Internet Explorer Script

Hi All

I am currently working on rolling out machines and need to apply changes to the IE security setting after the image is loaded and configured. I am hoping there is a way to accomplish this by using a Script which will help me a lot as I would not have to go in and manually change the settings. Here is what I am looking for and if someone knows any other ways of doing this any help is appreciated.
Below are the changes I would like to apply
IE 7 Updates

Security Tab- Internet Zone-Custom Level
Allow Scriptlets –Enable
Download Signed ActiveX Controls-Enable
Download Unsigned ActiveX Controls-Enable
Access Data sources across domains-Enable
Display Mixed Content-Enable
Use pop-up blocker-Disable

Security Tab- Local Intranet Zone-Custom Level
Download Signed ActiveX Controls-Enable
Download Unsigned ActiveX Controls-Enable
Access Data sources across domains-Enable
Display Mixed Content-Enable
Initialize and script ActiveX controls not marked as safe for scripting-Enable
Use Phishing Filter-Disable

Any help is appreciated
czarusAsked:
Who is Participating?
 
B HCommented:
actually, these commands here may be better suited.

the settings referenced are here:
http://support.microsoft.com/kb/182569

however you choose to call them (bat, stacked commands, cscript, logon script, etc) is up to your situation

notes:  the dword values seem random but the list is in the link
0 = enable
1 = prompt
2 = disable

zones:
0 = my computer
1 = local intranet
2 = trusted sites
3 = internet
4 = restricted

i dont need to tell you that these settings are super insecure, right?

reg add "hklm\software\policies\microsoft\windows\currentversion\internet settings\zones\3" /v 1209 /t REG_DWORD /d 0 /f
reg add "hklm\software\policies\microsoft\windows\currentversion\internet settings\zones\3" /v 1001 /t REG_DWORD /d 0 /f
reg add "hklm\software\policies\microsoft\windows\currentversion\internet settings\zones\3" /v 1004 /t REG_DWORD /d 0 /f
reg add "hklm\software\policies\microsoft\windows\currentversion\internet settings\zones\3" /v 1406 /t REG_DWORD /d 0 /f
reg add "hklm\software\policies\microsoft\windows\currentversion\internet settings\zones\3" /v 1609 /t REG_DWORD /d 0 /f
reg add "hklm\software\policies\microsoft\windows\currentversion\internet settings\zones\3" /v 1809 /t REG_DWORD /d 2 /f
reg add "hklm\software\policies\microsoft\windows\currentversion\internet settings\zones\1" /v 1001 /t REG_DWORD /d 0 /f
reg add "hklm\software\policies\microsoft\windows\currentversion\internet settings\zones\1" /v 1004 /t REG_DWORD /d 0 /f
reg add "hklm\software\policies\microsoft\windows\currentversion\internet settings\zones\1" /v 1406 /t REG_DWORD /d 0 /f
reg add "hklm\software\policies\microsoft\windows\currentversion\internet settings\zones\1" /v 1609 /t REG_DWORD /d 0 /f
reg add "hklm\software\policies\microsoft\windows\currentversion\internet settings\zones\1" /v 1201 /t REG_DWORD /d 0 /f
reg add "hklm\software\policies\microsoft\windows\currentversion\internet settings\zones\1" /v 2301 /t REG_DWORD /d 2 /f

Open in new window

0
 
B HCommented:
before scripting - have you considered editing a domain group policy for these?  that would be far easier i think

it's still possible with scripts though, just a lot more typing here
0
 
czarusAuthor Commented:
That would work as well as long as I get the same thing accomplish. Would you know how to go about this. Thanks
0
 
B HCommented:
assuming you don't need help getting to a domain group policy, this page shows what settings in the policy need to be adjusted:
http://technet.microsoft.com/en-us/library/cc985351.aspx

there, you'll see for example:
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
you can adjust "download signed active x..." and enable that, set to allow.

although a better way might be to allow that on the trusted zone, and then add whichever site(s) you need to the trusted zones... but this is up to you

this page over here shows the registry locations and settings... you can make a .reg file and script it in by regedit /s registry.reg - or you/we can build a bat file with "reg add" commands:
http://www.hohmanns.de/
0
 
B HCommented:
by the way you can replace HKLM with HKCU if you want it to run only for whichever user executes it (like for a logon script)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.