4.3 Medium

The Medium security level ( ) applies these settings:

• .NET Framework
    Loose XAML: Disable
    XAML browser applications: Disable
    XPS documents: Disable
• .NET Framework-reliant components
    Run components not signed with Authenticode: Disable
    Run components signed with Authenticode: Disable
• ActiveX controls and plug-ins
    Allow previously unused ActiveX controls to run without prompt: Disable
    Allow scriptlets: Disable
    Automatic prompting for ActiveX controls: Disable
    Binary and script behaviors: Disable
    Display video and animation on a webpage that does not use external media player: Disable
    Download signed ActiveX controls: Disable
    Download unsigned ActiveX controls: Disable
    Initialize and script ActiveX controls not marked as safe: Disable
    Run ActiveX controls and plug-ins: Disable
    Script ActiveX controls marked safe for scripting: Disable
• Downloads
    Automatic prompting for file downloads: Disable
    File download: Enable
    Font download: Enable
• Enable .NET Framework setup: Disable
• Microsoft VM
    Java permissions: Disable Java
• Miscellaneous
    Access data sources across domains: Disable
    Allow META REFRESH: Disable
    Allow scripting of Internet Explorer web browser control: Disable
    Allow script initiated windows without size or position contraints: Disable
    Allow webpages to use restricted protocols for content: Disable
    Allow webpages to open windows without address or status bars: Disable
    Display mixed content: Disable
    Don't prompt for client certificate selection when no certificates or only one certificate exists: Disable
    Drag and drop or copy and paste files: Disable
    Include local directory path when uploading files to a server: Disable
    Installation of desktop items: Disable
    Launching applications and unsafe files: Disable
    Launching programs and files in an IFRAME: Disable
    Navigate sub-frames across different domains: Disable
    Open files based on content, not file extension: Enable
    Software channel permissions: High safety
    Submit non-encrypted form data: Enable
    Use Phising Filter: Enable
    Use Pop-up blocker: Enable
    Userdata persistence: Disable
    Websites in less priviledged content zone can navigate into this zone: Disable
• Scripting
    Active scripting: Disable
    Allow programmatic clipboard access: Disable
    Allow status bar updates via scripts: Disable
    Allow websites to prompt for information using scripted windows: Disable
    Scripting of Java applets: Disable
• User authentification
    Logon: Prompt for user name and password
• Cookies
    Persistent cookies: Disable
    Session cookies: Disable