| A | B | C | D | |
|---|---|---|---|---|
1 | Policy Path | Policy Name | Windows Server 2016/2019 | Windows 10/Workstation |
2 | Windows Components/Internet Explorer | Prevent bypassing SmartScreen Filter warnings | Enabled | Enabled |
3 | Windows Components/Internet Explorer | Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet | Enabled | Enabled |
4 | Windows Components/Internet Explorer | Prevent managing SmartScreen Filter | On | On |
5 | Windows Components/Internet Explorer | Prevent per-user installation of ActiveX controls | Enabled | Enabled |
6 | Windows Components/Internet Explorer | Security Zones: Do not allow users to add/delete sites | Enabled | Enabled |
7 | Windows Components/Internet Explorer | Security Zones: Do not allow users to change policies | Enabled | Enabled |
8 | Windows Components/Internet Explorer | Security Zones: Use only machine settings | Enabled | Enabled |
9 | Windows Components/Internet Explorer | Specify use of ActiveX Installer Service for installation of ActiveX controls | Enabled | Enabled |
10 | Windows Components/Internet Explorer | Turn off Crash Detection | Enabled | Enabled |
11 | Windows Components/Internet Explorer | Turn off the Security Settings Check feature | Disabled | Disabled |
12 | Windows Components/Internet Explorer/Internet Control Panel | Prevent ignoring certificate errors | Enabled | Enabled |
13 | Windows Components/Internet Explorer/Internet Control Panel/Advanced Page | Allow software to run or install even if the signature is invalid | Disabled | Disabled |
14 | Windows Components/Internet Explorer/Internet Control Panel/Advanced Page | Check for server certificate revocation | Enabled | Enabled |
15 | Windows Components/Internet Explorer/Internet Control Panel/Advanced Page | Check for signatures on downloaded programs | Enabled | Enabled |
16 | Windows Components/Internet Explorer/Internet Control Panel/Advanced Page | Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled | Enabled | Enabled |
17 | Windows Components/Internet Explorer/Internet Control Panel/Advanced Page | Turn off encryption support | Use TLS 1.1 and TLS 1.2 | Use TLS 1.1 and TLS 1.2 |
18 | Windows Components/Internet Explorer/Internet Control Panel/Advanced Page | Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows | Enabled | Enabled |
19 | Windows Components/Internet Explorer/Internet Control Panel/Advanced Page | Turn on Enhanced Protected Mode | Enabled | Enabled |
20 | Windows Components/Internet Explorer/Internet Control Panel/Security Page | Intranet Sites: Include all network paths (UNCs) | Disabled | Disabled |
21 | Windows Components/Internet Explorer/Internet Control Panel/Security Page | Turn on certificate address mismatch warning | Enabled | Enabled |
22 | Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone | Access data sources across domains | Disabled | Disabled |
23 | Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone | Allow cut, copy or paste operations from the clipboard via script | Disabled | Disabled |
24 | Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone | Allow drag and drop or copy and paste files | Disabled | Disabled |
25 | Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone | Allow loading of XAML files | Disabled | Disabled |
26 | Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone | Allow only approved domains to use ActiveX controls without prompt | Enabled | Enabled |
27 | Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone | Allow only approved domains to use the TDC ActiveX control | Enabled | Enabled |
28 | Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone | Allow scripting of Internet Explorer WebBrowser controls | Disabled | Disabled |
29 | Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone | Allow script-initiated windows without size or position constraints | Disabled | Disabled |
30 | Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone | Allow scriptlets | Disabled | Disabled |
31 | Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone | Allow updates to status bar via script | Disabled | Disabled |
32 | Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone | Allow VBScript to run in Internet Explorer | Disabled | Disabled |
33 | Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone | Automatic prompting for file downloads | Disabled | Disabled |
34 | Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone | Don't run antimalware programs against ActiveX controls | Disabled | Disabled |
35 | Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone | Download signed ActiveX controls | Disabled | Disabled |
36 | Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone | Download unsigned ActiveX controls | Disabled | Disabled |
37 | Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone | Enable dragging of content from different domains across windows | Disabled | Disabled |
38 | Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone | Enable dragging of content from different domains within a window | Disabled | Disabled |
39 | Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone | Include local path when user is uploading files to a server | Disabled | Disabled |
40 | Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone | Initialize and script ActiveX controls not marked as safe | Disabled | Disabled |
41 | Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone | Java permissions | Disable Java | Disable Java |
42 | Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone | Launching applications and files in an IFRAME | Disabled | Disabled |
43 | Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone | Logon options | Prompt for user name and password | Prompt for user name and password |
44 | Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone | Navigate windows and frames across different domains | Disabled | Disabled |
45 | Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone | Run .NET Framework-reliant components not signed with Authenticode | Disabled | Disabled |
46 | Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone | Run .NET Framework-reliant components signed with Authenticode | Disabled | Disabled |
47 | Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone | Show security warning for potentially unsafe files | Prompt | Prompt |
48 | Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone | Turn on Cross-Site Scripting Filter | Enabled | Enabled |
49 | Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone | Turn on Protected Mode | Enabled | Enabled |
50 | Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone | Turn on SmartScreen Filter scan | Enabled | Enabled |
51 | Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone | Use Pop-up Blocker | Enabled | Enabled |
52 | Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone | Userdata persistence | Disabled | Disabled |
53 | Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone | Web sites in less privileged Web content zones can navigate into this zone | Disabled | Disabled |
54 | Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone | Don't run antimalware programs against ActiveX controls | Disabled | Disabled |
55 | Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone | Initialize and script ActiveX controls not marked as safe | Disabled | Disabled |
56 | Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone | Java permissions | High Saftey | High Saftey |
57 | Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone | Don't run antimalware programs against ActiveX controls | Disabled | Disabled |
58 | Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone | Java permissions | Disable java | Disable Java |
59 | Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone | Turn on SmartScreen Filter scan | Enabled | Enabled |
60 | Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone | Java permissions | Disable java | Disable java |
61 | Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone | Java permissions | Disable java | Disable java |
62 | Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone | Java permissions | Disable java | Disable java |
63 | Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone | Turn on SmartScreen Filter scan | Enabled | Enabled |
64 | Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone | Java permissions | Disable java | Disable java |
65 | Windows Components\Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone | Access data sources across domains | Disabled | Disabled |
66 | Windows Components\Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone | Allow active scripting | Disabled | Disabled |
67 | Windows Components\Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone | Allow binary and script behaviors | Disabled | Disabled |
68 | Windows Components\Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone | Allow cut, copy or paste operations from the clipboard via script | Disabled | Disabled |
69 | Windows Components\Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone | Allow drag and drop or copy and paste files | Disabled | Disabled |
70 | Windows Components\Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone | Allow file downloads | Disabled | Disabled |
71 | Windows Components\Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone | Allow loading of XAML files | Disabled | Disabled |
72 | Windows Components\Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone | Allow META REFRESH | Disabled | Disabled |
73 | Windows Components\Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone | Allow only approved domains to use ActiveX controls without prompt | Enabled | Enabled |
74 | Windows Components\Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone | Allow only approved domains to use the TDC ActiveX control | Enabled | Enabled |
75 | Windows Components\Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone | Allow scripting of Internet Explorer WebBrowser controls | Disabled | Disabled |
76 | Windows Components\Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone | Allow script-initiated windows without size or position constraints | Disabled | Disabled |
77 | Windows Components\Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone | Allow scriptlets | Disabled | Disabled |
78 | Windows Components\Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone | Allow updates to status bar via script | Disabled | Disabled |
79 | Windows Components\Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone | Allow VBScript to run in Internet Explorer | Disabled | Disabled |
80 | Windows Components\Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone | Automatic prompting for file downloads | Disabled | Disabled |
81 | Windows Components\Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone | Don't run antimalware programs against ActiveX controls | Disabled | Disabled |
82 | Windows Components\Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone | Download signed ActiveX controls | Disabled | Disabled |
83 | Windows Components\Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone | Download unsigned ActiveX controls | Disabled | Disabled |
84 | Windows Components\Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone | Enable dragging of content from different domains across windows | Disabled | Disabled |
85 | Windows Components\Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone | Enable dragging of content from different domains within a window | Disabled | Disabled |
86 | Windows Components\Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone | Include local path when user is uploading files to a server | Disabled | Disabled |
87 | Windows Components\Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone | Initialize and script ActiveX controls not marked as safe | Disabled | Disabled |
88 | Windows Components\Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone | Java permissions | Disable Java | Disable Java |
89 | Windows Components\Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone | Launching applications and files in an IFRAME | Disabled | Disabled |
90 | Windows Components\Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone | Logon options | Anonymous Logon | Anonymous Logon |
91 | Windows Components\Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone | Navigate windows and frames across different domains | Disabled | Disabled |
92 | Windows Components\Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone | Run .NET Framework-reliant components not signed with Authenticode | Disabled | Disabled |
93 | Windows Components\Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone | Run .NET Framework-reliant components signed with Authenticode | Disabled | Disabled |
94 | Windows Components\Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone | Run ActiveX controls and plugins | Disabled | Disabled |
95 | Windows Components\Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone | Script ActiveX controls marked safe for scripting | Disabled | Disabled |
96 | Windows Components\Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone | Scripting of Java applets | Disabled | Disabled |
97 | Windows Components\Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone | Show security warning for potentially unsafe files | Disabled | Disabled |
98 | Windows Components\Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone | Turn on Cross-Site Scripting Filter | Enabled | Enabled |
99 | Windows Components\Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone | Turn on Protected Mode | Enabled | Enabled |
100 | Windows Components\Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone | Turn on SmartScreen Filter scan | Enabled | Enabled |
101 | Windows Components\Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone | Use Pop-up Blocker | Enabled | Enabled |
102 | Windows Components\Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone | Userdata persistence | Disabled | Disabled |
103 | Windows Components\Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone | Web sites in less privileged Web content zones can navigate into this zone | Disabled | Disabled |
104 | Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone | Don't run antimalware programs against ActiveX controls | Disabled | Disabled |
105 | Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone | Initialize and script ActiveX controls not marked as safe | Disabled | Disabled |
106 | Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone | Java permissions | High Saftey | High Saftey |
107 | Windows Components/Internet Explorer/Security Features | Allow fallback to SSL 3.0 (Internet Explorer) | No Sites | No Sites |
108 | Windows Components/Internet Explorer/Security Features/Add-on Management | Remove "Run this time" button for outdated ActiveX controls in Internet Explorer | Enabled | Enabled |
109 | Windows Components/Internet Explorer/Security Features/Add-on Management | Turn off blocking of outdated ActiveX controls for Internet Explorer | Disabled | Disabled |
110 | Windows Components/Internet Explorer/Security Features/Consistent Mime Handling | Internet Explorer Processes | iexplore.exe = Enabled explorer.exe = Enabled (Reserved) = Enabled | iexplore.exe = Enabled explorer.exe = Enabled (Reserved) = Enabled |
111 | Windows Components/Internet Explorer/Security Features/Mime Sniffing Safety Feature | Internet Explorer Processes | iexplore.exe = Enabled explorer.exe = Enabled (Reserved) = Enabled | iexplore.exe = Enabled explorer.exe = Enabled (Reserved) = Enabled |
112 | Windows Components/Internet Explorer/Security Features/MK Protocol Security Restriction | Internet Explorer Processes | iexplore.exe = Enabled explorer.exe = Enabled (Reserved) = Enabled | iexplore.exe = Enabled explorer.exe = Enabled (Reserved) = Enabled |
113 | Windows Components/Internet Explorer/Security Features/Notification bar | Internet Explorer Processes | iexplore.exe = Enabled explorer.exe = Enabled (Reserved) = Enabled | iexplore.exe = Enabled explorer.exe = Enabled (Reserved) = Enabled |
114 | Windows Components/Internet Explorer/Security Features/Protection From Zone Elevation | Internet Explorer Processes | iexplore.exe = Enabled explorer.exe = Enabled (Reserved) = Enabled | iexplore.exe = Enabled explorer.exe = Enabled (Reserved) = Enabled |
115 | Windows Components/Internet Explorer/Security Features/Restrict ActiveX Install | Internet Explorer Processes | iexplore.exe = Enabled explorer.exe = Enabled (Reserved) = Enabled | iexplore.exe = Enabled explorer.exe = Enabled (Reserved) = Enabled |
116 | Windows Components/Internet Explorer/Security Features/Restrict File Download | Internet Explorer Processes | iexplore.exe = Enabled explorer.exe = Enabled (Reserved) = Enabled | iexplore.exe = Enabled explorer.exe = Enabled (Reserved) = Enabled |
117 | Windows Components/Internet Explorer/Security Features/Restrict File Download | Internet Explorer Processes | iexplore.exe = Enabled explorer.exe = Enabled (Reserved) = Enabled | iexplore.exe = Enabled explorer.exe = Enabled (Reserved) = Enabled |
118 | Windows Components/Microsoft Edge | Allow Extensions | Disabled (maybe) | Disabled (maybe) |
119 | Windows Components/Microsoft Edge | Allow InPrivate browsing | Disabled (big maybe) | Disabled (big maybe) |
120 | Windows Components/Microsoft Edge | Configure cookies | Enabled: Block only 3rd-party cookies Enabled: Block all cookies (maybe) | Enabled: Block only 3rd-party cookies Enabled: Block all cookies (maybe) |
121 | Windows Components/Microsoft Edge | Configure Password Manager | Disabled | Disabled |
122 | Windows Components/Microsoft Edge | Configure Pop-up Blocker | Enabled | Enabled |
123 | Windows Components/Microsoft Edge | Configure search suggestions in Address bar | Disabled | Disabled |
124 | Windows Components/Microsoft Edge | Configure Windows Defender SmartScreen | Enabled | Enabled |
125 | Windows Components/Microsoft Edge | Prevent access to the about:flags page in Microsoft Edge | Enabled | Enabled |
126 | Windows Components/Microsoft Edge | Prevent bypassing Windows Defender SmartScreen prompts for files | Enabled | Enabled |
127 | Windows Components/Microsoft Edge | Prevent bypassing Windows Defender SmartScreen prompts for sites | Enabled | Enabled |
128 | Windows Components/Microsoft Edge | Prevent certificate error overrides | Enabled | |
129 | Windows Components/Microsoft Edge | Prevent using Localhost IP address for WebRTC | Enabled | Enabled |