I need flowchart for how Internet Explorer determines security zon

The link below is the most bottom level description I could find for this.
http://msdn.microsoft.com/library/default.asp?url=/workshop/security/szone/overview/overview.asp

It tells how internet explorer gets the url and then sends the request to
the security domain to find out if the action is allowed. First let me say
that we have active scripting and activex disabled in our internet security
zone until all of the IE patches have been distributed. Given that, unless
an intranet site is added to the trusted sites list it can experience
problems with it's active scripting content. I am wondering if explicitly
adding the site to the intranet site's list would still have this fixed. I
am told that the page loads and starts running the scripts before the zone of
the url can be identified. Because our unknown zone has active scripting
disabled, this breaks the page. In our ins, the intranet has all 3 options
checked so that if the site does not go through the proxy server then it is
intranet.

Now I've also seen this difference. I created a smart client .NET
application. Both intranet and trusted sites list had the same permissions.
When the server I was pulling the assembly from was in the intranet zone, it
worked. When I moved the server to the trusted sites list, I get a security
exception when the .NET application tries to load the assembly from the web
server.

So I guess the end question is what is the difference between the trusted
sites zone and the intranet zone when they are both set to the same setting
of Low?

I'm also having issues with webfocus where is creates a temp htm file that
does an automatic form.submit to the local intranet server. It opens with
internet zone permissions when the server it redirects to is in the trusted
sites list. It opens with intranet zone permissions when the server it
redirects to is in the intranet zone (by default).

Any clues from Microsoft?

Valero
.

Relevant Pages

  • Re: Now wait just a dab non minute - this is getting out of hand
    ... enabled by default at all in Windows Server 2003? ... security threats I see affecting Windows server have nothing to do with IE ... I think you'd have to admit that Microsoft including IE in the default ... > Security level for the Internet zone is set to High. ...
    (microsoft.public.security)
  • Re: AD wont let me in!
    ... Possibly because IE thinks the server is in a different security zone. ... >When I try the first option, using localhost, I don't get a popup box and I ...
    (microsoft.public.dotnet.framework.aspnet)
  • How to securely connect an Intranet-Samba-PDC with a LAMP in the DMZ?!
    ... I have the RED, ORANGE and GREEN zone, all combined by a Firewall/Gateway linux box. ... In the ORANGE zone I am running a LAMP server which serves data towards the public internet ... In the GREEN zone (intranet) I am running a Samba-Server as fileserver and PDC for my intranet client machines. ... I want to be sitting on one of my Windows clients in the green network and be able to transfer files from the orange LAMP server to the green File-Server and vice verca comfortably via network shares. ...
    (comp.os.linux.networking)
  • IIS / NTFS Security Issues with hyperlink within e-mail
    ... I have an asp page on our Intranet server which is set ... of this is to ensure that requests to this page contain ... Intranet all works well for all users. ... Security" dialog is also displayed requesting the user ...
    (microsoft.public.inetserver.iis.security)
  • Re: Runtime Error when going to Hotmail
    ... This may be a symptom of too strict security on the client side. ... BTW what zone is this URL coming up in? ... An application error occurred on the server. ... The current custom ...
    (microsoft.public.windows.inetexplorer.ie6.browser)