Solved

Internet Explorer Security Settings change using registry or vb script

Posted on 2009-07-10
13
3,838 Views
Last Modified: 2012-05-07
Hi, we need to have some security settings changed in IE. This is in Tools > Internet Options > Security > Custom Level (for internet). We want to change most of those options to either Enable or Prompt.

This is to be deployed to multiple stations, so having a script file to do this will be most convenient. I tried monitoring the registry for changes as I'm making the manual change but can't seem to figure out which values correspond to the change. If someone can provide the entire list of settings in the custom level window and what values to change them to, it will be greatly appreciated. There's probably over 20 settings there to Disable, Enable or Prompt.

Also will this apply to IE6-IE8 or are they different for each version?

Thanks.
0
Comment
Question by:greyknight17
  • 6
  • 5
  • 2
13 Comments
 
LVL 5

Expert Comment

by:micalkin
Comment Utility
If you are using Active Directory you can use a GPO to set these security settings.
User Configuration -> Administrative Template -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page.
I don't know about IE6 but the settings works for both IE7 and IE8.
0
 
LVL 15

Author Comment

by:greyknight17
Comment Utility
As of now, we are not using Active Directory. They are mostly using workgroup names.

I actually need to change a bunch of other options in the Internet Options setting, but a majority of them are in the security level tab.

Is there any other way to accomplish this? It doesn't even need to be a script, as long as it's automated. My manager mentioned creating a .MSI install file to do this, but I'm not at all familiar with this.

Thanks.
0
 
LVL 5

Expert Comment

by:micalkin
Comment Utility
You could possibly use a registery monitor app (I believe sysinternals has one) and then use gpedit.msc on a client to make the changes you want.  You could then export those settings from regedit and make a .reg file to import onto the rest of your computers.
regedit /s filename.reg would install the registry edits silently.
0
 
LVL 15

Author Comment

by:greyknight17
Comment Utility
I tried using several different registry monitoring programs (including RegMon from SysInternals) but they don't help out much. RegMon actually displays all kinds of changes live and the list is constantly updating. Not even sure which entry may be responsible for the IE settings changes since it's constantly showing changes on the screen..
0
 
LVL 66

Expert Comment

by:johnb6767
Comment Utility
what are you looking to set specifically?
0
 
LVL 66

Expert Comment

by:johnb6767
Comment Utility
And when using Regmon, set the filter at the top to highlight "setvalue;create", and to only include "iexplore.exe;rundll32.exe". Change the settigns you want to change, and then clear the list. Then apply your changes, and the list to review (hopefully highlighted in Red) will be MUCH less now.
Filemon/Process Monitor/Regmon all take some tinkering until you get the right combo of highlighting, and processes down, before they are really easy to work with........
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 15

Author Comment

by:greyknight17
Comment Utility
Thanks johnb6767. I will set them to those settings and see how it works out.

I got the full documentation on what to change. It's actually everything in the security settings and more. I will attach it here. Mostly Vista, but needed for XP as well.

Hopefully RegMon will be able to post those specific changes that I'm after.

IE-Settings.doc
0
 
LVL 15

Author Comment

by:greyknight17
Comment Utility
I tried the filtering and it's still too much data. I went after the red highlighted entries and there are over 20 lines shown. This is just from one change alone in the security settings. Can that many entries be modified with just a single change?

Do you know of any other way to do this (see attached file in earlier reply)? Perhaps a .cab file?

I don't mind doing this manually if I know where in the registry to look for these specific changes.

Thanks again.
0
 
LVL 66

Accepted Solution

by:
johnb6767 earned 500 total points
Comment Utility
There can be multiple keys involved with a setting, but usually it is a single registry mod (could be the same key written to multiple times as well....
I will look more at the IE settings tomorrow. Thats alot of research....
One thing you can look into is a custom build of IE, using the IEAK.
Do a google search for "download ieak " and look at the top 4 links, and see if that might be a possibility.Then you could look at rolling out a standardized version of IE, fully customized....
 
0
 
LVL 66

Expert Comment

by:johnb6767
Comment Utility
Use the Internet Explorer Maintenance Extension
http://technet.microsoft.com/en-us/library/cc817467.aspx
As an alternative possibly?
0
 
LVL 15

Author Comment

by:greyknight17
Comment Utility
Perfect. Never used IEAK before but found it pretty self-explanatory once I installed it.

Anything similar for the Windows settings portion? This part at least I think I can do some searching for and finding out which registry entry is responsible for the changes. Probably a reg or batch file will do the job.

One thing I'm trying to get rid of is the security warning (yellow information bar on top in Internet Explorer). Once I applied these changes, I received the following error:

Your current security settings put your computer at risk.  Click here to change your security settings...

Is there a quick method to suppress that message? I searched and saw posts that mention taking ownership of 3 files and then also applying the security changes to inherit those files in system32 folder.

Here's how to nuke Security Center off your system. This has been tested and there are no adverse effects from doing this.1.     Go to Start --> Run and type "cmd" without the quotes. 2.     Type "cd\" followed by "cd windows\system32". 3.     Now run the following commands:        takeown /f wscapi.dll        takeown /f wscsvc.dll        takeown /f wscui.cpl 4.Now you have ownership of the files. Go into the system32 directory inexplorer and right click each file, go to the security tab and add anentry for everyone and give them full access permissions. 5.     Disable the Security Center Service via services.msc if you have not already done so. 6.     In the system32 folder rename the three mentioned dll's (change their file extension to .bak). 7.     To get rid of the Security Center service from services.msc drop to a command prompt and type the following: "REG DELETE HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WSCSVC /F", hit enter and reboot. 8.      Enjoy no more nagging or icon in your system tray!

I don't mind doing that if it's all automated. I can write up a batch file to do a majority of this,  but will be stuck in the permission stage where it requires me to inherit it from the Properties > Security tab. It looks like takeown only applies to Vista. Is there a similar command for XP?

 There will be a group of computers that we want to apply these changes to. So any steps we can save in between will definitely speed up the deployment process.

All your help is greatly appreciated. Any additional help on the remaining problems will be appreciated as well.

Thanks.
0
 
LVL 15

Author Comment

by:greyknight17
Comment Utility
I think I got most of them down now including the security message. Wrapping it up and will accept solution shortly.
0
 
LVL 66

Expert Comment

by:johnb6767
Comment Utility
Sorry for not repsonding sooner, wasnt online alot today in my email.....
Your ok now? Got all you needed figured out?
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Migration of Exchange mailbox can be done with the ExProfre.exe tool. But at times, when the ExProfre.exe tool migrates the Exchange Server user profile, it results in numerous synchronization problems. Synchronization error messages appear in the e…
If you have done a reformat of your hard drive and proceeded to do a successful Windows XP installation, you may notice that a choice between two operating systems when you start up the machine. Here is how to get rid of this: Click Start Clic…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now