[32361] in bugtraq
RE: POS#1 Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part III
daemon@ATHENA.MIT.EDU (Robert C. Auch)
Mon Nov 10 15:26:56 2003
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Date: Mon, 10 Nov 2003 13:50:06 -0600
Message-ID: <10CEFC302B6C70408CD528EC4B7DEB8F010467@docsmooth.docsmooth.com>
From: "Robert C. Auch" <RAuch@totalnetsolutions.net>
Cc: <bugtraq@securityfocus.com>
Content-Transfer-Encoding: 8bit
From: "Cowperthwaite, Eric" <eric.cowperthwaite@eds.com>
> On a related topic,
>
> Does anyone have a method to programatically (perhaps using registry
> entries) change security settings in Internet Explorer for a specific
zone.
> For example, if I wanted to disable active scripting for the Internet
Zone
> for 1000 end users by pushing a script, reg entry or something similar
to
> them.
If you're using a Windows 2000 or higher network (servers and
workstations), you can use Group Policy (Edit your local IE settings as
you want them to be for all users, then Create / edit a policy, go to
User Configuration/Windows Settings/Internet Explorer
Maintenance/Security, click "Import the current security zones and
privacy settings", and then you can edit from there.
IF you follow this method, I STRONGLY suggest you use a single station
for all GPO updates in your network - there's a small problem with
service packs potentially causing all GPO settings to be lost due to
date-checking of GPO modules.
The other option that I'm aware of is a product called ScriptLogic
(again, only MS-network aware, but I'm willing to bet a good Netware
admin can get it to run for all user's logon script with little
prodding) which runs on NT4 and higher networks, which will allow you to
set a host of registry settings at logon. www.scriptlogic.com
If you're a programmer, use the registry settings Thor just emailed.
Robert Auch
http://www.totalnetsolutions.net
