Defining the Internet Options settings
The Internet Options applet opens the Internet Properties dialog box. (Yes, Microsoft did give the applet one name and the dialog box another name, making it possible to get confused. To avoid confusion, this tutorial uses the name Internet Options when referring to the applet.) You can see this same dialog box by choosing Tools → Internet Options in Internet Explorer. No matter which way you open this dialog box, it does more than affect how Internet Explorer works.
You also find that Microsoft is using the Internet Properties dialog box when you interact with network drives and other remote locations. The security you set using this dialog box also affects your ability to use resources on other systems on your network because Microsoft now has all network resources defined in the Internet zone. Before you can use these resources, you must often place them in the Trusted zone. Consequently, the following sections help you do more than simply work with Internet Explorer.
Configuring the General tab
The General tab of the Internet Properties dialog box, contains settings that affect the appearance of Internet Explorer and any other application that relies on these settings. To make Internet Explorer work faster, you can often get rid of some of the garbage, such as plug-ins, that Web sites toss your way. Click Accessibility and you see the Accessibility dialog box, where you can tell these applications to ignore colors, fonts, and font sizes. You can even define your own style sheet so that you don't have to wait for these Web sites to render fancy effects, such as special fonts or graphics. Normally set initial page to about:blank so that Internet Explorer starts quickly. After all, this machine isn't your workstation and you want to get things done quickly.
Because you're not browsing with this copy of Internet Explorer, you may want to set the browsing features to a minimum and set the history feature to retain zero days of history. Anything you can do to make Internet Explorer work faster and use fewer resources is a good idea. Many features that provide convenience on a client system aren't practical on a server.
Click Settings in the Tabs area to change how tabs work in Internet Explorer. In some cases, you may actually have multiple tabs open, but it's more likely that you'll use the server copy of Internet Explorer to open Windows Update and perform other tasks that require a single pane. Even so, you should set the tabs up to provide comfortable use, just in case you need them.
Configuring the Security tab
As mentioned earlier, the Security tab provides input to more than just Internet Explorer. Windows Explorer also uses the settings when working with network drives, and you may find that other applications use these settings as well. Consequently, setting the Security tab correctly is important.
The icons at the top correspond to four security zones: Internet, Local Intranet, Trusted Sites, and Restricted Sites. Depending on your needs, you probably want to set all these zones, except Trusted, to High on a server because you won't use the server for browsing but you want to ensure that the server has maximum protection. When you find a location, such as a network drive or Windows Update, that requires special privileges, you can add them to your Trusted Sites zone using the following steps:
- Select the Trusted Sites icon.
- Click Sites.
You see the Trusted Sites dialog box. - Type the location of the site in the Add This Website to the Zone field.
When working with standard Web sites, type the entire zone, including the protocol, such as http://www.microsoft.com. When working with a folder or drive, use the file protocol entry, such as file://// D:\WINWORD for the WINWORD folder on the D: drive. Notice that the file protocol uses four forward slashes in place of the two used for the http protocol. - Click Add.
You see the URL added to the list of URLs. - Click Close.
If you find that the Trusted Sites zone doesn't provide the functionality you require on the server, try lowering the security slider. The security slider controls the strictness of the security for a particular zone. When the security slider doesn't provide sufficient rights, click Custom Level. You see the Security Settings - Trusted Sites Zone dialog box, where you can configure individual security options. Carefully test the security options one at a time until you find the settings you need to ensure that Web sites and network drives work as anticipated.
Configuring the Privacy tab
The Privacy tab, controls the use of cookies and popups as you move between Web sites. In most cases, you'll restrict browsing on the server anyway because you don't want to contaminate it with outside sources of information. Because privacy is important and you really don't care about the cookies from Web sites anyway, the best policy is to set the privacy setting to High and ensure that you don't allow pop-ups.
Configuring the Content tab
The Content tab contains settings that control your interaction with information on Web sites. In most cases, your only interaction with this tab is to turn some features off and to work with any certificates on your machine. Your server should never need the Content Advisor because this tool helps you discover the content rating of Web pages that you visit (unless you plan to let children use your server to browse the Internet).
Normally, it's a good idea to turn off the AutoComplete and Feeds features as well because you really shouldn't use them on a server. You won't be using your e-mail program, so feeds aren't helpful and AutoComplete is dangerous on a server because you want to verify the content you provide in every field of every form you fill out. To disable these features, click Settings in each section and clear all the check boxes. Click OK to make the configuration change complete.
The Certificates section is the important part of the Content tab because you'll likely encounter secure Web sites when working with your server and you want to manage these certificates. In addition, you'll probably install your own certificate when working with features such as Internet Information Server (IIS). To see any certificates installed on your system, click Certificates. You see the Certificates dialog box, where you can import certificates on disk, export certificates to disk, and remove certificates. Microsoft groups the certificates by category.
When you experience problems accessing a secure Web site, click SSL State. This action clears the Secure Sockets Layer (SSL) cache and forces the browser to download new information from the server you're attempting to access.
In some cases, you may also need to know about the certificate publishers that your system accepts. Click Publishers and you see the Certificates dialog box again. However, in this case, the dialog box lists only the publishers that your system will accept. As with certificates, you can import, export, or remove publisher certificates. The publisher certificates fall into three categories: Trusted Root Certification Authorities (those allowed to issue certificates), Trusted Publishers (those allowed to send you a certificate), and Untrusted Publishers (those whose certificates you need to avoid).
Configuring the Connections tab
The Connections tab determines how you connect to the Internet. If the server is the connection point for the Internet, you won't even need to view this tab. When you use another kind of connection, you need to use this tab to configure the connection requirements. Check with your Internet service provider (ISP) for details on working with this tab. In many cases, the best option is to try the Internet connection first after you've made the connection to the router, hardware firewall, switch, modem, server, or other piece of hardware that provides your connection to the Internet. In many cases, Internet Explorer will surprise you and work without any configuration of this tab.
Configuring the Programs tab
The Programs tab offers a means of setting the default applications to react to specific file types on the Internet. Because you won't use your server to view content, in most cases, the default settings should work fine. However, in the rare case that you need to install a helper application, you can click Set Programs to display the Default Programs window. You also use the Programs tab to check whether Internet Explorer is the default browser on your machine. Unlike on your workstation, where you browse the Internet, you probably want to retain Internet Explorer as the default and only browser on your server.
Finally, this tab helps you manage any add-ons for Internet Explorer on your server. Again, as with many other features, you probably won't need any add-ons for your server. For example, Windows Update works just fine without any add-ons. You can probably visit most vendor update sites without installing any add-ons either. If you do install an add-on, do so carefully because it can contain viruses and adware that open up your server to those nefarious individuals outside.
Configuring the Advanced tab
The Advanced tab contains a host of advanced settings for Internet Explorer. The Advanced tab contains a host of interesting settings, some of which can help you create a more secure and efficient environment on a server. You probably wouldn't use some of these settings on a client system because you really do need them in order to browse properly.
Look through the list of Advanced tab options and you see features such as visual styles for buttons and other controls. Unless you want to wait for these features to load, you can easily disable them without any loss of functionality. You can also disable pictures and sounds on Web sites because your server will work just fine without the pictures, and it probably doesn't have a sound card installed for the sounds anyway. All of these features rob your system of performance when you enable them, and they don't serve any useful purpose on a server.
As far as security is concerned, you've already enhanced security by severely limiting what Web sites can do in a browser and by increasing privacy. However, the Advanced tab contains a few other settings you may want to try. Look in the Security section of the Settings list and you'll see that you can do things like enable the phishing filter and enable memory protection. (Although the memory protection uses some server resources and could potentially cause compatibility problems, it also tends to reduce the potential for online attacks.)
In this tutorial:
- Windows Server 2008 Standard Maintenance
- Interacting with the System Applet
- Configuring Your User Interface for Maximum Functionality
- Defining the Internet Options settings
- Defining the personalization settings
- Defining the Problem Reports and Solutions settings
- Defining the Taskbar and Start menu settings
- Understanding How UAC Affects Maintenance Tasks
- Measuring Reliability and Performance
- Protecting System Data
- Performing a system restore
- Performing Disk Management Tasks
- Performing disk management
- Automating Diagnostic Tasks with Task Scheduler
- Working with Remote Desktop
- Accessing local resources
- Creating a Windows Recovery Disc