Feb 10 2023 08:49 AM - edited Mar 24 2024 03:13 PM
Greetings!
The mostly-forgotten "Internet Properties" (AKA "Internet Options"), henceforth referred to as "IO", seems to be associated exclusively to the retired "Internet Explorer" ("IE", from now on), even in Microsoft's official documentation (e.g.: https://learn.microsoft.com/en-us/troubleshoot/developer/browsers/administration/enhanced-protected-...).
However, IO's settings seem to apply to software other than IE.
A simple demonstration (tested on Windows 11 Pro):
1- under IO's "security" tab, set the security level for the "internet" zone (or all of them) to "high";
2- go to the "privacy" tab, then "advanced", select "prompt" for both first and third-party cookies and uncheck "always allow session cookies" (this last step is probably optional);
3- apply the settings (of course);
4- open Microsoft Power Automate (if you have logged in previously, you will probably need to log out first);
5- after filling your email address, a new windows will open, along with a "privacy alert" about the website "login.microsoftonline.com" requesting to save a cookie and offering to allow or block it;
6- after allowing it 5 times, "login.live.com" wants to save cookies, too;
7- after allowing it 4 times, the following message will appear: "Microsoft account requires JavaScript to sign in. This web browser either does not support JavaScript, or scripts are being blocked. To find out whether your browser supports JavaScript, or to allow scripts, see the browser's online help";
8- close the error window and also Power Automate;
9- go back to IO, "privacy", "advanced" and set first and third-party cookies to "accept" and check "always allow session cookies" (again, this last step if probably optional);
10- still in IO, go to "security", select the zone "internet", "custom level" and, near the bottom of the list (under "scripting"), set "active scripting" to "enable" (this step enables javascript; see https://support.microsoft.com/en-us/topic/how-to-enable-javascript-in-windows-88d27b37-6484-7fc0-17d...);
11- apply the settings;
12- open Power Automate and fill your email address;
13- no cookie prompts will be shown, nor javascript errors.
If I recall correctly, IO's settings also caused issues with some Office software (mostly cookie warnings), Google Drive and Kindle.
It seems like some software still use some sort "default" connection (maybe similar to Android's WebView) subjected to IO's settings.
As such, IO applies to more programs other than the out-of-support IE, which makes its settings relevant for security purposes.
However, AFAIK, it lacks proper documentation, specially for newer versions of Windows. Also, "Enhanced Protected Mode", for some reason, isn't available anymore (https://support.microsoft.com/en-us/windows/change-security-and-privacy-settings-for-internet-explor...).
Considering the lack of documentation (or even wrong information, associating IO exclusively with IE) and the huge mess that Windows' settings has become (spread across the "Settings" menu and the old "Control Panel"), few users will bother configuring IO.
So, my questions are:
1- how to determine which software connections are influenced by IO's settings, including it's browsing story/temporary files?
2- will IO's settings be moved to another menu (e.g. "Settings")? Since some software is affected by IO's settings, shouldn't it be placed in a more convenient place?
3- would poor IO configuration pose a security risk?
4- why was "Enhanced Protected Mode" removed from IO?
5- are IO's settings found elsewere?
EDIT: changed "Enhanced Protection Mode" to "Enhanced Protected Mode" in question n. 4.
Feb 15 2023 04:09 PM - edited Feb 15 2023 04:11 PM
I hope this helps in answering your questions... Internet Options is a control panel in Windows that allows users to customize their web browsing experience. In Windows 11, Internet Explorer is still available but it's not the default browser anymore; instead, Microsoft Edge is the "Microsoft" recommended browser. However, Internet Options is still available in Windows 11, and some software connections can be influenced by its settings.
Here are answers to your questions:
1. How to determine which software connections are influenced by IO's settings, including its browsing story/temporary files?
Internet Options settings can affect various software connections, but it's difficult to determine which connections are impacted as it depends on the specific software and the settings that have been configured. However, in general, the settings can affect web browsing, downloading files, and accessing certain types of content on the internet. Additionally, the settings can also affect the temporary files and browsing history stored on the computer.
2. Will IO's settings be moved to another menu (e.g. "Settings")? Since some software is affected by IO's settings, shouldn't it be placed in a more convenient place?
In Windows 11, Internet Options is still available in the same location as it was in earlier versions of Windows. It's unlikely that the settings will be moved to another menu, but it's possible that some of the settings may be moved to a more convenient location in the future. However, for now, if you need to access the Internet Options settings, you can do so by opening Internet Explorer and clicking on the "Settings" gear icon in the top-right corner of the window.
3. Would poor IO configuration pose a security risk?
Yes, a poor configuration of Internet Options settings can pose a security risk. For example, if you don't configure the security settings correctly, you may be vulnerable to malware, phishing attacks, and other security threats. Additionally, if you don't clear your browsing history and temporary files regularly, it may be possible for others to access your personal information.
4. Why was "Enhanced Protection Mode" removed from IO?
In Windows 11, Internet Explorer has been updated to version 11, and Enhanced Protection Mode has been removed. This is because Enhanced Protection Mode was introduced in Internet Explorer 10 to provide additional security protections against certain types of attacks, but these protections are no longer necessary in Internet Explorer 11 as it includes modern security features like SmartScreen and AppContainer.
5. Are IOs settings found elsewhere?
Internet Options settings are only available in Internet Explorer. However, if you're using Microsoft Edge as your default browser, you can access similar settings in the Edge settings menu. To access these settings, open Microsoft Edge, click on the three-dot menu in the top-right corner of the window, and select "Settings". From there, you can access various settings related to your browsing experience.
Feb 20 2023 10:21 AM
Greetings!
Thanks for answering my questions.
I did some additional research and found the following information.
At least in theory, both "protected mode" and "enhanced protected mode" are still available and can be enabled by the user.
For protected mode, see:
1- https://learn.microsoft.com/en-us/dynamics365/unified-service-desk/admin/internet-explorer-settings-...
2- https://learn.microsoft.com/en-us/answers/questions/979690/(edge)-turn-off-protected-mode-in-interne...
Basically, using the registry editor, go to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\[zone number]\2500, where "zone number" is a number ranging from 0 to 4.
Then, set the file "2500" to "0" (enabled) or "3" (disabled). If it isn't present, create it with New > DWORD (32-bit) Value.
For enhanced protected mode, refer to:
1- https://learn.microsoft.com/en-us/dynamics365/unified-service-desk/admin/internet-explorer-settings-...
2- https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-internetexplorer
3- https://learn.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/enhanced-protected-mode-proble...
4- https://learn.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/group-policy-objects-and-ie11
It can be enabled in Local Group Policy Editor > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Advanced Page > enable "Turn on enhanced protected mode".
As an alternative, using the registry editor, go to HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main and change the key "isolation" to "PMEM" (enabled) or "PMIL" (disabled).
For 64-bit tab processes:
1- https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-internetexplorer
To keep it short: Local Group Policy Editor > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Advanced Page > enable "Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows".
Location in the registry: HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main, file "isolation64Bit".
Please note that HKEY_CURRENT_USER could probably be replaced, e.g., by HKEY_LOCAL_MACHINE.
S
o, my point is: the official documentation is lacking and even Microsoft seems to overlook the fact that those settings are used by other programs/processes, which could pose a security risk.
As an example, I haven't been able to find anything official regarding "Sending_Security" and "Viewing_Security" under HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Security. Needless to say, it seems to be related to security settings.
I will try to find more information about it.
Mar 15 2024 10:20 AM
Mar 24 2024 03:14 PM
Jul 15 2024 02:39 AM - edited Jul 15 2024 02:45 AM
@Thiago27 Well, between Mark and Diamedca they pretty much told us nothing.
Mark hit the nail about as close as Microsoft ever does when trying to explain something without quite giving us the answer we actually needed, although I have to admit he came closer and put in more effort than most. eg Does it effect security? M: Of course it does, and it will on some 3rd party software.....but as usual not specific enough to be an actual actionable answer.
I was kind of hoping Diamedca would get back to you, she has the answer to 'something'
She should go on Jeopardy, see who can question the answer
Explanation for security zones below, they are hiding the link ,
Jul 15 2024 02:43 AM
Aug 10 2024 11:25 AM