URL Security Zone Flags

URL Security Zone Flags


The URL security zones use two sets of values: URL actions and URL policies. The URL actions determine what actions can be taken in a given security zone. URL policies define how a URL action will be handled.

URL Action Flags

The following list contains the values associated with the actions that can be taken in a URL security zone.

URLACTION_ACTIVEX_CONFIRM_NOOBJECTSAFETY
User can decide whether to load and script an ActiveX control that is not safe.
URLACTION_ACTIVEX_CURR_MAX
Current maximum value of the URL action ActiveX flags.
URLACTION_ACTIVEX_MAX
Maximum value of the URL action ActiveX flags.
URLACTION_ACTIVEX_MIN
Minimum value of the URL action ActiveX flags.
URLACTION_ACTIVEX_OVERRIDE_DATA_SAFETY
Determines if ActiveX safety for untrusted data can be overridden.
URLACTION_ACTIVEX_OVERRIDE_OBJECT_SAFETY
Determines if the ActiveX control object safety is overridden or enforced for pages in the URL security zone. Object safety should be overridden only if all ActiveX Controls and scripts that might interact with them on pages in the zone can be reliably trusted not to breach security. Aggregate of URLACTION_ACTIVEX_OVERRIDE_DATA_SAFETY and URLACTION_ACTIVEX_OVERRIDE_SCRIPT_SAFETY.
URLACTION_ACTIVEX_OVERRIDE_SCRIPT_SAFETY
Determines whether ActiveX safety for scripting is overridden.
URLACTION_ACTIVEX_RUN
Manages the execution of ActiveX Controls and plug-ins from HTML pages in the zone.
URLACTION_ACTIVEX_TREATSUNTRUSTED
Not currently implemented.
URLACTION_AUTHENTICATE_CLIENT
Determines the strength of client authentication when the user's credentials are used over the network. This URL action does not have any effect if the URL action URLACTION_CREDENTIALS_USE is assigned the URL policy URLPOLICY_CREDENTIALS_ANONYMOUS_ONLY.
URLACTION_CHANNEL_SOFTDIST_MAX
Maximum value for a URL action software distribution channel flag.
URLACTION_CHANNEL_SOFTDIST_MIN
Minimum value for a URL action software distribution channel flag.
URLACTION_CHANNEL_SOFTDIST_PERMISSIONS
Determines the level of trust placed on software distribution channels.
URLACTION_CREDENTIALS_USE
Determines how the user's credentials are used over the network.
URLACTION_DOWNLOAD_CURR_MAX
Maximum value for the URL action download flags.
URLACTION_DOWNLOAD_MAX
Maximum value of a URL action download flag.
URLACTION_DOWNLOAD_MIN
Mimimum value of a URL action download flag.
URLACTION_DOWNLOAD_SIGNED_ACTIVEX
Manages the download of signed ActiveX Controls from the URL zone of the HTML page that contains the control.
URLACTION_DOWNLOAD_UNSIGNED_ACTIVEX
Manages the download of unsigned ActiveX Controls from the URL zone of the HTML page that contains the control.
URLACTION_HTML_CURR_MAX
Current maximum value of the URL action HTML flags.
URLACTION_HTML_FONT_DOWNLOAD
Determines if HTML font downloads are allowed.
URLACTION_HTML_JAVA_RUN
Determines if Java applets are allowed to run.
URLACTION_HTML_MAX
Maximum value of the URL action HTML flags.
URLACTION_HTML_MIN
Minimum value of the URL action HTML flags.
URLACTION_HTML_SENDRECV_COOKIE
Determines if cookies can be sent and received.
URLACTION_HTML_SUBMIT_FORMS
Determines if HTML forms on pages in the URL security zone, or submitted to servers in the zone, are allowed. Aggregate of the URLACTION_HTML_SUBMIT_FORMS_FROM and URLACTION_HTML_SUBMIT_FORMS_TO flags.
URLACTION_HTML_SUBMIT_FORMS_FROM
Determines if form submissions from pages in the security zone are allowed. This flag is part of the URLACTION_HTML_SUBMIT_FORMS aggregate flag.
URLACTION_HTML_SUBMIT_FORMS_TO
Determines if form submissions to a server in the security zone are allowed. This flag is part of the URLACTION_HTML_SUBMIT_FORMS aggregate flag.
URLACTION_INFODELIVERY_CURR_MAX
Reserved for future use.
URLACTION_INFODELIVERY_MAX
Reserved for future use.
URLACTION_INFODELIVERY_MIN
Reserved for future use.
URLACTION_INFODELIVERY_NO_ADDING_CHANNELS
Reserved for future use.
URLACTION_INFODELIVERY_NO_ADDING_SUBSCRIPTIONS
Reserved for future use.
URLACTION_INFODELIVERY_NO_CHANNEL_LOGGING
Reserved for future use.
URLACTION_INFODELIVERY_NO_EDITING_CHANNELS
Reserved for future use.
URLACTION_INFODELIVERY_NO_EDITING_SUBSCRIPTIONS
Reserved for future use.
URLACTION_INFODELIVERY_NO_REMOVING_CHANNELS
Reserved for future use.
URLACTION_INFODELIVERY_NO_REMOVING_SUBSCRIPTIONS
Reserved for future use.
URLACTION_JAVA_CURR_MAX
Current maximum value of the URL action Java flags.
URLACTION_JAVA_MAX
Maximum value for URL action Java flags.
URLACTION_JAVA_MIN
Minimum value for URL action Java flags.
URLACTION_JAVA_PERMISSIONS
Determines the Java permissions for the zone.
URLACTION_NETWORK_CURR_MAX
Current maximum value for URL action network flags.
URLACTION_NETWORK_MAX
Maximum value for URL action network flags.
URLACTION_NETWORK_MIN
Minimum value for URL action network flags.
URLACTION_SCRIPT_SAFE_ACTIVEX
Determines if scripting of safe ActiveX controls is allowed or not.
URLACTION_SCRIPT_CURR_MAX
Current maximum value for a URL action script flag.
URLACTION_SCRIPT_JAVA_USE
Determines if script code on HTML pages in the URL security zone can use Java applets if the properties, methods, and events of the applet are exposed to scripts or not.
URLACTION_SCRIPT_MAX
Maximum value for a URL action script flag.
URLACTION_SCRIPT_MIN
Minimum value for a URL action script flag.
URLACTION_SCRIPT_OVERRIDE_SAFETY
Do not use ActiveX safety for objects created by scripts.
URLACTION_SCRIPT_RUN
Determines if script code on the pages in the URL security zone are run or not.
URLACTION_SHELL_CURR_MAX
Current maximum value for a URL action shell flag.
URLACTION_SHELL_FILE_DOWNLOAD
Determines if file downloads are permitted from the URL security zone of the HTML page with the link that is causing the download.
URLACTION_SHELL_INSTALL_DTITEMS
Determines if desktop items can be installed.
URLACTION_SHELL_MAX
Maximum value for a URL action shell flag.
URLACTION_SHELL_MIN
Minimum value for a URL action shell flag.
URLACTION_SHELL_MOVE_OR_COPY
Determines if move or copy operations are allowed.
URLACTION_SHELL_VERB
Determines if launching of applications and files is permitted from the URL security zone.
URLACTION_SHELL_WEBVIEW_VERB
Determines if executable files and HTML pages can be launched from WebView. There is no user interface that affects this URL action.

URL Policy Flags

The following list contains the values associated with the policies used with the URL action flags.

URLPOLICY_ALLOW
Allow the action to take place silently.
URLPOLICY_AUTHENTICATE_CHALLENGE_RESPONSE
Use challenge-response authentication schemes (such as NTLM).
URLPOLICY_AUTHENTICATE_CLEARTEXT_OK
Use basic HTTP authentication.
URLPOLICY_AUTHENTICATE_MUTUAL_ONLY
Require mutual authentication with the server.
URLPOLICY_CHANNEL_SOFTDIST_AUTOINSTALL
Allow automatic installation of software updates.
URLPOLICY_CHANNEL_SOFTDIST_PRECACHE
Cache content downloaded from software distribution channels.
URLPOLICY_CHANNEL_SOFTDIST_PROHIBIT
Prohibit downloads from software distribution channels.
URLPOLICY_CREDENTIALS_ANONYMOUS_ONLY
Only allow anonymous logons, so the user's credentials are not exposed.
URLPOLICY_CREDENTIALS_MUST_PROMPT_USER
Prompt user to enter a username and password.
URLPOLICY_CREDENTIALS_SILENT_LOGON_OK
Automatically log on with the user's credentials.
URLPOLICY_DISALLOW
Do not allow the action.
URLPOLICY_JAVA_CUSTOM
Not currently implemented.
URLPOLICY_JAVA_HIGH
Set high Java security. Java applets will run in a sandbox.
URLPOLICY_JAVA_LOW
Set low Java security. Java applets will be allowed to do high-capability operations, such as file I/O.
URLPOLICY_JAVA_MEDIUM
Set medium Java security. Java applets run in a sandbox with additional capabilities, such as scratch space.
URLPOLICY_JAVA_PROHIBIT
Prevent Java applets from running.
URLPOLICY_MASK_PERMISSIONS
Mask that can be used for comparisons to get the bits that have to do with permissions.
URLPOLICY_QUERY
Prompt the user to determine if an action is allowed.

© 1997 Microsoft Corporation. All rights reserved. Terms of Use.