Internet Explorer Security Tab Restrictions

One of our web developers contacted me, and asked how they could look at the settings for the Trusted Zone in Internet Explorer. The Custom Level and Default Level buttons were greyed out. And it’s not an Admin vs. Non-admin rights problem, as I have the same problem:

The answer? Set the Security_options_edit value, t0 0 (that’s zero) in the HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings.

The Web Developer can now play to her heart’s content. (if the Web Developer wanted to remove all of the group policy settings, they could do that by following these instructions.)

A breakdown of the security tab restrictions follows.

Internet Explorer Security Tab Restrictions:

Security_HKLM_only
Forces the use of the local machine settings rather than current user.
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
“Security_HKLM_only”=dword:00000001

Security_options_edit
Prevents changing security zone settings and disables the Custom Level button and security-level slider.
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
“Security_options_edit”=dword:00000001

SecChangeSettings
Prevents changing Security Levels for the Internet Zone.
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel
“SecChangeSettings”=dword:00000001

SecAddSites
Prevents adding Sites to any zone.
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel
“SecAddSites”=dword:00000001

Dword values
0 = disable restriction
1 = enable restriction

The cause of the problem? One of my predecessors sets Security_options_edit in a corporate-wide Group Policy. I’m not going to fiddle with that, until I understand why.

Internet Explorer Security Tab Restrictions

Related posts: