Registry Keys for IE's Security Zones

Does anyone know what the Windows (XP) Registry Keys are for IE's various security zones? Actually, I think I'm close. I know the following key represents one of them, but I don't know which zone it represents. Thanks!

hkey_users\...\software\microsoft\windows\currentversion\internet settings\zonemap\domains

 

The Domains key is where Trusted and Restricted Site URL's are placed....so it's not necessarily Zone specific.

 

Not sure I follow you, Bubba. When a site is added to the key I gave above, what does that mean?


Edit: I may have figured it out. For a specific site, if the REG_DWORD has a value of (4), it's in the trusted zone. If the value is (2), it's restricted. Right?

 

I'll flip that around a bit.

When you add a site to your Trusted Zone in IE(Tools\Internet Options\Security tab....click to highlight Trusted Zone....then the Sites button)....Internet Explorer then stores that info in the above mentioned Domains key. The same holds true for sites added to the Restricted Zone of IE....they go to the Domains key also.

To tell the entries apart in the registry....the Trusted Zone has a dword value of 0x00000002 (2)
....and the Restricted Zone has a dword value of 0x00000004 (4)

 

Thanks, Bubba. I guess I had it backwards. That's really helpful to know!

 

You are Welcome....and almost all settings and sub-keys for Internet Explorer....regardless of it's version or the OS used....is stored in the software\microsoft\windows\currentversion\internet settings key.

 

just to complete: the Dword value name is *

 

The reason I asked the question is that MJRW caught entries being made to this registry key. Unfortunately, MJRW doesn't give you the DWORD_VALUE within it's warning window, so it's impossible to tell what zone it's being added to.

Now I have to find out what caused these entries to be made.

Thanks again!!

 

Just remember....that's where Spywareblaster places entries from it's Restricted Sites database....and also Spybot's Immunization feature places it's Restricted Sites database there....just to name a few programs

 

Thanks. I use both of those, and that is what I was thinking. But I wasn't running either of them at the time the changes were made.


By the way, when I right-click the registry entry that was quarantined by MJRW, the Windows Explorer context menu gives me a "Merge" option. Does that option, when selected, insert the registry entry into the proper location in the registry?

 

Indeed it does....Merging a .reg file or importing via regedit a .reg file into the registry are one in the same.