Script to Set Internet Explorer Security Parameters

TheMSsForum.com: The Microsoft Software Forum

Is there a way to write a script that will set the various Internet Explorer
Security Settings for particular zones? For example, the settings that affect
activeX controls and scripting? I could try to figure out how to hack the
registry, but would prefer a documented interface, if one is available.
Thanks,
--
Joseph
Top

Re: Script to Set Internet Explorer Security Parameters by TDM

TDM
Tue Jan 29 15:16:32 CST 2008


"Joseph Morales" <JosephMorales@discussions.microsoft.com> wrote in message
news:42B47952-2072-435E-ACA2-E9811529A991@microsoft.com...
> Is there a way to write a script that will set the various Internet
> Explorer
> Security Settings for particular zones? For example, the settings that
> affect
> activeX controls and scripting? I could try to figure out how to hack the
> registry, but would prefer a documented interface, if one is available.
> Thanks,
> --
> Joseph

I am not sure there is a graceful way to do this. I do have a script
that changes the ActiveX stuff, but I think most folks in this NG will
tell you not to do this and use an HTA instead.


TDM


Top

Re: Script to Set Internet Explorer Security Parameters by JosephMorales

JosephMorales
Tue Jan 29 15:57:00 CST 2008

"TDM" wrote:
> I am not sure there is a graceful way to do this. I do have a script
> that changes the ActiveX stuff, but I think most folks in this NG will
> tell you not to do this and use an HTA instead.

Thanks for the reply. I'm actually setting these options so that someone
else's web application will work on my system. It's not my app, so I can't
tell them to reimplement it as an HTA. I have to reinstall every week on a
couple of test machines, which are fresh Windows installs each time so the IE
options don't stay the same from week to week. I have to do the following
changes each time:

Add a list of websites to the Trusted Zone

Change the values of these options in the Trusted Zone:
ActiveX controls and plug-ins
Automatic prompting for ActiveX controls
Binary and script behaviors
Download signed ActiveX controls
Download unsigned ActiveX controls
Initialize and script ActiveX controls not marked as safe
Run ActiveX controls and plug-ins
Script ActiveX controls marked safe for scripting
Miscellaneous
Access data sources across domains
Navigate sub-frames across different domains
Submit nonencrypted form data
Scripting
Active scripting
Disable the popup blocker
Allow active content from CDs to run on My Computer
Allow active content to run in files on My Computer

Done manually, these steps are fairly tedious and error prone. Any tips
about how to automate these steps would be appreciated. Thanks!
Top

Re: Script to Set Internet Explorer Security Parameters by TDM

TDM
Tue Jan 29 16:51:03 CST 2008


"Joseph Morales" <JosephMorales@discussions.microsoft.com> wrote in message
news:E53B6915-E4F5-4CB4-B735-C38A2997E760@microsoft.com...

> Add a list of websites to the Trusted Zone
>
> Change the values of these options in the Trusted Zone:
> ActiveX controls and plug-ins
> Automatic prompting for ActiveX controls
> Binary and script behaviors
> Download signed ActiveX controls
> Download unsigned ActiveX controls
> Initialize and script ActiveX controls not marked as safe
> Run ActiveX controls and plug-ins
> Script ActiveX controls marked safe for scripting
> Miscellaneous
> Access data sources across domains
> Navigate sub-frames across different domains
> Submit nonencrypted form data
> Scripting
> Active scripting
> Disable the popup blocker
> Allow active content from CDs to run on My Computer
> Allow active content to run in files on My Computer
>
> Done manually, these steps are fairly tedious and error prone. Any tips
> about how to automate these steps would be appreciated. Thanks!

Agreed, this would be a real pain manually. In my situtation, I only
needed to change one ActiveX setting so I wont be much help to
you. I chose to do it by changed the registry settings. Using this
method, you also need to make sure an instance of IE is not running when you
run
your script. If IE is running, and you run your script, then close IE,
the values from the running IE session will be saved over what your
script just did. Another pain with doing this the regedit way is trying
to figure out what setting is the one you want. There are settings for
each zone, which I am sure you are aware of. Sorry I wont be of any
help to you.

TDM


Top

Re: Script to Set Internet Explorer Security Parameters by mayayana

mayayana
Tue Jan 29 22:30:44 CST 2008

It's all extremely convoluted, but you should find
what you need here:

http://support.microsoft.com/default.aspx?kbid=182569

You need to set specific values in the key that
corresponds to a given zone. With IE you should
always do both HKCU and HKLM because there's
a setting that will cause HKLM to override HKCU.

Also, if you want to customize the settings levels
you can use the TemplatePolicies keys. (See link.)
Those keys contain a whole set of values that are
all applied at once when you select a security
level other than Custom. For instance, if you
select Medium for Internet Zone, the whole
TemplatePolicies medium key is copied over to the
Zones\3 key. (That will make sense when you read
the article.) So by changing the values in the
TemplatePolicies keys you can custom-define exactly
what low, mediumlow, medium and high security are.
Then you don't have to keep dealing with single values.
You can just define 4 custom levels and use those.
That's also a good idea if you use IE online. Last time
I checked, the normal "high" security was a very risky
setting that allowed script but blocked downloads!


> Is there a way to write a script that will set the various Internet
Explorer
> Security Settings for particular zones? For example, the settings that
affect
> activeX controls and scripting? I could try to figure out how to hack the
> registry, but would prefer a documented interface, if one is available.
> Thanks,
> --
> Joseph


Top