Internet Zone Registry Settings


  • I troubleshooted a Internet explorer based app that had some issues when switching from the Intranet Zone to the Internet Zone. I was able to track down the two registry settings that caused a compatibility issue with the application. In searching through Microsoft's documentation I was unable to discover what the two settings actually do. The settings themselves are not related to any UI options in the security tab. Can someone please point in the right direction to see what these settings actually do?

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]

    We are currently running in a mixed Windows 10 and Windows 7 environment and I can fix the underlying issue by just adding the website domain into the proper zone via GPO or registry. However, I would like to know what the two settings above change.



    Friday, December 8, 2017 3:45 PM

All replies

  • Hi,

    Why are you mapping an intranet domain to the IE Internet zone?

    you should be using Enterprise Site Mode lists to manage the backward compatibility of your Intranet sites... your intranet sites should remain mapped to the Intranet zone and not link to third-party public access sites like google or sites that are hosted in iframes, unless they are from your business partners that you trust... You should map those domains to your IE Trusted Sites list or in the case of XSS errors it may be necessary to add their domain to your Intranet sites list.

    Use the Emulation tab of the IE dev tool to determine which IE emulation mode is being used and how it was established. eg. IE8 - Enterprise Site Mode lists.

    In a scenario where you are re-using code from an intranet site in a public facing internet site, you should remove resource references to your intranet domains and replace them with resource references to your internet domain.

    To troubleshoot security and blocked content issues, first go Tools>Internet Options>Advanced tab, check "Always record developer console messages". Save changes. The console tab of the dev tool will now list security and blocked content issues

    For all intents and purposes, there is no need to know the description of security zone value tokens... anyway you have already identified them from your GPO settings.... there are legacy security zone tokens in the registry that are left over from IE6/XP and do not apply to IE11 using Edge mode (aka IE11 standards).

    It is apparent that you are confused by IE11's Emulation modes and IE's security zone model and content blocking..... Tracking protection, ActiveX filtering and blocking of out of date ActiveX controls (Macromedia flash). You have found the right church, but are sitting on the wrong side. Use the search box at the top of MSDN forums to search the MSDN documentation for IE to find a description for the IE security zone values.... the point is though... your intranet sites MUST remain mapped to the Intranet zone. You can modernize your legacy Intranet assets to use modern HTML5/Addons free/Plugins free standards or you can use Enterprise Site Mode lists to configure IE11 on win7 and 10 to use legacy markup (MS DHTML) and ActiveX controls.



    Monday, December 11, 2017 1:43 AM