lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 10 Nov 2003 13:50:06 -0600
From: "Robert C. Auch" <RAuch@...alnetsolutions.net>
Cc: <bugtraq@...urityfocus.com>
Subject: RE: POS#1 Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part III


 From: "Cowperthwaite, Eric" <eric.cowperthwaite@....com>
> On a related topic,
>
> Does anyone have a method to programatically (perhaps using registry
> entries) change security settings in Internet Explorer for a specific
zone.
> For example, if I wanted to disable active scripting for the Internet
Zone
> for 1000 end users by pushing a script, reg entry or something similar
to
> them.

If you're using a Windows 2000 or higher network (servers and
workstations), you can use Group Policy (Edit your local IE settings as
you want them to be for all users, then Create / edit a policy, go to
User Configuration/Windows Settings/Internet Explorer
Maintenance/Security, click "Import the current security zones and
privacy settings", and then you can edit from there.

IF you follow this method, I STRONGLY suggest you use a single station
for all GPO updates in your network - there's a small problem with
service packs potentially causing all GPO settings to be lost due to
date-checking of GPO modules.

The other option that I'm aware of is a product called ScriptLogic
(again, only MS-network aware, but I'm willing to bet a good Netware
admin can get it to run for all user's logon script with little
prodding) which runs on NT4 and higher networks, which will allow you to
set a host of registry settings at logon.  www.scriptlogic.com

If you're a programmer, use the registry settings Thor just emailed.

Robert Auch 
http://www.totalnetsolutions.net 


Powered by blists - more mailing lists