The application stores information about privileged location trust in the registry and plist. You can also elevate Trusted Win OS zones to privileged locations. Users should TEST THEIR CONFIGURATION prior to deployment.Īll key (tID) names under a particular cab must be unique. For example, cross domain policies, internet access settings in Trust Manager, and certificate trust settings for certified documents sometimes interact so that the most permissive setting takes precedence.

Permissions granted by other features often overlap. Functionality changes across releases, so test the UI and see what trust is assigned. If configured through the user interface, the privileged location ID only may or may not appear under under all the possible cabs. However, you can create it manually.Ĭonfiguration may occur via the user interface or directly in the registry. The Trust Manager hive does not appear in the registry until the user interface is exercised.

Privileged locations can be permanently disabled or enabled by the administrator. There may be an HKCU list and an HKLM list: administrator’s can lock down the feature in HKLM so that users cannot change the setting. The feature behaves as follows:Ī privileged location may be a file, folder, or host. Privileged locations (PLs) are synonumous with “trusted locations.” PLs are the primary way that users and administrators can specify trusted content that should be exempt from security retrictions.