Internet Explorer has a notion of security zones. Security properties are accordingly configured for every zone. Internet zone is more restrictive comparing to the Intranet, which is a very trusted location.
There is one more setting called “Protected Mode”. You can see it on the screenshot:
It can be enabled or disabled. The recommended state for each of the zones is this:
- Internet: Enabled
- Local Itranet: Disabled
- Trusted Sites: Disabled
- Restricted Sites: Enabled
IE executes with more restrictive priviliges when Protected mode is Enabled.
If this tick was not disabled by the Group Policy then there is a great chance that your users made their own IE security improvements 🙂
So, the question is – can we find out how security zones are curently configured for every user in our environment? And the answer is of course yes 🙂