Internet Explorer Security Settings change using registry or vb script

Hi, we need to have some security settings changed in IE. This is in Tools > Internet Options > Security > Custom Level (for internet). We want to change most of those options to either Enable or Prompt.

This is to be deployed to multiple stations, so having a script file to do this will be most convenient. I tried monitoring the registry for changes as I'm making the manual change but can't seem to figure out which values correspond to the change. If someone can provide the entire list of settings in the custom level window and what values to change them to, it will be greatly appreciated. There's probably over 20 settings there to Disable, Enable or Prompt.

Also will this apply to IE6-IE8 or are they different for each version?

Thanks.
LVL 15
greyknight17Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

micalkinCommented:
If you are using Active Directory you can use a GPO to set these security settings.
User Configuration -> Administrative Template -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page.
I don't know about IE6 but the settings works for both IE7 and IE8.
0
greyknight17Author Commented:
As of now, we are not using Active Directory. They are mostly using workgroup names.

I actually need to change a bunch of other options in the Internet Options setting, but a majority of them are in the security level tab.

Is there any other way to accomplish this? It doesn't even need to be a script, as long as it's automated. My manager mentioned creating a .MSI install file to do this, but I'm not at all familiar with this.

Thanks.
0
micalkinCommented:
You could possibly use a registery monitor app (I believe sysinternals has one) and then use gpedit.msc on a client to make the changes you want.  You could then export those settings from regedit and make a .reg file to import onto the rest of your computers.
regedit /s filename.reg would install the registry edits silently.
0
Newly released Acronis True Image 2019

In announcing the release of the 15th Anniversary Edition of Acronis True Image 2019, the company revealed that its artificial intelligence-based anti-ransomware technology – stopped more than 200,000 ransomware attacks on 150,000 customers last year.

greyknight17Author Commented:
I tried using several different registry monitoring programs (including RegMon from SysInternals) but they don't help out much. RegMon actually displays all kinds of changes live and the list is constantly updating. Not even sure which entry may be responsible for the IE settings changes since it's constantly showing changes on the screen..
0
johnb6767Commented:
what are you looking to set specifically?
0
johnb6767Commented:
And when using Regmon, set the filter at the top to highlight "setvalue;create", and to only include "iexplore.exe;rundll32.exe". Change the settigns you want to change, and then clear the list. Then apply your changes, and the list to review (hopefully highlighted in Red) will be MUCH less now.
Filemon/Process Monitor/Regmon all take some tinkering until you get the right combo of highlighting, and processes down, before they are really easy to work with........
0
greyknight17Author Commented:
Thanks johnb6767. I will set them to those settings and see how it works out.

I got the full documentation on what to change. It's actually everything in the security settings and more. I will attach it here. Mostly Vista, but needed for XP as well.

Hopefully RegMon will be able to post those specific changes that I'm after.

IE-Settings.doc
0
greyknight17Author Commented:
I tried the filtering and it's still too much data. I went after the red highlighted entries and there are over 20 lines shown. This is just from one change alone in the security settings. Can that many entries be modified with just a single change?

Do you know of any other way to do this (see attached file in earlier reply)? Perhaps a .cab file?

I don't mind doing this manually if I know where in the registry to look for these specific changes.

Thanks again.
0
johnb6767Commented:
There can be multiple keys involved with a setting, but usually it is a single registry mod (could be the same key written to multiple times as well....
I will look more at the IE settings tomorrow. Thats alot of research....
One thing you can look into is a custom build of IE, using the IEAK.
Do a google search for "download ieak " and look at the top 4 links, and see if that might be a possibility.Then you could look at rolling out a standardized version of IE, fully customized....
 
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
johnb6767Commented:
Use the Internet Explorer Maintenance Extension
http://technet.microsoft.com/en-us/library/cc817467.aspx
As an alternative possibly?
0
greyknight17Author Commented:
Perfect. Never used IEAK before but found it pretty self-explanatory once I installed it.

Anything similar for the Windows settings portion? This part at least I think I can do some searching for and finding out which registry entry is responsible for the changes. Probably a reg or batch file will do the job.

One thing I'm trying to get rid of is the security warning (yellow information bar on top in Internet Explorer). Once I applied these changes, I received the following error:

Your current security settings put your computer at risk.  Click here to change your security settings...

Is there a quick method to suppress that message? I searched and saw posts that mention taking ownership of 3 files and then also applying the security changes to inherit those files in system32 folder.

Here's how to nuke Security Center off your system. This has been tested and there are no adverse effects from doing this.1.     Go to Start --> Run and type "cmd" without the quotes. 2.     Type "cd\" followed by "cd windows\system32". 3.     Now run the following commands:        takeown /f wscapi.dll        takeown /f wscsvc.dll        takeown /f wscui.cpl 4.Now you have ownership of the files. Go into the system32 directory inexplorer and right click each file, go to the security tab and add anentry for everyone and give them full access permissions. 5.     Disable the Security Center Service via services.msc if you have not already done so. 6.     In the system32 folder rename the three mentioned dll's (change their file extension to .bak). 7.     To get rid of the Security Center service from services.msc drop to a command prompt and type the following: "REG DELETE HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WSCSVC /F", hit enter and reboot. 8.      Enjoy no more nagging or icon in your system tray!

I don't mind doing that if it's all automated. I can write up a batch file to do a majority of this,  but will be stuck in the permission stage where it requires me to inherit it from the Properties > Security tab. It looks like takeown only applies to Vista. Is there a similar command for XP?

 There will be a group of computers that we want to apply these changes to. So any steps we can save in between will definitely speed up the deployment process.

All your help is greatly appreciated. Any additional help on the remaining problems will be appreciated as well.

Thanks.
0
greyknight17Author Commented:
I think I got most of them down now including the security message. Wrapping it up and will accept solution shortly.
0
johnb6767Commented:
Sorry for not repsonding sooner, wasnt online alot today in my email.....
Your ok now? Got all you needed figured out?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows XP

From novice to tech pro — start learning today.