Internet Explorer Processes

Internet Explorer places restrictions on each Web page it opens. The restrictions are dependent upon the location of the Web page (Internet, Intranet, Local Machine zone, etc.). Web pages on the local computer have the fewest security restrictions and reside in the Local Machine zone, making the Local Machine security zone a prime target for malicious users. Zone Elevation also disables JavaScript navigation if there is no security context.

If you enable this policy setting, any zone can be protected from zone elevation by Internet Explorer processes.

If you disable this policy setting, no zone receives such protection for Internet Explorer processes.

If you do not configure this policy setting, any zone can be protected from zone elevation by Internet Explorer processes.

Supported on: At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1

Enable policy:
Registry PathValue NameValue TypeValue
Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION(Reserved)REG_SZ1
Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATIONexplorer.exeREG_SZ1
Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATIONiexplore.exeREG_SZ1
Disable Policy:
Registry HiveRegistry PathValue NameValue TypeValue
HKEY_LOCAL_MACHINE or HKEY_CURRENT_USERSoftware\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION(Reserved)REG_SZ0
HKEY_LOCAL_MACHINE or HKEY_CURRENT_USERSoftware\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATIONexplorer.exeREG_SZ0
HKEY_LOCAL_MACHINE or HKEY_CURRENT_USERSoftware\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATIONiexplore.exeREG_SZ0

inetres.admx

Administrative Templates (Computers)

Administrative Templates (Users)