Link to home
Start Free TrialLog in
Avatar of chassouna
chassounaFlag for Switzerland

asked on

How to control IE7 Privacy level with group policy?

In Internet Explorer 7, there's a slider in the internet options tab "Privacy". We need to set the level to "Medium" (which is default) to adjust this setting in all user profiles (TS environment, W2k8 Server). Is there a way to do this with a GPO?

Thank you
Avatar of Justin Owens
Justin Owens
Flag of United States of America image
Yes, IE7 can be managed with GPO.  Possible settings:
http://www.ie-vista.com/group_policy.html
Here is the administrative template for IE7 in GPO if you need it:
http://www.microsoft.com/downloads/details.aspx?FamilyID=11ab3e81-6462-4fda-8ee5-fcb8264c44b1&displaylang=en
Justin
Avatar of chassouna
chassouna
Flag of Switzerland image

ASKER

Thanks, but I already took a look at this ADM file. There's no possibility to set the privacy level...

Chris
Avatar of Justin Owens
Justin Owens
Flag of United States of America image
Yes, it does, but indirectly...
User Settings --> Windows Components --> Internet Explorer --> Internet Control Panel --> Security Page --> Internet Zone
You can set the policies individually here to be the same as what a "Medium" privacy setting would produce.
 
Avatar of chassouna
chassouna
Flag of Switzerland image

ASKER

So, can you tell me which setting(s) affect the cookie handling? I can't find any.

Chris
Avatar of Justin Owens
Justin Owens
Flag of United States of America image

The settings which control cookies are under the HKEY_CURRENT_USER\Software\Microsoft\Windows\ CurrentVersion\Internet Settings\P3P\ History registry key.
To accept cookies from a domain, create a new subkey and give it a default DWORD value of 1. For example, to accept cookies from the microsoft.com domain, create the HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Internet Settings\P3P\History\microsoft. com subkey and gave it a default DWORD value of 1.
You can't use regedit to create a subkey with a default DWORD. (When you create a subkey, regedit automatically creates a default REG_SZ value.) So, use .reg files to create the subkeys. For example, Figure 1 shows the .reg file for creating the microsoft. com subkey.
Then write a batch file that uses the reg. exe utility to read and apply the .reg files. (Reg .exe is built into Windows Server 2003 and is part of the Windows 2000 Support Tools.)
Finally, insert the batch file in a Group Policy Object (GPO) under User Configuration\Window Settings\Script\Logon Scripts.
With this solution, you can allow cookies but prevent users from downloading unwanted and possibly malicious files and ActiveX objects. Because the solution uses Group Policy, it's easy and quick to implement.


Figure-01.jpg
Avatar of chassouna
chassouna
Flag of Switzerland image

ASKER

Thank you for these instructions, but we don't want the IE to accept cookies from a list of domains. The cookie handling should generally be set to the "medium" level, as shown in the following screenshot of the IE7 privacy tab. Can this be done with GPO?

ie7-privacy.png
ASKER CERTIFIED SOLUTION
Avatar of Justin Owens
Justin Owens
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of chassouna
chassouna
Flag of Switzerland image

ASKER

The "solution" I got was the one that I hoped not to get, because I assumed that there must be another way to handle this.