OZO Premium Member join:2003-01-17 |
OZO
Premium Member
2008-Mar-26 5:04 pm
[IE] Can you manage 'My Computer' zone via GUIBy default 'My Computer' zone is hidden in IE | Tools | Internet Options | Security tab. To show it there you may edit this registry value (see instructions: KB315933): [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
"Flags"=dword:00000047
In IE7 I can see 'My Computer' icon, but when I try to highlight it and press " Custom Level..." or " Sites" button IE opens dialog box for zone which had the focus (was highlighted) right before and I do not edit zone '0' ('My Computer'), but rather that another zone. Is it something wrong with my particular IE setup or now in IE7 this feature is buggy and it can't be done at all? It's WXP SP2, IE 7.0.5730.11 with all latest patches installed. |
|
OZO |
OZO
Premium Member
2008-Mar-28 3:40 am
Ok, to make it more clear I'll put some pictures here. If you open IE with a web site from Internet zone (or simply new IE with about:blank in address bar) and then try to manage "My Computer" zone you may see that "My Computer" has settings from Internet zone: My Computer zone is as Internet zone
It's because you highlighted that Internet zone before. If you highlight Restricted zone first and then put focus on "My Computer" zone - you'll see that this local machine zone is as Restricted zone: My Computer zone is as Restricted zone
But try to open a local HTML file and there is a complete mess. "My Computer" zone is not recognized at all: My Computer zone is not recognized
Is it a new bug or I miss something here?
|
|
|
to OZO
According to the Microsoft article this only applies to Internet Explorer 6, not 7.
It also appears that Internet Explorer is more detached from Windows Explorer than before. It seems that there's no My Computer zone anymore. |
|
OZO Premium Member join:2003-01-17 |
OZO
Premium Member
2008-Mar-28 3:39 pm
said by Ctrl Alt Del:According to the Microsoft article this only applies to Internet Explorer 6, not 7. Indeed, they do not mention IE7 in that article [ KB315933]. But there may be a lot of reasons for that, including e.g. they simply forgot to update it. If you think that such mistakes are not possible - take a look at this article [ KB182569] that is specifically applied to IE7, but doesn't mention "Medium-high" Security level at all (BTW, it's new IE7 default setting for Internet zone). It also appears that Internet Explorer is more detached from Windows Explorer than before.
I don't care if IE is attached to WE at all (BTW, "My Computer" security zone in IE has nothing to do with WE and vice versa). I need a browser that opens local HTML files (and I have a lot, and I mean a lot of then on my computer). IE6 and IE7 do it well so far. It seems that there's no My Computer zone anymore.
In IE7 there is "My Computer" zone and I successfully manage it with regedit. What I'm looking for is for managing it via "Internet Options" dialog box as I did it before with IE6. If it's a bug - it should be fixed. If it's a feature - it should be documented. |
|
|
Vistaluvr
Anon
2008-Mar-28 4:51 pm
Did you see this part on that KB315933? said by KB315933 : By default, starting with Windows XP SP2, the Local Machine Zone is locked down to help improve security. For more information, click the following article number to view the article in the Microsoft Knowledge Base: 922704 (»support.microsoft.com/kb/922704/) Information about some new Group Policy settings for Internet Explorer Security Zones in Microsoft Windows XP Service Pack 2 and in Microsoft Windows Server 2003 Service Pack 1 For more information, visit the following Microsoft Web site: »technet2.microsoft.com/w ··· mfr=true (»technet2.microsoft.com/w ··· mfr=true) |
|
Vistaluvr |
Vistaluvr
Anon
2008-Mar-28 4:54 pm
Oops I meant KB182569 ,not KB315933. |
|
OZO Premium Member join:2003-01-17 |
to Vistaluvr
Yes, I did. What about it? |
|
|
1 recommendation |
to OZO
This is what I've found in some quick searching. It appears that those options you would find in the My Computer zone are now found in the Advanced tab in IE's Options. See the Security section. said by »blogs.msdn.com/ie/archiv ··· 075.aspx :Another zone that you cant see is called the My Computer Zone and also has few restrictions similar to the Trusted Sites zone. The My Computer Zone is locked down as of IE6 for XP SP2; the changes in IE7 continue our trend to run the browser with more secure default settings. said by »surfthenetsafely.com/ies ··· one3.htm :Users of older Windows operating systems will not receive the security updates for Internet Explorer that the Windows XP SP2 contains. In these cases it may be desirable to be able to configure the settings for the "My Computer" zone. (The following procedures do not apply to IE 6 in Windows XP SP2 or to IE 7.) said by »www.microsoft.com/window ··· nts.mspx :Starting with Windows XP SP2, Local Machine Zone has been locked down for Internet Explorer. In fact, LMZ is more restrictive to Internet Explorer than the normal Internet Zone. This means that even if an attacker succeeds in passing content into the LMZ through Internet Explorer, its ability to cause harm is restricted. |
|
|
Vistaluvr to OZO
Anon
2008-Mar-28 6:45 pm
to OZO
Don't think you did but ok. Good luck =) |
|
OZO Premium Member join:2003-01-17 |
to Ctrl Alt Del
said by Ctrl Alt Del:This is what I've found in some quick searching. It appears that those options you would find in the My Computer zone are now found in the Advanced tab in IE's Options. See the Security section. It's not the same thing. First of all - complete list of security settings per Local Machine Zone you may found here. It's the same list of options as for any other security zone ("Internet", "Intranet", etc.). Actual option values for "My Computer" security zone (Local Machine Zone) are usually collected in two places. Common place (used before and after SP2) is: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
and new place that may be used (since SP2) is: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0]
Now, returning back to your screen shot and particularly to the option Allow active content to run in files on My Computer - it's not the same thing as Tools | Internet Options | Security | Custom Level | Scripting | Active scripting, though it may sound like the one. Text is quite misleading here. What this option does - it toggles places where "My Computer" options are taken from. If you keep it unchecked - IE takes options from second place (see above, it's "Lockdown_Zones" registry subkey). If you mark it - IE takes options from regular place ("Zones" subkey). It's just happened that the old "Zones" subkey has less restrictive settings and the new "Lockdown_Zones" subkey has more restrictive set of options. That's it. With IE6 you were able to modify (using GUI) all options in "My Computer" zone. Now, with IE7, it's broken. |
|
19579823 (banned)An Awesome Dude join:2003-08-04 |
to OZO
quote: In IE7 there is "My Computer" zone and I successfully manage it with regedit. What I'm looking for is for managing it via "Internet Options" dialog box as I did it before with IE6.
They may have made it so you cant edit that zone as easily.... I myself dont like how IE7 looks as well as IE6 (Especially on the Advanced tab when clicking HELP,its very confusing) IE6 for the win |
|
OZO Premium Member join:2003-01-17 1 edit |
OZO
Premium Member
2008-Mar-30 5:47 pm
You mean in IE7 that it's intentional, and not a bug? In this case they should publish this decision.
And, BTW, if this is the case - in the dialog box we should not see "My Computer" icon at all, should we?. Not-too-careful user may easy make changes in completely different zone, while s/he may think it's done in the Local Machine Zone. Bad... |
|
OZO |
OZO
Premium Member
2008-Mar-31 7:18 pm
Just to complete the talk about the option " Allow active content to run in files on My Computer" which toggles IE between taking some options from "Lockdown_Zones" subkey and old "Zones" subkey it's interesting to watch how it's actually implemented. As you probably know, with introduction of this new feature registry has not one, but two complete sets of options for all security zones. It's despite the fact that by this feature there is only one zone that may be locked (and not all of them) and it's "My Computer" zone. It means that all of registry values in "Lockdown_Zones" subkey for zones 1, 2, 3, 4 are meaningless and are not used by IE at all. Moreover, even from "Lockdown_Zones\0" subkey IE uses only several values and the rest is ignored as well. It makes a lot of extra trash in the registry... and creates some confusion for administrators (and/or common users) who are responsible for securing the browser. Returning back to IE7 - here is one more point - IE7 has broken yet another functionality provided by IE6. While it was not widely known IE6 had allowed to add more custom security zones. For example, with IE6 I used to use additional 6th security zone that had all settings from regular Internet zone except JavaScript option. Sites running in that zone could not run JavaScript. See this my post containing registry file and instructions how to add a new zone in IE6. In IE7 is's broken as well Was the IE7 development outsourced somewhere or what's the reason of the deterioration? |
|