URL Security Zones
URL security zones enable administrators to divide URL namespaces according to their respective levels of trust and to manage each level with an appropriate URL policy. A supplied API enables developers to interact with the default URL security zone manager, or to create a custom URL security zone manager.
Overviews/Tutorials
| Topic | Contents |
|---|---|
| About URL Security Zones Templates | Templates provide an easy way for users to set the level of security they want for a particular URL security zone. For more information on URL security zones, see About URL Security Zones. |
| About URL Security Zones | URL security zones group URL namespaces according to their respective levels of trust. A URL policy setting for each URL action enforces these levels of trust. Administrators can customize the default URL security zones by changing the URL policy setting for each URL action, using the default URL security zone manager and URL security zone templates. Additionally, a supplied API provides developers with the tools to either interact with the default URL security zone manager or to create a custom URL security zone manager. |
| About Zone Elevation | Zone elevation occurs when a Web page loaded in one URL security zone loads a page from a less restrictive zone in a frame or a new window. |
| Adding Sites to the Enhanced Security Configuration Zones | This topic describes how to add sites to security zones in the enhanced security configuration. |
| Enhanced Security Configuration for Internet Explorer | This topic explains the changes made to Windows Internet Explorer and Microsoft Outlook Express in Windows Server 2003. These changes reduce the surface of attack that a hacker could use to compromise the security of your server. |
| Implementing a Custom Security Manager | Applications can manage the default URL security zone settings by using the IInternetZoneManager interface; however, any changes made with IInternetZoneManager are not static, because the user can override them. In most cases, applications that need to control the URL security zone settings should host the WebBrowser Control or MSHTML, and should implement their own security manager. |
| Introduction to Feature Controls | Feature Controls are new additions to Internet Explorer in Windows XP Service Pack 2 (SP2). A Feature Control enables administrators and developers to turn certain security restrictions on or off. |
Objects
| Topic | Contents |
|---|---|
| Internet Security Manager | The Internet Security Manager is an object that manages security in Internet Explorer and WebBrowser applications by determining in which security zone a particular URL belongs and which actions Web pages in that zone can perform. |
| Internet Zone Manager | The Internet Zone Manager is an object that manages zones. |
| Persistent Zone Identifier | The Persistent Zone Identifier object enables access to zone information that is persisted with local files. The Attachment Execution Services (see IAttachmentExecute) set the zone information, which the Internet Security Manager Object (see IInternetSecurityManager) consumes. Use IPersistFile to attach the object to the target file and IZoneIdentifier to examine or to manipulate the zone ID. |
Interfaces
| Topic | Contents |
|---|---|
| IInternetHostSecurityManager | Provides methods for components to use to manage security. |
| IInternetSecurityManager | Enables client applications to determine the security of the browser components. |
| IInternetSecurityManagerEx | Extends the IInternetSecurityManager interface. |
| IInternetSecurityManagerEx2 | Exposes methods that enable client applications to determine the security of the browser components. |
| IInternetSecurityMgrSite | Exposes methods that enable components to manage the user interface of the security manager. |
| IInternetZoneManager | Exposes methods that are used by a host to control the security zone infrastructure. |
| IInternetZoneManagerEx | Extends the IInternetZoneManager interface. |
| IInternetZoneManagerEx2 | Extends the IInternetZoneManagerEx interface. |
| IZoneIdentifier | Provides methods for getting and setting the security zone for a file. |
| IZoneIdentifier2 | Provides methods for including metadata about which Store app was the last to write to a file, as well as a hint provided by the app as to what the trust level should be. |
Functions
| Topic | Contents |
|---|---|
| CoInternetCreateSecurityManager | Creates an IInternetSecurityManager interface. |
| CoInternetCreateZoneManager | Creates an IInternetZoneManager interface. |
| CoInternetGetSecurityUrl | Gets the security URL for the specified URL. |
| CoInternetGetSecurityUrlEx | Gets the security URL for the Uniform Resource Identifier (URI) in the specified IUri. |
| CoInternetIsFeatureEnabled | Determines whether the specified feature control is enabled. |
| CoInternetIsFeatureEnabledForIUri | Determines whether the specified feature control is enabled for the security zone of the specified IUri. |
| CoInternetIsFeatureEnabledForUrl | Determines whether the specified feature control is enabled for the security zone of the specified URL. |
| CoInternetIsFeatureZoneElevationEnabled | Determines the URL policy for URLACTION_FEATURE_ZONE_ELEVATION for the specified URL. When the policy is URLPOLICY_QUERY, this function displays a dialog that allows the user to decide whether to allow the zone elevation. |
| CoInternetSetFeatureEnabled | Enables or disables a specified feature control. |
Structures
| Topic | Contents |
|---|---|
| ZONEATTRIBUTES | Contains the attributes of a particular zone. |
Enumerations
| Topic | Contents |
|---|---|
| INTERNETFEATURELIST | Contains the Feature Controls for Internet Explorer. |
| PSUACTION | Contains the flags passed into the CoInternetGetSecurityUrl function. |
| PUAF | Contains the flags passed into the IInternetSecurityManager::ProcessUrlAction method. |
| PUAFOUT | Contains the flags passed out of the IInternetSecurityManagerEx::ProcessUrlActionEx method. |
| SZM_FLAGS | Contains the flag values used for creating and enumerating security zone mappings. |
| URLTEMPLATE | Contains the security level templates. |
| URLZONE | Contains all the predefined zones used by Internet Explorer. |
| URLZONEREG | Contains the registry location values. |
| ZAFLAGS | Contains the zone attribute flags. |
Constants
| Topic | Contents |
|---|---|
| MapUrlToZone Flags | Values that control the action of IInternetSecurityManager::MapUrlToZone and IInternetSecurityManagerEx2::MapUrlToZoneEx2. |
| URL Action Flags | The following list contains values associated with the actions that can be taken in a URL security zone. The possible URL policy values for each of the listed URL action flags can be found in About URL Security Zones. |
| URL Policy Flags | The following list contains the values associated with the policies used with the URL action flags. |