Adding and Removing Zone Sites
When
implementing security for Internet Explorer, Microsoft realized that
different sites have different security needs. For example, it makes
sense to have stringent security for Internet sites, but you can
probably scale the security back a bit when browsing pages on your
corporate intranet.
To handle these different types of sites, Internet Explorer defines various security zones, and you can customize the security requirements for each zone. The status bar displays the current zone.
To
work with zones, either select Tools, Internet Options in Internet
Explorer, or select Start, Control Panel, Security, Internet Options.
In the Internet Properties dialog box that appears, select the Security
tab, shown in Figure 1.
Tip
Another way to get to the Security tab is to double-click the security zone shown in the Internet Explorer status bar.
The list at the top of the dialog box shows icons for the four types of zones available:
Internet— Websites that aren’t in any of the other three zones. The default security level is Medium.
Local Intranet— Web pages on your computer and your network (intranet). The default security level is Medium-Low.
Trusted Sites— Websites that implement secure pages and that you’re sure have safe content. The default security level is Low.
Restricted Sites— Websites that don’t implement secure pages or that you don’t trust, for whatever reason. The default security level is High.
Tip
You
can use the Group Policy Editor to hide the Security and Privacy tabs
in the Internet Options dialog box. Select User Configuration,
Administrative Templates, Windows Components, Internet Explorer,
Internet Control Panel, and then enable the Disable the Privacy Page
and Disable the Security Page policies. The Security Page sub-branch
enables you to set policies for the settings in each zone.
Three of these zones—Local Intranet, Trusted Sites, and Restricted Sites—enable you to add sites. To do so, follow these steps:
1. | Select the zone you want to work with and then click Sites.
|
2. | If
you selected Trusted Sites or Restricted Sites, skip to step 4.
Otherwise, if you selected the Local Intranet zone, you see a dialog
box with four check boxes. The Automatically Detect Intranet Network
check box activates by default, and this tells Windows
7 to detect intranets automatically, which should be fine in most
cases. If you want more detailed control, deactivate that check box to
enable the other three:
- Include All Local (Intranet) Sites Not Listed in Other Zones—
When activated, this option includes all intranet sites in the zone. If
you add specific intranet sites to other zones, those sites aren’t
included in this zone.
- Include All Sites That Bypass the Proxy Server—
When this check box is activated, sites that you’ve set up to bypass
your proxy server (if you have one) are included in this zone.
- Include All Network Paths (UNCs)—
When this check box is activated, all network paths that use the
Universal Naming Convention are included in this zone. (UNC is a
standard format used with network addresses. They usually take the form
\\server\resource, where server is the name of the network server and resource is the name of a shared network resource.)
|
3. | To add sites to the Local Intranet zone, click Advanced.
|
4. | Type the site’s address in the Add This Website to the Zone text box and then click Add.
|
5. | If you make a mistake and enter the wrong site, select it in the Websites list and then click Remove.
|
6. | Two
of these dialog boxes (Local Intranet and Trusted Sites) have a Require
Server Verification (https:) for All Sites In This Zone check box. If
you activate this option, each site you enter must use the secure HTTPS
protocol.
|
7. | Click OK. |
