[<prev] [next>] [day] [month] [year] [list]
Message-ID: <8654C851B1DAFA4FA18A9F150145F925D9BDCD@fnex01.fishnetsecurity.com>
Date: Mon, 10 Nov 2003 15:43:41 -0600
From: "Evans, Arian" <Arian.Evans@...hnetsecurity.com>
To: "Cowperthwaite, Eric" <eric.cowperthwaite@....com>
Cc: <bugtraq@...urityfocus.com>
Subject: RE: POS#1 Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part III
>On a related topic,
>
>Does anyone have a method to programatically (perhaps using registry
>entries) change security settings in Internet Explorer for a
>specific zone.
>For example, if I wanted to disable active scripting for the
>Internet Zone
>for 1000 end users by pushing a script, reg entry or something
>similar to
>them.
You can via GPO in AD 2k or 2003. To set an IE GPO in 2k:
Start>Programs>Administrative Tools>Active Directory Users and Computers
>[OU Name]>Rt-click>Properties>|Group Policy|New|Edit:
>User Configuration>Windows Settings>Internet Explorer
Maintenance>Security
>dbl-click 'Security Zones and Content Ratings' and select 'Import
Current
Security Zones' and then click |Modify Settings|.
note: you can't set a GPO on a CN; has to be an OU.
If you are looking for a programmatic solution, you could use ADSI and
script
your own enterprise-wide settings/changes. You can do about anything
with
Windows you want through ADSI using VB Script, Perl, or anything else it
supports. Of course if you're using AD I think using a GPO is simplest.
Arian Evans
Sr. Security Engineer
FishNet Security
Phone: 816.421.6611
Toll Free: 888.732.9406
Fax: 816.421.6677
The information transmitted in this e-mail is intended only for the addressee and may contain confidential and/or privileged material.
Any interception, review, retransmission, dissemination, or other use of, or taking of any action upon this information by persons or entities
other than the intended recipient is prohibited by law and may subject them to criminal or civil liability. If you received this communication
in error, please contact us immediately at 816.421.6611, and delete the communication from any computer or network system.
Powered by blists - more mailing lists