/* Menu creation problem '1958-475', Bok=0, Snm=0, Omen=) */ /* Menu creation problem '1958-475', Bok=0, Snm=0, Omen=) */ /* Menu creation problem '1958-475', Bok=0, Snm=0, Omen=) */ /* Menu creation problem '1958-475', Bok=0, Snm=0, Omen=) */ /* Menu creation problem '1958-475', Bok=0, Snm=0, Omen=) */ /* Menu creation problem '1958-475', Bok=0, Snm=0, Omen=) */
Contact us
Let us put you in the driving seat of your new Web Site

Putting technology in ITs place:
Business and People first!

Click on link to rightWhy Business before Technology
Call us now
Maintain your own site
Click on link to rightSelf Maintenance Sites
[Home]   [Site Map]   [Privacy]   [Toggle Print]   [Contact]   [Bottom of Page]

Configuring Microsoft products for safety, security and privacy

Permitting 'trusted senders' to 'download' richer content - Web sites

Occasionally you will want or need to see a web site (OR AN E-MAIL - see How to trust an e-mail) as the sender intended you to view it - images, interactivity etc..

To view a Web Site with full graphics/interactivity "etc." and associated risks

By taking our advice you will have disabled certain MS features that are by far the biggest security holes for the consumer in the MS product line. The consequence of this change is that highly interactive sites that previously worked may not function correctly without intervention - they need to be "promoted".

95% of the sites that have problems can be made to function as intended by promoting them from the "Internet Zone" (level 2) to one higher - the "Local Intranet" (3) or even the "Trusted" (4) zone. There are caveats to doing so - see How to trust a web site for the full details of setting this up in the first place.

To promote a site from the (now restricted!) Internet Zone

THIS PAGE is intended to show how to simply add a site to an elevated zone in MSIE (N.B. Microsoft Internet Explorer - doesn't work in Firefox!)

When browsing - the simplest approach to elevate a site is to double click on the Zone indicator within Internet Explorer at the very bottom right of the browser window - see image to right:

You will see four Zone icons across the top of a window.

Simply click on the Local or Trusted Zone as appropriate - on the whole very, very few sites need to be in the Trusted zone because you should keep that for sites that you KNOW will need to take actions which are inherently risky - the classic one is Windows Update which makes fundamental changes to your PC every time it makes an update.

The Local (or LAN) Zone is for those sites that you trust not to harm your PC but don't need any serious control over your PC other than to do things like show you web-based material in interesting formats etc.

If you have chosen the latter then the next popup will NOT appear as it is only relevant for Local Area Network connections which includes Wireless (a.k.a. WiFi) networks.

Then Click on "Sites" which is a button which will only become clickable when you select a zone other than Internet Zone.

After clicking 'Sites' you will one of the next two popups that are shown below.

IF you have chosen "Local Intranet Zone" which is symbolised by a small picture of a Globe with a PC in front of it then you will see the popup to the right, if not then skip this part of the operation.

En-route to adding specific sites you will always be prompted for some generic inclusions - unless you know what you are doing you should disable all of these as anyone who (for instance) managed to encroach on your Wireless LAN could potentially trick you into running code from a dummy site which they could have running on a Laptop in a nearby Car Park for criminal intent.

If in doubt you should check that all of the prompts that start with the words "Include all" are DE-selected as illustrated and then click on "Advanced".

If you have chosen the "Trusted" zone you get straight to this popup.

You can then enter the Web Site address that you wish to be promoted (e.g. www.tony-blair.gov.uk) and then click on "Add". If there is a prompt "Require server verification (https:) for all sites in this zone" then de-select it - i.e. no tick in the box. The restriction of requiring 'https' makes the use of zones almost impossible while adding little additional security in real terms. That choice will be remembered.

Adding sites is straightforward and IE may offer the site for you to add without typing... on the whole be specific if the site is very large - e.g. microsoft.com then you might add these four:

  • windowsupdate.microsoft.com
  • update.microsoft.com
  • go.microsoft.com
  • microsoft.com/downloads

this would allow 3 subdomains and 1 folder (prefix to microsoft.com like the first 3 above and one suffix - the last example).

This would ensure that only those sites that are tightly managed to provide very specific facilities and content were allowed to take over your browser to the extent needed to update your PC.

An * at the front permits all subdomains, e.g. *.bbc.co.uk includes news.bbc.co.uk as well as www.bbc.co.uk.

If you then click on "OK" 2-3 times! you should find that the site will now have a changed symbol in the status bar at the bottom of MSIE which shows that the site is being treated as "Local Intranet" (or "Trusted") rather than "Internet". If it says 'Mixed' then see Notes¹.


  1. If it says 'Mixed' then you can be sure that the web developers have made life difficult because they have split their content across multiple servers for some reason. eBay is a classic example of this in that they use all sorts of odd names: *.ebayimg.com, *.ebaystatic.com are examples. However - eBay is NOT a site that I would suggest that you trust ANYWAY. Not that I have any malevolence towards them but they have a huge amount of content that is not actually within their control as anyone can sell items on eBay and submit their descriptions.

I hope that has been useful. Any Comments, suggestions or corrections to: Contact us please. This would be especially useful if the software environment you have is different to mine and the headings, text or prompts are different.

Like the site?

Site Construction by usiness
before Technology
Click on link to rightClick here
[Top of Page]   [Home]   [Site Map]   [Toggle Print]   [Privacy]   [Contact]

© Business before Technology - All Rights Reserved 2003

Business before Technology Limited, Company number: 4969011.
151 Chester Road, Norbury Moor, Hazel Grove, Cheshire SK7 6HD
*¹¹ Note that calls to 0844 884 2244*¹¹ will cost 7p per a minute, your telephone provider (including mobile providers) may add an additional access charge.
14Jan16: not 0 or 0 !