How to Use Security Zones in Internet Explorer 4.0

• Microsoft Internet Explorer versions 4.0, 4.01 for Windows 95
• Microsoft Internet Explorer versions 4.0, 4.01 for Windows NT 4.0

SUMMARY

The article describes the types of security zones in Internet Explorer 4.0, and how to configure different levels of security for Web sites that you visit.

MORE INFORMATION

Internet Explorer 4.0 includes four pre-defined zones: Internet, Local Intranet, Trusted Sites, and Restricted Sites. You can set the security options you want for each zone, and then add or remove Web sites from the zones depending on your level of trust in a Web site.

Types of Security Zones

Local Intranet Zone:

This zone contains Web sites that can be accessed without using a proxy server (a server on a local area network that lets you connect to the Internet without using a modem) or a modem. By default, the Local Intranet zone contains all network connections established using a Universal Naming Convention (UNC) path, and Web sites that bypass the proxy server (if they are not assigned to the Restricted Sites or Trusted Sites zone). The default security level is set to Medium.

Trusted Sites Zone:

This zone contains Web sites that you trust as being safe (such as those on your company's intranet or from established companies in whom you have confidence). When you add a Web site to the Trusted Sites zone, you believe that files you download or run from the Web site will not damage your computer or data. By default, there are no Web sites assigned to the Trusted Sites zone, and the security level is set to Medium.

Restricted Sites Zone:

This zone contains Web sites you do not trust. When you add a Web site to the Restricted Sites zone, you believe that files you download or run from the Web site may damage your computer or data. By default, there are no Web sites assigned to the Restricted Sites zone, and the security level is set to High.

Internet Zone:

This zone contains Web sites that are not on your computer or local intranet, or that are not already assigned to another zone. The default security level is Medium.

NOTE: Security settings are applied only to files on your computer that are in the Temporary Internet Files folder (using the security level of the Web site from which the files came). All other files are assumed to be completely safe.

How to Configure Security Zones

To change the default security level for a zone, customize security options within a zone, or assign a Web site to a specific zone, follow the steps in the appropriate section below:

Changing the Default Security Level for a Zone:

For each security zone, you can choose the High, Medium, Low, or Custom security level setting. Although Microsoft recommends the High security setting for Web sites that are not in the Trusted Sites zone, you can safely use the Medium security setting in the Trusted Sites zone.

To change the default security level for a zone, follow these steps:

1. In Internet Explorer, click Internet Options on the View menu.

2. On the Security tab, click the zone for which you want to change security levels in the Zone box.

3. Click the security level you want to use for the zone, and then click OK.

The Custom option gives advanced users and administrators more control over all security options. For example, the Download Unsigned ActiveX Controls option is disabled by default in the Local Intranet zone (Medium security is the default setting for the Local Intranet zone). In this case, Internet Explorer may not run any ActiveX controls in your company's intranet because most companies do not sign ActiveX controls that are used internally only. In order for Internet Explorer to run ActiveX controls in your company's intranet, you would want to change the security level for the Download Unsigned ActiveX Controls option to Prompt or Enable. You can set the following security options using the Custom setting:

• Access to files, ActiveX controls, and scripts.
• The level of capabilities given to Java programs.
• Whether sites must be identified with Secure Sockets Layer (SSL) authentication.
• Password protection using Windows NT Challenge/Response (NTLM). Depending on which zone a server is in, Internet Explorer can send your password automatically, prompt you for your user name and password, or simply deny any login requests.

1. In Internet Explorer, click Internet Options on the View menu.

2. On the Security tab, click the zone you want to customize in the Zone box.

3. Click Custom (For Expert Users), and then click Settings.

4. Under Reset Custom Settings, click the security level for the entire zone in the Reset To box, and then click Reset.

5. Under the section for which you want to customize security settings, click the option you want, click OK, and then click OK again.

To assign a Web site to a specific security zone, follow these steps:

1. In Internet Explorer, click Internet Options on the View menu.

2. On the Security tab, click the zone you want to assign a Web site to in the Zone box, and then click Add Sites.

   If you add a Web site to the Local Intranet zone, click to select the check boxes of the types of Web sites you want to include in the zone, and then click Advanced.

3. Type a Web address in the "Add this Web site to the zone" box, and then click Add.

4. Click OK, and then click OK again.