Admin-approved behaviors

For each zone, the Binary and Scripted Behavior security restrictions may be configured to allow only a list of admin-approved behaviors. This list may be configured here, and applies to all processes which have opted in to the behavior, and to all zones. (Behaviors are components that encapsulate specific functionality or behavior on a page.)

If you enable this policy setting, this sets the list of behaviors permitted in each zone for which Script and Binary Behaviors is set to 'admin-approved'. Behaviors must be entered in #package#behavior notation, e.g., #default#vml.

If you disable this policy setting, no behaviors will be allowed in zones set to 'admin-approved', just as if those zones were set to 'disable'.

If you do not configure this policy setting, only VML will be allowed in zones set to 'admin-approved'.

Note. If this policy is set in both Computer Configuration and User Configuration, both lists of behaviors will be allowed as appropriate.

Supported on: At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
Registry PathSoftware\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Value NameListBox_Support_AllowedBehaviors
Enabled Value1
Disabled Value0

Enter the allowed behaviors here.

Registry PathSoftware\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedBehaviors
Value Name{number}
Value TypeREG_SZ
Default Value


Administrative Templates (Computers)

Administrative Templates (Users)