Forum Discussion

Thiago27's avatar
Thiago27
Copper Contributor
Feb 10, 2023

Internet Properties (AKA Internet Options) settings apply not only to Internet Explorer

Greetings!   The mostly-forgotten "Internet Properties" (AKA "Internet Options"), henceforth referred to as "IO", seems to be associated exclusively to the retired "Internet Explorer" ("IE", from n...
Thiago27's avatar
Thiago27
Copper Contributor
Feb 20, 2023

Mark_Albin 

Greetings!

 

Thanks for answering my questions.

 

I did some additional research and found the following information.

 

At least in theory, both "protected mode" and "enhanced protected mode" are still available and can be enabled by the user.

 

For protected mode, see:
1- https://learn.microsoft.com/en-us/dynamics365/unified-service-desk/admin/internet-explorer-settings-bpa?view=dynamics-usd-4.2
2- https://learn.microsoft.com/en-us/answers/questions/979690/(edge)-turn-off-protected-mode-in-internet-explore

 

Basically, using the registry editor, go to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\[zone number]\2500, where "zone number" is a number ranging from 0 to 4.

Then, set the file "2500" to "0" (enabled) or "3" (disabled). If it isn't present, create it with New > DWORD (32-bit) Value.

 

For enhanced protected mode, refer to:
1- https://learn.microsoft.com/en-us/dynamics365/unified-service-desk/admin/internet-explorer-settings-bpa?view=dynamics-usd-4.2
2- https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-internetexplorer
3- https://learn.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/enhanced-protected-mode-problems-with-ie11
4- https://learn.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/group-policy-objects-and-ie11

 

It can be enabled in Local Group Policy Editor > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Advanced Page > enable "Turn on enhanced protected mode".

 

As an alternative, using the registry editor, go to HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main and change the key "isolation" to "PMEM" (enabled) or "PMIL" (disabled).

 

For 64-bit tab processes:

1- https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-internetexplorer

 

To keep it short: Local Group Policy Editor > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Advanced Page > enable "Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows".

 

Location in the registry: HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main, file "isolation64Bit".

 

Please note that HKEY_CURRENT_USER could probably be replaced, e.g., by HKEY_LOCAL_MACHINE.

S

o, my point is: the official documentation is lacking and even Microsoft seems to overlook the fact that those settings are used by other programs/processes, which could pose a security risk.

 

As an example, I haven't been able to find anything official regarding "Sending_Security" and "Viewing_Security" under HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security. Needless to say, it seems to be related to security settings.

 

I will try to find more information about it.

diamedca's avatar
diamedca
Copper Contributor
Mar 15, 2024
I found a solution.
Go to registry editor and find:
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Then find these to keys and change the value from 1 to 0:
Security_options_edit
Security_zones_map_edit
  • Thiago27's avatar
    Thiago27
    Copper Contributor
    Mar 24, 2024
    Hey there! Thanks for your contribution. But I am not sure if I follow: what solution are you talking about, exactly?
    • KevinG3's avatar
      KevinG3
      Brass Contributor
      Jul 15, 2024
      Thiago27 here is the explanation for security zones
      https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.InternetExplorer::Security_options_edit
    • KevinG3's avatar
      KevinG3
      Brass Contributor
      Jul 15, 2024

      Thiago27  Well, between Mark and Diamedca they pretty much told us nothing.

      Mark hit the nail about as close as Microsoft ever does when trying to explain something without quite giving us the answer we actually needed, although I have to admit he came closer and put in more effort than most. eg Does  it effect security? M: Of course it does, and it will on some 3rd party software.....but as usual not specific enough to be an actual actionable answer.
        I was kind of hoping Diamedca would get back to you, she has the answer to 'something' 
      She should go on Jeopardy, see who can question the answer
      Explanation for security zones  below, they are hiding the link , 

      • Thiago27's avatar
        Thiago27
        Copper Contributor
        Aug 10, 2024
        Yeah, I was expecting a more precise answer, indeed. But can't blame them: even Microsoft's documentation about "Internet Options" is lacking and/or contradictory.
        Thanks for hopping in & answering the question about the answer, lol

Resources