Policy
Admin-approved behaviors
For each zone, the Binary and Scripted Behavior security restrictions may be configured to allow only a list of admin-approved behaviors. This list may be configured here, and applies to all processes which have opted in to the behavior, and to all zones. (Behaviors are components that encapsulate specific functionality or behavior on a page.) If you enable this policy setting, this sets the list of behaviors permitted in each zone for which Script and Binary Behaviors is set to 'admin-approved'. Behaviors must be entered in #package#behavior notation, e.g., #default#vml. If you disable this policy setting, no behaviors will be allowed in zones set to 'admin-approved', just as if those zones were set to 'disable'. If you do not configure this policy setting, only VML will be allowed in zones set to 'admin-approved'. Note. If this policy is set in both Computer Configuration and User Configuration, both lists of behaviors will be allowed as appropriate.
3e458370e5fc IESF_Policy_BinaryBehaviorAdminAllow Registry
Copy registry mappings
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ListBox_Support_AllowedBehaviors (enabled) = 1
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ListBox_Support_AllowedBehaviors (disabled) = 0HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ListBox_Support_AllowedBehaviors (enabled) = 1
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ListBox_Support_AllowedBehaviors (disabled) = 0HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedBehaviors\ListBox_Support_AllowedBehaviorsHKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedBehaviors\ListBox_Support_AllowedBehaviorsPolicy notes
For each zone, the Binary and Scripted Behavior security restrictions may be configured to allow only a list of admin-approved behaviors. This list may be configured here, and applies to all processes which have opted in to the behavior, and to all zones. (Behaviors are components that encapsulate specific functionality or behavior on a page.) If you enable this policy setting, this sets the list of behaviors permitted in each zone for which Script and Binary Behaviors is set to 'admin-approved'. Behaviors must be entered in #package#behavior notation, e.g., #default#vml. If you disable this policy setting, no behaviors will be allowed in zones set to 'admin-approved', just as if those zones were set to 'disable'. If you do not configure this policy setting, only VML will be allowed in zones set to 'admin-approved'. Note. If this policy is set in both Computer Configuration and User Configuration, both lists of behaviors will be allowed as appropriate.