A pretty good question came across the newsgroups the other day. Someone was asking what are the differences between IE's "medium" and "medium-high" security settings. I did some digging, and found only this on MSDN: About URL security zone templates. No wonder it's difficult to find -- the terminology is different, and the table is organized by URL actions, not by the text in the dialog.
Someone on the IE security team forwarded me a document that had additional details. So here, for your enjoyment, is a chart listing the default settings for each security level. To answer the newsgroup poster, "medium" and "medium-high" aren't the same.
About the formatting: to get it to fit within the width of the blog's text section, I've made some abbreviations.
In a few cases, the table shows a number rather than D or E or P; below the table is a description of each such entry.
At the very bottom of this post I've included the settings from the privacy tab, too.
Note: these settings reflect those for Internet Explorer 7 on Vista SP1. Please see the MDSN link above for differences between IE 6 and IE 7.
.NET Framework-reliant components
1 = High safety
ActiveX controls and plug-ins
Enable .NET Framework setup
1 = Prohibit downloads from software update channels 2 = Cache content downloaded from software update channels 3 = Automatically install software updates
1 = Prompt the user for name and password 2 = Automatic logon only in intranet zone 3 = Automatic logon with current user name and password
Privacy settings (on the "Privacy" tab)
<p>PingBack from <a rel="nofollow" target="_new" href="http://www.mariukasm.lt/internet-explorer-saugumo-lygiu-palyginimas/">http://www.mariukasm.lt/internet-explorer-saugumo-lygiu-palyginimas/</a></p>
<p>Thanks for sharing this! Very handy to have.</p>
<p>HI! I WISH THIS ARTICLE WAS MADE FOR PRINTER FRIENDLY OPTION. CAN U DO IT? I'LL APPRECIATE IT VERY MUCH! THANKS!</p>
<p>I would be interested to know what setings do you use? I tend to block third party cookies, and keep the default of medium high.</p>
<p>I use the defaults for the Internet security zones. I remove the requirement for https:// in the trusted sites zone. In my privacy settings, I override automatic cookie handling with this: accept first-party, block third-party, always allow session.</p>
<p>Thanks for making this table!</p>
<p>I did find a couple discrepancies though. This was on a fully updated Vista box. I could only check M, MH, and H since ML and L aren't available to reset to.</p>
<p>Downloads>Automatic prompting = Disabled on MH and M</p>
<p>Scripting>Allow status bar updates via script=Enabled on M</p>
<p>Jordan, just copy the table section and paste it into Word. That's what I did so I could make notes on the list.</p>
<p>Thanks again for the list. I'm trying to troubleshoot a software problem at work. It is definately related to IE security settings, so this helped a lot to check the settings systematically.</p>
<p>As a couple of people are looking at their IE currently, I found some interesting information on Steve</p>
<p>Very useful ! Thanks :)</p>
<p>Pingback <a rel="nofollow" target="_new" href="http://www.winvistaclub.com/forum/windows-vista-tips-tutorials/26462-differences-between-ies-medium-medium-high-security-settings.html#post123248">http://www.winvistaclub.com/forum/windows-vista-tips-tutorials/26462-differences-between-ies-medium-medium-high-security-settings.html#post123248</a></p>
<p>Encontré esta publicación de Steve Riley (experto en seguridad) que compara los diversas configuraciones</p>