asked on
ASKER
@echo off
reg add "HKLM\Software\Microsoft\Internet explorer\Main\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING"
reg add "HKLM\Software\Microsoft\Internet explorer\Main\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING" /v "iexplore.exe" /t "REG_DWORD" /d 1
reg add "HKLM\Software\Microsoft\Internet explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX"
reg add "HKLM\Software\Microsoft\Internet explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX" /v "iexplore.exe" /t "REG_DWORD" /d 1
if %Processort_Architecture% == x86 (
echo do nothing
) else
reg add "HKLM\Software\WOW6432Node\Microsoft\Internet explorer\Main\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING"
reg add "HKLM\Software\WOW6432Node\Microsoft\Internet explorer\Main\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING" /v "iexplore.exe" /t "REG_DWORD" /d 1
reg add "HKLM\Software\WOW6432Node\Microsoft\Internet explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX"
reg add "HKLM\Software\WOW6432Node\Microsoft\Internet explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX" /v "iexplore.exe" /t "REG_DWORD" /d 1
)
a shutdown/startup .bat fileASKER
ASKER
Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.
TRUSTED BY
Replace means the key/value must exist to be replaced.
Related to https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-124
See if the following is helpful, though MS is reaching an end to its support for IE. many vendors are also shifting away from IE.
MS Edge (chrome base) is the app MS now distributes
https://docs.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/new-group-policy-settings-for-ie11
you could use something like this
Open in new window
as a startup or shutdown script.
The registry section you could just add the key FEATURE_ALLOW_USER32_EXCEP
eliminating the first line in the script example.