Windows 7 / Getting Started

Network Protocol Lockdown

Sometimes you might want to apply different security settings to specific protocols within a zone. For example, you might want to configure Internet Explorer to lock down HTML content hosted on the Shell: protocol if it is in the Internet zone. Because the Shell: protocol's most common use is for local content and not Internet content, this mitigation can reduce the attack surface of the browser against possible vulnerabilities in protocols less commonly used than HTTP.

By default, Network Protocol Lockdown is not enabled, and this setting is sufficient for most environments. If you choose to create a highly restrictive desktop environment, you might want to use Network Protocol Lockdown to mitigate security risks. Configuring Network Protocol Lockdown is a two-phase process, as follows:

  • Configure the protocols that will be locked down for each zone Enable the Group Policy setting for the appropriate zone and specify the protocols that you want to lock down. The Group Policy settings are located in both User Configuration and Computer Configuration under Administrative Templates\Windows Components \Internet Explorer\Security Features\Network Protocol Lockdown\Restricted Protocols Per Security Zone.
  • Configure the security settings for the locked-down zones Enable the Group Policy setting for the zone and specify a restrictive template or configure individual security settings. The Group Policy settings are located in both User Configuration and Computer Configuration under Administrative Templates\Windows Components \Internet Explorer\Security Page\.
[Previous] [Contents] [Next]

In this tutorial:

  1. Managing Windows Internet Explorer
  2. Internet Explorer 8 Improvements
  3. InPrivate Browsing
  4. InPrivate Filtering
  5. Compatibility View
  6. SmartScreen
  7. Domain Highlighting
  8. Tab Isolation
  9. Accelerators
  10. Improvements Previously Introduced in Internet Explorer 7
  11. User Interface Changes
  12. Tabbed Browsing
  13. Search Bar
  14. How to Create a Web Link to Add a Custom Search Provider
  15. How to Configure Custom Search Providers Using the Registry
  16. How to Configure Custom Search Providers Using Group Policy
  17. RSS Feeds
  18. Improved Standards Support
  19. Expanded Group Policy Settings
  20. Defending Against Malware
  21. How Protected Mode Improves Security
  22. How the Protected Mode Compatibility Layer Works
  23. How to Solve Protected Mode Incompatibilities
  24. URL-Handling Protection
  25. Address Bar Visibility
  26. Cross-Domain Scripting Attack Protection
  27. Controlling Browser Add-ons
  28. Add -on Manager Improvements
  29. Protecting Against Data Theft
  30. Security Status Bar
  31. How the Smart Screen Filter Works
  32. How to Configure Smart Screen Options
  33. Deleting Browsing History
  34. Blocking IDN Spoofing
  35. Security Zones
  36. Understanding Zones
  37. Configuring Zones on the Local Computer
  38. Configuring Zones Using Group Policy
  39. Network Protocol Lockdown
  40. Managing Internet Explorer Using Group Policy
  41. Group Policy Settings for Internet Explorer 7 and Internet Explorer 8
  42. New Group Policy Settings for Internet Explorer 8
  43. Using the Internet Explorer Administration Kit
  44. Troubleshooting Internet Explorer Problems
  45. Internet Explorer Does Not Start
  46. An Add-on Does Not Work Properly
  47. Some Web Pages Do Not Display Properly
  48. Preventing Unwanted Toolbars
  49. The Home Page or Other Settings Have Changed