[ms-gpie]: Group Policy: Internet Explorer Maintenance Extension Intellectual Property Rights Notice for Open Specifications Documentation

Download 107,28 Kb.
bet	25/25
Sana	24.03.2021
Hajmi	107,28 Kb.
	#13509

Bu sahifa navigatsiya:

• Ratrsop.INF File Format
• CONNECT.RAS File Format
• Examples of Seczones.INF, Authcode.INF, Ratings.INF, and Programs.INF
• Security Security Considerations for Implementers
• Change Tracking No table of changes is available. The document is either new or has had no changes since its last release. Index

SectionName	ValueName	Value type	Sample value
Description
Security Imports	IEESCEnabled	Boolean	1	Indicates the state of the enhanced security level of the following zone security settings.
	Zones	Numeric	2	The count of Internet security zones listed in the file.

SectionName	ValueName	Value type	Sample value	Description
Zone%d _ HKCU	DisplayName	String	Local intranet	The friendly name of the zone.
	Description	String	This zone is for all websites that are found on the user's intranet.	A longer, friendly description of the zone.
	Icon	String	explorer.exe#100	The string is composed of # pointing to the icon for the zone.
	CurrentLevel	Numeric	66816	An integer denoting the default security level for URL actions in this zone. For more information, see [MSDN-SECZONES].
	Flags	Numeric	323	An integer conveying additional behavioral parameters for this zone. For more information, see [MSDN-SECZONES].
	Action%d	Hexadecimal: Numeric	1201:1	The string :. Conveys a new security level for this URL action in this zone.
	MinLevel	Numeric	3	An integer denoting the minimum security level for all URL actions in this zone.
	RecommendedLevel	Numeric	3	An integer denoting the recommended security level for this zone.
	Mapping%d	URL		A URL that maps to this zone.
Zone%d _ HKLM	DisplayName	String	Trusted sites	The friendly name of the zone.
	Description	String	This zone contains websites that the user trusts not to damage the user's computer and files.	A longer, friendly description of the zone.
	Icon	String	explorer.exe#100	The string is composed of # pointing to the icon for the zone.
	CurrentLevel	Numeric	69632	An integer denoting the default security level for URL actions in this zone.
	Flags	Numeric	71	An integer conveying additional behavioral parameters for this zone.
	Action%d	Hexadecimal: Numeric	1201:1	The string : conveys a new security level for this URL action in this zone.
	MinLevel	Numeric	3	An integer denoting the minimum security level for all URL actions in this zone.
	RecommendedLevel	Numeric	3	An integer denoting the recommended security level for this zone.
	Mapping%d	URL		A URL that maps to this zone.
PRIVACY
	AdvancedSettings	Numeric	2	An integer conveying an Internet Explorer privacy level.
	FirstPartyType	Numeric	3	An integer conveying an Internet Explorer privacy level for first-party cookies.
	FirstPartyTypeText%d	URL		A URL that maps to the first-party privacy setting.
	ThirdPartyType	Numeric	4	An integer conveying an Internet Explorer privacy level for third-party cookies.
	ThirdPartyTypeText%d	URL		A URL that maps to the third-party privacy setting.

3. Ratrsop.INF File Format

An informative description of the setting names and legal values in Ratrsop.inf follows, which uses the definitions of value type from section 4.1.1. An example of this file format is provided in section 4.5.

SectionName	ValueName	Value type	Sample value	Description
GENERAL
	Filename%d	Filename		The file name to be used by Internet Explorer for a website rating system.
	Allow_Unknowns	Boolean	1	View unknown rated sites.
	PleaseMom	Boolean	0	Password override enabled.
	Approved%d	URL		Viewable sites.
	Disapproved%d	URL		Unviewable sites.
	Bureau	String		Ratings bureau.

4. BMP File Format

The BMP files under SYSVOL are not interpreted by the Group Policy: Internet Explorer Maintenance Extension protocol client or administrative tool plug-ins. For more information about BMP files, see [MSDN-BMPST].

5. ICO File Format

The ICO files under SYSVOL are not interpreted by the Group Policy: Internet Explorer Maintenance Extension protocol client or administrative tool plug-ins. For more information on ICO files, see [MSDN-ICO].

6. CONNECT.RAS File Format

The format of this file is specified in the ABNF that follows. For more information on the RAS file format, see [MSDN-RAS]. The content of this file is not interpreted by the Group Policy: Internet Explorer Maintenance Extension protocol; it is simply given directly to Internet Explorer.

58. 
    RasFile = Version *RasEntry
    
59. 
    Version = %x01.00.00.00
    
60. 
    RasEntry = 1*Dword
    
61. 
    DWord = 4Byte
    
62. 
    Byte = %x00-FF
    

7. CS.DAT File Format

The format of this file is specified in the following ABNF. For more information, see [MSDN-RAS2], [MSDN-WININET1], and [MSDN-WININET2]. The content of this file is not interpreted by the Group Policy: Internet Explorer Maintenance Extension protocol; it is simply given directly to Internet Explorer.

63. 
    csfile = csversion csheader sszname *setting
    
64. 
    csversion = %x02.00.00.00
    
65. 
    csheader = %xDE.AD.BE.AF
    
66. 
    setting = rassetting / credsetting / wininetsetting
    
67. 
    rassetting = csras dwsize csrasentry
    
68. 
    credsetting = cscred dwsize sszcredname sszcredpwd sszcreddomain
    
69. 
    wininetsetting = cswininet dwsize sszconnection dwoption *csipco
    
70. 
    sszname = sizedstring
    
71. 
    csras = %xDE.AF.BE.AF
    
72. 
    dwsize = dword
    
73. 
    csrasentry = dwsize csdata
    
74. 
    csdata = *byte
    
75. 
    cscred = %xFE.ED.BA.CC
    
76. 
    sszcredname = sizedstring
    
77. 
    sszcredpwd = sizedstring
    
78. 
    sszcreddomain = sizedstring
    
79. 
    cswininet = %xDE.CA.FB.AD
    
80. 
    sszconnection = sizedstring
    
81. 
    dwoption = dword
    
82. 
    csipco = dword
    
83. 
    sizedstring = strsize 1*wchar
    
84. 
    strsize = dword
    
85. 
    dword = wchar wchar
    
86. 
    wchar = byte byte
    
87. 
    byte = %x00-FF
    

dwsize: A 32-bit unsigned integer in little-endian order that specifies the number of octets in the csdata field.

csdata: A binary large object (BLOB) of data to be passed uninterpreted to Internet Explorer settings. The number of octets is equal to the value in the dwsize field.

strsize: A 32-bit unsigned integer in little-endian order that specifies the number of Unicode characters in the sizedstring field.

sizedstring: A BLOB of data to be passed uninterpreted to Internet Explorer settings. The number of octets is equal to two times the value in the strsize field.

2. INSTALL.INS Example

In this example, a system administrator chooses to not allow users in her group to configure proxy settings on their local machines. She, therefore, chooses to use the Internet Explorer Maintenance (IEM) Group Policy Extension to configure key proxy settings, such as "Address of Proxy Servers" and "Exceptions" list. The IEM Group Policy Extension not only helps those users by automatically providing them the correct proxy address, but it also helps the administrator manage users in her organizational unit by guaranteeing that they use the same settings, which she can modify, as necessary.

For example, suppose the administrator wants her users to use myproxy.mycorp.com as the proxy address for all URLs except those matching "http://*.mycorp.com".

For this example, the IEM install.ins would be as follows (adhering to the layout specified in section 2.2.1) on the remote storage location in a GPO path, such as "\\Redmond\SYSVOL\Redmond\Policies\{GPO-GUID}\user\Microsoft\IEAK". The text "GPO-GUID" is replaced with the appropriate GPO GUID from the running Group Policy server for example "\\Redmond\SYSVOL\Redmond\Policies\{E11F4FD7-25E3-4069-876B-B8C90C4A61AF}\user\Microsoft\IEAK". This GPO path is written by the administrative tool extension (as defined in section 1.3.2):

88. 
    [Proxy]
    
89. 
    Proxy_Enable=1
    
90. 
    HTTP_Proxy_Server=myproxy.mycorp.com:80
    
91. 
    Use_Same_Proxy=1
    
92. 
    Proxy_Override="http://*.mycorp.com;"
    
93. 
    [Branding]
    
94. 
    GPVersion=6.0.5356.0
    

The IEM primary client-side plug-in when invoked then reads this configuration data from the path described above and changes the proxy settings to the address specified above. During this process, it also adds "http://*.mycorp.com" in the exception list as specified above by the configuration data. The client-side plug-in does not parse or interpret the settings or understand their semantics; it merely configures Internet Explorer with the values.

3. Examples of Seczones.INF, Authcode.INF, Ratings.INF, and Programs.INF

The INF file format is specified in section 4.1.3. These files are placed according to the layout specified in section 2.2.1 on the remote storage location in a GPO path, such as "\\Redmond\SYSVOL\Redmond\Policies\{GPO-GUID}\user\Microsoft\IEAK". The text "GPO-GUID" is replaced with the appropriate GPO GUID from the running Group Policy server; for example, "\\Redmond\SYSVOL\Redmond\Policies\{E11F4FD7-25E3-4069-876B-B8C90C4A61AF}\user\Microsoft\IEAK". This GPO path is written by the administrative tool extension. The following sections give examples of these INF file formats.

1. SECZONES.INF Example

The following is an example of the Seczones.INF file format.

95. 
    [Version]
    
96. 
    Signature=$Chicago$
    
97. 
    AdvancedINF=2.5
    
98. 
    
    
99. 
    [DefaultInstall]
    
100. 
     RequiredEngine=SetupAPI,"Fatal Error - missing setupapi.dll"
     
101. 
     CustomDestination=CustInstDestSection
     
102. 
     AddReg=AddReg.Hkcu,AddReg.Hklm
     
103. 
     
     
104. 
     [CustInstDestSection]
     
105. 
     49000,49001,49002,49003=ProgramFilesDir,21
     
106. 
     49100,49101,49102,49103=IEDir,21
     
107. 
     
     
108. 
     [ProgramFilesDir]
     
109. 
     HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion","ProgramFilesDir"
     
110. 
     ,,"%24%\Program Files"
     
111. 
     
     
112. 
     [IEDir]
     
113. 
     HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\
     
114. 
     iexplore.exe","Path",,"%49001%\Internet Explorer"
     
115. 
     
     
116. 
     [AddReg.Hklm]
     
117. 
     HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\
     
118. 
     Zones",,,""
     
119. 
     HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\
     
120. 
     Zones\2",,,""
     
121. 
     HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\
     
122. 
     Zones\2",DisplayName,,"Trusted sites"
     
123. 
     HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\
     
124. 
     Zones\2",CurrentLevel,0x10001,00,10,01,00
     
125. 
     HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\
     
126. 
     Zones\2",Flags,0x10001,47,00,00,00
     
127. 
     HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\
     
128. 
     Zones\2",120A,0x10001,03,00,00,00
     
129. 
     HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\
     
130. 
     Zones\2",1400,0x10001,00,00,00,00
     
131. 
     HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\
     
132. 
     ZoneMap",,,""
     
133. 
     HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\
     
134. 
     ZoneMap",UNCAsIntranet,0x10001,00,00,00,00
     
135. 
     HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\
     
136. 
     ZoneMap",AutoDetect,0x10001,01,00,00,00
     
137. 
     HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\
     
138. 
     ZoneMap\Domains",,,""
     
139. 
     HKLM,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\
     
140. 
     ZoneMap\Domains\contoso.com\www",http,0x10001,02,00,00,00
     
141. 
     
     
142. 
     [AddReg.Hkcu]
     
143. 
     HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\
     
144. 
     Zones",,,""
     
145. 
     HKCU,"Software\Microsoft\Windows\CurrentVersion\Internet Settings\
     
146. 
     Zones\2",,,""
     
147. 
     HKCU,"Software\Microsoft\Internet Explorer\New Windows",PlaySound,
     
148. 
     0x10001,01,00,00,00
     
149. 
     HKCU,"Software\Microsoft\Internet Explorer\New Windows",UseSecBand,
     
150. 
     0x10001,01,00,00,00
     
151. 
     HKCU,"Software\Microsoft\Internet Explorer\New Windows",BlockUserInit,
     
152. 
     0x10001,00,00,00,00
     
153. 
     HKCU,"Software\Microsoft\Internet Explorer\New Windows",UseHooks,
     
154. 
     0x10001,01,00,00,00
     
155. 
     HKCU,"Software\Microsoft\Internet Explorer\New Windows",AllowHTTPS,
     
156. 
     0x10001,00,00,00,00
     
157. 
     HKCU,"Software\Microsoft\Internet Explorer\New Windows",BlockControls,
     
158. 
     0x10001,00,00,00,00
     
159. 
     HKCU,"Software\Microsoft\Internet Explorer\New Windows",PopupMgr,
     
160. 
     0x10001,01,00,00,00
     

2. AUTHCODE.INF Example

The following is an example of the Authcode.INF file format.

161. 
     [Version]
     
162. 
     Signature=$Chicago$
     
163. 
     AdvancedINF=2.5
     
164. 
     
     
165. 
     [DefaultInstall]
     
166. 
     RequiredEngine=SetupAPI,"Fatal Error - missing setupapi.dll"
     
167. 
     CustomDestination=CustInstDestSection
     
168. 
     AddReg=AddReg.Hkcu
     
169. 
     
     
170. 
     [IeakInstall.Hkcu]
     
171. 
     RequiredEngine=SetupAPI,"Fatal Error - missing setupapi.dll"
     
172. 
     CustomDestination=CustInstDestSection
     
173. 
     AddReg=AddReg.Hkcu
     
174. 
     
     
175. 
     [CustInstDestSection]
     
176. 
     49000,49001,49002,49003=ProgramFilesDir,21
     
177. 
     49100,49101,49102,49103=IEDir,21
     
178. 
     
     
179. 
     [ProgramFilesDir]
     
180. 
     HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion","ProgramFilesDir",,"%24%\Program Files"
     
181. 
     
     
182. 
     [IEDir]
     
183. 
     HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\iexplore.exe","Path",,"%49001%\Internet Explorer"
     
184. 
     
     
185. 
     [AddReg.Hkcu]
     
186. 
     HKCU,"Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0",mjjngfjeninhealdcflmbmjjeddcpgha bicgjfnidofeoilgbaedbnpcncepokfp,,"Contoso Test Root Authority"
     
187. 
     HKCU,"Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0",mhakmeenekpdljcgjcikfejnnbciilai mngnindodflkogelilcgapilhnpjjoef,,"Test CodeSign CA"
     
188. 
     
     

3. RATINGS.INF Example

The following is an example of the Ratings.INF file format.

189. 
     [Version]
     
190. 
     Signature=$Chicago$
     
191. 
     AdvancedINF=2.5
     
192. 
     
     
193. 
     [DefaultInstall]
     
194. 
     RequiredEngine=SetupAPI,"Fatal Error - missing setupapi.dll"
     
195. 
     CustomDestination=CustInstDestSection
     
196. 
     AddReg=AddReg.Hklm
     
197. 
     
     
198. 
     [IeakInstall.Hklm]
     
199. 
     RequiredEngine=SetupAPI,"Fatal Error - missing setupapi.dll"
     
200. 
     CustomDestination=CustInstDestSection
     
201. 
     AddReg=AddReg.Hklm
     
202. 
     
     
203. 
     [CustInstDestSection]
     
204. 
     49000,49001,49002,49003=ProgramFilesDir,21
     
205. 
     49100,49101,49102,49103=IEDir,21
     
206. 
     
     
207. 
     [ProgramFilesDir]
     
208. 
     HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion","ProgramFilesDir",,"%24%\Program Files"
     
209. 
     
     
210. 
     [IEDir]
     
211. 
     HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\iexplore.exe","Path",,"%49001%\Internet Explorer"
     
212. 
     
     
213. 
     [AddReg.Hklm]
     
214. 
     HKLM,"Software\Microsoft\Windows\CurrentVersion\Policies\Ratings",Key,1,C3,C7,8A,54,57,D1,20,6E,5B,22,4C,DA,09,E0,BE,4F
     
215. 
     HKLM,"Software\Microsoft\Windows\CurrentVersion\Policies\Ratings",Hint,,"Jack"
     
216. 
     HKLM,"Software\Microsoft\Windows\CurrentVersion\Policies\Ratings",FileName0,,"%11%\icrav03.rat"
     
217. 
     
     
218. 
     HKLM,"Software\Microsoft\Windows\CurrentVersion\Policies\Ratings\.Default",Allow_Unknowns,0x10001,00,00,00,00
     
219. 
     HKLM,"Software\Microsoft\Windows\CurrentVersion\Policies\Ratings\.Default",PleaseMom,0x10001,01,00,00,00
     
220. 
     HKLM,"Software\Microsoft\Windows\CurrentVersion\Policies\Ratings\.Default",Enabled,0x10001,01,00,00,00
     
221. 
     HKLM,"Software\Microsoft\Windows\CurrentVersion\Policies\Ratings\.Default\http://www.icra.org/pics/vocabularyv03/",n,0x10001,00,00,00,00
     
222. 
     HKLM,"Software\Microsoft\Windows\CurrentVersion\Policies\Ratings\.Default\http://www.icra.org/pics/vocabularyv03/",s,0x10001,00,00,00,00
     
223. 
     HKLM,"Software\Microsoft\Windows\CurrentVersion\Policies\Ratings\.Default\http://www.icra.org/pics/vocabularyv03/",v,0x10001,00,00,00,00
     
224. 
     HKLM,"Software\Microsoft\Windows\CurrentVersion\Policies\Ratings\.Default\http://www.icra.org/pics/vocabularyv03/",l,0x10001,00,00,00,00
     
225. 
     HKLM,"Software\Microsoft\Windows\CurrentVersion\Policies\Ratings\.Default\http://www.icra.org/pics/vocabularyv03/",oa,0x10001,00,00,00,00
     
226. 
     HKLM,"Software\Microsoft\Windows\CurrentVersion\Policies\Ratings\.Default\http://www.icra.org/pics/vocabularyv03/",ob,0x10001,00,00,00,00
     
227. 
     HKLM,"Software\Microsoft\Windows\CurrentVersion\Policies\Ratings\.Default\http://www.icra.org/pics/vocabularyv03/",oc,0x10001,00,00,00,00
     
228. 
     HKLM,"Software\Microsoft\Windows\CurrentVersion\Policies\Ratings\.Default\http://www.icra.org/pics/vocabularyv03/",od,0x10001,00,00,00,00
     
229. 
     HKLM,"Software\Microsoft\Windows\CurrentVersion\Policies\Ratings\.Default\http://www.icra.org/pics/vocabularyv03/",oe,0x10001,02,00,00,00
     
230. 
     HKLM,"Software\Microsoft\Windows\CurrentVersion\Policies\Ratings\.Default\http://www.icra.org/pics/vocabularyv03/",of,0x10001,00,00,00,00
     
231. 
     HKLM,"Software\Microsoft\Windows\CurrentVersion\Policies\Ratings\.Default\http://www.icra.org/pics/vocabularyv03/",og,0x10001,00,00,00,00
     
232. 
     HKLM,"Software\Microsoft\Windows\CurrentVersion\Policies\Ratings\.Default\http://www.icra.org/pics/vocabularyv03/",oh,0x10001,00,00,00,00
     
233. 
     HKLM,"Software\Microsoft\Windows\CurrentVersion\Policies\Ratings\.Default\http://www.icra.org/pics/vocabularyv03/",c,0x10001,00,00,00,00
     
234. 
     
     
235. 
     HKLM,"Software\Microsoft\Windows\CurrentVersion\Policies\Ratings\PICSRules\.Default",NumSys,0x10001,00,00,00,00
     
236. 
     HKLM,"Software\Microsoft\Windows\CurrentVersion\Policies\Ratings\PICSRules\.Default\0",dwFlags,0x10001,00,00,00,00
     
237. 
     HKLM,"Software\Microsoft\Windows\CurrentVersion\Policies\Ratings\PICSRules\.Default\0",errLine,0x10001,00,00,00,00
     
238. 
     HKLM,"Software\Microsoft\Windows\CurrentVersion\Policies\Ratings\PICSRules\.Default\0\PRPolicy",PRNumPolicy,0x10001,01,00,00,00
     
239. 
     HKLM,"Software\Microsoft\Windows\CurrentVersion\Policies\Ratings\PICSRules\.Default\0\PRPolicy\0",PRPPolicyAttribute,0x10001,02,00,00,00
     
240. 
     HKLM,"Software\Microsoft\Windows\CurrentVersion\Policies\Ratings\PICSRules\.Default\0\PRPolicy\0\PRPPolicySub",PRNumURLExpressions,0x10001,01,00,00,00
     
241. 
     HKLM,"Software\Microsoft\Windows\CurrentVersion\Policies\Ratings\PICSRules\.Default\0\PRPolicy\0\PRPPolicySub\0",PRBUInternetPattern,0x10001,01,00,00,00
     
242. 
     HKLM,"Software\Microsoft\Windows\CurrentVersion\Policies\Ratings\PICSRules\.Default\0\PRPolicy\0\PRPPolicySub\0",PRBUNonWild,0x10001,0D,00,00,00
     
243. 
     HKLM,"Software\Microsoft\Windows\CurrentVersion\Policies\Ratings\PICSRules\.Default\0\PRPolicy\0\PRPPolicySub\0",PRBUSpecified,0x10001,1F,00,00,00
     
244. 
     HKLM,"Software\Microsoft\Windows\CurrentVersion\Policies\Ratings\PICSRules\.Default\0\PRPolicy\0\PRPPolicySub\0",PRBUScheme,,"http"
     
245. 
     HKLM,"Software\Microsoft\Windows\CurrentVersion\Policies\Ratings\PICSRules\.Default\0\PRPolicy\0\PRPPolicySub\0",PRBUHost,,"www.contoso.com"
     
246. 
     HKLM,"Software\Microsoft\Windows\CurrentVersion\Policies\Ratings\PICSRules\.Default\0\PRPolicy\0\PRPPolicySub\0",PRBUPort,,"80"
     
247. 
     HKLM,"Software\Microsoft\Windows\CurrentVersion\Policies\Ratings\PICSRules\.Default\0\PRPolicy\0\PRPPolicySub\0",PRBUUrl,,"http://www.contoso.com"
     
248. 
     
     

4. PROGRAMS.INF Example

The following is an example of the Programs.INF file format.

249. 
     [Version]
     
250. 
     Signature=$Chicago$
     
251. 
     AdvancedINF=2.5
     
252. 
     
     
253. 
     [DefaultInstall]
     
254. 
     RequiredEngine=SetupAPI,"Fatal Error - missing setupapi.dll"
     
255. 
     CustomDestination=CustInstDestSection
     
256. 
     AddReg=AddReg.Hkcu,AddReg.Hklm
     
257. 
     
     
258. 
     [IeakInstall.Hkcu]
     
259. 
     RequiredEngine=SetupAPI,"Fatal Error - missing setupapi.dll"
     
260. 
     CustomDestination=CustInstDestSection
     
261. 
     AddReg=AddReg.Hkcu
     
262. 
     
     
263. 
     [IeakInstall.Hklm]
     
264. 
     RequiredEngine=SetupAPI,"Fatal Error - missing setupapi.dll"
     
265. 
     CustomDestination=CustInstDestSection
     
266. 
     AddReg=AddReg.Hklm
     
267. 
     
     
268. 
     [CustInstDestSection]
     
269. 
     49000,49001,49002,49003=ProgramFilesDir,21
     
270. 
     49100,49101,49102,49103=IEDir,21
     
271. 
     
     
272. 
     [ProgramFilesDir]
     
273. 
     HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion","ProgramFilesDir",,"%24%\Program Files"
     
274. 
     
     
275. 
     [IEDir]
     
276. 
     HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\iexplore.exe","Path",,"%49001%\Internet Explorer"
     
277. 
     
     
278. 
     [AddReg.Hklm]
     
279. 
     HKLM,"Software\Clients\Calendar",,,"Microsoft Outlook"
     
280. 
     HKLM,"Software\Clients\Contacts",,,"Microsoft Outlook"
     
281. 
     HKLM,"Software\Clients\Mail",,,"Microsoft Outlook"
     
282. 
     HKCR,"mailto",,,"URL:MailTo Protocol"
     
283. 
     HKCR,"mailto",URL Protocol,,""
     
284. 
     HKCR,"mailto",EditFlags,1,02,00,00,00
     
285. 
     HKCR,"mailto\DefaultIcon",,,"C:\PROGRA~2\MICROS~2\Office14\OUTLOOK.EXE,-9403"
     
286. 
     HKCR,"mailto\shell",,,"open"
     
287. 
     HKCR,"mailto\shell\open\command",,,""C:\PROGRA~2\MICROS~2\Office14\OUTLOOK.EXE" -c IPM.Note /m "%1""
     
288. 
     
     
289. 
     [AddReg.Hkcu]
     
290. 
     HKCU,"Software\Microsoft\Internet Explorer\Main",Check_Associations,,"yes"
     
291. 
     HKCU,"Software\Microsoft\Internet Explorer\Default HTML Editor",Description,,"Notepad"
     
292. 
     HKCU,"Software\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command",,,"%11%\NOTEPAD.EXE %1"
     
293. 
     
     

4. SECZRSOP.INF Example

The INF file format is specified earlier in section 4.1.3. The following example demonstrates its use in describing the security zone settings for Internet Explorer through use of SECZRSOP.INF file. This file is placed according to the layout specified in section 2.2.1 on the remote storage location in a GPO path, such as "\\Redmond\Sysvol\Redmond\Policies\{GPO-GUID}\user\Microsoft\IEAK" as written by the administrative tool extension.

294. 
     [Security Imports]
     
295. 
     Zones=5
     
296. 
     IEESCEnabled=0
     
297. 
     
     
298. 
     [Privacy]
     
299. 
     AdvancedSettings=0
     
300. 
     FirstPartyType=3
     
301. 
     ThirdPartyType=3
     
302. 
     
     
303. 
     [Zone0_HKCU]
     
304. 
     DisplayName=Computer
     
305. 
     Description=Your computer
     
306. 
     Icon=explorer.exe#0100
     
307. 
     CurrentLevel=0
     
308. 
     Flags=33
     
309. 
     Action0=1201:1
     
310. 
     Action1=1200:0
     
311. 
     Action2=1E05:196608
     
312. 
     Action15=1C00:131072
     
313. 
     Action18=1400:0
     
314. 
     Action19=1405:0
     
315. 
     
     
316. 
     [Zone1_HKCU]
     
317. 
     DisplayName=Local intranet
     
318. 
     Description=This zone is for all websites that are found on your
     
319. 
     intranet.
     
320. 
     Icon=shell32.dll#0018
     
321. 
     MinLevel=65536
     
322. 
     RecommendedLevel=66816
     
323. 
     CurrentLevel=66816
     
324. 
     Flags=323
     
325. 
     Action0=1201:3
     
326. 
     Action1=1200:0
     
327. 
     Action2=1E05:131072
     
328. 
     Action15=1C00:131072
     
329. 
     Action18=1400:0
     
330. 
     Action19=1405:0
     
331. 
     Mapping0=ftp://144.16.2.1
     
332. 
     
     
333. 
     [Zone2_HKLM]
     
334. 
     DisplayName=Trusted sites
     
335. 
     Description=This zone contains websites that you trust not to
     
336. 
     damage your computer or data.
     
337. 
     Icon=inetcpl.cpl#00004480
     
338. 
     CurrentLevel=69632
     
339. 
     Flags=71
     
340. 
     Action0=1201:3
     
341. 
     Action1=1200:0
     
342. 
     Action2=1E05:131072
     
343. 
     Action5=1A00:131072
     
344. 
     Action15=1C00:65536
     
345. 
     Action16=1402:0
     
346. 
     Action18=1400:0
     
347. 
     Action23=1804:1
     
348. 
     Mapping0=www.contoso.com
     
349. 
     
     
350. 
     
     

5. RATRSOP.INF Example

The INF file format is specified earlier in section 4.1.3. The following example demonstrates its use in describing the Content Advisor (site ratings) settings for Internet Explorer through use of RATRSOP.INF file. This file is placed according to the layout specified in section 2.2.1 on the remote storage location in a GPO path, such as "\\Redmond\SYSVOL\Redmond\Policies\{GPO-GUID}\user\Microsoft\IEAK" as written by the administrative tool extension.

351. 
     [General]
     
352. 
     FileName0=C:\Windows\system32\icrav03.rat
     
353. 
     Allow_Unknowns=0
     
354. 
     PleaseMom=1
     
355. 
     Disapproved0=http://www.contoso.com
     
356. 
     Approved0=http://www.microsoft.com
     
357. 
     
     

5. Security

   1. Security Considerations for Implementers

None.

2. Index of Security Parameters

None.

6. Appendix A: Product Behavior

The information in this specification is applicable to the following Microsoft products or supplemental software. References to product versions include released service packs.

• 
  Windows 2000 operating system
  
• 
  Windows XP operating system
  
• 
  Windows Server 2003 operating system
  
• 
  Windows Vista operating system
  
• 
  Windows Server 2008 operating system
  
• 
  Windows 7 operating system
  
• 
  Windows Server 2008 R2 operating system
  

Exceptions, if any, are noted below. If a service pack or Quick Fix Engineering (QFE) number appears with the product version, behavior changed in that service pack or QFE. The new behavior also applies to subsequent service packs of the product unless otherwise specified. If a product edition appears with the product version, behavior is different in that product edition.

Unless otherwise specified, any statement of optional behavior in this specification that is prescribed using the terms SHOULD or SHOULD NOT implies product behavior in accordance with the SHOULD or SHOULD NOT prescription. Unless otherwise specified, the term MAY implies that the product does not follow the prescription.

<1> Section 1.3.2: This client-side plug-in uses a command exposed by Internet Explorer to configure Internet Explorer settings. The exposed command is:

rundll32.exe iedkcs32.dll,BrandInternetExplorer /mode:gp /ins:

Where, is the complete path of the INSTALL.INS file, which has been copied to a client computer by the client side plug-in.

<2> Section 1.7: The following versions of the Internet Explorer browser are supported on the listed operating systems.

Windows version	Internet Explorer version
Windows 2000	Windows Internet Explorer 5, Internet Explorer 5.5, or Internet Explorer 6.
Windows XP	Internet Explorer 6, Internet Explorer 7, or Internet Explorer 8.
Windows Server 2003	Internet Explorer 6, Internet Explorer 7, or Internet Explorer 8.
Windows Vista and Windows Server 2008	Internet Explorer 7, Internet Explorer 8, or Internet Explorer 9.
Windows 7 and Windows Server 2008 R2	Internet Explorer 8 or Internet Explorer 9.

<3> Section 3.2.5: Windows uses the function ImpersonateLoggedOnUser() to achieve this impersonation.

<4> Section 3.2.5: Windows copies these files to a temporary folder.

<5> Section 4.1.1: For more information on the Windows interpretation of these settings, see [MSFT-IEM].

7. Change Tracking

No table of changes is available. The document is either new or has had no changes since its last release.

8. Index