Internet Explorer ??? ??????? ???? ??? ?? ??? ??????? ???????? strengthen ???? ????

???? ?????? ???? ??????
???? ID: 833633 - ?? ???????? ?? ?????? ??? ?? ?? ???? ???? ???? ??.
??? ?? ??????? ???? | ??? ?? ??????? ????

?? ????? ??

??????

???????:??? ?? ?? ???? ??? ?????? ?????????? ?? ????? ?? ??? ????? ??, ?? ?? ??? ??? ?? Windows ??????????? ??? ?? ??? ??????????? ?? ???? ???? ?????, ?? ??????? ???? ??? ???????? ???? ?? ????? ???? ?? ??? ??? ??? ?? ??? ???????????? ?? ??? ?? ?????????? ?? ??????? ?????? ??? ????? ?? ???? ??????????-mission ????????? ???? ???? ?? ??? extensively ???????? ??????? ?????

?? ???? ????? ???? ?? ?? ???? ?????????? ?? Microsoft Internet Explorer ??? ??????? ???? ??? ?? ??? ??????? ???????? ???? strengthen ?? ???? ???? ??????? ???? ??????? ?? ?? ???? ???? ???????? ???? ?? ???? ??? ?? ?? ??????? ????? ??????????? ?? ???? ???? ??:
  • Microsoft Windows ?? 32-??? ??????? ?? Internet Explorer ?? 32-??? ???????
  • Microsoft Windows XP ?? 64-??? ????????? ?? Internet Explorer ?? 64-??? ???????
  • Microsoft Windows Server 2003 ?? 64-??? ????????? ?? Internet Explorer ?? 64-??? ???????
???:Microsoft Windows XP ?????? ??? 2 (SP2) ?? ??????? ???? ??????? ?? ???????? ???? ??? ?????, ??? ?? Windows XP SP2 ??????? ??, ?? ?? ???? ???? ?? ???? ??? ???? ?? ???????????? ??? ?? ??? ?? ????? ???? ?? ????

???? ???????

??????? ???? ?? ???? ???

Internet Explorer ?????????? ??????? ???? ???? ??? ??????? ???? ?? ???????? ????:
  • ???????
  • ??????? ?????????
  • ????????? ??????
  • ?????????? ??????
??? ??????? ???, ??????? ???? ??????? ?? ?? implicit ??????? ?? ?? ???? ??????? ???????? ?? ????? ??? Internet Explorer ??? ??????? ???????? ?? ???? ?? ??? ???????? ???? ???? ?? ???? ??? ?? ?? ???? ??????? ???????? ???????? ???? ??????? ?????? ???????? ???? ?? ????? ????? ???????, ??? ???? ??? ?????????? ????????? ???, ?? ?? ???????? ?? ???? ??????? ???? ??? ?? ??? ??????? ???????? ?? ?? ????????? ?????? ?? ????????? ???

Internet Explorer ???? ???? ??? ???? ?? ??????? ???? ?? ????? ???? ???? ??? ??????? ??? ??? ?? ?? ??? ???? ?? ????????? ?????? ???? ??? ?? ?? ??????? ????????? ???? ??? ?? ?? ??? ???? ?? ??????? ?? ?? ???? ???? ??? ??? ??????? ???? ?? ??? ???? ??? ???? ????, ?????? ?? ????????? ?? ???? ???? ?? ???? ??? ???? ?? ???? ???????? ?? ????????? ?????? ?? ???, ?????? ??????? ?? ???? restrictive ???? ??????? ???? ?? ??? ??? ???? ?? ???? ?? ???? ???????? ?? ????????? ???????? ?? ??? ?? ?? ???? ??? ???? ?? ??? ?? ???? ????

??????? ???? ?? ??????? ??? ?? ?? ??? ???? ?? ???? ????????? ?? ???? ?? ??? ?? ?? ??? ???? ?? ?? restrictive ??????? ?????? ??? ?? ???? ?? ????? ?? ??? ?? ??????? ?? ?? ???? ??????? ???????? ?? Internet Explorer caches ??? ??? ?????????????? ?????????? arbitrary ??? ??????? ???? ??? ?? ??? ?? restrictive ??????? ???????? ?? ??? ???? ?? ?????? ???? ???????? ?? ????? ?? ?????? ?? ???? ????

???? ???? ?? ?? strengthen ??????? ???? ??? ?? ??? ??????? ????????

?? ?? ??????? ???? ??? ?? ??? ??????? ???????? strengthen, ???????????? ?? ????? ??????? ?? ?? ?? ???? ????? ?? ???? ??:
  • ???????????? ?? ??? ??? ???? ?? ???? ???? ???? ????? ?? ???? ???? ????? ?? ??? ???? ????
  • ???????????? ?? ???? ?? ?? ????????? ?? ???? ????? ?? ??? ???? ??? ???? ???
  • ActiveX ?????????? ?? ???? ????????? ???? ??????
  • ???????????? ?? ????? ?? ?????? ?? ??? ??? ?? ??? ??? ??? ?? ????????? ???? ?? ???? ???

???? ??????? ???? ??? ?? ??? ??????? ???????? ?? ????????? ??? ???????? ???? ???

??????? ???? ??? ?? ??? ??????? ???????? ????? ????????? ??????????, ????? ??? ?? ???? ?????? ?? ???? ?? ???????? ???:
  • ??? ?? ???????????? ?? ???? Internet Explorer ??????? ?????? ??? ???? ???, ??????? ???? ??? ?? ??? ??????? ???????? ?? ??????? ??? ???????? ???:
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
  • ??? ?? ??? ???????????? ?? ?? ?? Internet Explorer ?? ??? ????? ??????? ????????, ??????? ???? ??? ?? ??? ??????? ???????? ?? ??????? ??? ???????? ???:
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0

???????? ??? ??, ??????? ???? ???????? ????? ????????? subtree ??? ???????? ???:
HKEY_CURRENT_USER
??????? ?? subtree ???????? ?????????? ?? ??? ?????? ??? ?? ??? ??, ?? ?????????? ?? ??? ???????? ?? ???????? ???? ???????? ?? ???? ???? ?????????? ?? ??? ??? ????????? ???? ?? ??? ???????????? ?? ??? ?? ?? ??????? ????????, ?? ??? ????? ??? ?? ?? ?? ??? ?????:
  • ??????? ???????:???? ???? ???????? ?? ????? ???????? ???? ??? ?????? ????? ???? ??? ???
  • Security_HKLM_only DWORD ??? ????? ??, ?? ?? ??? 1 ???
Security_HKLM_only DWORD ??? ????? ????????? ??????? ??? ???????? ?? ??:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet ????????

???????? ???????? ?? ?????????? ???????? ????? ???? ???? ?? ????? ????????? ???? ??:
  • ??????? ???????:???? ???? ???????? ?? ????? ????option in Group Policy is not enabled
  • The Security_HKLM_only DWORD value does not exist
  • The Security_HKLM_only DWORD value is set to 0

If the Security_HKLM_only DWORD value does not exist, or if the Security_HKLM_only DWORD value is set to 0, Internet Explorer reads the HKEY_LOCAL_MACHINE registry key and the HKEY_CURRENT_USER registry key, respectively. However, only the HKEY_CURRENT_USER settings appear in the Internet Options Control Panel.

The security settings that are displayed in the Internet Options Control Panel have corresponding numeric values in the registry. The following table shows the default values for each security setting. The table also shows the recommended values that you can use to strengthen each security setting for the Local Machine zone.
?? ?????? ?? ??????? ?????? ?????? ?? ??????? ????
Security Setting Name in the UIRegistry Value Numeric Name (Type)Default Registry Value DataRecommended Registry Value Data
ActiveX ?????????? ?? ????-???? ?????1200 (DWORD)03
Initialize and script ActiveX controls not marked as safe1201 (DWORD)13
?????? ????????????1400 (DWORD)01
Access data sources across domains1406 (DWORD)01
Java permissions1C00 (Binary)00 00 02 0000 00 00 00
In the aforementioned table, the settings for the DWORD values mean the following:
  • 0 indicates that the action is enabled. This is the default setting.
  • 1 indicates that a prompt appears.
  • 3 indicates that the action is disabled.
The default setting of 00 00 02 00 for the Binary value indicates a medium level of safety. The 00 00 00 00 setting disables Java.

???:?? ??? ?????? ????????????, ??? ?????? 1 ?? ???? ?? ???? ?? ???? ???? ??????? ?? ????? ???? ?? ???? ?????, ?? ???? ?? ?? ???????????? ?? ?????? ??? ??? ???? ?? ???, ?????? ???????????? ??? 0 ?? ???? ??? ?? ?????? ???? ?? ??? ????? ???, ?????? ??? ???? 1400 ?? ??? ??????? ???? ?? ?? ??? ???????????? ?? ??? ???? ?? ??? ???? ????? ???, ?? ??????, "???? ??????? ???? ??? ?? ??? ??????? ???????? ????????? ????."

??????? ???? ???? ?? ??? ??????? ???????? ????????? ???? ?? ??? ???? ????


???????????? ???, ????, ?? ????? ?? ????????? ?? ??????? ???? ?? ??? ????? ????? ??? ???? ???????, ??? ?? ????????? ?? ??? ??? ?? ??????? ???? ??? ?? ????? ???????? ??????? ?? ???? ???.. ?????, ????????? ???? ?? ?? ?? ????? ?? ??????????? ???? ???? ???.. ?????? ??????? ?? ???, ????????? ?? ??????? ???? ?? ???? ???? ??? ?? ???.. ???, ??? ??? ?????? ??????? ???? ?? ?? ?? ????????? ?? ???????????? ?? ???? ???.. ????????? ?? ??? ?? ???? ?? ???????????? ???? ?? ????? ?? ???? ??? ???? ??????? ?? ???, Microsoft ?????? ??? ??? ???? ????? ?? ??? ????? ???? ?????? ????? ????::
322756??? ?? ???? ?? Windows ??? ????????? ?? ???????????? ???? ????


??????? ???? ??? ?? ??? ??????? ???????? ?? ????????? ???? ?? ??? DWORD ??? ?? ??????? ??? ?????? ???? ?????? ?? ??? ??????? ???? ?? ????? ?????

?????? ?????????? ?????????? ???? ???????? ???

??????? ???? ??? ?? ??? strengthening ??????? ????????
???? ?????? ?????????? ??????? ??? ???? ???? ???????? ??????, formerly ???? ???? ?????? ?? ??? ??? ????? ?? ????? ????? ??????? ???? ??? ?? ??? ??????? ???????? strengthen, ?? ????? ?? ???? ????:
  1. ????? ??? ?? ????????? ?????, ?? ???? ??? ??????, ???? Notepad ??? ????????

    ??? ?????????? ???? ??????? ???????? ?? ??? ?? ???? ???, ?? ????? ??? ?? ????? ????:
    REGEDIT4
    
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
    
    "1200"=dword:00000003
    "1201"=dword:00000003
    "1400"=dword:00000001
    "1406"=dword:00000001
    "1C00"=hex:00,00,00,00
    ??? ??? ???????????? ?? ?? ?? ??????? ???????? ?? ????? ???? ?????, ?? ????? ??? ?? ????? ????:
    REGEDIT4
    
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
    
    "1200"=dword:00000003
    "1201"=dword:00000003
    "1400"=dword:00000001
    "1406"=dword:00000001
    "1C00"=hex:00,00,00,00
    
  2. ????? ?? ADHardenLMZ.reg ?? ??? ??? ???????
  3. ???????? ?? ???? ?? ???? ???? ???????? ?????? ?? ????? ????? ???, ADHardenLMZ.reg ????? ?? ????????? ??? ????????? ???????? ?? ???? ???? ?? ??? ??????
  4. ????? ???? ???? ???????? ?????? ?? ?????? ?????????? ???????? ?? ???? ?? ??????? ???? ????? ????
  5. ???? ????? ???????? ?? ??? ????? ??? ???? ??:
    • ????????? ????? ?? ??? ?????? ???
    • ????????? ??? ??? ?? ???? ???? ????? ??? ?? ?????? ????
    ??? ?? ?? ????????? ??????? ????, ????? ???????. ??? ???? ?? ????? ?? ?? ????? ?? ?? ???? ??????? ???????? ActiveX ???????? ?? ????? ?? ???? ??, ????? ???? ?? ??? ?????? ?????? ????OK.

    ???:?? ?? ??????? strengthen ??????? ???? ?? ??? ???????? zone, ??? ??? ??? ???? ???? ???????? ?????? ???? ????? ?????
  6. ??????? ?????????????? ???????????, ??????? ????Windows ??????, ??????? ????Internet Explorer ??????, ?? ???? ??? ??????? ???????????. ???-????? ??????????? ????? ?? ??????? ??????.
  7. ????? ????,??????? ??????? ???? ?? ???????? ?????? ???? ?????? ????-????? ????, ?? ???? ???OK.
??????? ???? ??? ?? ??? ???????? ???????? ???????????? ?? ??? ??
??????? ???? ??? ?? ??? ??????? ???????? ?? ???????????? ???? ?? ??? ????? ????? ?? ???? ????:
  1. ????? ??? ?? ????????? ?????, ?? ???? ??? ??????, ???? Notepad ??? ????????

    ??? ?????????? ???? ??????? ???????? ?? ??? ?? ???? ???, ?? ????? ??? ?? ????? ????:
    REGEDIT4
    
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
    
    "1200"=dword:00000000
    "1201"=dword:00000001
    "1400"=dword:00000000
    "1406"=dword:00000000
    "1C00"=hex:00,00,02,00
    ??? ??? ???????????? ?? ?? ?? ??????? ???????? ?? ????? ???? ?????, ?? ????? ??? ?? ????? ????:
    REGEDIT4
    
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
    
    "1200"=dword:00000000
    "1201"=dword:00000001
    "1400"=dword:00000000
    "1406"=dword:00000000
    "1C00"=hex:00,00,02,00
    
    
  2. Save the file as ADDefaultLMZ.reg.
  3. On the computer where you want to run Group Policy Object Editor, run the ADDefaultLMZ.reg file to import the default settings into the registry.
  4. Open Group Policy Object Editor for the Active Directory object that you want to modify.
  5. You may be prompted for the following actions:
    • Permit scripts to run
    • Confirm that you want to continue running scripts
    If you receive this prompt, click???. If you receive a message that states that your current settings do not let ActiveX controls to be run, clickOK.

    ???:After you strengthen the security settings for the Local Machine zone, the Help pane will no longer appear in Group Policy Object Editor.
  6. ??????? ?????????????? ???????????, ??????? ????Windows ??????, expandInternet Explorer ??????, ?? ???? ??? ??????? ???????????. ???-????? ????Security Zones and Content Ratings.
  7. ????? ????,Import the current security zones and privacy settings?? ????-????? ????, ?? ???? ???OK.

In Non-Active Directory environments

Strengthening default settings for the Local Machine zone
To strengthen the security settings for the Local Machine zone, import the updated security settings into the registry. ??? ???? ?? ???, ????? ????? ?? ???? ????::
  1. Copy the following text and paste it into a text editor, such as Notepad.

    If users can set their own Internet Explorer security settings, use the following text:
    REGEDIT4
    
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
    
    "1200"=dword:00000003
    "1201"=dword:00000003
    "1400"=dword:00000001
    "1406"=dword:00000001
    "1C00"=hex:00,00,00,00
    If all users have the same security settings, use the following text:
    REGEDIT4
    
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
    
    "1200"=dword:00000003
    "1201"=dword:00000003
    "1400"=dword:00000001
    "1406"=dword:00000001
    "1C00"=hex:00,00,00,00
    
    [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings]
    
    "Security_HKLM_only"=dword:00000001
  2. Save the file as HardenLMZ.reg.
  3. Run the HardenLMZ.reg file on all client computers to import the settings into the registry.
Restoring default settings for the Local Machine zone
To restore the default settings for the Local Machine zone, follow these steps:
  1. Copy the following text and paste it into a text editor, such as Notepad.

    If users can set their own Internet Explorer security settings, use the following text:
    REGEDIT4
    
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
    
    "1200"=dword:00000000
    "1201"=dword:00000001
    "1400"=dword:00000000
    "1406"=dword:00000000
    "1C00"=hex:00,00,02,00
    If all users have the same security settings, use the following text:
    REGEDIT4
    
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
    
    "1200"=dword:00000000
    "1201"=dword:00000001
    "1400"=dword:00000000
    "1406"=dword:00000000
    "1C00"=hex:00,00,02,00
    
    [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings]
    
    "Security_HKLM_only"=dword:00000001
    
  2. Save the file as DefaultLMZ.reg.
  3. Run the DefaultLMZ.reg file on all client computers to import the settings into the registry.

??????? ?? ??? ??????? ???? ?? ??????? ??? ????? HTML ????? ????????? ???????

After you strengthen the security settings for the Local Machine zone, you can assign a local HTML file that contains scripts, ActiveX controls, or Java programs to the Internet zone. When Internet Explorer opens the HTML file, Internet Explorer looks for the "saved from URL" comment. If Internet Explorer finds the "saved from URL" comment, Internet Explorer uses the security settings for the Internet zone instead of the settings for the Local Machine zone. If the Internet zone is configured to run scripts, to run ActiveX controls, or to run Java programs, these items will run and you will not experience the behaviors that are described in the "Before you strengthen security settings for the Local Machine zone" section.

To assign a local HTML file to the Internet zone, you can add a "saved from URL" comment to the local HTML file. This comment instructs Internet Explorer to apply the security settings for the Internet zone to the HTML file that is saved on your hard disk. This comment must look similar to the following:

 <!-- saved from url=(0023)http://www.contoso.com/ -->


The value in parentheses represents the number of characters in the URL that follows the equal sign. In this example, this value is 0023. Contoso represents the name of an Internet Web site.

??????

For additional information about how to distribute registry changes to multiple computers by using a .reg file, click the following article number to view the article in the Microsoft Knowledge Base:
310516????????? ????????? (.reg) ????? ?? ????? ?? ????????? ?????????? ?? ????? ?? ???? ??????, ??????? ???? ?? ?????
For more information about Internet Explorer security zones registry entries, click the following article number to view the article in the Microsoft Knowledge Base:
182569Internet Explorer ??????? zones ????? ???????????? ?? ??? ????????? ????????????
For additional information about URL security zone templates, visit the following Microsoft Web site:
http://go.microsoft.com/fwlink/?LinkID=12658

???

???? ID: 833633 - ????? ???????: 05 ?????? 2010 - ??????: 2.0
???? ???? ???? ??:
  • Microsoft Internet Explorer 6.0
  • Microsoft Internet Explorer 5.0
??????: 
kbPubTypeKC kbmt KB833633 KbMthi
???? ?????? ????????
??????????: ?? ???? ?? ???? ??????? ?? ????? ?? Microsoft ????-?????? ?????????? ?????? ?????? ???? ??? ??. Microsoft ???? ??? ????-???????? ?? ????-???????? ????? ?????? ?? ???? ???????? ???? ?? ???? ????? ????? ??? ?? ??? ?????? ?? ???? ???? ???? ??? ????? ??. ???????, ????-???????? ???? ????? ???? ???? ???? ???. ?????, ????????, ?????-???? ?? ??????? ?? ???????? ?? ???? ???, ???? ?? ??? ?????? ???? ???? ??? ????? ??? ?? ???? ??. Microsoft ??????? ??? ???? ?? ?????? ?? ??????????, ????????? ?? ??? ?????? ?? ???? ????? ?? ???? ???????? ?? ??? ???? ????? ?? ??? ????????? ???? ??. Microsoft ????-?????? ?????????? ?? ????? ?????? ?? ?? ??? ??.
?????????? ?? ??????? ????????? ??????? ??:833633

??????????? ???

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com