Internet Explorer Script

Hi All

I am currently working on rolling out machines and need to apply changes to the IE security setting after the image is loaded and configured. I am hoping there is a way to accomplish this by using a Script which will help me a lot as I would not have to go in and manually change the settings. Here is what I am looking for and if someone knows any other ways of doing this any help is appreciated.
Below are the changes I would like to apply
IE 7 Updates

Security Tab- Internet Zone-Custom Level
Allow Scriptlets –Enable
Download Signed ActiveX Controls-Enable
Download Unsigned ActiveX Controls-Enable
Access Data sources across domains-Enable
Display Mixed Content-Enable
Use pop-up blocker-Disable

Security Tab- Local Intranet Zone-Custom Level
Download Signed ActiveX Controls-Enable
Download Unsigned ActiveX Controls-Enable
Access Data sources across domains-Enable
Display Mixed Content-Enable
Initialize and script ActiveX controls not marked as safe for scripting-Enable
Use Phishing Filter-Disable

Any help is appreciated
czarusAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

B HCommented:
before scripting - have you considered editing a domain group policy for these?  that would be far easier i think

it's still possible with scripts though, just a lot more typing here
0
czarusAuthor Commented:
That would work as well as long as I get the same thing accomplish. Would you know how to go about this. Thanks
0
B HCommented:
assuming you don't need help getting to a domain group policy, this page shows what settings in the policy need to be adjusted:
http://technet.microsoft.com/en-us/library/cc985351.aspx

there, you'll see for example:
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
you can adjust "download signed active x..." and enable that, set to allow.

although a better way might be to allow that on the trusted zone, and then add whichever site(s) you need to the trusted zones... but this is up to you

this page over here shows the registry locations and settings... you can make a .reg file and script it in by regedit /s registry.reg - or you/we can build a bat file with "reg add" commands:
http://www.hohmanns.de/
0
B HCommented:
actually, these commands here may be better suited.

the settings referenced are here:
http://support.microsoft.com/kb/182569

however you choose to call them (bat, stacked commands, cscript, logon script, etc) is up to your situation

notes:  the dword values seem random but the list is in the link
0 = enable
1 = prompt
2 = disable

zones:
0 = my computer
1 = local intranet
2 = trusted sites
3 = internet
4 = restricted

i dont need to tell you that these settings are super insecure, right?

reg add "hklm\software\policies\microsoft\windows\currentversion\internet settings\zones\3" /v 1209 /t REG_DWORD /d 0 /f
reg add "hklm\software\policies\microsoft\windows\currentversion\internet settings\zones\3" /v 1001 /t REG_DWORD /d 0 /f
reg add "hklm\software\policies\microsoft\windows\currentversion\internet settings\zones\3" /v 1004 /t REG_DWORD /d 0 /f
reg add "hklm\software\policies\microsoft\windows\currentversion\internet settings\zones\3" /v 1406 /t REG_DWORD /d 0 /f
reg add "hklm\software\policies\microsoft\windows\currentversion\internet settings\zones\3" /v 1609 /t REG_DWORD /d 0 /f
reg add "hklm\software\policies\microsoft\windows\currentversion\internet settings\zones\3" /v 1809 /t REG_DWORD /d 2 /f
reg add "hklm\software\policies\microsoft\windows\currentversion\internet settings\zones\1" /v 1001 /t REG_DWORD /d 0 /f
reg add "hklm\software\policies\microsoft\windows\currentversion\internet settings\zones\1" /v 1004 /t REG_DWORD /d 0 /f
reg add "hklm\software\policies\microsoft\windows\currentversion\internet settings\zones\1" /v 1406 /t REG_DWORD /d 0 /f
reg add "hklm\software\policies\microsoft\windows\currentversion\internet settings\zones\1" /v 1609 /t REG_DWORD /d 0 /f
reg add "hklm\software\policies\microsoft\windows\currentversion\internet settings\zones\1" /v 1201 /t REG_DWORD /d 0 /f
reg add "hklm\software\policies\microsoft\windows\currentversion\internet settings\zones\1" /v 2301 /t REG_DWORD /d 2 /f

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
B HCommented:
by the way you can replace HKLM with HKCU if you want it to run only for whichever user executes it (like for a logon script)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VB Script

From novice to tech pro — start learning today.