Export (0) Print
Expand All

Policies and Restrictions

Depending on your role, you can specify settings across your organization for various aspects of your user's machines, including their desktop, Internet components, operating system, and security.

Internet content providers, Internet service providers, and corporate administrators can specify default settings for their users. In addition, corporate administrators can customize and restrict numerous settings, ranging from whether users can delete printers to whether they can add items to their desktops.

All the system policies and restrictions that you can set in the Internet Explorer 6 Customization Wizard and later manage in the IEAK Profile Manager can be configured for users running Windows 95, Windows 98, and Windows Millennium Edition operating systems.

However, you can only configure a subset of these system policies and restrictions for users without Administrator privileges on the Windows NT, Windows 2000, or Windows XP platforms. Instead, it is recommended that you use the Windows NT Policy Editor, Windows 2000, or Windows XP Group Policy to configure the remaining policies and restrictions for those users.

You should understand the impact of the security settings on your users, especially if you have roaming users who share computers with other users.

note.gif Note 

  • Settings for the new Internet Explorer 6 Image Toolbar feature include enabling image toolbar hovering, shrinking an image to the size of the screen, and automatically playing media files in the media bar. You can set these options in the Internet settings section of Policies and Restrictions.

  • The settings displayed in the wizard are contained in administration (.adm) files that come with the IEAK. If you are familiar with .adm files, you can use the Internet Explorer 6 Customization Wizard to set the policies and restrictions you have set up in your own .adm files by clicking Import.

    The choices you make for these settings and restrictions are stored as .ins files. The .ins files are used to build the .inf files for your custom package. For an illustration on the relationship between .adm files and .inf files, see System Policies and Settings.

  • To ensure that the Trusted Publishers setting is effective for the Security section of Internet Restrictions, you should verify that security zones and policies are correctly set up.

User settings can be stored in a central location and be made available to people as they log on from computer to computer. This could be useful, for example, for a person who needs low security settings but who uses a computer that is typically operated by someone whose security settings are more restrictive.

Customizing security settings

You can allow three typical levels of customization for security settings:

  • Control, or "lock down," all settings.

  • Control user settings while allowing profiles for roaming users to be downloaded.

    You can specify that settings cannot be changed, without locking out roaming users who have different profiles. The Windows roaming user feature allows users to download their settings from a server.

  • Customize initial settings, but allow user to modify them.

    In this stage of the wizard, you can customize many user settings, including security levels and ratings. Customizing the settings in this stage does not determine whether the user can control the settings.

To set system policies and restrictions

  1. Double-click each category to display the options.

  2. Click the policy or restriction you want to work with.

  3. Select or clear the check boxes you want.

To lock down all settings

  1. Double-click Corporate Restrictions, and then click Security Page.

  2. Select the Use only machine settings for security zones check box.

To restrict a user from changing policies for a zone

  1. Double-click Corporate Restrictions, and then click Security Page.

  2. Select the Do not allow users to change policies for any security zone check box.

To restrict a user from adding or deleting sites

  1. Double-click Corporate Restrictions, and then click Security Page.

  2. Select the Do not allow users to add/delete sites from a security zone check box.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft