Chapter 7Chapter image

Setting Up Java Custom Security

You can deploy Internet Explorer with the default settings, or you can configure Java custom settings, which explicitly define the Java permissions for signed and unsigned applets. The options for configuring Java custom settings are the same whether you access them from Internet Explorer 5, the Internet Explorer Customization wizard, or the IEAK Profile Manager. For more information about using the Internet Explorer Customization wizard and IEAK Profile Manager, see Chapter 15, "Running the Internet Explorer Customization Wizard" and Chapter 22, "Keeping Programs Updated."

Important You can only configure Java custom settings if the Microsoft Virtual Machine is installed on your computer.

Configuring Java Custom Security

You can configure Java custom security by using the following methods:

You can view and change Java custom settings for each security zone. The following section describes how to configure Java custom settings.

To view and edit Java custom settings
  1. On the Tools menu, click Internet Options.
  2. Click the Security tab.
  3. Click a security zone.
  4. Click Custom Level.
  5. In the Java Permissions area, select Custom.
  6. Click Java Custom Settings.
  7. As necessary, perform the following tasks:

Selecting Java Custom Settings

The Java Custom Settings button on the Security tab gives you additional control over Java permissions. You can enable or disable specific Java permissions depending on the needs of your organization and its users. For more information about how to use the Java custom settings, see "Configuring Java Custom Security" earlier in this chapter.

Java custom settings for Internet Explorer are grouped into two categories: Unsigned Content and Signed Content. The following tables identify the default value for each option and the level of security.

Unsigned Content


Java custom option
High
security
Medium security Low
security
Run Unsigned Content
Run Unsigned Content Run in sandbox Run in sandbox Run in sandbox
Additional Unsigned Permissions
Access to all files Disable Disable Disable
Access to all network addresses Disable Disable Disable
Execute Disable Disable Disable
Dialog Disable Disable Disable
System information Disable Disable Disable
Printing Disable Disable Disable
Protected scratch space Disable Disable Disable
User-selected file access Disable Disable Disable

Signed Content


Java custom option
High
security
Medium security Low
security
Run Signed Content
Run Signed Content Prompt Prompt Prompt
Additional Signed Permissions
Access to all files Prompt Prompt Disable
Access to all network addresses Prompt Prompt Disable
Execute Prompt Prompt Disable
Dialog Prompt Prompt Disable
System information Prompt Prompt Disable
Printing Prompt Prompt Disable
Protected scratch space Prompt Enable Disable
User-selected file access Prompt Enable Disable

The following sections describe the settings for the Unsigned Content and Signed Content groups.

Unsigned Content

The Run Unsigned Content group determines whether unsigned applets can run in the zone. This group has the following settings:

The Additional Unsigned Permissions option determines whether unsigned applets can have additional permissions, such as access to network addresses and the ability to run other applications. If you disable the ability to Run Unsigned Content, Internet Explorer automatically disables all of these options.

Signed Content

The Run Signed Content option determines whether users can run signed applets. This option has these settings:

The Additional Signed Permissions options determine whether signed applets can have additional permissions, such as access to network addresses and the ability to run other applications. If you disable the ability to Run Signed Content, Internet Explorer automatically disables all of these options.



Arrow: Top of page