Additional Settings

Article
05/18/2007

On this page of the Internet Explorer 7 Customization Wizard, depending on your role, you can specify settings for your organization for various aspects of your user's computers, including their desktop, operating system, and security settings. If you installed the Corporate version of Internet Explorer Administration Kit 7, after you deploy the custom package, you can update these settings in Additional Settings in IEAK Profile Manager.

To work with these items, do the following:

To modify settings in Additional Settings

Double-click each category to display the options.
Click the policy or restriction you want to work with.
Select or clear the appropriate check boxes.

Important

If you do not modify a particular policy setting, the setting will be ignored. However, if you want to explicitly enforce the absence of the setting, you must enable the setting (select the applicable check box), click Back, click Next, and then clear the check box.

You can only configure a subset of these items for users without administrative credentials on computers running Windows NT, Windows 2000, or Windows XP operating systems. Instead, you should use the Windows NT Policy Editor, Windows 2000, or Windows XP Group Policy to configure the remaining policies and restrictions for those users. In addition, for computers running Windows Vista, you should use Group Policy, instead of Additional Settings, to fully manage policies.

The settings displayed in the Internet Explorer 7 Customization Wizard are contained in administration (.adm) files that come with Internet Explorer Administration Kit 7 and are located in the folders under <systemdrive>:\Program Files\Microsoft IEAK 7\policies. You can also use the wizard to configure the options you have set up in your own .adm files. The edits you make are stored as .ins files. The .ins files are used to build the .inf files for your custom package.

Important

In IEAK 7, all .adm files, as well as the .adm parser, are Unicode. This means that, with this version of IEAK, you cannot use any custom ANSI-based .adm files that you created previously. If you place ANSI-based .adm files in the <systemdrive>:\Program Files\Microsoft IEAK 7\policies folder with the rest of the .adm files, IEAK Profile Manager will stop responding.

User settings can be stored in a central location and be made available to users who log on from computer to computer. This could be useful, for example, for a person who needs low security settings, but uses a computer that is typically operated by someone whose security settings are more restrictive.

Customize security settings

In particular, you should understand the impact of the security settings on your users, especially if you have roaming users who share computers with other users. You can customize security settings at three typical levels:

Control or lock down all settings.
Control user settings while allowing profiles for roaming users to be downloaded. You can specify that settings cannot be changed, without locking out roaming users who have different profiles. The Windows roaming user feature allows users to download their settings from a server.
Customize initial settings, but allow users to modify them.

To configure security settings, do the following:

To lock down all security settings

Double-click Corporate Restrictions, and then click Security Page.
Select the Use ONLY machine settings for security zones check box.

To restrict a user from changing settings for a zone

Double-click Corporate Restrictions, and then click Security Page.
Select the Do not allow users to change policies for any security zone check box.

To restrict a user from adding or deleting sites

Double-click Corporate Restrictions, and then click Security Page.
Select the Do not allow users to add/delete sites from a security zone check box.