We at IE8 blog are always looking for tools to make life easier. During one of our usual surfing episodes we found a very interesting tool that has promise in easing the zone nightmare we find our selves in from time to time.

Those that have been dealing with Internet Explorer for any length of time know that the IE Zone feature is our best friend MOST of the time. Not only do we protect users from the bad guys but control how various sites will function simply based on a particular zone such as automatic logon if intranet.

We hope someone out there that is struggling with a particular site finds this tool useful

Feel free to post your feedback on your experiences. As we learn more about the tool we will update this posting.

The following is the full article we found with link back to the Microsoft folks, http://blogs.technet.com/fdcc/archive/2009/10/01/viewing-and-comparing-ie-security-zone-settings.aspx

Viewing and Comparing IE Security Zone Settings

The Security tab of the Internet Explorer Properties dialog shows security settings for the Internet, Intranet, Trusted Sites and Restricted Sites zones.  However:

  • It doesn’t show settings for the Local Machine (Computer) zone, nor for Local Machine Zone Lockdown (LMZL).
  • When machine settings or other policies are in effect, most of the Security Zones UI is disabled.

The attached utility “IE Zone Comparer” was designed to overcome these limitations and provide additional visibility into security zone settings.  Pick any two collections of security zone settings, and IE Zone Comparer displays the values of those settings, highlighting any differences between the two collections.

IE Zone Comparer requires .NET 2.0 or higher; it does not require administrative privileges.

How to use it:

Click “Pick Zones…” from the toolbar.  The following dialog will appear:

Pick Security Zones dialog

The Effective Settings label indicates whether User settings are used or ignored.  Refer to this blog post which discusses precedence order of the various policies and preferences.

For each column, there are two dropdowns.  The first dropdown lets you select Templates, Machine Policy, Machine Preferences, User Policy, User Preferences, or FDCC Q1 2009 Policies.  If you select Templates, the second dropdown lets you select one of the security zone templates (High, Medium-High, Medium, etc.); if you select Policies or Preferences, the second dropdown lets you select any of the five standard zones or five lockdown zones.  (See this post for more information about all those zones.)

Click “OK” on the “Pick items…” dialog, and the selected settings will be rendered in the list view.  Items that are present in both columns but with different values will be highlighted in yellow.  Items that are present only in one column will be grayed in the other column.

IE Zone Comparer screenshot

Additional Features

To find a particular item with a partial text search, press Ctrl+F (or the “binoculars” toolbar dropdown).  The text search is case-insensitive and searches in all columns from the currently-selected row down.  Press F3 to repeat the last search from the current location.

Enter a URL in the text area in the toolbar and click “Map URL to Zone”:  IE Zone Comparer will tell you in what security zone IE would render that URL.

The Help/About toolbar button includes some helpful links for more information about IE security zones and URL actions.

Some Example scenarios for the IE Zone Comparer

  • View effective settings for a particular zone.  E.g., something isn’t working correctly on a page that is rendered in the Intranet zone.  If user settings are being ignored, select Machine Policies / Intranet and Machine Preferences / Intranet.  Policies override preferences; where no policy is set, the machine preferences will apply.
  • Compare the relative security settings of the Intranet zone vs. the Trusted Sites zone (see screenshot above).
  • Seeing exactly what changes when you transition from the Locked-Down Local Machine Zone to the regular Local Machine Zone.  (Description here.)
  • Compare Machine Policies for a zone to the policies mandated by FDCC Q1 2009.
  • View the settings that are applied by a given template, and compare those settings to another template or to an existing zone to see whether it has been modified from that template.
  • Compare the effective settings of the Locked-Down Local Machine Zone (LMZL) to Local Machine Zone, to see what becomes enabled when the user clicks through the information bar.
  • Compare user preferences for a zone to the machine preferences for the same zone.  (They should be the same; if they are not, then results may change when the “use only machine settings” policy is applied.)

Published Thursday, October 01, 2009 6:27 PM by Aaron Margosis

Filed under: Local Group Policy utilities, Group Policy, FDCC, Internet Explorer

Attachment(s): IEZoneCompare.zip

Leave a Reply