Event 1030 - Local Machine Zone Lockdown (LMZL)
Published: June 11, 2010
Updated: June 11, 2010
Applies To: Windows 7, Windows Vista
Local Machine Zone Lockdown secures the Local Machine zone, by tightening restrictions on several URL actions. Any time one of these URL actions is attempted, a new security user interface (UI) element, called the Information Bar, appears. The user can click the Information Bar to remove the lockdown from the restricted content.
The following table shows the seven URL actions that are more restrictive in the Lockdown zone than in the Local Machine zone.
|URL ACTION||URL POLICY|
|For more information on URL actions and pointers to what they mean, see the Introduction to URL Security Zones topic on MSDN.|
When Is This Event Logged?
This event is logged any time a Web page attempts to perform a restricted URL action.
|For more information and examples, see the Event 1030-Local Machine Zone Lockdown (LMZL) topic from Internet Explorer Application Compatibility.|
If your Web page runs a Microsoft® ActiveX® control or script, you can add a Mark of the Web comment to the HTML of the page. Mark of the Web is a Windows® Internet Explorer® feature that forces the HTML file into the security zone of the specified URL. This enables the Web page to run the script or ActiveX control in a less restrictive zone. This only works for Internet Explorer 4.0 and later.
Use the following comment to insert a Mark of the Web comment into a page with an identified domain, replacing http://www.fabrikam.com with the URL of the Internet or intranet domain where the page is hosted.
<!--saved from url= <http://www.fabrikam.com> -->
Use the following comment when you need to insert a generic Mark of the Web.
<!--saved from <url=about:internet>-->
With Microsoft Internet Explorer 6 and later, you can use the Mark of the Web comment with multipart HTML (.mht) files.
|You host HTML application (.hta) files in a different process; therefore, they are not impacted by the Local Machine zone lockdown.|
Local Machine Zone Lockdown and the Registry
You manage the Local Machine zone lockdown restrictions through a security feature-control registry key (FEATURE_LOCALMACHINE_LOCKDOWN). Internet Explorer (Iexplore.exe) and Windows Explorer (Explorer.exe) run under this feature control by default. The following shows the registry keys and the enabled processes:
HKEY_LOCAL_MACHINE (or HKEY_CURRENT_USER)\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe= 0x00000001
HKEY_LOCAL_MACHINE (or HKEY_CURRENT_USER)\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\explorer.exe= 0x00000001
HKEY_LOCAL_MACHINE (or HKEY_CURRENT_USER)\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\process name.exe=0x00000001
How Can I Work Around This Problem?
The user can also configure the restrictions associated with the zones, through Internet Options on the Tools menu.
What Happens If I Disable This Security Feature?
This setting prevents content on a user's computer from elevating privilege. Code with elevated privilege can then run any code through an ActiveX control or read information with a script.