JMU - Differences Between Default Security Settings in IE 7
Computing HelpDesk Hours:
Phone: 540-568-3555
Mon-Thu: 8:00am - 9:00pm
Friday: 8:00am - 5:00pm
Saturday: Closed
Sunday: 3:00pm - 9:00pm
Differences Between Default
Security Settings in IE 7
.NET Framework
| Low | Medium-Low | Medium | Medium-High | High | |
|---|---|---|---|---|---|
| Loose XAML | Enable | Enable | Enable | Enable | Disable |
| XAML browser applications | Enable | Enable | Enable | Enable | Disable |
| XPS documents | Enable | Enable | Enable | Enable | Disable |
.NET Framework-reliant components
| Low | Medium-Low | Medium | Medium-High | High | |
|---|---|---|---|---|---|
| Run components not signed with Authtenticode | Enable | Enable | Enable | Enable | Disable |
| Run components signed with Authtenticode | Enable | Enable | Enable | Enable | Disable |
ActiveX controls and plug-ins
| Low | Medium-Low | Medium | Medium-High | High | |
|---|---|---|---|---|---|
| Allow previously unused ActiveX controls to run without prompt | Enable | Enable | Enable | Disable | Disable |
| Allow scriptlets | Enable | Enable | Disable | Disable | Disable |
| Automatic prompting for ActiveX controls | Enable | Enable | Disable | Disable | Disable |
| Binary and script behaviors | Enable | Enable | Enable | Enable | Disable |
| Display video and animation on a webpage that does not use external media player | Disable | Disable | Disable | Disable | Disable |
| Download signed ActiveX controls | Enable | Prompt | Prompt | Prompt | Disable |
| Download unsigned ActiveX controls | Prompt | Disable | Disable | Disable | Disable |
| Initialize and script ActiveX controls not marked as safe for scripting | Prompt | Disable | Disable | Disable | Disable |
| Run ActiveX controls and plug-ins | Enable | Enable | Enable | Enable | Disable |
| Script ActiveX controls marked safe for scripting | Enable | Enable | Enable | Enable | Disable |
Downloads
| Low | Medium-Low | Medium | Medium-High | High | |
|---|---|---|---|---|---|
| Automatic prompting for file downloads | Enable | Enable | Disable | Disable | Disable |
| File download | Enable | Enable | Enable | Enable | Disable |
| Font download | Enable | Enable | Enable | Enable | Disable |
Enable .NET Framework setup
| Low | Medium-Low | Medium | Medium-High | High | |
|---|---|---|---|---|---|
| Enable .NET Framework setup | Enable | Enable | Enable | Enable | Disable |
Java VM
| Low | Medium-Low | Medium | Medium-High | High | |
|---|---|---|---|---|---|
| Java Permissions | Low Safety | Medium Safety | High Safety | High Safety | Disable Java |
Miscellaneous
| Low | Medium-Low | Medium | Medium-High | High | |
|---|---|---|---|---|---|
| Access data sources across domains | Enable | Prompt | Disable | Disable | Disable |
| Allow META REFRESH | Enable | Enable | Enable | Enable | Disable |
| Allow scripting of Internet Explorer web browser control | Enable | Enable | Disable | Disable | Disable |
| Allow script-initiated windows without size or position constraints | Enable | Enable | Disable | Disable | Disable |
| Allow webpages to use restricted protocols for active content | Prompt | Prompt | Prompt | Prompt | Disable |
| Allow websites to open windows without address or status bars | Enable | Enable | Enable | Disable | Disable |
| Display mixed content | Prompt | Prompt | Prompt | Prompt | Prompt |
| Don't prompt for client certificate selection when no certificates or only one certificate exists | Enable | Enable | Disable | Disable | Disable |
| Drag and drop or copy and paste files | Enable | Enable | Enable | Enable | Prompt |
| Include local directory path when uploading files to a server | Enable | Enable | Enable | Enable | Disable |
| Installation of desktop items | Enable | Prompt | Prompt | Prompt | Disable |
| Launching applications and unsafe files | Enable | Enable | Prompt | Prompt | Disable |
| Launching programs and files in an IFRAME | Enable | Prompt | Prompt | Prompt | Disable |
| Navigate sub-frames across different domains | Enable | Enable | Disable | Disable | Disable |
| Open files based on content, not file extension | Enable | Enable | Enable | Enable | Disable |
| Software channel permissions | Low safety | Medium safety | Medium safety | Medium safety | High Safety |
| Submit non-encrypted form data | Enable | Enable | Enable | Enable | Prompt |
| Use Phishing Filter | Disable | Disable | Enable | Enable | Enable |
| Use Pop-Up Blocker | Disable | Disable | Enable | Enable | Enable |
| Userdata persistence | Enable | Enable | Enable | Enable | Disable |
| Websites in less privileged web content zone can navigate into this zone | Prompt | Enable | Enable | Enable | Disable |
Scripting
| Low | Medium-Low | Medium | Medium-High | High | |
|---|---|---|---|---|---|
| Active scripting | Enable | Enable | Enable | Enable | Disable |
| Allow Programmatic clipboard access | Enable | Enable | Prompt | Prompt | Disable |
| Allow status bar updates via script | Enable | Enable | Enable | Disable | Disable |
| Allow websites to prompt for information using scripted windows | Enable | Enable | Enable | Disable | Disable |
| Scripting of Java applets | Enable | Enable | Enable | Enable | Disable |
User Authentication
| Low | Medium-Low | Medium | Medium-High | High | |
|---|---|---|---|---|---|
| Logon | Automatic logon with current user name and password | Automatic logon with Intranet zone | Automatic logon with Intranet zone | Automatic logon with Intranet zone | Prompt for user name and password |
Publisher:
Computing Helpdesk
For Information Contact:
Computing Helpdesk
James Madison University
Harrisonburg, VA 22807, MSC 0602
(540) 568-3555
Last Modified: 6/30/2009
Privacy Statement