Changing the Security Level of IE 11 via the Registry looks to be implemented, but changes to 0 once IE Internet Options Security tab is opened

This is Windows 7 SP1 After being updated to the most current version

So I've been trying change the security level for trusted sites and it just doesn't want to stick. I modify the current level value to 10000 hexadecimal and when i open up IE11 an go to the internet options and look at trusted sites, it says nothing and when I check the registry the value is reset to zero

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\CurrentLevel

I wondered if this was because of the overall settings in Zones\0\CurrentLevel and it said zero so it's not enforcing anything on the other users (I think)?

I've tried reading about how to change the security level but everyone just says change that value and it works but mine just keeps resetting to zero and it has to be changed from within the internet options.

EDIT: So what I have done for testing is, first I go in and change the value using internet options via IE11 to low. Record the values of both the hexadecimal and decimal just for clarity. Go back change it to medium. Close IE11, manually change the value back to low security using regedit the values being Hex 10000, decimal 65536, go into internet options to see if changes work. I see a blank area where the bar normally is and if i refresh regedit i see the value is reset to 0. To note I only change currentLevel no other values, all other values in internetsettings have not been touched other than current level, I've tested this on multiple machines and the samething happens. Also this is always done in zone 2, I can verify it's the trusted sites zone because firstly I see a blank when I look at that section in internet options after doing tests where a value is previously set and secondly in zone 2 the registry value PMDisplayName also says trusted sites.

EDIT2: So it looks like there are 2 ways to do this, Either manually record each value in the zone with the proper security setting, then change all the values in the same zone on another machine to match. Or just do an import export, it's really unfortunate that it has to be done this way as it seems as though you can change settings simply editing the values but apparently not. I also don't believe the settings are enforced if done improperly even if you don't open up the security tab and cause the values to get reset.

c:\>reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" /v CurrentLevel HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 CurrentLevel REG_DWORD 0x11000

Best Answer

Changing the CurrentLevel is not sufficient. The Security Level need to be changed in IE and an export of HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 need to be created of every Level, e.g. low, high and medium.

To change the level, close IE, import a certain Security Level file, e.g., medium, start IE and the Security Level of a zone will be changed.

The export:

c:\>reg export "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2" "C:\medium.reg"
The operation completed successfully.

and import can be done via CMD as well:

c:\>reg import "C:\security-level-zones\medium.reg"
The operation completed successfully.

validation:

Best Answer

Related Solutions

Http://127.0.0.1:8500/

Security – How to automatically set IE settings for all users

Related Topic