RE: POS#1 Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part III

["Evans, Arian" <Arian.Evans () fishnetsecurity com>]

> On a related topic,
>
> Does anyone have a method to programatically (perhaps using registry
> entries) change security settings in Internet Explorer for a 
> specific zone.
> For example, if I wanted to disable active scripting for the 
> Internet Zone
> for 1000 end users by pushing a script, reg entry or something 
> similar to
> them.

You can via GPO in AD 2k or 2003. To set an IE GPO in 2k:

Start>Programs>Administrative Tools>Active Directory Users and Computers
> [OU Name]>Rt-click>Properties>|Group Policy|New|Edit:

> User Configuration>Windows Settings>Internet Explorer
Maintenance>Security
> dbl-click 'Security Zones and Content Ratings' and select 'Import
Current
Security Zones' and then click |Modify Settings|.

note: you can't set a GPO on a CN; has to be an OU.

If you are looking for a programmatic solution, you could use ADSI and
script
your own enterprise-wide settings/changes. You can do about anything
with
Windows you want through ADSI using VB Script, Perl, or anything else it
supports. Of course if you're using AD I think using a GPO is simplest.

Arian Evans
Sr. Security Engineer
FishNet Security

Phone:  816.421.6611
Toll Free:  888.732.9406
Fax:  816.421.6677

The information transmitted in this e-mail is intended only for the addressee and may contain confidential and/or 
privileged material. 
Any interception, review, retransmission, dissemination, or other use of, or taking of any action upon this information 
by persons or entities
other than the intended recipient is prohibited by law and may subject them to criminal or civil liability. If you 
received this communication 
in error, please contact us immediately at 816.421.6611, and delete the communication from any computer or network 
system.