Announcement

Collapse
No announcement yet.

I.E. 7.0 Trusted Sites Security Level

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • I.E. 7.0 Trusted Sites Security Level

    We have been placing one of our internal web based application in trusted
    sites and defaulting the security level to low. This was easy to do with IE6, but 7 has had some major changes. Is there a registry key that allows you to reset the IE 7 Trusted Sites settings to Low?

    I have looked at:
    HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Internet Settings\Zones\2
    But the Current Level DWord does not change the level completly.

  • #2
    Re: I.E. 7.0 Trusted Sites Security Level

    I have no problem changing this on my computer : XPSP2 with IE7.
    What exactly is the problem? What did you try and didn't work? And on what OS are you working? Do you need a centralized solution (i.e.:GPO) or on a specific workstation?

    Sorin Solomon


    In order to succeed, your desire for success should be greater than your fear of failure.
    -

    Comment


    • #3
      Re: I.E. 7.0 Trusted Sites Security Level

      I need to be able to set the Trusted Sites Security Settings to "LOW" like it is in IE 6.0 by default. I need to make a registry change, preferably in HKEY_LOCAL_MACHINE, so that all users will have this change.

      Comment


      • #4
        Re: I.E. 7.0 Trusted Sites Security Level

        What OS are your workstations running?
        Are you using Active Directory? If not, how do you plan to distribute this setting?

        Sorin Solomon


        In order to succeed, your desire for success should be greater than your fear of failure.
        -

        Comment


        • #5
          Re: I.E. 7.0 Trusted Sites Security Level

          XP. I do not want active directory. I need a registry setting please.

          Comment


          • #6
            Re: I.E. 7.0 Trusted Sites Security Level

            Well, I cannot say I am satisfied with the outcome so far, but I'll give you what I found and see if it helps.
            I didn't find a way to automatically change the settings to Low Level. Looks like by default the minimum setting is Medium. I managed to change this in the registry, but I am not sure it does the change the settings of every action as it should be. See the attached screenshot. Every line you see of four hexa digits is a specific setting in the Security level. The same ones you see when trying to change the level to custom from the IE GUI. The list of these codes and their meanings can be found here.
            I suggest you read this article too. Especially the paragraph stating:
            Note: By default, security zones settings are stored in the HKEY_CURRENT_USER registry subtree. Because this subtree is dynamically loaded for each user, the settings for one user do not affect the settings for another.

            If the Security Zones: Use only machine settings setting in Group Policy is enabled, or if the Security_HKLM_only DWORD value is present and has a value of 1 in the following registry subkey, only local computer settings are used and all users have the same security settings: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Win dows\CurrentVersion\Internet Settings
            I am afraid you will need to change the settings key by key. Or at least only those you need to allow your application to run.
            Another thing you should pay attention to is that sites in the Trusted Sites' list reside as keys under HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Internet Settings\ZoneMap\Domains .
            I hope this info helps somehow. Apologies in front if not. Maybe the other good people on this site will be more helpful.
            Last edited by sorinso; 9th November 2007, 21:08.

            Sorin Solomon


            In order to succeed, your desire for success should be greater than your fear of failure.
            -

            Comment


            • #7
              Re: I.E. 7.0 Trusted Sites Security Level

              I kinda figured that I would have to change it line by line. I'll look over what you wrote and give it a try. Cheers

              Comment


              • #8
                Re: I.E. 7.0 Trusted Sites Security Level

                Originally posted by rotunnoe View Post
                I kinda figured that I would have to change it line by line. I'll look over what you wrote and give it a try. Cheers
                Maybe I'm just looking at this in too simplistic a manner.

                Windows Registry Editor Version 5.00

                [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Internet Settings\Zones\2]
                "CurrentLevel"=dword:00010000
                If you play that REG file in your logon script ...

                Just curious if this works and how it compares to other solutions.
                Cheers,

                Rick

                ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

                2006-2099 R Valstar. This post is offered "as is" for discussion purposes only with no express or implied warranty of any kind including, but not limited to, correctness or fitness for use. Nothing herein shall be construed as advice. Attempting any activity based on information in this post is done at your own risk.

                Comment


                • #9
                  Re: I.E. 7.0 Trusted Sites Security Level

                  Sorin:
                  Thank you for your help. I made the changes in the registry line by line and it worked. Also if I make the addition Security_HKLM_only DWORD in HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Win dows\CurrentVersion\Internet Settings that works by locking out the user’s ability to change the settings other that what I specified, but it works a bit too well. Basically what this is for is that I’m installing a website on clients’ computers to allow them to get to our website to access data that they need. Now mind you they want access to this website and in may cases pay to have it. Because IE 7.0’s default level for trusted sites isn’t set to low, I have to change it globally for all users to prevent call backs and dissatisfied users. However if I use the Security_HKLM_only keyword, I effectively lock them out of their own IE settings. This would be one thing if I was managing a domain and these were all my computers but these are customers, some of which are on a domain. I would prefer a more surreptitious approach. Is there a way to make these changes in the registry that would load every time the user logged on rather than locking out the browser access?

                  Comment


                  • #10
                    Re: I.E. 7.0 Trusted Sites Security Level

                    First, I am glad it solved the problem. Now that we know the solution, the task of customizing it to reach your needs will be much easier.
                    Second, I see at the moment two solutions:
                    1) don't use the lockdown option to the Machine settings only. Try to see if you can change the same settings in both HKLM and HKCU. I mean, you can change, the question is : will be the outcome what you need? I don't have a testing platform at hand, so cannot check it thoroughly;
                    2) you can form a REG file with all the settings you need and run it at every login, as a login script (as Rick suggested). You can use for this the REG command.
                    I am certain the good guys around here have additional and better solutions. But it's a start.
                    Last edited by sorinso; 28th January 2007, 19:32.

                    Sorin Solomon


                    In order to succeed, your desire for success should be greater than your fear of failure.
                    -

                    Comment


                    • #11
                      Re: I.E. 7.0 Trusted Sites Security Level

                      Sounds like many of the users are outside rotunnoe's "domain" both literally and figuratively. Putting the REG file as a shortcut on their desktop could be an adequate solution should they have problems since you may not have control over many of their logon scripts. Not understanding how outside users access the site and where the "Trusted" bit becomes an issue if security is set too high makes it difficult to suggest a more eloquent solution.
                      Cheers,

                      Rick

                      ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

                      2006-2099 R Valstar. This post is offered "as is" for discussion purposes only with no express or implied warranty of any kind including, but not limited to, correctness or fitness for use. Nothing herein shall be construed as advice. Attempting any activity based on information in this post is done at your own risk.

                      Comment

                      Working...
                      X