A pretty good question came across the newsgroups the other day. Someone was asking what are the differences between IE's "medium" and "medium-high" security settings. I did some digging, and found only this on MSDN: About URL security zone templates. No wonder it's difficult to find -- the terminology is different, and the table is organized by URL actions, not by the text in the dialog.
Someone on the IE security team forwarded me a document that had additional details. So here, for your enjoyment, is a chart listing the default settings for each security level. To answer the newsgroup poster, "medium" and "medium-high" aren't the same.
About the formatting: to get it to fit within the width of the blog's text section, I've made some abbreviations.
In a few cases, the table shows a number rather than D or E or P; below the table is a description of each such entry.
At the very bottom of this post I've included the settings from the privacy tab, too.
Note: these settings reflect those for Internet Explorer 7 on Vista SP1. Please see the MDSN link above for differences between IE 6 and IE 7.
.NET Framework-reliant components
1 = High safety
ActiveX controls and plug-ins
Enable .NET Framework setup
1 = Prohibit downloads from software update channels 2 = Cache content downloaded from software update channels 3 = Automatically install software updates
1 = Prompt the user for name and password 2 = Automatic logon only in intranet zone 3 = Automatic logon with current user name and password
Privacy settings (on the "Privacy" tab)
PingBack from http://www.mariukasm.lt/internet-explorer-saugumo-lygiu-palyginimas/
Thanks for sharing this! Very handy to have.
HI! I WISH THIS ARTICLE WAS MADE FOR PRINTER FRIENDLY OPTION. CAN U DO IT? I'LL APPRECIATE IT VERY MUCH! THANKS!
I would be interested to know what setings do you use? I tend to block third party cookies, and keep the default of medium high.
I use the defaults for the Internet security zones. I remove the requirement for https:// in the trusted sites zone. In my privacy settings, I override automatic cookie handling with this: accept first-party, block third-party, always allow session.
Thanks for making this table!
I did find a couple discrepancies though. This was on a fully updated Vista box. I could only check M, MH, and H since ML and L aren't available to reset to.
Downloads>Automatic prompting = Disabled on MH and M
Scripting>Allow status bar updates via script=Enabled on M
Jordan, just copy the table section and paste it into Word. That's what I did so I could make notes on the list.
Thanks again for the list. I'm trying to troubleshoot a software problem at work. It is definately related to IE security settings, so this helped a lot to check the settings systematically.
As a couple of people are looking at their IE currently, I found some interesting information on Steve
Very useful ! Thanks :)
Encontré esta publicación de Steve Riley (experto en seguridad) que compara los diversas configuraciones