Dude, Where Is My Intranet Zone? Changes To IE7 Security Zones

Internet Explorer enforces security rules for websites by grouping them into categories or “security zones”. Today we want to explain the changes to security zones you’ll see in IE7 so we should first clarify what the security rules are in IE6.............Of course, in enterprise IT networks, sites in the intranet zone have to just work exactly like they do today. IE7 will check if the machine has joined a domain. If a machine has joined a domain, as you would expect, IE7 will automatically detect intranet sites and run them with settings for the Intranet zone.

There will be cases where IE might not detect an enterprise IT network correctly. For example, a PC might be on a workgroup rather than a domain or it may not have joined the domain. For those cases, network admins will be able to set group policy on the settings for the Intranet to make sure that IE behaves as they wish. Even if the network admin can’t set policy, IE will show an information bar when visiting a probable intranet site. If a user wants to re-enable their intranet zone, they’ll be able to.

We are also increasing security for the Internet Zone and the Trusted sites zone. The Internet zone, where most users browse, will be tightened down with two very notable changes. The Internet zone will run in Protected Mode on Windows Vista which helps provide defense-in-depth against some of the attacks IE has faced in the past. ActiveX Opt-In will also help reduce the attack surface of ActiveX controls in the internet zone (this feature deserves its own post). IE7 introduces a new security level for these additional protections, Medium-high.

With the Trusted Sites zone in IE6, we find that many users don’t understand how powerful a site becomes when they make it a Trusted Site. For example, a Trusted Site in IE6 can automatically install signed ActiveX controls on the user’s machine. As a safety precaution in IE7, we have set the default for the Trusted Sites zone to Medium, the same level as the Internet zone in IE6. Customers who depend on the IE6 level of the Trusted Sites zone will be able lower settings back to IE6 levels with the slider on the “Security” tab of “Internet Options” or through policy settings. IEBlog : Dude, where’s my intranet zone? (… and more about the changes to IE7 security zones)

Linked by shanmuga Wednesday, 7th December 2005 8:57PM