Windows Registry Editor Version 5.00

;
; CERT Internet Explorer registry recommendations v1.1
; January 5, 2009 - Initial release
; January 12, 2009 - Added Protected Mode setting for Windows Vista systems
;


; Punycode support
; http://msdn.microsoft.com/en-us/library/bb250505.aspx
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings]
@=""
; Force all IDN Web addresses to appear in encoded form by ShowPunycode=1
"ShowPunycode"=dword:00000001
; EnablePunyCode
; 0: Punycode never used
; 1: Punycode is used when talking directly to origin servers
; 2: Punycode is used when talking to a proxy server
; 3: Punycode is used when talking to both origin and proxy servers
"EnablePunycode"=dword:00000001
; Enable the information bar
"DisableIDNPrompt=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
@=""
; Disable third-party tool bars and Browser Helper Objects
"Enable Browser Extensions"="no"
; Don't play background sounds (uses the internal player)
"Play_Background_Sounds"="no"
; Don't remember form passwords
"FormSuggest PW Ask"="no"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings]
@=""
; Do not apply 'Advanced Privacy Settings' Dialog box settings (use 'High' setting)
"PrivacyAdvanced"=dword:00000000

; ************************************
; ***Zone 2 - Trusted Zone Settings***
; ************************************

; Source: http://support.microsoft.com/kb/182569
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2]
@=""
; Level of security for this zone
;   Value (Hexadecimal)        Setting
;   ----------------------------------
;   0x00010000         Low Security
;   0x00010500         Medium Low Security
;   0x00011000         Medium Security
;   0x00011500         Medium-High Security
;   0x00012000         High Security
"CurrentLevel"=dword:00011500

; Flags determines users ability to modify zone properties
;   Value    Setting
;   ------------------------------------------------------------------
;   1        Allow changes to custom settings
;   2        Allow users to add Web sites to this zone
;   4        Require verified Web sites (https protocol)
;   8        Include Web sites that bypass the proxy server
;   16       Include Web sites not listed in other zones
;   32       Do not show security zone in Internet Properties (default)
;            setting for My Computer)
;   64       Show the Requires Server Verification dialog box
;   128      Treat Universal Naming Connections (UNCs) as intranet
;            connections
;"Flags"=dword:00000001

; Key values determining settings for trusted zone
;   Value    Setting
;   ------------------------------------------------------------------
;   0        Action Permitted
;   1        Prompt User
;   3        Deny Action

; 1001: ActiveX controls and plug-ins: Download signed ActiveX controls
"1001"=dword:00000001
; 1004: ActiveX controls and plug-ins: Download unsigned ActiveX controls
"1004"=dword:00000003
; 1200: ActiveX controls and plug-ins: Run ActiveX controls and plug-ins
"1200"=dword:00000000
; 1201: ActiveX controls and plug-ins: Initialize and script ActiveX controls not 
; marked as safe for scripting
"1201"=dword:00000003
; 1206: Miscellaneous: Allow scripting of Internet Explorer Web browser control (boolean)
"1206"=dword:00000003
; 1207: Reserved (?)
"1207"=dword:00000003
; 1208: ActiveX controls and plug-ins: Allow previously unused ActiveX controls to run 
; without prompt (boolean)
"1208"=dword:00000003
; 1209: ActiveX controls and plug-ins: Allow Scriptlets (boolean)
"1209"=dword:00000003
; 120A: ActiveX controls and plug-ins: Display video and animation on a webpage that 
; does not use external media player (boolean)
"120A"=dword:00000003
; 1400: Scripting: Active scripting
"1400"=dword:00000000
; 1402: Scripting: Scripting of Java applets
"1402"=dword:00000000
; 1405: ActiveX controls and plug-ins: Script ActiveX controls marked as safe for scripting
"1405"=dword:00000000
; 1406: Miscellaneous: Access data sources across domains
"1406"=dword:00000003
; 1407: Scripting: Allow Programmatic clipboard access
"1407"=dword:00000001
; 1408: Reserved (?)
"1408"=dword:00000003
; 1601: Miscellaneous: Submit non-encrypted form data
"1601"=dword:00000000
; 1604: Downloads: Font download
"1604"=dword:00000000
; 1605: Run Java (preference not displayed in UI)
"1605"=dword:00000000
; 1606: Miscellaneous: Userdata persistence (boolean)
"1606"=dword:00000000
; 1607: Miscellaneous: Navigate sub-frames across different domains
"1607"=dword:00000003
; 1608: Miscellaneous: Allow META REFRESH (boolean)
"1608"=dword:00000000
; 1609: Miscellaneous: Display mixed content
"1609"=dword:00000001
; 160A: Miscellaneous: Include local directory path when uploading files to a server (boolean)
"160A"=dword:00000000
; 1800: Miscellaneous: Installation of desktop items
"1800"=dword:00000001
; 1802: Miscellaneous: Drag and drop or copy and paste files
"1802"=dword:00000000
; 1803: Downloads: File Download (boolean)
"1803"=dword:00000000
; 1804: Miscellaneous: Launching programs and files in an IFRAME
"1804"=dword:00000001
; 1805: Launching programs and files in webview (preference not displayed in UI)
"1805"=dword:00000001
; 1806: Miscellaneous: Launching applications and unsafe files
"1806"=dword:00000001
; 1807: Reserved (?)
"1807"=dword:00000000
; 1808: Reserved (?)
"1808"=dword:00000000
; 1809: Miscellaneous: Use Pop-up Blocker (boolean) (XP SP2 or later)
"1809"=dword:00000000
; 180A: Reserved (?)
"180A"=dword:00000003
; 180C: Reserved (?)
"180C"=dword:00000000
; 180D: Reserved (?)
"180D"=dword:00000000
; 1A00: User Authentication: Logon
"1A00"=dword:00020000
; 1A02: Allow persistent cookies that are stored on your computer (preference not displayed in UI)
"1A02"=dword:00000000
; 1A03: Allow per-session cookies (preference not displayed in UI)
"1A03"=dword:00000000
; 1A04: Miscellaneous: Don't prompt for client certificate selection when no 
; certificates or only one certificate exists (boolean)
"1A04"=dword:00000003
; 1A05: Allow 3rd party persistent cookies
"1A05"=dword:00000001
; 1A06: Allow 3rd party session cookies
"1A06"=dword:00000000
; 1A10: Privacy Settings (?)
"1A10"=dword:00000000
; 1C00: Java permissions (preference not displayed in UI)
"1C00"=dword:00010000
; 1E05: Miscellaneous: Software channel permissions
"1E05"=dword:00020000
; 2000: ActiveX controls and plug-ins: Binary and script behaviors
"2000"=dword:00000000
; 2100: Miscellaneous: Open files based on content, not file extension (boolean) (XP SP2 or later)
"2100"=dword:00000000
; 2101: Miscellaneous: Web sites in less privileged web content zone can navigate
; into this zone (XP SP2 or later)
"2101"=dword:00000000
; 2102: Miscellaneous: Allow script initiated windows without size or position 
; constraints (boolean) (XP SP2 or later)
"2102"=dword:00000003
; 2103: Scripting: Allow status bar updates via script (boolean)
"2103"=dword:00000003
; 2104: Miscellaneous: Allow websites to open windows without address or status bars
"2104"=dword:00000003
; 2105: Scripting: Allow websites to prompt for information using scripted windows
"2105"=dword:00000003
; 2200: Downloads: Automatic prompting for file downloads (boolean) (XP SP2 or later)
"2200"=dword:00000003
; 2201: ActiveX controls and plug-ins: Automatic prompting for ActiveX controls (boolean) (XP SP2 or later)
"2201"=dword:00000003
; 2300: Miscellaneous: Allow web pages to use restricted protocols for active content (XP SP2 or later)
"2300"=dword:00000001
; 2301: Miscellaneous: Use Phishing Filter (boolean)
"2301"=dword:00000000
; 2400: .NET Framework: XAML browser applications
"2400"=dword:00000000
; 2401: .NET Framework: XPS documents
"2401"=dword:00000000
; 2402: .NET Framework: Loose XAML
"2402"=dword:00000000
; 2500: Turn on Protected Mode [Vista only setting]
"2500"=dword:00000000
; 2600: Enable .NET Framework setup (boolean)
"2600"=dword:00000000

; *************************************
; ***Zone 3 - Internet Zone Settings***
; *************************************

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
@=""
; Level of Security
;   Value (Hexadecimal)        Setting
;   ----------------------------------
;   0x00010000         Low Security
;   0x00010500         Medium Low Security
;   0x00011000         Medium Security
;   0x00011500         Medium-High Security
;   0x00012000         High Security
"CurrentLevel"=dword:00012000

; Flags determines users ability to modify zone properties
;   Value    Setting
;   ------------------------------------------------------------------
;   1        Allow changes to custom settings
;   2        Allow users to add Web sites to this zone
;   4        Require verified Web sites (https protocol)
;   8        Include Web sites that bypass the proxy server
;   16       Include Web sites not listed in other zones
;   32       Do not show security zone in Internet Properties (default
;            setting for My Computer)
;   64       Show the Requires Server Verification dialog box
;   128      Treat Universal Naming Connections (UNCs) as intranet
;            connections
;"Flags"=dword:00000001

; Key values determining settings for trusted zone
;   Value    Setting
;   ------------------------------------------------------------------
;   0        Action Permitted
;   1        Prompt User
;   3        Deny Action

; 1001: ActiveX controls and plug-ins: Download signed ActiveX controls
"1001"=dword:00000003
; 1004: ActiveX controls and plug-ins: Download unsigned ActiveX controls
"1004"=dword:00000003
; 1200: ActiveX controls and plug-ins: Run ActiveX controls and plug-ins
"1200"=dword:00000003
; 1201: ActiveX controls and plug-ins: Initialize and script ActiveX controls not 
; marked as safe for scripting
"1201"=dword:00000003
; 1206: Miscellaneous: Allow scripting of Internet Explorer Web browser control (boolean)
"1206"=dword:00000003
; 1207: Reserved (?)
"1207"=dword:00000003
; 1208: ActiveX controls and plug-ins: Allow previously unused ActiveX controls to run 
; without prompt (boolean)
"1208"=dword:00000003
; 1209: ActiveX controls and plug-ins: Allow Scriptlets (boolean)
"1209"=dword:00000003
; 120A: ActiveX controls and plug-ins: Display video and animation on a webpage that 
; does not use external media player (boolean)
"120A"=dword:00000003
; 1400: Scripting: Active scripting
"1400"=dword:00000003
; 1402: Scripting: Scripting of Java applets
"1402"=dword:00000003
; 1405: ActiveX controls and plug-ins: Script ActiveX controls marked as safe for scripting
"1405"=dword:00000003
; 1406: Miscellaneous: Access data sources across domains
"1406"=dword:00000003
; 1407: Scripting: Allow Programmatic clipboard access
"1407"=dword:00000003
; 1408: Reserved (?)
"1408"=dword:00000003
; 1601: Miscellaneous: Submit non-encrypted form data
"1601"=dword:00000001
; 1604: Downloads: Font download
"1604"=dword:00000003
; 1605: Run Java (preference not displayed in UI)
"1605"=dword:00000003
; 1606: Miscellaneous: Userdata persistence (boolean)
"1606"=dword:00000003
; 1607: Miscellaneous: Navigate sub-frames across different domains
"1607"=dword:00000003
; 1608: Miscellaneous: Allow META REFRESH (boolean)
"1608"=dword:00000003
; 1609: Miscellaneous: Display mixed content
"1609"=dword:00000001
; 160A: Miscellaneous: Include local directory path when uploading files to a server (boolean)
"160A"=dword:00000003
; 1800: Miscellaneous: Installation of desktop items
"1800"=dword:00000003
; 1802: Miscellaneous: Drag and drop or copy and paste files
"1802"=dword:00000001
; 1803: Downloads: File Download (boolean)
"1803"=dword:00000003
; 1804: Miscellaneous: Launching programs and files in an IFRAME
"1804"=dword:00000003
; 1805: Launching programs and files in webview (preference not displayed in UI)
"1805"=dword:00000001
; 1806: Miscellaneous: Launching applications and unsafe files
; NOTE: Mozilla Firefox uses this setting. If set to disabled, then Firefox will not be able to download certain files.
; https://bugzilla.mozilla.org/show_bug.cgi?id=425946
"1806"=dword:00000001
; 1807: Reserved (?)
"1807"=dword:00000001
; 1808: Reserved (?)
"1808"=dword:00000000
; 1809: Miscellaneous: Use Pop-up Blocker (boolean) (XP SP2 or later)
"1809"=dword:00000000
; 180A: Reserved (?)
"180A"=dword:00000003
; 180B: Reserved (?)
"180B"=dword:00000001
; 180C: Reserved (?)
"180C"=dword:00000003
; 180D: Reserved (?)
"180D"=dword:00000001
; 1A00: User Authentication: Logon
"1A00"=dword:00010000
; 1A02: Allow persistent cookies that are stored on your computer (preference not displayed in UI)
"1A02"=dword:00000003
; 1A03: Allow per-session cookies (preference not displayed in UI)
"1A03"=dword:00000003
; 1A04: Miscellaneous: Don't prompt for client certificate selection when no 
; certificates or only one certificate exists (boolean)
"1A04"=dword:00000003
; 1A05: Allow 3rd party persistent cookies
"1A05"=dword:00000003
; 1A06: Allow 3rd party session cookies
"1A06"=dword:00000003
;----
;---- 1A10: Privacy Settings
;---- 
;---- Determines how P3P policy evaluation is performed. It can be set to one of the following values:
;
;    * 0 (URLPOLICY_ALLOW) - Accepts all cookies. Default value for Local intranet and Trusted 
;                            sites.
;    * 1 (URLPOLICY_QUERY) - Cookie action is determined by evaluating the P3P policy against the 
;                            restrictions imposed by the corresponding privacy template. 
;                            Default value for the Internet zone.
;    * 3 (URLPOLICY_DISALLOW) - Rejects all cookies. Default value for the Restricted zone.
;
;    If this value is not set, then cookies are rejected.
"1A10"=dword:00000001
; 1C00: Java permissions (preference not displayed in UI)
"1C00"=dword:00000000
; 1E05: Miscellaneous: Software channel permissions
"1E05"=dword:00010000
; 2000: ActiveX controls and plug-ins: Binary and script behaviors
"2000"=dword:00000003
; 2100: Miscellaneous: Open files based on content, not file extension (boolean) (XP SP2 or later)
"2100"=dword:00000003
; 2101: Miscellaneous: Web sites in less privileged web content zone can navigate
; into this zone (XP SP2 or later)
"2101"=dword:00000003
; 2102: Miscellaneous: Allow script initiated windows without size or position 
; constraints (boolean) (XP SP2 or later)
"2102"=dword:00000003
; 2103: Scripting: Allow status bar updates via script (boolean)
"2103"=dword:00000003
; 2104: Miscellaneous: Allow websites to open windows without address or status bars
"2104"=dword:00000003
; 2105: Scripting: Allow websites to prompt for information using scripted windows
"2105"=dword:00000003
; 2200: Downloads: Automatic prompting for file downloads (boolean) (XP SP2 or later)
"2200"=dword:00000003
; 2201: ActiveX controls and plug-ins: Automatic prompting for ActiveX controls (boolean) (XP SP2 or later)
"2201"=dword:00000003
; 2300: Miscellaneous: Allow web pages to use restricted protocols for active content (XP SP2 or later)
"2300"=dword:00000003
; 2301: Miscellaneous: Use Phishing Filter (boolean)
"2301"=dword:00000000
; 2400: .NET Framework: XAML browser applications
"2400"=dword:00000003
; 2401: .NET Framework: XPS documents
"2401"=dword:00000003
; 2402: .NET Framework: Loose XAML
"2402"=dword:00000003
; 2500: Turn on Protected Mode [Vista only setting]
"2500"=dword:00000000
; 2600: Enable .NET Framework setup (boolean)
"2600"=dword:00000003