This policy setting allows you to manage whether file downloads are permitted from the
zone. This option is determined by the zone of the page with the link causing the download,
not the zone from which the file is delivered. The recommended state for this setting is-
Sites located in the Restricted Sites Zone are more likely to contain malicious payloads and
therefor downloads from this zone should be blocked.
SolutionTo establish the recommended configuration via Group Policy, set the following UI path to
Computer Configuration\Administrative Templates\Windows Components\Internet
Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow file
downloadsThen set the Allow file downloads option to Disable.
If you enable this policy setting, files can be downloaded from the zone. If you disable this
policy setting, files are prevented from being downloaded from the zone. If you do not
configure this policy setting, files are prevented from being downloaded from the zone.