Policies
The Internet Explorer polices are stored in multiple keys.
Order of application:
HKEY_LOCAL_MACHINE policy key (Administrative override)
HKEY_CURRENT_USER policy key
HKEY_CURRENT_USER preference key
HKEY_LOCAL_MACHINE preference key (System default settings)
Note that the location of the HKEY_LOCAL_MACHINE policy and preference key is dependent on the usage of WoW64 (Windows 32-bit on Windows 64-bit).
Normal:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl
WoW64:
HKEY_LOCAL_MACHINE\Wow6432Node\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINE\Wow6432Node\Software\Microsoft\Internet Explorer\Main\FeatureControl
Policies
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer
Values:
Value | Data type | Description |
---|---|---|
Download Directory | REG_SZ | The user specific download directory |
Download policies
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Download
Values:
Value | Data type | Description |
---|---|---|
CheckExeSignatures | REG_SZ | |
RunInvalidSignatures | REG_DOWRD |
Feature controls
Security Zones
Value | Description |
---|---|
0 | My Computer |
1 | Local Intranet Zone |
2 | Trusted sites Zone |
3 | Internet Zone |
4 | Restricted Sites Zone |
Also stored in “Description” Registry value in zone-specific Registry key.
Local Machine Zone Lockdown
Applies the Lockdown Zones instead of the Zones.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\
Add a REG_DWORD value to this key named for your application (for example, MyApplication.exe) and set it to 1. Any other setting for this value will disable Local Machine Zone Lockdown for the application.
Network Protocol Lockdown
HKEY_LOCAL_MACHINE\Software\(Policies)\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN
HKEY_CURRENT_USER\Software\(Policies)\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN
HTML from CD
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Settings\LOCALMACHINE_CD_UNLOCK
Notes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy