One of our web developers contacted me, and asked how they could look at the settings for the Trusted Zone in Internet Explorer. The Custom Level and Default Level buttons were greyed out. And it’s not an Admin vs. Non-admin rights problem, as I have the same problem:
The answer? Set the Security_options_edit
value, t0 0 (that’s zero) in the HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
.
The Web Developer can now play to her heart’s content. (if the Web Developer wanted to remove all of the group policy settings, they could do that by following these instructions.)
A breakdown of the security tab restrictions follows.
Internet Explorer Security Tab Restrictions:
Security_HKLM_only
Forces the use of the local machine settings rather than current user.
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
“Security_HKLM_only”=dword:00000001
Security_options_edit
Prevents changing security zone settings and disables the Custom Level button and security-level slider.
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
“Security_options_edit”=dword:00000001
SecChangeSettings
Prevents changing Security Levels for the Internet Zone.
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel
“SecChangeSettings”=dword:00000001
SecAddSites
Prevents adding Sites to any zone.
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel
“SecAddSites”=dword:00000001
Dword values
0 = disable restriction
1 = enable restriction
The cause of the problem? One of my predecessors sets Security_options_edit in a corporate-wide Group Policy. I’m not going to fiddle with that, until I understand why.
Comments are closed.