Types of Security Zones

Internet Zone

This zone contains Web sites that are not on your computer or on your local intranet, or that are not already assigned to another zone. The default security level is Medium.

Local Intranet Zone

By default, the Local Intranet zone contains all network connections that were established by using a Universal Naming Convention (UNC) path, and Web sites that bypass the proxy server or have names that do not include periods (for example, http://local), as long as they are not assigned to either the Restricted Sites or Trusted Sites zone. The default security level for the Local Intranet zone is set to Medium (Internet Explorer 4) or Medium-low (Internet Explorer 5 and 6). Be aware that when you access a local area network (LAN) or an intranet share, or an intranet Web site by using an Internet Protocol (IP) address or by using a fully qualified domain name (FQDN), the share or Web site is identified as being in the Internet zone instead of in the Local intranet zone. For more information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:

303650 Intranet site is identified as an Internet site when you use an FQDN or an IP address

Trusted Sites Zone

This zone contains Web sites that you trust as safe (such as Web sites that are on your organization’s intranet or that come from established companies in whom you have confidence). When you add a Web site to the Trusted Sites zone, you believe that files you download or that you run from the Web site will not damage your computer or data. By default, there are no Web sites that are assigned to the Trusted Sites zone, and the security level is set to Low.

Restricted Sites Zone

This zone contains Web sites that you do not trust. When you add a Web site to the Restricted Sites zone, you believe that files that you download or run from the Web site may damage your computer or your data. By default, there are no Web sites that are assigned to the Restricted Sites zone, and the security level is set to High.

The Restricted Sites zone contains Web sites that are not on your computer or on your local intranet, or that are not already assigned to another zone. The default security level is Medium.

Note Security settings are applied only to files on your computer that are in the Temporary Internet Files folder. These settings use the security level of the Web site from which the files came. All other files are assumed to be safe.

Comparing the IE security zones (IEZoneAnalyzer tool):

http://blogs.technet.com/b/fdcc/archive/2009/10/01/viewing-and-comparing-ie-security-zone-settings.aspx

See also  http://blogs.technet.com/b/fdcc/archive/2011/04/14/iezoneanalyzer-v3.aspx

Setting up Trusted Zones for all your users on the network

Edit your IE settings GPO (or create a new one) with the following:

Computer Configuration – Administrative Templates – Windows Components – Internet Explorer – Internet Control Panel – Security Page – Site to Zone Assignment List – Enabled

Then click the Show button – and add the appropriate Value Name and Value – eg: http://www.mycleverwebsite.com with a value of 2 for Trusted Sites Zone, or 1 for Intranet Zone

NOTE: Users can not modify the list themselves, it is locked down via this GPO.