoft-provided website lists are not
used. Additionally, the user cannot activate the feature by using the Compatibility
View Settings dialog box.
If you do not configure this policy setting, the Microsoft-provided website lists
are not active. The user can activate the feature by using the Compatibility View
Settings dialog box.</string>
<string id="DisableReopenLastBrowsingSession">Turn off Reopen Last Browsing
Session</string>
<string id="IE_ExplainDisableReopenLastBrowsingSession">This policy setting
allows you to manage whether a user has access to the Reopen Last Browsing Session
feature in Internet Explorer.
If you enable this policy setting, the user cannot use the Reopen Last Browsing
Session feature.
If you disable or do not configure this policy setting, the user can use the Reopen
Last Browsing Session feature.</string>
<string id="TurnOffPinnedSites">Turn off ability to pin sites in Internet
Explorer on the desktop</string>
<string id="IE_ExplainTurnOffPinnedSites">This policy setting allows you to
manage whether users can pin sites to locations where pinning is allowed, such as
the taskbar, the desktop, or File Explorer.
If you enable this policy setting, users cannot pin sites.
If you disable or do not configure this policy setting, users can pin
sites.</string>
<string id="EnterpriseModeEnable">Let users turn on and use Enterprise Mode
from the Tools menu</string>
<string id="IE_ExplainEnterpriseModeEnable">This policy setting lets you
decide whether users can turn on Enterprise Mode for websites with compatibility
issues. Optionally, this policy also lets you specify where to get reports (through
post messages) about the websites for which users turn on Enterprise Mode using the
Tools menu.
If you turn this setting on, users can see and use the Enterprise Mode option from
the Tools menu. If you turn this setting on, but don't specify a report location,
Enterprise Mode will still be available to your users, but you won't get any
reports.
If you disable or don't configure this policy setting, the menu option won't appear
and users won't be able to run websites in Enterprise Mode.</string>
<string id="VerMgmtDisable">Turn off blocking of outdated ActiveX controls
for Internet Explorer</string>
<string id="IE_ExplainVerMgmtDisable">This policy setting determines whether
Internet Explorer blocks specific outdated ActiveX controls. Outdated ActiveX
controls are never blocked in the Intranet Zone.
If you enable this policy setting, Internet Explorer stops blocking outdated
ActiveX controls.
If you disable or don't configure this policy setting, Internet Explorer continues
to block specific outdated ActiveX controls.
For more information, see "Outdated ActiveX Controls" in the Internet Explorer
TechNet library.</string>
<string id="VerMgmtAuditModeEnable">Turn on ActiveX control logging in
Internet Explorer</string>
<string id="IE_ExplainVerMgmtAuditModeEnable">This policy setting determines
whether Internet Explorer saves log information for ActiveX controls.
If you enable this policy setting, Internet Explorer logs ActiveX control
information (including the source URI that loaded the control and whether it was
blocked) to a local file.
If you disable or don't configure this policy setting, Internet Explorer won't log
ActiveX control information.
Note that you can turn this policy setting on or off regardless of the "Turn off
blocking of outdated ActiveX controls for Internet Explorer" or "Turn off blocking
of outdated ActiveX controls for Internet Explorer on specific domains" policy
settings.
<string id="VerMgmtDomainAllowlist">Turn off blocking of outdated ActiveX
controls for Internet Explorer on specific domains</string>
<string id="IE_ExplainVerMgmtDomainAllowlist">This policy setting allows you
to manage a list of domains on which Internet Explorer will stop blocking outdated
ActiveX controls. Outdated ActiveX controls are never blocked in the Intranet Zone.
If you enable this policy setting, you can enter a custom list of domains for which
outdated ActiveX controls won't be blocked in Internet Explorer. Each domain entry
must be formatted like one of the following:
1. "domain.name.TLD". For example, if you want to include *.contoso.com/*, use

"contoso.com"
2. "hostname". For example, if you want to include http://example, use "example"
3. "file:///path/filename.htm". For example, use
"file:///C:/Users/contoso/Desktop/index.htm"
If you disable or don't configure this policy setting, the list is deleted and
Internet Explorer continues to block specific outdated ActiveX controls on all
domains in the Internet Zone.
<string id="VerMgmtDisableRunThisTime">Remove "Run this time" button for
outdated ActiveX controls in Internet Explorer </string>
<string id="IE_ExplainVerMgmtDisableRunThisTime">This policy setting allows
you to stop users from seeing the "Run this time" button and from running specific
outdated ActiveX controls in Internet Explorer.
If you enable this policy setting, users won't see the "Run this time" button on
the warning message that appears when Internet Explorer blocks an outdated ActiveX
control.
If you disable or don't configure this policy setting, users will see the "Run this
time" button on the warning message that appears when Internet Explorer blocks an
outdated ActiveX control. Clicking this button lets the user run the outdated
ActiveX control once.
<string id="EnterpriseModeSiteList">Use the Enterprise Mode IE website
list</string>
<string id="IE_ExplainEnterpriseModeSiteList">This policy setting lets you
specify where to find the list of websites you want opened using Enterprise Mode
IE, instead of Standard mode, because of compatibility issues. Users can't edit
this list.
If you enable this policy setting, Internet Explorer downloads the website list
from your location (HKCU or HKLM\Software\policies\Microsoft\Internet
Explorer\Main\EnterpriseMode), opening all listed websites using Enterprise Mode
IE.
If you disable or don't configure this policy setting, Internet Explorer opens all
websites using Standards mode.</string>
<string id="CategoryGeneralPage">General Page</string>
<string id="CategoryBrowsingHistory">Browsing History</string>
<string id="DefaultDomainCacheLimitInMB">Set default storage limits for
websites</string>
<string id="IE_ExplainDefaultDomainCacheLimitInMB">This policy setting sets
data storage limits for indexed database and application caches for individual
websites. When you set this policy setting, you provide the cache limit, in MB.
If you enable this policy setting, Internet Explorer displays a notification when a
website exceeds the configured storage limit.
If you disable or do not configure this policy setting, users can set default data
storage limits for indexed databases and application caches.</string>
<string id="IndexedDB_AllowWebsiteDatabases">Allow websites to store indexed
databases on client computers</string>
<string id="IE_ExplainIndexedDB_AllowWebsiteDatabases">This policy setting
allows websites to store indexed database cache information on client computers.
If you enable this policy setting, websites will be able to store an indexed
database on client computers. Allow website database and caches on Website Data
Settings will be unavailable to users.
If you disable this policy setting, websites will not be able to store an indexed
database on client computers. Allow website database and caches on Website Data
Settings will be unavailable to users.
If you do not configure this policy setting, websites will be able to store an
indexed database on client computers. Allow website database and caches on Website
Data Settings will be available to users. Users can choose whether or not to allow
websites to store data on their computers.</string>
<string id="IndexedDB_MaxTrustedDomainLimitInMB">Set indexed database storage
limits for individual domains</string>
<string id="IE_ExplainIndexedDB_MaxTrustedDomainLimitInMB">This policy
setting sets data storage limits for indexed databases of websites that have been
allowed to exceed their storage limit. The “Set default storage limits for
websites” policy setting sets the data storage limits for indexed databases. If a
domain exceeds the indexed database storage limit for an individual domain,
Internet Explorer sends an error to the website. No notification is sent to the
user. This group policy sets the maximum data storage limit for domains that are
trusted by users. When you set this policy setting, you provide the cache limit, in
MB. The default is 500 MB.
If you enable this policy setting, Internet Explorer will allow trusted domains to
store additional data in indexed databases, up to the limit set in this group
policy.
If you disable or do not configure this policy setting, Internet Explorer will use
the default maximum storage limit for all indexed databases. The default is 500
MB.</string>
<string id="IndexedDB_TotalLimitInMB">Set maximum indexed database storage
limit for all domains</string>
<string id="IE_ExplainIndexedDB_TotalLimitInMB">This policy setting sets the
data storage limit for all combined indexed databases for a user. When you set this
policy setting, you provide the storage limit in MB. When the limit is reached,
Internet Explorer notifies the user, and the user must delete indexed databases
before an updated database

5-Control de Calidad

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

5-Control de Calidad

Uploaded by

Copyright:

Available Formats

but is not displayed in the settings for Internet Explorer.

The Local Machine zone

If you disable or do not configure this policy setting, the MK Protocol is

If you do not configure this policy setting, the policy setting is

If you disable or do not configure this policy setting, object reference is

If you do not configure this policy setting, an object reference is no longer

Zone Elevation also disables JavaScript navigation if there is no security context.

Script-initiated popup windows are now constrained so that they:

If you disable this template policy setting, no security level is configured.

If you do not configure this template policy setting, no security level is

Note. It is recommended to configure template policy settings in one Group Policy

If you enable this policy setting, scripted windows are displayed.

If you disable this policy setting, these files do not open.

If you disable the policy setting, signed controls cannot be downloaded.

If you do not configure this policy setting, signed controls cannot be

If you disable the policy setting, signed controls cannot be downloaded.

<string id="IZ_PolicyRenderLegacyFilters">Render legacy filters</string>

<string id="IZ_PolicyRenderLegacyFilters_ExplainDefaultEnable">This policy

<string id="IZ_PolicyFileDownload">Allow file downloads</string>

Low Safety enables applets to perform all operations.

If you disable this policy setting, Java applets cannot run.

Low Safety enables applets to perform all operations.

If you disable this policy setting, Java applets cannot run.

Low Safety enables applets to perform all operations.

If you disable this policy setting, Java applets cannot run.

Low Safety enables applets to perform all operations.

If you disable this policy setting, Java applets cannot run.

Low safety to allow users to be notified of software updates by e-mail, software

Medium safety to allow users to be notified of software updates by e-mail and

Low safety to allow users to be notified of software updates by e-mail, software

Medium safety to allow users to be notified of software updates by e-mail and

Low safety to allow users to be notified of software updates by e-mail, software

Medium safety to allow users to be notified of software updates by e-mail and

If you enable this policy setting, Internet Explorer is started automatically to

This feature only applies to versions of Internet Explorer up to and including

If you enable this policy setting, Tab Grouping is turned off.

If you disable this policy setting, Tab Grouping is turned on.

With at least Internet Explorer 11:

This feature is available in the Delete Browsing History dialog box.

In versions of Internet Explorer before Internet Explorer 8, the default connection

In versions of Internet Explorer prior to Internet Explorer 8, the default

If you enable this policy setting, Caret Browsing is turned on.

If you disable this policy setting, Caret Browsing is turned off.

Enhanced Protected Mode provides additional protection against malicious websites

If you disable this policy, system defaults will be used.

For Internet Explorer 9 and 10:

For at least Internet Explorer 11:

Show only icons: All command buttons have only icons.

If you enable this policy setting, InPrivate Browsing is turned off.

If you enable this policy setting, the selected value is enforced.

If you enable this policy setting, the selected value is enforced.

If you enable this policy setting, users cannot access Accelerators.

If you enable this policy setting, users cannot pin sites.

1. "domain.name.TLD". For example, if you want to include *.contoso.com/*, use

You might also like

1. "domain.name.TLD". For example, if you want to include .contoso.com/, use