What Is Internet Explorer Enhanced Security Configuration?
Internet Explorer Enhanced Security Configuration is a feature found in server versions of Microsoft Windows, such as Windows Server 2008 and Windows Home Server. It blocks many website features, like scripting and file downloads, that could possibly be used to attack your computer or bypass its security. It can be annoying if you're just trying to browse, but servers are tempting targets for hackers, so security is essential.
Other People Are Reading
-
Importance of Server Security
-
Absolute security makes day-to-day browsing a pain, so ordinary Web browsers have to strike a balance between usability and security. The situation is different for a server. It's much more likely to contain sensitive information and to have access to many other computers, so security is paramount over usability. It's best not to browse the Web from a server at all, but if you must, Enhanced Security Configuration is there to help keep your server safe.
Enhanced Security Configuration groups every website into one of four security zones: the Internet zone, the Trusted Sites zone, the Local Intranet zone and the Restricted Sites zone. The current site's zone is displayed in Internet Explorer's status bar.
The Internet Zone
-
The Internet zone has the highest, most restrictive security and contains almost all websites by default. The only exceptions are the Microsoft Update website, the Windows error reporting website and a handful of standard local sites, such as http://localhost. Even sites on your local intranet are placed in the Internet zone by default. Sites in this zone are not allowed to use scripts, ActiveX controls or cookies.
-
The Trusted Sites Zone
-
If you try to browse a site that contains restricted content, you'll see a prompt that gives you the option to add it to the Trusted Sites zone. Don't do this unless you're sure it's safe. You can also add sites to Trusted Sites (or any other zone) through the Security tab in the Internet Options dialog box, accessible from the Tools menu.
The Local Intranet Zone
-
If you find that an intranet site is prompting you for user credentials on every page, you may want to add it to the Local Intranet zone. There's no prompt for this; you'll have to do it manually, as described under "The Internet Zone" above. It's possible to add non-intranet sites to the Local Intranet zone, but it's not a good idea; it makes it easier for a hacker to intercept your credentials.
The Restricted Sites Zone
-
If you know a site is dangerous, you can add it to the Restricted Sites zone to prevent other users from trying to access it. This won't block the site entirely, but it will block any scripts, cookies, or ActiveX controls, just like the Internet zone. The difference between the two is that Internet Explorer won't ever prompt you to add a restricted site to the Trusted Sites zone.
Management
-
Use the Windows Group Policy Editor to fine-tune Enhanced Security Configuration. You can add multiple sites at once, or block other users from changing your security settings.
Remember that no security is perfect. Enhanced Security Configuration won't work with other browsers, such as Firefox. For general web browsing, it's best to use a limited user account instead of your admin account, or to use a different computer entirely.
-
References
- Photo Credit computer power station image by davidphotos from Fotolia.com
